Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and special guest Lisa Forte details a hack that has impacted Lady Gaga and other celebrities.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast with cybersecurity veterans Graham Cluley and Carole Theriault.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
I think those sort of things can actually bond you together as a company, and you suddenly are chatting with the people in the French office and the New Zealand office, because of course these things go worldwide as well.
Hey Graham, that was a funny joke you made.
The poo poo in the sink.
I like you, Mr Graham. I like you.
Smashing Security, episode 178: Office Pranks, Meat Dresses, and RoboCop Dogs with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 178.
My name's Graham Cluley.
My name's Graham Cluley.
I'm Carole Theriault still.
And we are joined this week by a returning guest. It's Lisa Forte. Yay, Lisa Forte!
Yay!
Here she is.
Yeah, Lisa, have any news for us? What's been going on?
Well, I have managed to tear a calf and get pneumonia in the period of 3 months. So I'm hitting some personal goals.
When you say calf, you mean the lower bit of your leg? You don't mean some sort of biblical sacrifice?
No, no, I didn't sacrifice a small cow. Not this week.
Okay. Because we'd have to stop the show right now.
That would be quite upsetting.
We need to discuss this. I'm not sure I'm comfortable.
I saw on Twitter or LinkedIn or something, you've had some encounters with the bovine species, haven't you? You've got some interesting photos. Yeah, they chase me.
Me through a field, and then one of them grabbed my rucksack and tried to pull it off my back. So I essentially got mugged by a cow.
I think I'm on the cow side. It's not like she's walking through your house willy-nilly.
That's true.
Carole, what's coming up on the show this week?
Well, first, thanks to this week's sponsors: Oracle, Immersive Labs, and LastPass. Their support helps us give you this show for free.
Now, on today's show, Graham talks about Microsoft's new reply-all policy.
Lisa tells us what happened when a New York celeb law firm was breached, and I'm checking out what things we should expect if we're heading back to the workplace.
All this and much more coming up on this episode of Smashing Security.
Now, on today's show, Graham talks about Microsoft's new reply-all policy.
Lisa tells us what happened when a New York celeb law firm was breached, and I'm checking out what things we should expect if we're heading back to the workplace.
All this and much more coming up on this episode of Smashing Security.
Now, chums, last week we had on the show Geoff White, didn't we?
Technology journalist, investigator extraordinaire, who'd flown all the way to the Philippines to track down Onel de Guzman, the author of the Lovebug.
And of course, that was a worm which impacted email systems, clogged them up with love letters.
And I think the thing is that although Onel de Guzman escaped away with it, didn't he, causing all those problems.
Technology journalist, investigator extraordinaire, who'd flown all the way to the Philippines to track down Onel de Guzman, the author of the Lovebug.
And of course, that was a worm which impacted email systems, clogged them up with love letters.
And I think the thing is that although Onel de Guzman escaped away with it, didn't he, causing all those problems.
Well, it wasn't illegal in his country, so—
No, no, it wasn't illegal at the time. There were no computer crime laws. But it's possible that all of us could launch a similar malicious attack.
Maybe not in the form of a worm, but we could easily do something which could clog up an email system and cause it to crumble and make sysadmins pull their hair out at the top of their heads.
Maybe not in the form of a worm, but we could easily do something which could clog up an email system and cause it to crumble and make sysadmins pull their hair out at the top of their heads.
Ooh, this sounds new and fangled. What is it?
It's not that new. What I'm talking about are email storms. I'll give you an example of an email storm. Microsoft in 1997, right?
Someone at Microsoft— they noticed that they were on a mailing list, a mailing list called Bedlam DL3, and they thought, what on earth is— it hadn't been announced to anyone.
Why have I been put on this mailing list? And so they did what any sane person might do, which they sent an email to the mailing list saying, why am I on this mailing list?
Please remove me from it.
Someone at Microsoft— they noticed that they were on a mailing list, a mailing list called Bedlam DL3, and they thought, what on earth is— it hadn't been announced to anyone.
Why have I been put on this mailing list? And so they did what any sane person might do, which they sent an email to the mailing list saying, why am I on this mailing list?
Please remove me from it.
Sounds reasonable.
Sounds reasonable, doesn't it?
This is 23 years ago.
This one? Yes, okay. 23 years ago.
I just want to talk about how fast we've been working on this problem. So keep going, 23 years ago this happened.
Now unfortunately, there were 25,000 other people at Microsoft on that mailing list. Oh no. And they all got the email saying, "Why am I on this mailing list?
Please remove me from it." And so what happened was one by one, oh no, they hit reply and they said, "Me too, can you remove me as well?" Now, not all of the 25,000 sent "me too." Some of them, when they got to their desks and they saw that they'd been inundated by people saying, "Me too, can you take me off the ban list?" they replied saying, "For God's sake, stop using reply all.
You're bogging down the email system. You're idiots." And those messages then went to 25,000 people.
Please remove me from it." And so what happened was one by one, oh no, they hit reply and they said, "Me too, can you remove me as well?" Now, not all of the 25,000 sent "me too." Some of them, when they got to their desks and they saw that they'd been inundated by people saying, "Me too, can you take me off the ban list?" they replied saying, "For God's sake, stop using reply all.
You're bogging down the email system. You're idiots." And those messages then went to 25,000 people.
Oh my God.
But this is not that surprising. I remember when I worked in an office, this stuff happened all the time.
Daily, I think, in your case quite often.
Yes, and the IT team had to effectively get rid of the employee all email address and divide it up by countries just to avoid that happening again.
So a subsidiary would get hit, but not the entire company.
So a subsidiary would get hit, but not the entire company.
Do you know what? There's two things that send me into an uncontrollable rage: filter coffee and reply all. That is literally the only two things. Everything else I can deal with.
Lisa, I've got three words to say to you. Hawaii.
Uh.
Pizza.
Oh my god, if you say that to me, I'm off this call now.
There you are, you see, there is something else as well. Anyway, ultimately Microsoft reckons 15 million emails were sent.
It's just ridiculous.
23 years ago, we knew this was a problem at the company that was one of the— What was it? Biggest tech firm at the time.
It consumed 195 gigabytes of Microsoft's bandwidth with all the data flowing around its system. Their email system fell over 'cause it couldn't cope with the load.
But they managed to restart it again. Unfortunately, when they restarted the email system, the mail agent started resending some of the messages. And so there was another—
But they managed to restart it again. Unfortunately, when they restarted the email system, the mail agent started resending some of the messages. And so there was another—
'Cause it wasn't able to deliver them.
There was another wave of it. They were making t-shirts with Bedlam DL3 on it, and on the back they'd say "Me too" and handed them out to people. People were going bonkers.
Now you can read more about this story.
Back in 2004, Microsoft blogged about this incident, announcing that they had put measures in place to help prevent something similar happening again.
Now you can read more about this story.
Back in 2004, Microsoft blogged about this incident, announcing that they had put measures in place to help prevent something similar happening again.
Mm-hmm. This was in 2004.
That was in 2004, so that's a good 15, 16 years ago.
Okay, so the thing happens, 7 years go past, and they say, "We're gonna actually, we've done something to fix this." Okay, okay, thank you. But they think they're so expert.
Well no, no, no, maybe they'd done something internally, but they then said they'd done something to Exchange to make Exchange better with this and to make it less likely that something like this.
But these sort of things happen all the time. I remember being inside organizations where maybe, for instance, a gentleman's lavatory might be blocked.
But these sort of things happen all the time. I remember being inside organizations where maybe, for instance, a gentleman's lavatory might be blocked.
That's right, I remember those.
I remember an incident, Carole, you may remember this one as well, where there was— Was it a coat hanger?
