Uber covers up a data breach, the noose tightens on net neutrality, and Bulletproof’s website spills the data beans.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by umm.. nobody because they didn’t arrange a special guest.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
What is a hamburger? A hamburger is different from a beef burger, right? Because ham comes from pigs.
Yeah, that's not where the name comes from. It's Hamburg, the place.
Oh, really?
Yeah.
And it's nothing to do with Hamburglers? No. Smashing Security, Episode 55: Uber, Net Neutrality, and Website Hacks with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to another episode of Smashing Security, episode 55, for the 30th of November, 2017. I'm Graham Cluley.
Hello, hello, and welcome to another episode of Smashing Security, episode 55, for the 30th of November, 2017. I'm Graham Cluley.
And I'm Carole Theriault.
And once again, we are going to dive into the murky waters of cybersecurity. But hey, Carole, in the last regular episode, we missed a big story, didn't we?
Oh yeah, we did.
Uber's farcical data breach incident, 57 million account users found that they had been compromised by a hack.
A hack which is said to have happened back in October 2016, but has only been made public a year later. Not because Uber didn't know about it, but because Uber covered it up.
A hack which is said to have happened back in October 2016, but has only been made public a year later. Not because Uber didn't know about it, but because Uber covered it up.
I know, it's so shameful.
I think you should just tell the story, just give the highlights of how it actually happened from what you've pieced together so far, because it's just fascinating.
I think you should just tell the story, just give the highlights of how it actually happened from what you've pieced together so far, because it's just fascinating.
It seems that Uber found out October 2016 that they'd been hacked and these attackers had accessed a GitHub coding site used by some Uber engineers.
They'd stolen credentials, which they grabbed from there to access an Amazon Web Services account where Uber had other information.
And via that, the hackers were able to make off with all this information. So far, so normal for a data breach.
But of course, this is Uber, which I don't know if you've ever traveled by Uber, but I found them— I have. Yeah, it's really convenient, right? It's a great app.
And you think, wow, this is amazing. I'm in a taxi. Woo-hoo. Working, but by all accounts, not that great a company.
They'd stolen credentials, which they grabbed from there to access an Amazon Web Services account where Uber had other information.
And via that, the hackers were able to make off with all this information. So far, so normal for a data breach.
But of course, this is Uber, which I don't know if you've ever traveled by Uber, but I found them— I have. Yeah, it's really convenient, right? It's a great app.
And you think, wow, this is amazing. I'm in a taxi. Woo-hoo. Working, but by all accounts, not that great a company.
Totally loved giving them my credit card details as well. Loved that bit.
In some ways similar to Amazon, right? Where you get a fantastic service, but there are reports that maybe they're not a terrific company.
Reports. There's been like, they've not stopped being in the news for the last at least 6 months.
Well, here's the interesting thing. So they discovered this data breach had occurred. And it appears that Uber covered it up.
Their security team, which was led at the time by Joe Sullivan—
Their security team, which was led at the time by Joe Sullivan—
Someone that we've had a few encounters with.
We've had a couple of run-ins with Joe in our past. Yeah.
Hi, Joe, if you're listening.
Well, I doubt it. When we've written about Facebook security issues.
Well, he moved on to Uber and he was spearheading the company's response to the breach by giving the attackers $100,000 in the form of a bug bounty in order to keep the breach quiet.
And please don't do anything with the data.
Well, he moved on to Uber and he was spearheading the company's response to the breach by giving the attackers $100,000 in the form of a bug bounty in order to keep the breach quiet.
And please don't do anything with the data.
It's shut the fuck up money, right?
That's exactly right. And they didn't inform anyone, didn't inform the users, didn't inform the authorities who were already investigating Uber for a number of other reasons.
No one will ever know.
Well, unfortunately, the new CEO who came in in September this year just found out about it last week and kicked Joe and one of Joe's buddies out of Uber and said, "You're no longer running security because we can't trust you." And said that this was reprehensible, which I think it was, quite frankly.
I think it's not so much the paying of the hackers because that does happen.
Of course, hackers do try and extort money out of businesses and sometimes it can be pragmatic, maybe to pay the hackers, that's one whole debate.
What I think is outrageous is not telling those users, not coming clean and saying we've had a security incident and trying to sweep it under the carpet.
I think it's not so much the paying of the hackers because that does happen.
