Wi-Fi hopping malware, the return of Ashley Madison extortion scams, and should social media be doing anything about cheapfakes?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
I believe myself to be heterosexual at this point, right? Geoff Goldblum, though, he's one of those guys who you kind of—
Get your hands off him. I don't want to hear— just shush. I don't want to hear another word out of you.
But he is quite sexy in the middle of this fight.
Do not sully. I can't. There's two people. There's two people you can't touch. Geoff Goldblum and Magnum P.I.
Thom Selleck.
Well, back off, Clue.
Smashing Security, Episode 165: Cheapfakes, Deepfakes, and Ashley Madison with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 165.
My name's Graham Cluley.
My name's Graham Cluley.
And I'm Carole Theriault.
Hello, Carole. How are you?
Smug?
Well, yes. Well, why are you smug this week?
I was just doing my, you know, I work out daily, right? And I was just listening to the New York Times, the Daily, right?
And they covered that story that we did, episode 162, the Clearview story.
So they did a podcast on the whole, you know, facial recognition AI that was being brought into the cop stations.
And they covered that story that we did, episode 162, the Clearview story.
So they did a podcast on the whole, you know, facial recognition AI that was being brought into the cop stations.
These are the guys have been scraping social media.
Well, scraping everything, yeah, to get a huge treasure trove of images. Anyway, anyone who liked that story, you should go listen to it. I did a pretty good job of reporting it.
You think the New York Times heard about it on you in your section of the podcast a few weeks ago?
She doesn't think she knows.
No, it's not what I— They covered it originally, but because the story, I guess, has gained traction, they've now done a podcast on the Daily.
Now, most journalists want their stories covered on the Daily. Anyway, so go listen to it.
Now, most journalists want their stories covered on the Daily. Anyway, so go listen to it.
It's good.
All right.
I heard another voice there.
Who was that?
Yeah, I butted in.
It's Jessica Barker. Hello, Jessica.
Hello. Hello. Thank you for having me back.
It's our pleasure. We did try and have you on last week, didn't we? But we had a few technical problems with the audio.
Don't feel bad, Jessica, because we are in the middle, of course, of Storm— is it Kiara? They're calling it, hit in the UK.
Don't feel bad, Jessica, because we are in the middle, of course, of Storm— is it Kiara? They're calling it, hit in the UK.
It's Chiara?
Something that.
I think it is.
Yeah. Oh, okay.
I think so.
My little hut at the bottom of the garden, the podcast pleasure palace, as I to call it.
The podcast grotto.
It's been hit by rain and stormy winds. And so if anyone hears some excessive noise and wind coming from my direction, that's what it is.
And on that note, Carole, what have we got coming up on the show this week?
And on that note, Carole, what have we got coming up on the show this week?
First, thanks to this week's sponsor, LastPass. Its support helps us give you the show for free.
Now on this week's show, Graham puts on his tinfoil hat and tells us about a new Wi-Fi malware. Jessica revisits Ashley Madison 5 years after that dreadful data breach.
And I talk deepfakes and share what the tech giants are doing about it. Question is, is it enough? All this and bucketfuls more coming up on this episode of Smashing Security.
Now on this week's show, Graham puts on his tinfoil hat and tells us about a new Wi-Fi malware. Jessica revisits Ashley Madison 5 years after that dreadful data breach.
And I talk deepfakes and share what the tech giants are doing about it. Question is, is it enough? All this and bucketfuls more coming up on this episode of Smashing Security.
Now, chums, chums, I want to know, have you heard of the Emotet malware?
Nope, not in my echo chamber.
No? How about you, Jessica?
I've heard of it, but I don't know how well I could describe it.
Well, let me explain what it is. It is a particularly professional and well-thought-out piece of malware. It's been around for a while.
I think it's been around since about, oh, maybe 2013, 2014. And it is a Trojan, normally spread via spam email.
So it pops up in your inbox and it may use some social engineering to get you to click on the attachment, which will often be a Word document or maybe it'd be a malicious link.
I think it's been around since about, oh, maybe 2013, 2014. And it is a Trojan, normally spread via spam email.
So it pops up in your inbox and it may use some social engineering to get you to click on the attachment, which will often be a Word document or maybe it'd be a malicious link.
So typical, typical scam they warn us about all the time.
Yeah, yeah. But I mean, I think there's things worth reminding people as to how this works.
So it'll be a Word document which when you open it may display a message saying, oh, you know, to access the contents of this Word document, you have to enable macros.
And helpful users then disable the inbuilt security in Word, enable macros, and bam, malware is downloaded onto their computer and they are infected. Now, Emotet is nasty.
As I say, it's quite a professional piece of malware. It will not only try to steal your financial and banking details, and it will also try and infect other computers, right?
It will look for computers which you're attached to via the network. It has built into it a really long list of passwords to try and crack into other computers and SMB shares.
It will exploit vulnerabilities. It's constantly updating it. So it's quite remarkable.