No, no, there was people shitting in sinks.
Oh.
Where did you work? What institution were you working in?
They've never sponsored us. I think we could name names, Carole. But yes, I think it was— someone had shat in a sink in the— that was actually in the women's loo, wasn't it?
Well, that's— we don't know if they shat there. There was a piece of poo found in the female sinks.
Yeah.
Oh my God.
And HR sent an email round. Funnily, that wouldn't— didn't— cause a huge reply-all incident.
No, but you can't help but chip in, can you?
When someone— when HR reminds you that you're not supposed to defecate in the sink, please use the lavatories instead, you're almost duty-bound to have a bit of a gag and reply.
When someone— when HR reminds you that you're not supposed to defecate in the sink, please use the lavatories instead, you're almost duty-bound to have a bit of a gag and reply.
You know what the punchline was though? Do you know what the person did?
No, no, no.
You don't know what happened afterwards?
What happened?
Next day, was found in the bin in the girls' loo, stinking. Yeah, a new one. Not the same one.
Oh my God.
And I found the HR rep and the CEO's PA in there having a meeting, 'cause I was working late, and they were having a meeting about what to do about it.
You pick it up. No, you pick it up. Get the tongs.
Chopsticks?
Okay, excellent.
Okay, so the thing is that sometimes it can be quite fun, I think, 'cause you get these crazy— We had a situation, a place that Carole and I worked, where we were told that jam doughnuts were now to be banned.
We couldn't eat jam doughnuts anymore because someone had leaked some jam onto the floor tiles, and it was very expensive.
We couldn't eat jam doughnuts anymore because someone had leaked some jam onto the floor tiles, and it was very expensive.
Carpet floor tiles. So quite an expensive thing to replace, right? The 30 centimetres by 30 centimetres.
Is this the same place that had VCs in the sink, or different employer now?
We can't confirm or deny.
Wow, you guys have had some careers, I tell you.
Anyway, though, when you get those sort of messages, you have to chip in with some jokes, right? Just to amuse yourself.
And so I actually think sometimes these sort of Me Too reply, or will you bloody well stop replying to everything? Stop the madness.
I want to die right now if I receive another message in my inbox. I think those sort of things can actually bond you together as a company.
And you suddenly are chatting with the people in the French office and the New Zealand office, because of course these things go worldwide as well.
And so I actually think sometimes these sort of Me Too reply, or will you bloody well stop replying to everything? Stop the madness.
I want to die right now if I receive another message in my inbox. I think those sort of things can actually bond you together as a company.
And you suddenly are chatting with the people in the French office and the New Zealand office, because of course these things go worldwide as well.
Hey Graham, that was a funny joke you made.
The poo poo in the sink.
I like you, Mr. Graham. I like you.
That took me a while to work out what was coming out of her mouth for a second. I was like, what is that? Oh, it's an accent.
But it is strange that the French Canadian does the least convincing French accent, isn't it? So, I mean, these things, it's not just a Microsoft problem.
Microsoft have, by the way, they were actually hit again last year. They had an email storm, thousands of employees.
There was a GitHub notification which went to lots and lots of people. There've been other ones which happened.
There was one which happened in the state government of Utah, where it actually began as just a Christmas potluck message being sent round, which I think is a Secret Santa kind of thing, about a white elephant.
You had to buy a $5 white elephant gift. It went to everybody. And again, people were just saying, "Please take me off this group.
It's bonkers." Even the governor of the state got involved.
Microsoft have, by the way, they were actually hit again last year. They had an email storm, thousands of employees.
There was a GitHub notification which went to lots and lots of people. There've been other ones which happened.
There was one which happened in the state government of Utah, where it actually began as just a Christmas potluck message being sent round, which I think is a Secret Santa kind of thing, about a white elephant.
You had to buy a $5 white elephant gift. It went to everybody. And again, people were just saying, "Please take me off this group.
It's bonkers." Even the governor of the state got involved.
Oh my God.
I could have fixed all this right back at the beginning. Do you know how I would've done it?
How would you have done it?
Okay, after the bedlam that happened at Microsoft, the next day, I would've talked to the people that make the paperclip.
You remember the little paperclip when it sounds like a little paperclip?
You remember the little paperclip when it sounds like a little paperclip?
Clippy.
Yeah.
Right? And make him show up every time someone pressed reply all and go, "You sure you wanna do that, boss?"
Are you sure? Something like that.
Really annoying and irritating.
And then it would just go away.
It would've faded in. No one would've done it again.
Do you think you could do that with Clippy's voice, Carole, rather than your own? Did Clippy have a voice?
That'd be even more irritating.
She actually does the Clippy voice better than the French accent, if I'm perfectly honest.
Mon dieu, mon dieu.
Now, the reason why I'm mentioning this is okay, so we've moved on 20+ years, who knows how long. 23. And Microsoft claims that it has now begun to fix the problem properly.
It's fucking embarrassing.
They say that they are rolling out a new reply-all protection feature in Office 365 to prevent email storms, which they call the reply-allpocalypse.
I know, it's the worst. It's the worst name. Are they hashtagging that as well?
I don't know.
They're gonna hashtag it. It's gonna happen.
It's so bad.
Apparently at first, they might tweak this later, but initially, they are going to detect 10 reply-all messages, which go to over 5,000 people within 60 minutes.
So you can send a couple, but if everyone then says, "For God's sake, stop replying all," which of course is the worst thing to do, and don't even get me onto when people have also got read notifications on their emails, 'cause that sends even more of these things flying around.
Well—
So you can send a couple, but if everyone then says, "For God's sake, stop replying all," which of course is the worst thing to do, and don't even get me onto when people have also got read notifications on their emails, 'cause that sends even more of these things flying around.
Well—
It's so true.
Well, they will then trigger, and they will block all replies, and they will display some kind of message telling you, I don't really think you should be doing this.
This conversation is too busy. So good for them to do it, but a little bit slow. Just a little bit slow, perhaps.
This conversation is too busy. So good for them to do it, but a little bit slow. Just a little bit slow, perhaps.
Do you think they're going to have trouble competing with people like Zoom working at this pace? I'm just wondering.
Do you know what though? I think it's, it also happens in WhatsApp groups, doesn't it?
When they've added loads of people into a group and then you wake up in the morning and it's, you have 392 notifications and you're, oh my God.
When they've added loads of people into a group and then you wake up in the morning and it's, you have 392 notifications and you're, oh my God.
Shut off.
Lisa, what's your story for us this week?
Graham.
Yes.
Imagine this. Put yourself in this position, if you will.
Yes.
Imagine you are Lady Gaga. You've just come off stage. You've performed your new single in a full-on meat dress. Please picture it.
I've been to the Waitrose delicatessen counter.
Yep.
Yeah, exactly, exactly. You've just flicked your hair over your shoulder, and you find out that your email and your phone number has been leaked by your lawyer.
How would you feel right at that moment?
How would you feel right at that moment?
I would be pissed off because people would be adding me to their WhatsApp groups. I'd be getting unpleasant messages from my fans, civilians.
I wouldn't want them getting in touch with me. I'd be annoyed.
I wouldn't want them getting in touch with me. I'd be annoyed.
You'd be flustered in that meat dress.
I would be having a tantrum.
Sweating like a madman.
Anyways, so a large New York-based law firm has been breached. And it's believed that the attackers are holding that data to ransom.
But a few days ago, they released a sneaky little taster for the public.
And this scintillating taste of data, and by taste, I mean over 700 gigabytes, reads more like a Yellow Pages of who's who of A-list celebrities and big tech companies.
And this data includes contracts, NDAs, phone numbers, email details.
But a few days ago, they released a sneaky little taster for the public.