Of course, hackers do try and extort money out of businesses and sometimes it can be pragmatic, maybe to pay the hackers, that's one whole debate.
What I think is outrageous is not telling those users, not coming clean and saying we've had a security incident and trying to sweep it under the carpet.
It is quite cool that the new CEO has basically, you feel like she's lifted up a bit of furniture and found this hornet's nest.
I know their name is Dara, but I've got a feeling it's a chap. I'll just Google Image and try and work it out. Oh yes, Dara has got a beard. Okay, yes, Dara is a man.
Anyway, so I'm going to say that again.
So I think it's good that at least the new CEO has come in and, you know, however opened a drawer and found this hornet's nest and is coming clean, even though it's going to hurt the reputation.
It's not good for Uber as a company.
So I think it's good that at least the new CEO has come in and, you know, however opened a drawer and found this hornet's nest and is coming clean, even though it's going to hurt the reputation.
It's not good for Uber as a company.
What reputation? Uber has got an appalling reputation as it is already.
This is the only sensible course of action it can take because if any more cans of worms like this are discovered, it's gonna be the death of this. Well, would it though?
I wonder if, I mean, you know, I have to ask myself, would I not use Uber after this?
This is the only sensible course of action it can take because if any more cans of worms like this are discovered, it's gonna be the death of this. Well, would it though?
I wonder if, I mean, you know, I have to ask myself, would I not use Uber after this?
Yeah, this is the thing, right? You're gonna say in your head, "Well, I already have an account with Uber.
And they already have my credit card details, and I'm gonna trust they're doing everything right with that.
So I'm just gonna carry on using the service 'cause it's so useful when I land at some airport in the middle of the night and there's no, you know."
And they already have my credit card details, and I'm gonna trust they're doing everything right with that.
So I'm just gonna carry on using the service 'cause it's so useful when I land at some airport in the middle of the night and there's no, you know."
And I think that's actually the case with most of the hacks we hear about. Everyone gets really upset for a week or two, but who actually closes their accounts?
And convenience often wins over security, doesn't it? All right, well, after the break, we'll be looking at the stories which piqued our interest this week. So join us after that.
Hello, and today's episode of Smashing Security is supported in part by Netsparker.
They are the web application and security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them.
If you want to automatically check your web applications for cross-site scripting, SQL injection, and other vulnerabilities and coding errors that can leave you and your business exposed to suspicious hackers, check out Netsparker.
Try it out now by downloading the demo from www.netsparker.com/smashing. And thanks to Netsparker for supporting the show. And welcome back.
And one of the stories which really caught my attention this week is a trendy buttered coffee company called Bulletproof. "A lot of people ask why Bulletproof?
Why did you come up with the name Bulletproof? Here's the real story. Bulletproof isn't about being physically bulletproof. Bulletproof is about being highly resilient.
Who's bulletproof? Like Superman is bulletproof. That's what we all aspire to be, and that's actually what we have inside of us." Have you ever had buttered coffee, Carole?
And convenience often wins over security, doesn't it? All right, well, after the break, we'll be looking at the stories which piqued our interest this week. So join us after that.
Hello, and today's episode of Smashing Security is supported in part by Netsparker.
They are the web application and security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them.
If you want to automatically check your web applications for cross-site scripting, SQL injection, and other vulnerabilities and coding errors that can leave you and your business exposed to suspicious hackers, check out Netsparker.
Try it out now by downloading the demo from www.netsparker.com/smashing. And thanks to Netsparker for supporting the show. And welcome back.
And one of the stories which really caught my attention this week is a trendy buttered coffee company called Bulletproof. "A lot of people ask why Bulletproof?
Why did you come up with the name Bulletproof? Here's the real story. Bulletproof isn't about being physically bulletproof. Bulletproof is about being highly resilient.
Who's bulletproof? Like Superman is bulletproof. That's what we all aspire to be, and that's actually what we have inside of us." Have you ever had buttered coffee, Carole?
I think I have had it once, but I don't even actually remember what my impression was of it, so maybe I never have had it.
Well, Bulletproof claims to do wonders to your brain and help you lose weight.
Yeah, I've read about it. I've totally read about it. I just think this is all a pile of garbage, but yes.
It sounds awfully trendy and funky.
And when you read up about it, the chap who founded the company, a guy called Dave Asprey, he claims to have spent two decades and over $1 million biohacking himself.
I think a biological hack is basically going on a diet.