The people behind Emotet have been releasing, on some occasions, more than a couple of hundred of new variants of Emotet in a single day.
So it'll be a Word document which when you open it may display a message saying, oh, you know, to access the contents of this Word document, you have to enable macros.
And helpful users then disable the inbuilt security in Word, enable macros, and bam, malware is downloaded onto their computer and they are infected. Now, Emotet is nasty.
As I say, it's quite a professional piece of malware. It will not only try to steal your financial and banking details, and it will also try and infect other computers, right?
It will look for computers which you're attached to via the network. It has built into it a really long list of passwords to try and crack into other computers and SMB shares.
It will exploit vulnerabilities. It's constantly updating it. So it's quite remarkable.
The people behind Emotet have been releasing, on some occasions, more than a couple of hundred of new variants of Emotet in a single day.
Wow.
Well, if they're targeting financial data, I'm not surprised. Right? Because they're making some serious moolah out of this.
One imagines they are, and they're downloading other malware as well, and the software is constantly evolving.
I mean, some of the examples of things which we've seen in the past, they've been— just to give you an idea of the social engineering, we saw an example just last week of emails pretending to be information about the coronavirus, which of course we're all running around like headless chickens at the moment.
I mean, some of the examples of things which we've seen in the past, they've been— just to give you an idea of the social engineering, we saw an example just last week of emails pretending to be information about the coronavirus, which of course we're all running around like headless chickens at the moment.
No pun intended.
Yeah, right, yeah. A more serious kind of virus than the kind you get on your computer. We also saw emails claiming to come from Greta Thunberg encouraging us all to save the planet.
And again, if you open those emails, open the attachments, bam, you got hit by Emotet.
So lots and lots of different disguises that way, but also the functionality has been continually evolving as well.
And again, if you open those emails, open the attachments, bam, you got hit by Emotet.
So lots and lots of different disguises that way, but also the functionality has been continually evolving as well.
Can I just say this is a lot for a minute, by the way?
That's helpful.
No, it's supposed to make you good. Just maybe you gotta go, I don't know.
So imagine for a moment, Carole, imagine for a moment the kind of email which are, what sort of thing would entice you to click on it or open up an attachment? Or you, Jessica.
Let's know our podcaster for a moment. What are you interested in outside of the world of podcasting? Jessica, you first. What sort of lure could be used?
Let's know our podcaster for a moment. What are you interested in outside of the world of podcasting? Jessica, you first. What sort of lure could be used?
You're performing a little bit of reconnaissance there.
I am, yes. Do you have a fire?
All of doxing going on.
Well, I just shared on Twitter a picture of my cat, and of course I was setting up for the podcast, and so my cat was very interested in getting involved and getting to the microphone.
So, you know, classic one, cat pictures, cute cat pictures, click here.
Well, I just shared on Twitter a picture of my cat, and of course I was setting up for the podcast, and so my cat was very interested in getting involved and getting to the microphone.
So, you know, classic one, cat pictures, cute cat pictures, click here.
So, if Greta Thunberg sent you an email claiming to be a picture of her cat, you would open that?
I wouldn't think twice.
Anybody really, frankly, with a picture of a cat. Carole, what sort of thing would work on you?
Oh, I tend not to look at email, you know.
I've noticed that actually when we're trying to organise a podcast recording.
It's the way forward.
Right. I answer the phone when you call.
Sometimes. I don't know. Sometimes you seem to be out. Really? Sometimes it just seems to ring and ring.
Is that true?
Or are you lying? No, sometimes.
Is this disinformation?
Fake news. Fake news.
I can understand, Carole, if you sometimes want a break from work and that's why you don't answer the phone. Right?
Middle of last year, things went pretty quiet on the Emotet front as well.
It looked like they'd basically shut down their infrastructure and people were wondering, "Ooh, could the FBI be about to announce an arrest?" Turns out they came back.
So maybe the guys behind Emotet actually just went on holiday. There they were, their handkerchiefs knotted on their heads and their flip-flops on.
Middle of last year, things went pretty quiet on the Emotet front as well.
It looked like they'd basically shut down their infrastructure and people were wondering, "Ooh, could the FBI be about to announce an arrest?" Turns out they came back.
So maybe the guys behind Emotet actually just went on holiday. There they were, their handkerchiefs knotted on their heads and their flip-flops on.
Yeah, where are they? Bali, hanging out?
Well, if they're working so hard, they're producing hundreds of new versions of Emotet all the time.
They need a break.
They need a break.
Everybody needs a holiday, you know?
Cybercriminals.
Cybercriminals, you R&R, you know what I mean? Crime-life balance.
That's what everyone says.
I've often thought, wouldn't it be great if cybercriminals were a bit like the French? Because the French, don't the French—
Beret-wearing.
Stylish.
Let's not have some fashion stereotypes about the French, Carole, right? Next it'll be a string of onions and a bicycle.