And this scintillating taste of data, and by taste, I mean over 700 gigabytes, reads more like a Yellow Pages of who's who of A-list celebrities and big tech companies.
And this data includes contracts, NDAs, phone numbers, email details.
Oh my goodness.
Yeah, and they've released only a little bit of data— well, relatively a little bit of data compared to what they actually have hold of— for a few of the A-list stars that this law firm represents, such as Lady Gaga, Graham's favorite Nicki Minaj, Mary J.
Blige. They've also got Facebook, HBO, all these companies and people as clients. So if you're not a client of this law firm, basically you're not famous. Sorry, Graham.
Blige. They've also got Facebook, HBO, all these companies and people as clients. So if you're not a client of this law firm, basically you're not famous. Sorry, Graham.
Why, why, why?
But the law firm pulled down its website over the weekend in response.
And now— and I looked literally 10 minutes ago— if you go to gsmlaw.com, they've just got a single holding page where you can't really go anywhere else.
And security researchers believe that the attackers have loads, loads more data.
And this was basically just to prove to the law firm that they ought to pay the ransom because they're serious, they're going to release this.
It's also believed that these people are the same people that attacked Travelex back in January.
And now— and I looked literally 10 minutes ago— if you go to gsmlaw.com, they've just got a single holding page where you can't really go anywhere else.
And security researchers believe that the attackers have loads, loads more data.
And this was basically just to prove to the law firm that they ought to pay the ransom because they're serious, they're going to release this.
It's also believed that these people are the same people that attacked Travelex back in January.
Huh.
Yep. But I think it really highlights also another issue that law firms, they're sort of a single-point treasure trove of information, right?
Absolutely. I mean, the sheer amount of personal and sensitive information which lawyers have access to is extraordinary.
I mean, some of the information you just talked about, like contracts and NDAs.
They would have your rider, Lisa, if you're going to go and speak at some conference, about the brown M&Ms being kept out of the bowl, or it would be all those sort of things, the temperature that you want your trailer to be at.
I mean, some of the information you just talked about, like contracts and NDAs.
They would have your rider, Lisa, if you're going to go and speak at some conference, about the brown M&Ms being kept out of the bowl, or it would be all those sort of things, the temperature that you want your trailer to be at.
Yeah, but surely it wouldn't be all centralized in one big database if you were representing the A-lists, would it?
Well, funny story actually, I actually used to be a lawyer. I know, I'm sorry.
Just amazing.
Sorry, world. I have repented.
So actually, I know that the data you collect is not just extensive in terms of quantity, but it's also hugely intrusive really, because clients disclose the most intimate details about their lives to their lawyers, because your lawyer is your shield against the world, your shield against lawsuits.
So actually, I know that the data you collect is not just extensive in terms of quantity, but it's also hugely intrusive really, because clients disclose the most intimate details about their lives to their lawyers, because your lawyer is your shield against the world, your shield against lawsuits.
Yes, you can imagine a celeb divorce, for example, and there's a PI investigator involved to try and catch one of them stepping out, and all those pics would be part of that, all that information.
Right. Also, one of the clients of this law firm is Mike Tyson. So, I mean, that brings other problems to the lawyers, really.
I'm just wondering if Lady Gaga, when she wore that meat suit, whether she was sponsored by a particular brand of streaky bacon.
What, she got paid by the meat guys to wear it?
I love how this show addresses the real hard-hitting issues affecting society.
It's breakfast TV.
GSMlaw.com. I just went to their website, 'cause you said they'd set a holding. Grubman, Shire, Maiselas, and Sachs. And yeah, they've got nothing up there.
But I notice it's an HTTP site. So my browser says not secure.
But I notice it's an HTTP site. So my browser says not secure.
Jesus.
Oh God.
So do we know how this breach happened?
So we don't really know how it happened or what happened, but you'd have thought that because they're New York-based and it was recent, all their staff will be work from home.
New York's obviously been hit particularly badly by the coronavirus, so I wonder how spread out that data had actually become as well.
New York's obviously been hit particularly badly by the coronavirus, so I wonder how spread out that data had actually become as well.
Totally. It's a bit of a nightmare, eh?
Yeah.
And if they were hit by the same guys who hit Travelex— Travelex, they got hit by ransomware, wasn't there?
And there was— it does sound like Travelex ultimately paid the ransom. They seem to have admitted that now, but they're still doing terribly badly.
But I think there was the suggestion that the bad guys had stolen information, so it does sound plausible that they're now being extorted, perhaps, this law firm, for— Because they're a law firm, we cannot confirm or deny whether a breach has happened on our premises.
And there was— it does sound like Travelex ultimately paid the ransom. They seem to have admitted that now, but they're still doing terribly badly.
But I think there was the suggestion that the bad guys had stolen information, so it does sound plausible that they're now being extorted, perhaps, this law firm, for— Because they're a law firm, we cannot confirm or deny whether a breach has happened on our premises.
We cannot confirm or deny whether we had any role in playing in this breach.
But do you think that they should pay the ransom in this situation if they have all this detail about these famous people? Potentially even their lives could be in danger, right?
They already have the data.
That's true. How do you verify—
And how do you—
—that they're going to delete it? But Travelex did pay, and I think they paid, what, a couple of million? In the end, something like that. It was quite a large sum.
But they might still pay. So do we know how much information they just— you said they released a sneaky taster for the public, so.
So the sneaky taster wasn't really, in my opinion, much of a taster because it was like 750 gigabytes of data.
So I mean, I don't know how much more there is, but apparently it was only for a few of the A-list stars that were represented.
But previously the law firm had advertised that it represents Facebook, HBO, Mike Tyson, and Robert De Niro.
So I mean, I don't know how much more there is, but apparently it was only for a few of the A-list stars that were represented.
But previously the law firm had advertised that it represents Facebook, HBO, Mike Tyson, and Robert De Niro.
But that suggests to me that maybe the blackmailers, so the criminals who've hacked that law firm, maybe the negotiations for getting their ransom being paid aren't going as well as they hoped.
Because I think normally—
Because I think normally—
Well, they're gonna be pretty good lawyers, I'd imagine.
Well, normally they like to keep it schtum, don't they? They normally, they like to keep it out of the papers, because that actually puts the firms off it.
It's like, that's the ultimate threat. What more can you do other than release yet more data?
It's like, that's the ultimate threat. What more can you do other than release yet more data?
Maybe it's going really slowly because everyone's hitting reply all and no one knows what's going on.
And is it ethical for a journalist to go through all this information and then report on the private lives of Lady Gaga or any of these people?
I kind of feel like they shouldn't have been named in the article though, because if you've got stalkers or people who are a bit overly enthusiastic, it kind of tips them off that this data is out there in a way that you wouldn't have been otherwise.
Well, cheering us up again, Lisa. Thanks.
I always lead with the real cheerful stuff.
But so, I mean, a little bit of advice is whatever the size of your business, chances are that you will be sharing sensitive information with other business partners, which might be lawyers, for instance.
And how good and how well are they protected against some of these threats? And sometimes I think the law firm might be the soft touch.
They might be where the data can be extricated from. So you might have good security.
And how good and how well are they protected against some of these threats? And sometimes I think the law firm might be the soft touch.
They might be where the data can be extricated from. So you might have good security.
Lisa's point is really good. Law firms have about as much information as your medical health firm does. You know, you share a lot of information, or your shrink.
Yeah, and not just in a personal capacity, but if you think, imagine you're a company and you're about to launch, I don't know, a hostile takeover bid or something.
There's gonna be some seriously sensitive information that those lawyers have access to. And how much due diligence do you do into the security of that law firm?
And we've all imagined Graham Cluley in a meat dress now, so.