But he claims that you can help — you can also similarly upgrade your brain like he lifted his IQ by 20 points, he says, and lower your biological age and learn to sleep more efficiently by drinking his coffee.
And when you read up about it, the chap who founded the company, a guy called Dave Asprey, he claims to have spent two decades and over $1 million biohacking himself.
I think a biological hack is basically going on a diet.
But he claims that you can help — you can also similarly upgrade your brain like he lifted his IQ by 20 points, he says, and lower your biological age and learn to sleep more efficiently by drinking his coffee.
Ah, blah, blah, blah, blah. Snake oil. Well, perhaps.
In your humble opinion.
Potentially.
Not the opinion of the podcast. Well, Bulletproof unfortunately has suffered a security incident.
They've been sending letters to some of their customers, and they say that they identified in the middle of last month that unauthorized computer code had been added to their website on the page which operates their checkout, where you buy all your beans and ingredients to buy this mega coffee.
They've been sending letters to some of their customers, and they say that they identified in the middle of last month that unauthorized computer code had been added to their website on the page which operates their checkout, where you buy all your beans and ingredients to buy this mega coffee.
Right, right.
And that means that the bad guys have got your bank card numbers, your expiry dates, your security codes, your names, your postal addresses, and your email addresses.
And this was going on from May 20th to October 19th.
And this was going on from May 20th to October 19th.
Shut the front door! That's — is that 6 months?
5 months, I think. Yeah. Apart from one day, October 14th, apparently according to the letter, weren't being grabbed. Now, what on earth is that about?
Is that because their website was down? I don't understand. But apparently October 14th, you're safe. The other days, you've got a problem.
Is that because their website was down? I don't understand. But apparently October 14th, you're safe. The other days, you've got a problem.
Weird.
I can't begin to understand why that was.
Yeah.
But clearly, you know, something seriously and badly went wrong, although I could find no mention of this on Bulletproof's own website.
So you have to wait until your letter comes through to tell you if you've got a problem with this or not.
I thought that maybe what they've done is perhaps a little bit unwise because clearly they've written their own checkout code, right?
They've got their own routines on their website, which are asking you for all of this information to be plugged in. And it sounds like they did a pretty poor job.
And that is particularly embarrassing for Dave Asprey, the CEO of Bulletproof. He says that we take security of our customers' personal information very seriously.
Everyone has that ready in their clipboard to cut and paste in every time they have a breach. And they're working hard to strengthen the website.
But the embarrassment for Dave Asprey is he used to be a bit of a bigwig in the security industry.
He used to be director of product management at NetScaler, which was later acquired by Citrix, VP at Blue Coat, and get this, vice president of cloud security for Trend Micro. Eek.
Eek, eek, eek. So that's rather embarrassing, isn't it?
And maybe he needs to drink some more buttered coffee to amp himself up in terms of writing some more secure website code and preventing bad guys from coming in.
So you have to wait until your letter comes through to tell you if you've got a problem with this or not.
I thought that maybe what they've done is perhaps a little bit unwise because clearly they've written their own checkout code, right?
They've got their own routines on their website, which are asking you for all of this information to be plugged in. And it sounds like they did a pretty poor job.
And that is particularly embarrassing for Dave Asprey, the CEO of Bulletproof. He says that we take security of our customers' personal information very seriously.
Everyone has that ready in their clipboard to cut and paste in every time they have a breach. And they're working hard to strengthen the website.
But the embarrassment for Dave Asprey is he used to be a bit of a bigwig in the security industry.
He used to be director of product management at NetScaler, which was later acquired by Citrix, VP at Blue Coat, and get this, vice president of cloud security for Trend Micro. Eek.
Eek, eek, eek. So that's rather embarrassing, isn't it?
And maybe he needs to drink some more buttered coffee to amp himself up in terms of writing some more secure website code and preventing bad guys from coming in.
You know, there's a lot of people out there with websites that they may hire a third party to create the website and make it secure as they can at that stage, but then they don't maintain it and they don't keep someone that knows their stuff.
They just think, oh, I can update a plugin or I can, you know, just do a few little things and things get out of date or things can be broken like this and there's no one there to spot this stuff.
They just think, oh, I can update a plugin or I can, you know, just do a few little things and things get out of date or things can be broken like this and there's no one there to spot this stuff.
Yeah.