They are way better dressed than the English, by the way.
Well, anyway, so they're not all dressed up as matelots wearing berets and things like that.
But no, my point is, wouldn't it be great if cybercriminals were a little bit like the French, because the French all go on holiday at the same time, right?
The whole country shuts down, and they all head to the beach for a couple of weeks in August.
But no, my point is, wouldn't it be great if cybercriminals were a little bit like the French, because the French all go on holiday at the same time, right?
The whole country shuts down, and they all head to the beach for a couple of weeks in August.
I don't think it's just the French that do that. I think it's basically the world. When your kids are out of school, you get to go on holiday.
I know it seems crazy, but I think that's really what's going on, Graham.
I know it seems crazy, but I think that's really what's going on, Graham.
Anyway, I would love it if the criminals were to adopt— Anyway, look, the point is this, right? Emotet is still alive and kicking.
And— Researchers at a security company called Binary Defense believe that they have newly discovered a feature of Emotet which has previously gone completely unobserved.
Because it appears that Emotet can spread aggressively via the old wireless, not the radio.
And— Researchers at a security company called Binary Defense believe that they have newly discovered a feature of Emotet which has previously gone completely unobserved.
Because it appears that Emotet can spread aggressively via the old wireless, not the radio.
Oh, really?
Wi-Fi. Yes. So Emotet—
So a version of it, one of the versions.
One of the modules which it can basically activate on your computer is this Wi-Fi.
And what it will try and do is if it's infected maybe your laptop, when you're downloading your pictures of cats from Greta Thunberg at Starbucks, it will hunt for other Wi-Fi networks in your vicinity.
It could be a neighbor's or free Wi-Fi at the cafe or next door's cafe or a network at a nearby business. And it will try to connect to them as well.
And what it will try and do is if it's infected maybe your laptop, when you're downloading your pictures of cats from Greta Thunberg at Starbucks, it will hunt for other Wi-Fi networks in your vicinity.
It could be a neighbor's or free Wi-Fi at the cafe or next door's cafe or a network at a nearby business. And it will try to connect to them as well.
Yikes.
And it doesn't matter that you don't necessarily know the passwords for your neighbor's Wi-Fi, because it will try and break the password, just like it tries to break into accounts.
But once it's managed to break into a Wi-Fi network and cracked the password, it will then try and infect other computers connected to that wireless network.
It will scan around, seeing which computers— these are Windows computers, by the way. Emotet is a Windows-based malware.
But once it's managed to break into a Wi-Fi network and cracked the password, it will then try and infect other computers connected to that wireless network.
It will scan around, seeing which computers— these are Windows computers, by the way. Emotet is a Windows-based malware.
Yeah, and use its huge database of passwords.
Use the passwords. It will also have all kinds of ways, you know, looking for common passwords, looking for computers that have file sharing enabled.
In some cases, people won't even have any passwords in place. If it can't crack the passwords, it'll try and crack your admin account.
In some cases, people won't even have any passwords in place. If it can't crack the passwords, it'll try and crack your admin account.
It's Tremors meets Independence Day.
It's exactly that. So what we have here is a mashup of Kevin Bacon and Will Smith. Geoff Goldblum.
I love Geoff Goldblum.
Well, don't we all love— Goldblum, please.
Goldbum.
It's what I think. I'm sure he wouldn't mind, Graham.
He is, okay, so look, I am gonna declare this on the podcast. I know it's been 165 episodes. I believe myself to be heterosexual at this point, right?
Geoff Goldblum though, he's one of those guys who you kind of think—
Geoff Goldblum though, he's one of those guys who you kind of think—
Get your hands off him. I don't even wanna hear, just shush. I don't wanna hear another word out of you.
Don't put me in the middle of this fight.
Do not sully. I can't referee this. There's two people you can't touch, Geoff Goldblum and Magnum.
Oh!
Thom Selleck.
Well—
Back off, Clue.
So this Wi-Fi spreading thing is pretty darn unusual. And for it to be built into something as professional, as I said, as the Emotet malware is a bit of a problem.
But here's the interesting thing I thought was that when they examined the executable, the timestamp on the executable, which does the Wi-Fi spreading, they found it dated back to April 2018.
Almost two years ago, whoa, and someone submitted that file to VirusTotal, maybe to see if any security products were detecting it, round about the same time, round about May 2018.
But here's the interesting thing I thought was that when they examined the executable, the timestamp on the executable, which does the Wi-Fi spreading, they found it dated back to April 2018.
Almost two years ago, whoa, and someone submitted that file to VirusTotal, maybe to see if any security products were detecting it, round about the same time, round about May 2018.
And no one spotted it.
No one spotted it. And why?
In the whole, so maybe we should explain how that works, right?
Right, okay, so viruses are sent in, all the competitors basically kind of work together when it comes to trying to dismantle these viruses and figure out what they're doing.