There's gonna be some seriously sensitive information that those lawyers have access to. And how much due diligence do you do into the security of that law firm?
And we've all imagined Graham Cluley in a meat dress now, so.
Yep, you're welcome, listeners.
Hope you've enjoyed this podcast.
And that's why we have the explicit tag on this podcast. Carole, what have you got for us this week?
Okay, so a number of countries are trying out social distancing easing methods. It's such a weird expression. And they're trying to do it in different ways.
And the idea, of course, is to get people back to work so that people can provide services for the rest of us and that people can make money to eat and pay rent and stuff like that.
So it's a big deal. The problem is this blasted disease is making all this very difficult.
And for many of us, it's going to fundamentally change everything, how we get to work, even our relationship with our employers.
So in the UK, more workplaces open Wednesday this week. And the advice from the head honchos was a little bit muddled.
Wasn't it first, the details were announced on Sunday at 7:00 PM or something? Did you guys see it?
And the idea, of course, is to get people back to work so that people can provide services for the rest of us and that people can make money to eat and pay rent and stuff like that.
So it's a big deal. The problem is this blasted disease is making all this very difficult.
And for many of us, it's going to fundamentally change everything, how we get to work, even our relationship with our employers.
So in the UK, more workplaces open Wednesday this week. And the advice from the head honchos was a little bit muddled.
Wasn't it first, the details were announced on Sunday at 7:00 PM or something? Did you guys see it?
Yeah, that's right. Boris went on to, yes. The thing was that journalists in the media had been sort of pre-briefed about the kind of thing which Boris would be announcing.
And so the journalists were all ready to discuss various things.
And then Boris went on TV and announced some things, that didn't mention other things, or the message got rather garbled, didn't it?
And so the journalists were all ready to discuss various things.
And then Boris went on TV and announced some things, that didn't mention other things, or the message got rather garbled, didn't it?
We kind of knew where it was going though, because we'd looked at Italy and Spain and France who have started to ease the lockdown, and you kind of imagine that he would follow suit to some degree.
Yeah, yeah. Well, the key advice from the UK that I read was basically they're— wear masks. That's a new one for us, isn't it? They haven't mentioned—
Especially as they said masks don't work initially.
Exactly. Wash your hands, avoid public transport where possible. And if public transport is a must, then remain 2 metres apart at all times.
Now, anyone who's been to Oxford Circus or Piccadilly on the Tube in London, that is going to be a really big nightmare tomorrow. So we're recording this on Tuesday.
Now, anyone who's been to Oxford Circus or Piccadilly on the Tube in London, that is going to be a really big nightmare tomorrow. So we're recording this on Tuesday.
Frankly, battery chickens have more room, don't they, than a typical person travelling on the London Underground?
In the olden days, pre-COVID, yeah.
Yeah, you're crammed in like sardines.
Yeah, you'd rather go to a restaurant for 2 hours and miss rush hour.
Yes.
Yeah. So, but basically all over the world, people are trying to figure out how best to manage people when they're outside their homes, right?
Now we know we've talked tons about the COVID apps that are being launched everywhere, but Seattle, for example, is blocking off a section of its city so it'll be for residents only.
New York is considering closing down 40 miles of streets to widen sidewalks and add bike lanes.
Now we know we've talked tons about the COVID apps that are being launched everywhere, but Seattle, for example, is blocking off a section of its city so it'll be for residents only.
New York is considering closing down 40 miles of streets to widen sidewalks and add bike lanes.
Wow.
Singapore has Boston Dynamics robo dogs with cameras in parks.
I have to say, those are the most amazing things ever. I am in love with Boston Dynamics.
And I hope one never chases you down.
Well, it shouts at people. Did you see? Yes, it goes through the park and starts shouting at people. I mean, I just think that is absolute paradise.
And it's got a camera on it, right?
So that's awesome.
I don't know what— imagine, Graham, you're sitting there, right, talking to someone, the robot goes, move along, sir, move along. Oh my God, social distancing and all that.
Carole, I have an idea. This is how we can get Graham to exercise. We buy one of these, we chase after him down the street yelling at him, he'll get his exercise.
So if Boston Dynamics are listening, can you drop us a favor and just give us one, please?
So if Boston Dynamics are listening, can you drop us a favor and just give us one, please?
Graham, this is how you get famous. This is how— listen to Lisa, listen to Lisa.
This is how he's going to become a client of that law firm.
Now employers, of course, have jumped on the bandwagon as well. We're seeing companies set up fever detection and facial recognition camera services.
It's all called health tracking tech. That's the term at the moment. Now, for example, PopID is one of these.
So the system records the date and the time, the employee name, and the temperature.
So imagine you go up to this thing, it recognizes your face, logs the time, logs your temperature, and creates a historical log for the employers to be able to check on the worker compliance with all this stuff.
It's all called health tracking tech. That's the term at the moment. Now, for example, PopID is one of these.
So the system records the date and the time, the employee name, and the temperature.
So imagine you go up to this thing, it recognizes your face, logs the time, logs your temperature, and creates a historical log for the employers to be able to check on the worker compliance with all this stuff.
Basically, Hot or Not is what they're doing with their employees.
Very good.
Yeah, I was in the UAE and they had this everywhere, literally everywhere. Every single hotel, restaurant, place that you went, it had these cameras.
And if you set them off, they pulled you over, they took your temperature manually, and then they did a test, a nose swab for coronavirus.
And then I came back into the UK and I went through Heathrow and I was where is everyone? There is no testing.
So it's just I just kind of feel that, you know, this is something that's so useful.
Maybe it's not foolproof, but I definitely think it helps identify people who you otherwise would be unable to identify.
And if you set them off, they pulled you over, they took your temperature manually, and then they did a test, a nose swab for coronavirus.
And then I came back into the UK and I went through Heathrow and I was where is everyone? There is no testing.
So it's just I just kind of feel that, you know, this is something that's so useful.
Maybe it's not foolproof, but I definitely think it helps identify people who you otherwise would be unable to identify.
It's interesting, the whole testing thing. We have to come back to that in a second because basically employees are trying to get around that.
They don't have the tests, so they're trying to do other stuff.
And this other service called Clear that takes temperatures with a thermal camera and verifies the results of their medical tests for the virus, sharing the results with employers as color-coded scores like green or red.
What does that mean? Fire them?
They don't have the tests, so they're trying to do other stuff.
And this other service called Clear that takes temperatures with a thermal camera and verifies the results of their medical tests for the virus, sharing the results with employers as color-coded scores like green or red.
What does that mean? Fire them?
So do you need special cameras to do this kind of thing, or is this something that could be done with an iPhone app or something like that?
Well, I don't think an iPhone app can take your temperature?
Well, I don't know. I mean, they're jolly clever these days.
I got to play with one in the UAE, and it was so awesome. It identifies your face, takes a photo of your face, and then it tells you your average body temperature.
And you can see through the— The thermal camera will show the hot parts of your body and whatever, and they compare it. And it was very cool. Very cool indeed.
And you can see through the— The thermal camera will show the hot parts of your body and whatever, and they compare it. And it was very cool. Very cool indeed.
But how have they managed to roll these things out quickly in some countries?
Yeah, it took Microsoft 23 years.
But you said, Heathrow Airport, when Lisa arrived at Heathrow Airport, there was nothing at all. It was "Oh, you're coming." Her fans were there.
We know that.
We won't get started on that. That's another conversation.
Okay, now here's my issue with it though. What if I were sick? I'm sick, right?
Yes.
And I don't know that I'm sick. Or what if I were pregnant?
Right.
The first person who's going to find out about that stuff is my employer.
Would it though?