And they really should probably have spotted that code had been changed on their website for that length of time, particularly on such a critical part of their website where compromise is basically disastrous, isn't it?
Well, they said they're going to reimburse affected customers for any reasonable documented costs if your bank refused to pay you back.
And they really should probably have spotted that code had been changed on their website for that length of time, particularly on such a critical part of their website where compromise is basically disastrous, isn't it?
Well, they said they're going to reimburse affected customers for any reasonable documented costs if your bank refused to pay you back.
And of course, they're full of regret and apologies for— You need to go out now and change your credit card details, change your credit card number.
Well, yeah, I mean, normally your expiry date is a couple of years in advance, isn't it?
So the bad guys have got a couple of years to take advantage of it unless you change your number. Obviously, always makes sense. Keep a close eye on your credit card payments.
Look for any unusual transactions and wake up and smell the Java. Let's hope their website wasn't written with Java. That would be awful, wouldn't it?
I mean, that would be even worse. So, Carole, we don't have a guest this week, so what's your story?
So the bad guys have got a couple of years to take advantage of it unless you change your number. Obviously, always makes sense. Keep a close eye on your credit card payments.
Look for any unusual transactions and wake up and smell the Java. Let's hope their website wasn't written with Java. That would be awful, wouldn't it?
I mean, that would be even worse. So, Carole, we don't have a guest this week, so what's your story?
Well, over last weekend, this was Thanksgiving holiday in the US, the FCC decided to release, well, some would say sneak out, the final draft of its net neutrality proposal.
This is the order to roll back the 2015 net neutrality protections that the Obama administration put in place.
This rollback means that internet providers like Verizon and Comcast and AT&T will be able to block content. So this is online services, apps, and websites.
And they can also throttle internet services, basically artificially slowing speeds and fast-lane those that pay more.
So, you know, imagine, for example, you snuggle down to binge some Netflix only to find that your ISP has made it unwatchable just by throttling the bandwidth.
This is the order to roll back the 2015 net neutrality protections that the Obama administration put in place.
This rollback means that internet providers like Verizon and Comcast and AT&T will be able to block content. So this is online services, apps, and websites.
And they can also throttle internet services, basically artificially slowing speeds and fast-lane those that pay more.
So, you know, imagine, for example, you snuggle down to binge some Netflix only to find that your ISP has made it unwatchable just by throttling the bandwidth.
Yeah.
In order to encourage you to move to a more expensive plan, for example.
Or imagine you can't access Facebook or other internet services, or you only have a set number of hours each month.
Or imagine you can't access Facebook or other internet services, or you only have a set number of hours each month.
So the scenario might be that when you buy your internet package, you would have to tick the box saying, oh yes, I'd like to be able to watch Netflix, or I'd like it to be speedier in some fashion, or give me access to these bits of the internet.
Otherwise, you go for a cheap option where you sort of get a second-class internet.
Otherwise, you go for a cheap option where you sort of get a second-class internet.
That's what everyone is worrying about, exactly. But it goes worse than that.
Imagine also maybe a sensitive political brouhaha is gaining steam and the ISP decides to block information on the topic or just provide you with a single point of view. So—
Imagine also maybe a sensitive political brouhaha is gaining steam and the ISP decides to block information on the topic or just provide you with a single point of view. So—
The good news, Carole, is there are no political brouhahas.
Exactly.
At the moment. Things have got really, really soft.
It's tickety-boo out there. Smooth sailing.
Yeah, exactly.
Now, worse than that, any state-level regulations that contradict the FCC's order— the one that they have in proposal right now would be preempted.
So in other words, you can't rely on local legislation to protect you.
So according to The Verge, there's only one rule left here that ISPs have to publicly disclose when they're doing these things.
So I guess I might say that on the plus side, you're always going to know when you're getting fucked. I'm just trying to shock you a little bit, wake you up, you know?
Come on, I've sworn twice now. Now, the FCC gave the public just 3 weeks to send feedback before the vote's going to be put up and the final decision is going to be made.
Now, the question is, why would the FCC reveal this over a holiday weekend?
You know, they're probably hoping that Americans are too busy stuffing their faces with sweet potato and marshmallow and turkey and all the things that they eat.
So in other words, you can't rely on local legislation to protect you.
So according to The Verge, there's only one rule left here that ISPs have to publicly disclose when they're doing these things.
So I guess I might say that on the plus side, you're always going to know when you're getting fucked. I'm just trying to shock you a little bit, wake you up, you know?