Right, okay, so viruses are sent in, all the competitors basically kind of work together when it comes to trying to dismantle these viruses and figure out what they're doing.
Yeah, if you upload a file to VirusTotal, which is a service run by Google, they'll not only scan it against all the up-to-date antivirus products, but they will also share it with those security companies so they can add detection if they need to.
Exactly. And if they call, you know, and someone might spot something somewhere. So basically you have to imagine there may be hundreds of companies looking at this malware.
Certainly scores, yeah.
And no one spotted it. So that is highly unusual.
So why didn't they spot it?
Well, the guys at Binary Defense have what I think is quite a plausible explanation, which is that normally when malware is tested on lab computers by a security firm, they don't have their Wi-Fi enabled.
Furthermore, they are running inside a sandbox or virtual machine, which quite possibly is not emulating a Wi-Fi card.
And so Emotet will say, oh, I don't need to engage my Wi-Fi module. So you won't actually see it trying to do this thing.
So security researchers are out there listening to our podcast My goodness, what are you doing?
It's something certainly to consider is that you need to really emulate accurately the kind of computer with all of its add-ons and all of its plugins and all of its hardware that a true piece of malware would be infecting in the wild.
And sometimes your emulation may not be close enough.
Well, the guys at Binary Defense have what I think is quite a plausible explanation, which is that normally when malware is tested on lab computers by a security firm, they don't have their Wi-Fi enabled.
Furthermore, they are running inside a sandbox or virtual machine, which quite possibly is not emulating a Wi-Fi card.
And so Emotet will say, oh, I don't need to engage my Wi-Fi module. So you won't actually see it trying to do this thing.
So security researchers are out there listening to our podcast My goodness, what are you doing?
It's something certainly to consider is that you need to really emulate accurately the kind of computer with all of its add-ons and all of its plugins and all of its hardware that a true piece of malware would be infecting in the wild.
And sometimes your emulation may not be close enough.
Okay, I was just gonna get on my soapbox and say, but come on, this is the first piece of malware that we know of in a long time that has done something like this.
But exactly, is it?
But exactly, is it?
Is it?
We don't know.
So folks, to defend yourself against this, you obviously need to start using really strong passwords to secure your wireless networks, which I suspect many people don't have because of course Wi-Fi networks quite often are things where you want to tell your pals when they come round, or if it's in a cafe, it's something simple for people to type in rather than a whole load of long gobbledygook.
In my anecdotal little life experience, I would say that maybe 75% of the places I go to where I need to hop on to someone else's Wi-Fi, it is the default password, right?
There was some research, I think it was Nationwide did some research into this and found basically everyone is using the default password because I think the password looks so complicated now.
They've done a good job. It's not just cat meow meow anymore, right?
They kind of make this long kind of complex password, and I think people are intimidated by that password and think, I couldn't make better than that, so I'll just stay with it.
And at least it's written on the thing. They don't even think they can put a sticker on their machine.
They kind of make this long kind of complex password, and I think people are intimidated by that password and think, I couldn't make better than that, so I'll just stay with it.
And at least it's written on the thing. They don't even think they can put a sticker on their machine.
Yeah, and I think people think it's secure, and why would I change it? Why would I need to change it, I think is—
So you're talking about the password to connect to the admin console, right, on the router, is that right?
Yes, or just getting access to the Wi-Fi system, just to hop on.
Oh, I see. Okay.
Yeah, well, I think a lot of places these days will just have a bit— I mean, if you're in a cafe, for instance, you might find that the password will be something like milkshake.
You know, it'll be a dictionary word. It's like they have a password, it's written on a blackboard or whatever.
Yeah, well, I think a lot of places these days will just have a bit— I mean, if you're in a cafe, for instance, you might find that the password will be something like milkshake.
You know, it'll be a dictionary word. It's like they have a password, it's written on a blackboard or whatever.
Yeah, and you can see why. They don't want to sit there and go, okay, it's small m, M1L, capital L, no cap, small M1, right?
So let me give you some other tips for protecting yourself against Emotet, because even if this Wi-Fi component doesn't particularly worry you, Emotet generally should.
Obviously, don't open attachments you didn't ask for or expect. Don't do what a Word document tells you to do.
So if it tells you to turn off macro protection, or rather to enable macros, don't do it because that's risky. Run up-to-date antivirus software with behavior blocking enabled.
And another thing other than patching regularly is maybe block users from being able to access PowerShell by default, which is part of the setup of Windows computers, and it's something which the infected Word document will try and activate to try and infect your computer with Emotet.
So most people won't need PowerShell, so try and disable it.
Obviously, don't open attachments you didn't ask for or expect. Don't do what a Word document tells you to do.
So if it tells you to turn off macro protection, or rather to enable macros, don't do it because that's risky. Run up-to-date antivirus software with behavior blocking enabled.