Just saying, your temperature goes up in some situations like pregnancy and illness, any illness, but your employer, under this, your employer is going to know before you or your doctor could potentially know.
And I don't know if we need to care about that. What are they doing with that data that they're gathering?
Some companies, Subway says it's gathering a lot of data like this, and this is how it's going to try and manage everything. But it's going to dump the data after 30 days.
And I don't know if we need to care about that. What are they doing with that data that they're gathering?
Some companies, Subway says it's gathering a lot of data like this, and this is how it's going to try and manage everything. But it's going to dump the data after 30 days.
I think this is half the problem with fear generally.
When anything happens that causes widespread fear and panic, I think you've got to sort of, it's a really difficult balance to work out how much privacy are we willing to sacrifice and is that actually necessary and proportionate, see lawyer talk, necessary and proportionate to the risk that we face.
Because actually, you know, privacy, as we know from looking at some other countries, you know, it can be the hardest thing in the world to fight to get back.
When anything happens that causes widespread fear and panic, I think you've got to sort of, it's a really difficult balance to work out how much privacy are we willing to sacrifice and is that actually necessary and proportionate, see lawyer talk, necessary and proportionate to the risk that we face.
Because actually, you know, privacy, as we know from looking at some other countries, you know, it can be the hardest thing in the world to fight to get back.
Back.
So, you know, how easily do we want to give that up?
Some firms— and this is from Ford— they are basically making employees sign, read a questionnaire and then agree with these 4 questions, have you ever received a confirmed diagnosis for coronavirus in the last 14 days?
Have you traveled internationally in the last 14 days? Have you had close contact or cared for someone with? But what, they have to answer that every day?
Have you traveled internationally in the last 14 days? Have you had close contact or cared for someone with? But what, they have to answer that every day?
Yeah, exactly.
That's why I'm just wondering, you know, you get your username, password to log into your computer, and now you've got to answer this 18-questionnaire.
That's what I think is so weird about all the testing, and I know you said you're going to come on to that, but it gives you a point in time.
Okay, at this present moment in time, no, you don't have the virus, but you could walk down the street and catch the virus straight away.
So I'm not really sure, you know, how we sort of manage that really.
Okay, at this present moment in time, no, you don't have the virus, but you could walk down the street and catch the virus straight away.
So I'm not really sure, you know, how we sort of manage that really.
How many tests? Exactly, exactly. There's social distancing wristbands and there's immunity badges. This one's quite interesting for employees.
So, you know, if employees have developed coronavirus antibodies, they could be wearing a badge or a wristband that basically says, hey, you're cool to work.
So everyone's trying to jump on the bandwagon. PwC have a contact tracing app they're developing.
Salesforce are working on a new tool called Work.com to help employers safely reopen.
So everyone's trying to jump on the bandwagon. PwC have a contact tracing app they're developing.
Salesforce are working on a new tool called Work.com to help employers safely reopen.
And the thing is, a lot of this stuff is very invasive to privacy, but the question is whether it will save lives.
And to the point you made earlier, Lisa, a lot of these tools like infrared thermometers and antibody tests, at the moment can be wildly inaccurate, right?
And to the point you made earlier, Lisa, a lot of these tools like infrared thermometers and antibody tests, at the moment can be wildly inaccurate, right?
Because I actually am one of the few people who've had a coronavirus test, and I was told by the person that it was 68% or 72% or something accurate.
So I mean, that's almost 50/50 really.
So I mean, that's almost 50/50 really.
So you were sick, right? Yeah, you were sick and you got a test.
Yeah.
And did you get a badge or anything like that? Were you given a little—
She was stamped.
Was it like taking out a library book? They stamp you with a date and say, as of this date, we think she's all right.
No, I didn't get any rewards. I didn't even get any chocolate.
Oh, a cup of tea or a biscuit or something is the least you'd expect.
Literally, it was just a weird encounter where someone gave me a test on my front door and then that was it.
But if you go back to work, right, and everyone's wearing gloves and you're getting your temperature taken at all times and everything's being logged and beeped and all this, you might get this false sense of security because it doesn't deal with the problem that people can spread the virus if they don't have a fever.
Yeah, especially the young people, they don't even get symptoms sometimes. So how do you manage that?
Exactly.
Mm-hmm.
So, and the other issue, of course, is people are trying to capitalize on this, right? Lots of big companies are trying to put tools in place and they're working at record speed.
And the concern is obviously the proper considerations for the potential effects, where are sunset clauses, to use lawyer speak, in all this stuff, right?
So, you know, once the data is all collected, can we dump it all? So we need screening is actually what we need, but to your point, right, how many times do you screen people?
Can you screen people every time they come into work every morning?
And the concern is obviously the proper considerations for the potential effects, where are sunset clauses, to use lawyer speak, in all this stuff, right?
So, you know, once the data is all collected, can we dump it all? So we need screening is actually what we need, but to your point, right, how many times do you screen people?
Can you screen people every time they come into work every morning?
And there's a cost as well.
There's a cost to this, and a lot of these companies, you know, they've all been hit really hard by the fact they've had to close for months, you know, which obviously wasn't in their business continuity plans.
And, you know, I think there's a huge cost to some of this as well that's, you know, got to be taken into consideration because a lot of these companies don't have a bottomless pit of money.
There's a cost to this, and a lot of these companies, you know, they've all been hit really hard by the fact they've had to close for months, you know, which obviously wasn't in their business continuity plans.
And, you know, I think there's a huge cost to some of this as well that's, you know, got to be taken into consideration because a lot of these companies don't have a bottomless pit of money.
No, and they're under pressure from the government to try and make the environment as safe as possible under the conditions that we're currently facing.
So that's happening, and no one has all the information right now. We're still discovering it day by day.
But personally, I feel if a company offered free masks, more handwashing facilities, big deep night cleans, and you'd have to reorganize the office to maintain the appropriate distances and all that stuff, it's going to be a big deal.
It's going to be hard for companies, and it's going to be hard for employees.
It makes sense that lots of employees are actually thinking, you know what, I'd rather stay at home and work from home. If I can.
So that's happening, and no one has all the information right now. We're still discovering it day by day.
But personally, I feel if a company offered free masks, more handwashing facilities, big deep night cleans, and you'd have to reorganize the office to maintain the appropriate distances and all that stuff, it's going to be a big deal.
It's going to be hard for companies, and it's going to be hard for employees.
It makes sense that lots of employees are actually thinking, you know what, I'd rather stay at home and work from home. If I can.
Yeah.
Lots can't.
Yeah.
Right?
I remember once, I used to briefly be a manager. I had some people who worked for me and I had to— nothing as serious as the coronavirus.
We had an issue where we knew one member of the team had particularly bad body odour. I was concerned about this. And so I went around and did a test. I didn't want it to be invasive.
I didn't want to draw attention.
We had an issue where we knew one member of the team had particularly bad body odour. I was concerned about this. And so I went around and did a test. I didn't want it to be invasive.
I didn't want to draw attention.
A sniff test?
Sniff test?
Were you wafting your hand towards your nose a wine connoisseur, a sommelier with a clipboard in his hand?
Exactly. I just felt it was my duty as the manager to get to the bottom of this.
You know, was it someone visiting our department who deposited their scent, or was it one of the web developers instead?
And it's not an easy thing to do, and it's something which has to be done sensitively by someone.
And I think there's a lot perhaps I could teach companies about how to handle these things appropriately, and sometimes to tell people, go and have a bath or work from home.
You know, was it someone visiting our department who deposited their scent, or was it one of the web developers instead?
And it's not an easy thing to do, and it's something which has to be done sensitively by someone.
And I think there's a lot perhaps I could teach companies about how to handle these things appropriately, and sometimes to tell people, go and have a bath or work from home.