Come on, I've sworn twice now. Now, the FCC gave the public just 3 weeks to send feedback before the vote's going to be put up and the final decision is going to be made.
Now, the question is, why would the FCC reveal this over a holiday weekend?
You know, they're probably hoping that Americans are too busy stuffing their faces with sweet potato and marshmallow and turkey and all the things that they eat.
Well, all at the same time.
At exactly the same time.
Sweet potato with marshmallow and turkey.
No, no, no, not turkey. So sweet potato and marshmallow is definitely a dish.
Really?
Yes. I've also been fed something that was horseradish and lime Jell-O as a side dish to turkey. I'm not kidding. It's a challenge. I found it challenging on my palate.
So basically thinking people would be too distracted by their gorge fest to pay any heed to a boring net neutrality story. But boy, did they get it wrong.
So basically thinking people would be too distracted by their gorge fest to pay any heed to a boring net neutrality story. But boy, did they get it wrong.
They should have taken heed.
They should have taken heed. The internet scrambled into action.
And as Slate puts it, "If you're concerned about the fact that the internet could be a very different place in less than two months, now is a very good time to rabble-rouse." So there's a few things going on right now.
One is battleforthenet.com. This is—we've talked about these guys before in an earlier podcast, but this is a site that's dedicated to saving net neutrality.
And they've registered already 500,000 calls to Congress on this issue. And protests to oppose this draft are being organized outside Verizon stores across the country.
And these are going to take place on December 7th. Free Press Action Fund has set up a team internet, #TeamInternet.
There's a dozen new petitions to fight net neutrality on change.org. Reddit is just slammed with people calling for action.
And Reddit is actually, there's a really good—I'm gonna put this in the show notes—there's a really moving post actually by Reddit to the community and it's a great read.
So all these things are going on. So those people that wanna get involved, there are things that you can do. What not to do, however, and this is based on a segment on Fox News.
So some activists have been going to Ajit Pai's home in suburban Virginia with signs directed at his children.
And as Slate puts it, "If you're concerned about the fact that the internet could be a very different place in less than two months, now is a very good time to rabble-rouse." So there's a few things going on right now.
One is battleforthenet.com. This is—we've talked about these guys before in an earlier podcast, but this is a site that's dedicated to saving net neutrality.
And they've registered already 500,000 calls to Congress on this issue. And protests to oppose this draft are being organized outside Verizon stores across the country.
And these are going to take place on December 7th. Free Press Action Fund has set up a team internet, #TeamInternet.
There's a dozen new petitions to fight net neutrality on change.org. Reddit is just slammed with people calling for action.
And Reddit is actually, there's a really good—I'm gonna put this in the show notes—there's a really moving post actually by Reddit to the community and it's a great read.
So all these things are going on. So those people that wanna get involved, there are things that you can do. What not to do, however, and this is based on a segment on Fox News.
So some activists have been going to Ajit Pai's home in suburban Virginia with signs directed at his children.
And Ajit Pai is the chap at the FCC.
He's the chairman of the FCC.
Yes.
Yes.
Right.
So these signs are saying things like, "They will come to know the truth. Dad murdered democracy in cold blood." That's pretty harsh. So on this, I agree with Pai.
Families should just remain out of it. Don't harass people at home. I think they should be completely left out of it.
Now, the fact that Donald Trump appointed Ajit Pai to be FCC chairman, and one refers to net neutrality as "Obama's net neutrality," seems to kind of have radically politicized this whole issue.
And from an outside point of view, I really urge people to ignore the politics here.
This is more about deregulating a service that many see as the backbone of everything—of innovation, of communication, of technology, a free and open internet.
And I don't want it to wither and die. I don't want it to be censored.
Families should just remain out of it. Don't harass people at home. I think they should be completely left out of it.
Now, the fact that Donald Trump appointed Ajit Pai to be FCC chairman, and one refers to net neutrality as "Obama's net neutrality," seems to kind of have radically politicized this whole issue.
And from an outside point of view, I really urge people to ignore the politics here.
This is more about deregulating a service that many see as the backbone of everything—of innovation, of communication, of technology, a free and open internet.
And I don't want it to wither and die. I don't want it to be censored.
It sounds like the kind of thing which could be good for big businesses and for the telecoms companies, because it's another way to screw more money out of you, but a bad thing for the typical individual, really, isn't it?