And another thing other than patching regularly is maybe block users from being able to access PowerShell by default, which is part of the setup of Windows computers, and it's something which the infected Word document will try and activate to try and infect your computer with Emotet.
So most people won't need PowerShell, so try and disable it.
I have a bit of easier advice.
Okay.
Hop on to your advice here. Stop having FOMO, guys. Okay? Just don't read the emails that you don't expecting. Just don't.
Oh, just live in ignorance. That's your attitude to life.
Just read the emails that are important because you've asked to request them. You don't have to read every single thing that anyone sends you. Don't worry. Life will carry on.
Everything's fine.
Everything's fine.
You can get through a lot of life without opening email attachments. The world carries on.
And if you have any other tips, please email them through to us at , where I will read them. But Carole won't.
No, but you'll tell me about them. It's perfect, Graham. Symbiotic.
It's perfect. Jessica, what's your story for us this week?
So my story this week is we're taking a bit of a look back and we are looking back at the Ashley Madison breach in light of a revival of Ashley Madison extortion scams.
And this is about 4 or 5 years after the breach.
And this is about 4 or 5 years after the breach.
Yeah.
So we've seen reports in the last couple of weeks that actually hundreds of people who used Ashley Madison have received targeted emails in January of this year threatening to expose embarrassing data from the breach to their friends and their family on social media.
Are you kidding me? So 5 years on, they're still under attack.
So probably when people are thinking, 'Okay, you know, it's gone away, it's done, time ago.' I've changed my name, I've changed my password, I have a new wife.
It's all done and dusted, we can move on. And unfortunately, we know it is never as simple as that when it comes to cybercriminals.
And so yeah, what we found is these extortion scams coming in again via email, and threatening people that unless they pay a bitcoin ransom of about £1,000, this embarrassing data is going to go out to their contacts.
It's all done and dusted, we can move on. And unfortunately, we know it is never as simple as that when it comes to cybercriminals.
And so yeah, what we found is these extortion scams coming in again via email, and threatening people that unless they pay a bitcoin ransom of about £1,000, this embarrassing data is going to go out to their contacts.
Horrendous.
So, like so many social engineering scams, it is playing, of course, on emotion, trying to shame people for being users of Ashley Madison, trying to shame them into paying up, and also using the classic time pressure.
Saying that payment has to be made within 6 days.
Saying that payment has to be made within 6 days.
You know what? Maybe we need the dawn of the robots to start now, because at least they're not going to be emotional about this stuff, right?
They'll be able to withstand these kind of attacks.
They'll be able to withstand these kind of attacks.
Sorry, what? You're suggesting the destruction of the human race just to cure the Ashley Madison? No, maybe coexisting, truly.
Maybe we could coexist, right?
We already coexist. This was the whole thing with Ashley Madison, is that 98% of the women up there were actually fembots. That is so true. They weren't actually real women.
And that, by the way, should be one of people's defences.
So if you have been caught out by the Ashley Madison breach, and you're worried about being— well, it's getting very, very rainy here. If you're worried about—
And that, by the way, should be one of people's defences.
So if you have been caught out by the Ashley Madison breach, and you're worried about being— well, it's getting very, very rainy here. If you're worried about—
Can we just interrupt for a second and tell our listeners that we are doing this in effectively a deluge? Yes. A deluge. And this is how much we care about our listeners and the show.
The water is actually rising up above my ankles as I speak.
Keep going.
Quicker, quicker.
Have you got a dinghy ready? A paddle?
Just lie on his back, he'll be fine.
But anyway, if you need a lifeboat to protect you from the Ashley Madison breach and your partner finding out, one of the defenses is they weren't real women, they were bots.
Another one is they never actually bothered to confirm your email address, which is how sometimes very famous people were actually found in the email.
So you could enter, I don't know, Boris Johnson's @gov.uk or something. You could enter his email address.
Another one is they never actually bothered to confirm your email address, which is how sometimes very famous people were actually found in the email.
So you could enter, I don't know, Boris Johnson's @gov.uk or something. You could enter his email address.
The thing is, though, right, they would have emailed probably tens of thousands, hundreds of thousands of email addresses that were associated with Ashley Madison five years ago.
Yeah.
So they are taking — I'm going to guess they're having a punt, right?
They're not going to check every single, you know, social media account to try and figure out who your wife or girlfriend is to embarrass you or your mom and your whatever, your nan.
They're not going to check every single, you know, social media account to try and figure out who your wife or girlfriend is to embarrass you or your mom and your whatever, your nan.
They're trying their luck.
They're trying their luck.
Although it's scary giving that advice because if everyone just went, "Oh, well, thanks, phew, I'm not going to worry now," and then suddenly, dun dun duh, right?
Although it's scary giving that advice because if everyone just went, "Oh, well, thanks, phew, I'm not going to worry now," and then suddenly, dun dun duh, right?
And I guess that's what people reading the emails might be thinking, "Oh, well, maybe they're trying their luck or maybe they're not." And yeah.