I don't think we're gonna have to worry about body odor issues for a while with the 2-meter distance. Well, so if you smell it, you're too close.
That should be the t-shirts you should make.
That should be the t-shirts you should make.
Oh my God, that's the new announcement that Boris should make.
Exactly. Yeah, I'm not wearing deodorant. If you could smell me, back the fuck up, people.
Oh my goodness Carole, you've just worked it. This is it, this is it.
Lisa, Lisa, listen, what the government should do is they should hand out spray cans, not of deodorant, but odorant.
Everyone has to make themselves stink before they leave the house, and then naturally people will keep their distance.
Lisa, Lisa, listen, what the government should do is they should hand out spray cans, not of deodorant, but odorant.
Everyone has to make themselves stink before they leave the house, and then naturally people will keep their distance.
Yeah, but it's all the same stink. It doesn't work, right? Yeah, 'cause otherwise your nose gets used to it. No. That's why your own B.O. doesn't bother you.
Oh, I see. So it has to—
Everyone has to just stop using deodorant. Stop washing.
Oh my goodness.
It's such a bad idea.
So you have to wash your hands, but you can't shower.
Yep.
Yep.
Not your pits.
To be honest, I think this will just improve our international reputation as a country.
We'll catch up with the French this way.
Yeah, we'll be— we're just— yeah, everyone's gonna think we're awesome. They'll be like, look at the British smashing it.
Yet again, boom.
If you listen to our show regularly, you'll know that hackers never stop innovating.
Immersive Labs gives security professionals practical and gamified content to keep pace with the latest threats.
Sign up to get instant access to more than 24 hours of free labs and a new lab to try out each week.
Latest being their red and blue team labs on the SaltStack vulnerabilities, which were in the news last week. Go check it out at immersive labs.com/smashing security.
Immersive Labs gives security professionals practical and gamified content to keep pace with the latest threats.
Sign up to get instant access to more than 24 hours of free labs and a new lab to try out each week.
Latest being their red and blue team labs on the SaltStack vulnerabilities, which were in the news last week. Go check it out at immersive labs.com/smashing security.
Maybe you don't have a single sign-on password manager, or maybe you do and you're not really happy with it. Well, why don't you start a free 14-day trial of LastPass Enterprise?
You can manage every access point with integrated single sign-on and password management.
Let me tell you about some extra features: central admin dashboard, easy user management, group management, directory integrations, and the list goes on.
Check it out at lastpass.com/smashing.
You can manage every access point with integrated single sign-on and password management.
Let me tell you about some extra features: central admin dashboard, easy user management, group management, directory integrations, and the list goes on.
Check it out at lastpass.com/smashing.
Thanks to the folks at Oracle for sponsoring this week's show.
They've produced a new report with KPMG that reveals there's a crisis in confidence caused by a patchwork approach today to security.
Ransomware, misconfigured services, and confusion around cloud security.
For instance, 75% of IT pros view the public cloud as more secure than their own data centers, yet 92% don't think they're well prepared to secure public cloud services.
Read the report for yourself. Grab it at smashingsecurity.com/oracle-report.
They've produced a new report with KPMG that reveals there's a crisis in confidence caused by a patchwork approach today to security.
Ransomware, misconfigured services, and confusion around cloud security.
For instance, 75% of IT pros view the public cloud as more secure than their own data centers, yet 92% don't think they're well prepared to secure public cloud services.
Read the report for yourself. Grab it at smashingsecurity.com/oracle-report.
On with the show.
And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.
Better frickin' not be.
And my Pick of the Week this week is not security-related. It is a documentary which I watched last night. And it is called Into Eternity.
Into Eternity?
Into Eternity.
This sounds incredibly deep and philosophical.
Oh yes, exactly. Welcome to my existential void and join me into— This is a movie by Danish director Michael Madsen, who is looking into something called Onkalo.
Now Onkalo means in Finnish, cavity. So he is exploring—
Now Onkalo means in Finnish, cavity. So he is exploring—
Where is this going?
So what this is— get your minds out of the gutters, for goodness' sake. This is my pick of the week, not yours. This is all about a nuclear waste dump in Finland called Onkalo.
So there's a problem with nuclear waste, it turns out. We hadn't noticed before. But they've realised that nuclear waste, unfortunately, is a byproduct of nuclear power.
And unfortunately, nuclear waste tends to last about 100,000 years.
So there's a problem with nuclear waste, it turns out. We hadn't noticed before. But they've realised that nuclear waste, unfortunately, is a byproduct of nuclear power.
And unfortunately, nuclear waste tends to last about 100,000 years.
They should have called Microsoft in to help with the problem.
It's the right timescale for them to come up with a solution as well.
So, they're thinking, what can we do with nuclear waste? Can we put it at the bottom of the sea? Perhaps not such a good idea, because the sea's rather important.
We don't want to pollute it. Could we— I was speaking to my wife, I said— and she said, well, why don't they put it up in space?
We don't want to pollute it. Could we— I was speaking to my wife, I said— and she said, well, why don't they put it up in space?
Yes.
Not such a good idea, because what if the spaceship blows up at launch, which sometimes spaceships do?
Oh.
And then you've got loads of nuclear waste everywhere. Makes a great big mess and causes problems.
Mm.
So—
Hadn't thought of that.
So what the Finns have come up with is Onkalo, which is a great big hole in the ground.
And they have been digging for the last, I don't know, 15, 20 years or something, a humongous cave network in this bit of Finland West Finland, which is gonna be a city-size area.
And they are planning to dump all of their nuclear waste into it. And it's absolutely huge, this thing. They're gonna dump nuclear waste into it for the next 100 years.
They think it has the capacity to store about 100 years' worth of Finland's nuclear waste.
'Cause Finland passed a law which meant they weren't allowed to shove their nuclear waste into other countries, which is quite decent of them.
And they have been digging for the last, I don't know, 15, 20 years or something, a humongous cave network in this bit of Finland West Finland, which is gonna be a city-size area.
And they are planning to dump all of their nuclear waste into it. And it's absolutely huge, this thing. They're gonna dump nuclear waste into it for the next 100 years.
They think it has the capacity to store about 100 years' worth of Finland's nuclear waste.
'Cause Finland passed a law which meant they weren't allowed to shove their nuclear waste into other countries, which is quite decent of them.
Them.
So they thought, we're gonna have to deal with it here.
And they're putting it all the way underground, deep, deep underground, because that's the area which isn't affected by earthquakes and volcanoes and seismic shifts.
But after 100 years, once it's full up, they're gonna concrete over it. But then they have this challenge, which is the waste is gonna last 100,000 years.
And in 100,000 years, the world is gonna be a very different place, right? Pyramids have only been around for a few thousand.
And they're putting it all the way underground, deep, deep underground, because that's the area which isn't affected by earthquakes and volcanoes and seismic shifts.
But after 100 years, once it's full up, they're gonna concrete over it. But then they have this challenge, which is the waste is gonna last 100,000 years.
And in 100,000 years, the world is gonna be a very different place, right? Pyramids have only been around for a few thousand.
Oh, I don't think so. I think it'll be exactly the same. I don't think there'll be any changes at all.
I'm with Carole. I don't think—
We'll still have iPhones.
It'll be the same.
So, you know, we only hit— the pyramids were only built a few thousand years ago. What's it going to be like in 100,000 years, right? It'll be after an ice age.
I don't think you'll be around.
Well, don't you think, Carole, that we should consider the implications of putting all this really dangerous stuff underground? Because in 100,000 years, someone might dig it up.
So the documentary looks at this question of how do we communicate to people in 100,000 years, whatever form those people might be, that they really shouldn't go digging there.