I mean, it's just going to end up with the internet costing you more, or you being a second-class citizen because you can't access certain sites or use certain web services.
I mean, it's just going to end up with the internet costing you more, or you being a second-class citizen because you can't access certain sites or use certain web services.
Yes, or maybe you're offering a brand new service, or you're a non-for-profit, or you're a school.
And if they don't have the cash in their back pocket to pay for that super slick highway.
So I say, if you agree—if you think net neutrality is a good thing, you should go and do something about it. And there's loads of links in the show notes here.
But if you don't, I expect you have your own good reasons, and they're simply beyond me.
And if they don't have the cash in their back pocket to pay for that super slick highway.
So I say, if you agree—if you think net neutrality is a good thing, you should go and do something about it. And there's loads of links in the show notes here.
But if you don't, I expect you have your own good reasons, and they're simply beyond me.
But I guess— so I guess our message is just because our Lord and Savior Barack Obama thought net neutrality was a good idea shouldn't mean that people who don't like Barack Obama think that net neutrality is a bad idea.
Can I just share a factoid with you?
Yes, please.
How did net neutrality start? It's always been called the Obama thing, but actually it first started under Michael Powell, who was a Republican-appointed chairman at the FCC.
And what happened was in 2005, a small phone company based in North Carolina basically began preventing its subscribers from making phone calls using that internet application Vonage because Vonage was a competitor in the phone call market.
This action was obviously anti-competitive. So consumers complained and the FCC promptly fined the company and forced it to stop blocking Vonage.
And what happened was in 2005, a small phone company based in North Carolina basically began preventing its subscribers from making phone calls using that internet application Vonage because Vonage was a competitor in the phone call market.
This action was obviously anti-competitive. So consumers complained and the FCC promptly fined the company and forced it to stop blocking Vonage.
Kroll, you are such a font of information.
A font of information.
Well, I think that's what you say, isn't it? Font?
It is. It is. I was—
Have I done well?
I was impressed with you knowing that word.
I don't mean font like Helvetica.
Calibri.
Tahoma.
Now, it's a very important time now because we're going to hear from our sponsors, aren't we?
Yay! Are you worried that your website might be the backdoor through which hackers can access your information and steal data? Well, if so, you'll be interested in our sponsor today.
NetSparker is a web application security scanner. It can automatically find the flaws in your website security and fix them before hackers can exploit them.
You can try it out right now. To demo from www.nitsparka.com/smashing. On with the show. And welcome back to that bit of the show that we like to call Pick of the Week.
NetSparker is a web application security scanner. It can automatically find the flaws in your website security and fix them before hackers can exploit them.
You can try it out right now. To demo from www.nitsparka.com/smashing. On with the show. And welcome back to that bit of the show that we like to call Pick of the Week.
Pick of the Week.
Everyone on the show chooses something they like. Could be a funny story, a book they've read, a TV show, a movie, a record, an app, a website, a podcast, whatever you like.
Doesn't have to be security-related necessarily. And my pick of the week this week isn't security-related.
Doesn't have to be security-related necessarily. And my pick of the week this week isn't security-related.
Good, because it shouldn't be, right?
It is instead handy because you watch a lot of YouTube videos, right, Kroll?
Yeah, I've been known to peruse the YouTube.
Yeah, right. Well, there are YouTube secret keyboard shortcuts. I don't know if you knew about these.
So rather than grabbing your mouse, you can just quickly flick a finger and pause a video by pressing the K button.
So rather than grabbing your mouse, you can just quickly flick a finger and pause a video by pressing the K button.
Well, sorry, the spacebar works to pause a video, you know.
Okay, yes, you can use space as well.
But listen, listen, fast forward with L, rewind with J, or you can watch frame by frame, forwards or backwards, by pressing the dot or comma key.
But listen, listen, fast forward with L, rewind with J, or you can watch frame by frame, forwards or backwards, by pressing the dot or comma key.
Okay, okay, that's pretty cool. I didn't know that.
Pretty funky stuff. So you can just move forward. You can mute or unmute by pressing M. You can turn captions on and off by pressing C. It's actually kind of handy.
Yeah, it's pretty neat. So that is my pick of the week.
Yeah, it's pretty neat. So that is my pick of the week.
I'm surprised by your pick of the week because I was convinced you were going to talk about something else. Here, let me get the link for you. Let me get the link for you.