And you're weighing up the risk, aren't you? Even if it's a tiny percentage chance, you might be a little bit worried.
I like your excuse, Graham, digital masturbation. That's what I was using it for.
Steady. It's not specifically my excuse. Can I just stress that? These aren't excuses I have had to deploy.
I have heard from one person, I remember one person who contacted me, who said that they were in the Ashley Madison breach, not because they were looking to have a relationship with someone or anything like that, but because someone else had contacted them and said, "I think my husband is on this site," or, "I think my wife is on this site."
I have heard from one person, I remember one person who contacted me, who said that they were in the Ashley Madison breach, not because they were looking to have a relationship with someone or anything like that, but because someone else had contacted them and said, "I think my husband is on this site," or, "I think my wife is on this site."
Oh, amateur private investigator. That's what I was doing there.
Brilliant. If you did that, if you presented yourself like that, then you could be this knight in shining armor.
And we know how I fall for Thom Selleck, who basically played a private, you know, a PI. So, yeah, I would fall hook, line for that one.
Yeah, just be a good friend, darling. Don't judge me for being a good friend.
Exactly.
But we really need to catch these scumbags who are doing this, because I mean, I've in the past, I've been forwarded actual physical letters that people have had posted to them claiming to be from the Ashley Madison blackmailers.
And they've been saying, "Look, we're sending this to you this time, but next time we're going to address this to Mrs. Smith rather than Mr. Smith."
And they've been saying, "Look, we're sending this to you this time, but next time we're going to address this to Mrs. Smith rather than Mr. Smith."
Wow. It is awful, isn't it? You know, we can joke about it, but at the same time, it is so awful to think there's people out there that are playing on people's emotions.
And we know that Ashley Madison has had some really serious consequences, including reported suicides.
And we know that Ashley Madison has had some really serious consequences, including reported suicides.
Suicides.
And so you wonder what this latest round of extortion demands is going to result in.
One other excuse you can use if you're terrified of this, if you have — because I really feel strongly about this.
You've thought about this a lot, haven't you, really?
Well, because I've been contacted by so many of the victims, right?
Of course, of course.
Well, I don't know why they contact me, but —
No, right, no, no, because you might know about this stuff.
Right, steady. But is that this breach was quite a few years ago now. Five years, the data which was exposed went back even further.
So it might be that you joined the site maybe only for a week, long, long before you joined your current relationship.
So it doesn't mean you're cheating on your partner now, it doesn't mean that you ever cheated on your partner.
As I said, it was mostly fembots you were speaking to anyway, so you were an idiot for joining the site and giving them your credit card details, but you weren't necessarily dipping your dongle anywhere.
So it might be that you joined the site maybe only for a week, long, long before you joined your current relationship.
So it doesn't mean you're cheating on your partner now, it doesn't mean that you ever cheated on your partner.
As I said, it was mostly fembots you were speaking to anyway, so you were an idiot for joining the site and giving them your credit card details, but you weren't necessarily dipping your dongle anywhere.
Do you think it's advisable, Graham, since you're quite an authority on this topic, do you think it's advisable for people to ask for proof in these situations?
No, no, no, no. Don't reply. Don't do anything to make them want to come back to you.
Oh, so do what I do every day. Don't even read email.
Oh, here we go. This is—
See, you have the advice straight away, you know? Just don't read the email.
I guess, Carole, if your husband was caught up in the Ashley Madison breach, you'll never find out about it.
Because even if the scammers do contact you with the evidence you just simply won't open it?
Because even if the scammers do contact you with the evidence you just simply won't open it?
No, I would know about it. I would. He's a big guy.
I would know. What?
In the industry, I mean.
Oh, right.
Yes.
Oh, right. Okay. Good.
Carole.
What's your topic for us this week? Keep it clean.
Welcome, my dear, dear friend. Welcome, friends, to the new world of disinformation. It is a crazy place where we now have to learn to question everything we see, hear, and read.
And there's a lot of irony in that in a way, because most of us firmly believe we know way better than other people who hold different views from us.
And there's a lot of irony in that in a way, because most of us firmly believe we know way better than other people who hold different views from us.
Yes, I do.
Yet in the dawn of the disinformation age, how can you be so sure?
Fairly confident.
Graham, out of 10, how hot do you think you are?
Hot?
Yeah.
At the moment, with water around my ankles? You mean physically attractive? Yeah. Well, I find myself very physically attractive, I have to say. I have no problems in that department.
That's all that matters.
Okay, what about brains? Out of 10, what would you say?
Oh my goodness gracious.
Just give us your own, you know.
Out of 10?
Yeah, yeah.
Why are you doing this to me?
Comfortable.
I mean, obviously, you know, I think you're pretty freaking smart.
I'm pretty bloody clever. Yeah, I think I'm pretty, pretty clever.
Most people think that they're more intelligent and better looking than the average person, and because they're idiots, that's why they're idiots that they think that.