And I think that's quite an interesting thought.
So the documentary looks at this question of how do we communicate to people in 100,000 years, whatever form those people might be, that they really shouldn't go digging there.
And I think that's quite an interesting thought.
Yeah. So I thought about this before, but not from the Finnish point of view. There is a French think tank that was trying to discuss this exact problem.
And I seem to remember to somehow genetically modify cats. So if— What? Are you for real?
And I seem to remember to somehow genetically modify cats. So if— What? Are you for real?
I'm not kidding.
This is what I remember. This is what I remember. And I think it was on the podcast— There's no such thing as a fish.
And that— So if a cat got close to the site, it would turn a color.
And that— So if a cat got close to the site, it would turn a color.
I'm so— What?
In order to try and communicate that it was dangerous.
This is embarrassing. Carole, do you seriously think that's true?
Real.
I'm just saying what I mean. I don't think—
This does sound like something I would come up with, to be fair. And I can assure you, because it's come from me, it will not work. It will not work.
Well, please, have you got any other ideas other than the cats which change colour in 100,000 years?
They were gonna get artists—
Is this better or worse than the cat idea before we go any further?
Well, I don't know.
You tell me. They were gonna get artists, temporary artists, to decorate the building. And have it be handed down like storytelling from generation to generation.
So it would only be there for a few years, the next artist would take it, they would hand it over, and that way it would carry on as long as humanity was around.
But it doesn't deal with the whole, what if we weren't around for—
So it would only be there for a few years, the next artist would take it, they would hand it over, and that way it would carry on as long as humanity was around.
But it doesn't deal with the whole, what if we weren't around for—
Or indeed the problem of how stories change over thousands and thousands of years and might get rather garbled, and suddenly it becomes there's this incredible treasure at the bottom of this pit, which maybe you want to dig up.
Something that both of you are overlooking, that actually humans are no longer around and the world is ruled by cows. Can cows read art?
Could the cows—
I'll be exploring this in a new blog piece if anyone's interested.
Could cows change colour as well?
Could—
I mean, you could see—
I will look for it. I will look for it. I will look for it.
You're saying that they were suggesting—
I'm saying I heard a podcast about this and I'm remembering it from here, having heard it a few years ago. If I'm right, it's amazing.
So cats would change colour if they went to this particular part of Finland?
It was something about doing what? Genetically modifying cats so the colour, the cats would change like a bright orange or a bright blue. It was a colour that wasn't in nature.
Like they would make you kind of go, what the heck's going on?
Like they would make you kind of go, what the heck's going on?
You are giving Elon Musk ideas here, to be honest. He'll listen to this and go, right, how can we make something—
Because genetically modifying cats, that's definitely not going to go wrong, is it? We'll end up with cats that taste like apples.
No, no, no, no, no.
Taking over.
Well, now that we have robo-dogs, right?
I reckon dogs would be a better bet though. They're more controllable.
Cats, you can't trust them. But can I say that Into Eternity is quite a good documentary, which—
Oh, I'm sorry I stole your story with my much more interesting side notes.
I agree. No, Carole, you definitely saved it. It was much better.
Lisa, what's your Pick of the Week?
Okay, so as some of you may know, I am a mountaineer and I've climbed big mountains around the world.
Mountaineer, vlogger.
I love it. I absolutely love it.
And I feel at peace when I'm being hit with 70-mile-an-hour winds, icy temperatures, and high-altitude headaches that make hangovers look like a spa day.
That's just what I do with my spare time.
Anyway, I've been rereading an amazing book called No Way Down by Graham Bowley, and the book is about what is probably one of the worst mountaineering disasters in history where in one night half the climbers on the mountain died.
It was absolutely horrific.
And it's all set on what is probably the most fearsome and dangerous mountain in the world, which is also the second highest, which is K2, which stands at an impressive 8,600 and something meters.
And for those of you who don't know, everything above 8,000 meters is referred to in mountaineering as the death zone because your body actually cannot survive there for really much more than 48 hours.
Because there's so little oxygen.
And I feel at peace when I'm being hit with 70-mile-an-hour winds, icy temperatures, and high-altitude headaches that make hangovers look like a spa day.
That's just what I do with my spare time.
Anyway, I've been rereading an amazing book called No Way Down by Graham Bowley, and the book is about what is probably one of the worst mountaineering disasters in history where in one night half the climbers on the mountain died.
It was absolutely horrific.
And it's all set on what is probably the most fearsome and dangerous mountain in the world, which is also the second highest, which is K2, which stands at an impressive 8,600 and something meters.
And for those of you who don't know, everything above 8,000 meters is referred to in mountaineering as the death zone because your body actually cannot survive there for really much more than 48 hours.
Because there's so little oxygen.
Fun. Sounds so fun.
Sounds fun.
I know, it's difficult to explain why I do it in many ways, but anyway, I do. And in 2008, this disaster hit K2 where a serac, which is sort of a tower of ice, collapsed.
And basically it severed a load of the fixed ropes, which are the only lifeline to all the climbers who were above and in the death zone.
And it's a truly unbelievable story that I think is obviously tragic, but it's really interesting to see how when human beings are really truly pushed to the limit, the absolute limit of survival, just how amazing they can be.
The teamwork and the morale and the bravery is just unbelievable. So definitely go read the book.
But if you're not really inclined to go and read a book about it, Amazon Prime Video actually have a documentary you can watch called The Summit, which is on the exact same topic, and it's really awesome to go watch, even if you're not into mountaineering.
I just think it's such an inspiring story of bravery, really. So yeah, mine is obviously— Graham talked about nuclear waste, I talked about dying high on high-altitude mountains.
So hopefully Carole will save the day.
And basically it severed a load of the fixed ropes, which are the only lifeline to all the climbers who were above and in the death zone.
And it's a truly unbelievable story that I think is obviously tragic, but it's really interesting to see how when human beings are really truly pushed to the limit, the absolute limit of survival, just how amazing they can be.
The teamwork and the morale and the bravery is just unbelievable. So definitely go read the book.
But if you're not really inclined to go and read a book about it, Amazon Prime Video actually have a documentary you can watch called The Summit, which is on the exact same topic, and it's really awesome to go watch, even if you're not into mountaineering.
I just think it's such an inspiring story of bravery, really. So yeah, mine is obviously— Graham talked about nuclear waste, I talked about dying high on high-altitude mountains.
So hopefully Carole will save the day.
I'll take us home, kids. I'll take us home.
What's your pick of the week?
So my buddy Dan Ring, actually, he was on the show once. He came on the show.
I don't remember what episode, but Dan Ring calls me on Friday and he's like, I can't find any good bread anywhere.
Show me, he says, show me how to make bread because I make bread and—
I don't remember what episode, but Dan Ring calls me on Friday and he's like, I can't find any good bread anywhere.
Show me, he says, show me how to make bread because I make bread and—
Your bread's pretty good, I have to say. Yes, lovely.
Yeah, yeah. And I come from a generation of bread makers. Mom made bread, Gran made bread, everyone made bread. So I do, I help him out.
And we did it in 3 15-minute calls over a period of 2 days.
And it turns out the problem, the reason I wanted to share this as my pick of the week, 'cause it's actually a recipe, okay?
But it turns out that during the lockdown, a lot of people have gotten in on the bread-making bandwagon.
And we did it in 3 15-minute calls over a period of 2 days.
And it turns out the problem, the reason I wanted to share this as my pick of the week, 'cause it's actually a recipe, okay?
But it turns out that during the lockdown, a lot of people have gotten in on the bread-making bandwagon.
Yes, they have.
And there seems to be a bit of a yeast shortage and a bread flour shortage out there, seriously.