Okay, there you go. Click on that and tell me if you read about this and then tell me why, if you have, why it's not interesting and why it wasn't your pick of the week.
Okay, there you go. Click on that and tell me if you read about this and then tell me why, if you have, why it's not interesting and why it wasn't your pick of the week.
Okay, so you have sent me a link about Thom Baker. Oh, I love Thom Baker. Thom Baker was the fourth Doctor Who, back in the '70s.
And the reason why Thom Baker's in the news this week— I don't like to talk too much about Doctor Who because this could become the Doctor Who podcast.
And the reason why Thom Baker's in the news this week— I don't like to talk too much about Doctor Who because this could become the Doctor Who podcast.
No, it will not. Over my dead body.
So in 1979, I think we may have mentioned actually in a past show, there was a scrapped episode of Doctor Who. They half filmed it.
It was called Shada, written by Douglas Adams, and it was never completed.
It was called Shada, written by Douglas Adams, and it was never completed.
Stop showing off!
It's just basic Doctor Who knowledge. And what the BBC have done is they have released a version where they've animated the missing parts of the story.
And right at the very end, apparently— spoilers— of the show, they have some live footage of Thom Baker, who's now about 83 years old, in his Doctor Who costume in the TARDIS.
They actually filmed it on a grubby old videotape studio with the old console and everything, so it looks like the real thing.
Him there with his shock of white hair now, of course, and he's got a few lines and it's rather gorgeous. And— oh, sorry, I fell asleep.
Hey, you were the one who thought this should be my pick of the week!
And right at the very end, apparently— spoilers— of the show, they have some live footage of Thom Baker, who's now about 83 years old, in his Doctor Who costume in the TARDIS.
They actually filmed it on a grubby old videotape studio with the old console and everything, so it looks like the real thing.
Him there with his shock of white hair now, of course, and he's got a few lines and it's rather gorgeous. And— oh, sorry, I fell asleep.
Hey, you were the one who thought this should be my pick of the week!
Yeah, I didn't mean— Do you have a second pick of the week?
Well, no, I'm not saying it's a week, but you were just pointing me at it. But yeah, I do love Thom Baker. I think he's mad as a box of frogs.
Well, makes two of you.
But yeah, I've never actually been a fan of Shada, to be honest. I don't think it's Doctor Who's finest.
I have no idea what you're even talking about. I just saw Thom Baker and Doctor Who in the headline, and that was it. Yeah, it was about as deep as that.
So my pick of the week this week is an interview show and podcast called The Rubin Report, and specifically its most recent episode, which is on bitcoin.
So The Rubin Report, if you're unaware, is a political talk show that airs on YouTube and it's hosted by Dave Rubin. And it is actually also a podcast.
That's where I first heard about it.
And I've listened to a few shows and think it's quite a cool little podcast where Rubin interviews some amazing person, an author, an activist, a journalist, comedian, professors, actors, et cetera.
The latest one is called Bitcoin: How Does It Work? The interviewee is a first investor in Bitcoin.com and Blockchain.com, and he's by name of Roger Ver.
And it's a really good overview to help you understand the bitcoin cryptocurrency's ins and outs.
And it's about an hour long, and it's a really good show to keep in your back pocket over the holidays if your in-laws or someone starts asking you to explain what all this bitcoin stuff is.
Because you can send them just the link to the YouTube, or if they're podcast listeners, you can send it to them.
So my pick of the week this week is an interview show and podcast called The Rubin Report, and specifically its most recent episode, which is on bitcoin.
So The Rubin Report, if you're unaware, is a political talk show that airs on YouTube and it's hosted by Dave Rubin. And it is actually also a podcast.
That's where I first heard about it.
And I've listened to a few shows and think it's quite a cool little podcast where Rubin interviews some amazing person, an author, an activist, a journalist, comedian, professors, actors, et cetera.
The latest one is called Bitcoin: How Does It Work? The interviewee is a first investor in Bitcoin.com and Blockchain.com, and he's by name of Roger Ver.
And it's a really good overview to help you understand the bitcoin cryptocurrency's ins and outs.
And it's about an hour long, and it's a really good show to keep in your back pocket over the holidays if your in-laws or someone starts asking you to explain what all this bitcoin stuff is.
Because you can send them just the link to the YouTube, or if they're podcast listeners, you can send it to them.