It's called— actually, there's a name for it. It's called illusory superiority.
It's a condition of cognitive bias where a person overestimates their own qualities and abilities over those of other people.
It's called— actually, there's a name for it. It's called illusory superiority.
It's a condition of cognitive bias where a person overestimates their own qualities and abilities over those of other people.
Yes.
Anyway, interesting. Now, sorry, I digress. Google, Facebook, and Twitter say they are working very hard to push back against these disinformation campaigns that are going on.
Hallelujah, right?
Hallelujah, right?
You mean fake newsy stuff? That's what you mean by disinformation?
Yeah, you've got a few things, right? So we have Smashing Security listener George emailed us to tell us about Google's parent company launching a free tool called Assembler.
And this is to sort real images from fake ones. And it's being kind of touted to journalists.
And Facebook recently instituted a new policy that bans deepfake videos, or at least some deepfake videos.
And it's a step in the right direction against the battle against fake news.
And even Twitter says it'll ban faked pictures, videos, and other media that are deceptively shared and pose a serious safety risk.
And this is to sort real images from fake ones. And it's being kind of touted to journalists.
And Facebook recently instituted a new policy that bans deepfake videos, or at least some deepfake videos.
And it's a step in the right direction against the battle against fake news.
And even Twitter says it'll ban faked pictures, videos, and other media that are deceptively shared and pose a serious safety risk.
All right, yeah.
So it seems that they're all trying to do something to stem the flow of disinformation. You read this and you think, God, do these tech kings have a heart? Do they care?
No, they don't.
Well, it brings me to the recent US State of the Union address where Mr. Trump delivered a controversial State of the Union address, shall we say.
I heard it was the best State of the Union address ever. I have it from a very reliable source.
It was marvelous, fantastic.
The smartest.
And it was a lot better than any that Barack Obama ever gave. And it got super ratings, I bet.
It was pretty stellar because it was 78 minutes long, but the speech was bookended by two dramatic events. Both these involve Mr. Trump and Nancy Pelosi.
So the first one is where Nancy hands her hat out to shake his hand, and he appears to reject her handshake.
So the first one is where Nancy hands her hat out to shake his hand, and he appears to reject her handshake.
Was her hand too big for his or something? What was the objection?
He didn't want it to look— Well, he doesn't touch people.
Oh, he's meant to be a germaphobe, isn't he?
Maybe he hadn't Purelled or something.
Yeah, that's why he says that that thing never happened in Russia with the ladies.
And the other dramatic thing that happened is at the end of the speech, Pelosi rips up the copy of his speech. Okay, dramatic, dramatic. Okay, so here's what happens.
After he concludes his address, Pelosi, with a splash of flourish, I might add, right? She did have a bit of flourish. Rips the paper in half that she had in front of her.
After he concludes his address, Pelosi, with a splash of flourish, I might add, right? She did have a bit of flourish. Rips the paper in half that she had in front of her.
Now I saw that and I thought, okay, she must have obviously practised doing that because sometimes, you know, you try and rip something, you don't do a very good job of it.
But she handled it quite well.
But she handled it quite well.
Yeah, good thing it wasn't the plastic money we have now.
Yes, that's hard to rip, isn't it?
Right? She starts chewing it, sucking on it, won't even rip.
Exactly, no, that would've not been good. I wondered if she had a backup plan, she actually had a cross-cut paper shredder, which she was gonna plonk on the desk.
Or maybe just a hole punch.
Or maybe just a hole punch.
And she just went manic at it and just kept going. You know, it was pretty good, but it wasn't as good as Wendy Deng protecting her hubby Rupert Murdoch during phonegate, was it?
It wasn't as good as that. When asked by reporters why she tore up the speech, she said it was the courteous thing to do considering the alternative. So that happened.
It wasn't as good as that. When asked by reporters why she tore up the speech, she said it was the courteous thing to do considering the alternative. So that happened.
Which, hang on, would be what, to wipe her bum on it? What was the alternative? She couldn't have done that, surely. Is that what she means?
Yes, Graham, that's exactly what she's referring to.
Oh my—
Nancy, the fact that you jumped to that, Graham.
Okay, you are spreading disinformation as you freak out. But then, okay, so this all happened, this is bona fide truth as far as I know, right, from many reliable sources.
But then, of course, Trump retweeted this. Now, Graham, I've put it in the document — maybe you can describe it.
But then, of course, Trump retweeted this. Now, Graham, I've put it in the document — maybe you can describe it.
Okay, so this is a retweet from Donald Trump, and he is tweeting a guy called Dan Scavino Jr.
It says, "It would be so terrible if this video hits 10 million views, as Nancy doesn't want Americans to see how disgraceful she really is." And the thumbnail says, "Powerful American stories ripped to shreds by Nancy Pelosi."