And for someone like me who's like, normally you never even think about it, you just go pick it up, suddenly it wasn't there, right?
And for someone like me who's like, normally you never even think about it, you just go pick it up, suddenly it wasn't there, right?
It's like loo paper. Well, it's not like loo paper, but it's—
It's gold, I was gonna say gold, yeah.
Well, I think that's the exchange rate.
Yes, of course.
One loo roll to—
No, you have a lot of gold in your house, though, don't you?
We have about 250 rolls of gold in our house at the moment, yes.
Oh, you're one of the loo hoarders.
Do you know that there was a story in the paper? This guy went back, he had 3,000 rolls of toilet paper, and he went back to the store where he'd bought it. I don't know, whatever.
And he says, yeah, I'd like to sell these back to you because it turns out I don't really need them. And the guy was like, fuck you, you've ruined my life.
And he says, yeah, I'd like to sell these back to you because it turns out I don't really need them. And the guy was like, fuck you, you've ruined my life.
That's an arrestable offence, surely.
Yeah, Graham, watch it. Watch it, Graham.
Graham, what are you doing?
We explained this last week. It was all— we have a totally valid— No, we couldn't buy a smaller quantity of lavatory paper.
And meanwhile, this other service which we had been using to regularly deliver loo paper, we couldn't get onto its website to cancel our order of our monthly delivery of loo paper.
And meanwhile, this other service which we had been using to regularly deliver loo paper, we couldn't get onto its website to cancel our order of our monthly delivery of loo paper.
Uh-huh.
I can't believe you're hijacking my story again.
Well, it's only because Lisa—
To tell your loo paper story.
Lisa is spreading this scandalous rumor about me when— Well, I don't know if it's scandalous.
Especially if you say it like that, you know it's gonna be outrageous. Too close to the bone.
Scandalous. I'm a victim. I'm a victim of circumstance. And anyway, yeah. That's all gonna get cut out.
Is it? Is it? Anyway, yeast is like gold at the moment. Hard to get a hold of. But don't despair, I'm here, right?
Oh, thank goodness.
I'm going to introduce you to a recipe by Jim Leahy. He became a bread sensation in New York about 15 years ago. I went to his restaurant. It's awesome. Blah, blah, blah.
It's a great, great bread. But what is the best thing about it is you only need a quarter teaspoon of yeast for each loaf, as opposed to a tablespoon per loaf.
So you can basically make 10 loaves with the same amount of yeast as you would make a normal loaf. So it's worth making. All you need is a big pot.
I'm gonna put the recipes and a video inside the show notes. If you wanna make bread, this is a good one to do.
It's a great, great bread. But what is the best thing about it is you only need a quarter teaspoon of yeast for each loaf, as opposed to a tablespoon per loaf.
So you can basically make 10 loaves with the same amount of yeast as you would make a normal loaf. So it's worth making. All you need is a big pot.
I'm gonna put the recipes and a video inside the show notes. If you wanna make bread, this is a good one to do.
And this is gonna sound like a stupid question, but in what do you make bread?
Well, you can make it anything, but this one you make in a pot, like a Dutch oven type thing, or like a Le Creuset pot. Yeah.
And you put that in your oven and you get it all hot and then you dump the dough inside and it kind of makes like a little steam oven.
And you put that in your oven and you get it all hot and then you dump the dough inside and it kind of makes like a little steam oven.
And it's pretty sensational.
Well, look, I put a picture. I put a picture inside the show notes of Dan's bread. This is his first loaf ever that he made.
Oh, that's Dan's, is it?
That's Dan's first loaf.
Amazing.
Yep, and he's thrilled. So there you go. So all the information that I've given him is there. And if you need expert advice, you can tweet Smashing Security and I'll reply.
Graham will make sure of it. Yes.
Graham will make sure of it. Yes.
Fantastic. Well, I think that's terrific.
And by the way, if anyone wonders what we mean by the show notes, if your podcast app isn't showing you just go to smashingsecurity.com to this episode, which is 178, and all of our links are listed up there.
And that just about wraps it up for the show today. Lisa, I'm sure lots of our listeners would love to follow you online. What is the best way for folks to do that?
And by the way, if anyone wonders what we mean by the show notes, if your podcast app isn't showing you just go to smashingsecurity.com to this episode, which is 178, and all of our links are listed up there.
And that just about wraps it up for the show today. Lisa, I'm sure lots of our listeners would love to follow you online. What is the best way for folks to do that?
Obviously Twitter, LinkedIn, Instagram. On Twitter I'm @LisaForteUK, and you can read my blog at red-goat.com.
Terrific. And you can follow us on Twitter @SmashingSecurity, no G, Twitter, LastPass, must have a G. And you can also join us on the Smashing Security subreddit.
Go and look for us up there. And don't forget, if you don't want to miss another episode, subscribe in your favorite podcast apps such as Apple Podcasts, Spotify, or Pocket Casts.
Go and look for us up there. And don't forget, if you don't want to miss another episode, subscribe in your favorite podcast apps such as Apple Podcasts, Spotify, or Pocket Casts.
As always, faithful listeners, thank you. We really wouldn't do this without you. If you weren't there, we would not be doing this.
But also a huge thank you to this week's Smashing Security sponsors, Oracle, Immersive Labs, and LastPass. Their support helps us give you this show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
But also a huge thank you to this week's Smashing Security sponsors, Oracle, Immersive Labs, and LastPass. Their support helps us give you this show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
Until next time, cheerio. Bye-bye.
Stay safe out there.
Ciao.
Wash your freaking hands.
Yeah, wash your freaking hands. Don't shower.
Yeah, exactly.
Don't drink bleach. Don't get on the tube. Stop using public transport. Don't drive to Wales for exercise.
But do bike.
Ah, good. Excellent. I think we've done our bit for public safety there. Yep.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Lisa Forte – @LisaForteUK
Show notes:
- Me Too! — Microsoft tells the story of the Bedlam DL3 email storm.
- Microsoft employees swept up in GitHub reply-all email apocalypse — Business Insider.
- Microsoft now blocks reply-all email storms to end our inbox nightmares — The Verge.
- Reply All Storm Protection in Exchange Online — Microsoft Tech Community.
- The NHS's massive email storm — Graham Cluley.
- Entertainment Law Firm Hacked in Major Data Breach, Ransomware Attack — Variety.
- Coronavirus: Commuters told to 'prepare to queue' in new guidance — BBC News.
- Employers Rush to Adopt Virus Screening. The Tools May Not Help Much — The New York Times.
- Robot dog enforces social distancing in city park — BBC News.
- Onkalo spent nuclear fuel repository — Wikipedia.
- Into Eternity — Wikipedia.
- Finland buries its nuclear past — BBC News.
- The plan to protect humans from radioactive waste with color-changing cats — Business Insider.
- The Summit trailer — YouTube.
- No Way Down: Life and Death on K2 — Amazon.com.
- Jim Lahey's No-Knead Bread Recipe — Leite’s Culinaria.
- No Knead Bread Recipe — YouTube.
- No-Knead Bread Recipe — New York Times.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: Oracle
Oracle has partnered with KPMG to produce a new cloud threat report. It reveals a crisis of confidence caused by a patchwork approach to data security, misconfigured services and confusion around cloud security models. This will only be fixed by organizations making security part of the culture of their business.
Read the full report at smashingsecurity.com/oraclereport.
Sponsor: LastPass
LastPass Enterprise makes password security effortless for your organization.
LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Sponsor: Immersive Labs
Immersive Labs gives security professionals practical and gamified content to keep pace with the latest threats.
Listeners can signup at immersivelabs.com/smashing to get instant access to more than 24 hours of free labs AND a new lab to try out each week.
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, Spotify, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