Or you can pretend to be an expert yourself. You listen to it and then hopefully pass on the wisdom. So what do you think of Bitcoin?
Are you— because bitcoin price, they've been zooming up.
Are you— because bitcoin price, they've been zooming up.
$10,000 I read today.
It's astonishing.
Yeah. So early investors obviously are laughing all their way to the bank.
So it's no surprise that this person, Roger Ver, is obviously going to be touting the joys of bitcoin and blockchain, right?
Because he certainly has money to make out of it, but he makes a lot of good points.
You know, they're all in the press about how much money is going to be made, you are going to be asked about it, right?
So may as well have an easy answer to explain because what if your parents want to start investing in it, right?
So it's no surprise that this person, Roger Ver, is obviously going to be touting the joys of bitcoin and blockchain, right?
Because he certainly has money to make out of it, but he makes a lot of good points.
You know, they're all in the press about how much money is going to be made, you are going to be asked about it, right?
So may as well have an easy answer to explain because what if your parents want to start investing in it, right?
The bitcoin bubble has got to burst soon though, surely, hasn't it?
Loads of people are saying that. I don't know how anyone would predict one way or the other.
Just seems to be so cheap.
But it hasn't been going— people have been saying that for about 5 years.
Right. You know what? We should do an episode sometime all about blockchain.
I agree. I think we've said that a few episodes ago. I agree.
Yeah. My brother has been hassling me saying, when are you going to talk about blockchain?
Does he really talk like that? Jeez.
Poor guy.
I haven't seen him in a while, so.
Well, thank you very much, Carole, for that pick of the week. We've got a guest lined up for next week. That's fun, isn't it? Yeah.
We have a special surprise for our year-end show, don't we?
Yes, we do.
Yep. No, no, no. Just saying. Just saying.
Yeah, we've got some surprises in store, so make sure that you subscribe to the podcast in Apple iTunes or your favorite podcast app so that you don't miss any future episodes.
If you want to follow us on Twitter, we're @SmashingSecurity without a G. And we're also on Facebook. Look for the Smashing Security group up there. And we've got swag as well.
You can buy not just t-shirts, you can buy mugs and you can buy cushions.
If you want to follow us on Twitter, we're @SmashingSecurity without a G. And we're also on Facebook. Look for the Smashing Security group up there. And we've got swag as well.
You can buy not just t-shirts, you can buy mugs and you can buy cushions.
Very ginormous cushions you can buy, can't you, Graham? Well, and give them to your friend as a birthday present.
It's pretty cool though, isn't it? I saw a photo of you and you seem to be enjoying it. Go to smashingsecurity.com/store. That just about wraps it up.
All that remains is to say thank you for tuning in. If you know someone else who might the show, please tell them about it. Until next time, cheerio, bye-bye.
All that remains is to say thank you for tuning in. If you know someone else who might the show, please tell them about it. Until next time, cheerio, bye-bye.
Later, guys. Goodbye.
I'm going to press stop. Do you know what?
At this stage, I think George Bush is my lord and savior as well.
Which one? The one—
I don't mind.
The one with the groping hands?
Compared to what's going on right now. Oh no, no, God, you can't say that. He was involved with the harassment stuff.
Yes, that's it.
I was talking, I didn't hear you.
Eek.
Yeah, I don't want him. Yuck. Get your hands off me.
What's your favorite Dickens book, Carole?
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Show notes:
- Uber paid hackers $100,000 to keep data breach quiet
- Bulletproof breach notification letter to customers (PDF)
- Bulletproof Coffee lacks bulletproof security: Nerd brain juice biz hacked, cards gulped
- Net Neutrality: What You Need to Know Now
- Racist, threatening attacks on FCC Chair Ajit Pai won't save net neutrality
- Americans are spending Thanksgiving fighting for net neutrality
- An update on the fight for the free and open internet
- Google YouTube Keyboard Shortcuts
- Tom Baker returns to finish shelved Doctor Who episodes penned by Douglas Adams
- Bitcoin: How Does it Work? (Roger Ver Interview)
- Smashing Security on Facebook
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: Netsparker
Netsparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them.
If you want to automatically check your web applications for cross site scripting, SQL Injection & other vulnerabilities and coding errors that can leave you and your business exposed to malicious hacker attacks, then you need Netsparker.
Try it out now by downloading a demo from www.netsparker.com/smashing
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Very good your podcast.