It says, "It would be so terrible if this video hits 10 million views, as Nancy doesn't want Americans to see how disgraceful she really is." And the thumbnail says, "Powerful American stories ripped to shreds by Nancy Pelosi."
Okay, so if you go look at the link, right, which is a video.
Okay, yeah, I'm going to it.
Reportedly taken during the State of the Union Address.
There's some air pilots stand up. Oh, golly.
Right.
Okay, so Trump has just given some respect to some chap who obviously was in the military—
Yeah, one of the first Black fighter pilots.
And then we cut to Nancy Pelosi ripping up the piece of paper like she's disrespecting this guy.
Yeah, like she's condemning the man's honourable mention. Ouch, right?
Right.
So Pelosi's office, obviously not pleased, reach out to Twitter and Facebook and ask, you know, can you guys take this down?
But both Twitter and Facebook, who may have a heart, have declined to do so. Are you surprised?
But both Twitter and Facebook, who may have a heart, have declined to do so. Are you surprised?
Is it because it's satirical or because it's not funny?
No, it's obviously designed to disrespect Pelosi and make her hated amongst some people who would be watching this and be shocked.
But in a way — now, I haven't watched this whole video, right? I've just watched the first few seconds because that's what I'm like.
But it could be saying by ripping up the speech, she is ripping up everything which he said.
And so I think what the point of this video is surely that he said some good things which are respectful to other people, and she's kind of disrespecting everything by ripping it up — so they're sort of making a point, a rather pointed political point, by editing the truth in this way.
But it could be saying by ripping up the speech, she is ripping up everything which he said.
And so I think what the point of this video is surely that he said some good things which are respectful to other people, and she's kind of disrespecting everything by ripping it up — so they're sort of making a point, a rather pointed political point, by editing the truth in this way.
Pelosi's Deputy Chief of Staff Drew Hamill certainly does not agree with you.
He said on Friday that the editing is, quote, "deliberately designed to mislead and lie to the American people," and he's condemned Facebook and Twitter for allowing the video to stay up on the social media sites.
Now, according to the Associated Press, researchers say that the Pelosi video is an example of a — get this — cheap fake video rather than a deep fake video.
He said on Friday that the editing is, quote, "deliberately designed to mislead and lie to the American people," and he's condemned Facebook and Twitter for allowing the video to stay up on the social media sites.
Now, according to the Associated Press, researchers say that the Pelosi video is an example of a — get this — cheap fake video rather than a deep fake video.
Cheap fake.
And the difference between the two of them is that they've both been altered but not with sophisticated AI like in a deep fake.
So, so long as they use cheap tools to do it, it seems it's carte blanche.
So, so long as they use cheap tools to do it, it seems it's carte blanche.
Interesting. So that's the defense — it was shoddily done, so we'll leave it up.
In an interview on Sunday, Andy Stone replied to Hamill, right, who had basically said they're misleading the American people.
And he replied on Twitter saying, "Sorry, are you suggesting the president didn't make those remarks and the speaker didn't rip the speech?" So to your point, those things did happen, but you know the power of editing.
And he replied on Twitter saying, "Sorry, are you suggesting the president didn't make those remarks and the speaker didn't rip the speech?" So to your point, those things did happen, but you know the power of editing.
Exactly. Do you think there's anyone really dim enough to believe this is actually the order of events — this is how it occurred?
I don't think it's a dim issue. I don't think that is the problem. Let's go back to that illusory condition you have, Graham. Illusory superiority.
Yes, I think most people have it when it comes to information. So most people think, well, I wouldn't fall for this, so no one will, or I would never fall for something like this.
But if it was Garry Kasparov playing some big chess final, coming back, you know, and to do a final chess game, right? You would be all over that shit.
Yes, I think most people have it when it comes to information. So most people think, well, I wouldn't fall for this, so no one will, or I would never fall for something like this.
But if it was Garry Kasparov playing some big chess final, coming back, you know, and to do a final chess game, right? You would be all over that shit.
It's also if it aligns with what you already think or what you want believe, people are more likely to—
Yeah, it's in their echo chamber.
It reinforces your existing beliefs. Absolutely. It does seem a little bit naughty, and it reminds me somewhat—
Oh, you think it's naughty that President Trump retweeted that?
Yeah, I do, actually. I think it's irresponsible.
But then what do you expect from— because this chap, actually, this chap who tweeted this, I'm just reading, he's the director of social media at the White House.
But then what do you expect from— because this chap, actually, this chap who tweeted this, I'm just reading, he's the director of social media at the White House.
Oh, wow.
So he's not nobody.
Oh, well, this is kind of disgusting. I agree, because you kind of— I don't know, it's just playing dirty and it just makes you feel—
Yeah, yeah.
Now I should mention, this is not the first time Pelosi has pushed back against doctored online content.
You might remember the video released last year was slowed down to make her seem like she was slurring her words.
You might remember the video released last year was slowed down to make her seem like she was slurring her words.
Yes, yeah, I remember.
I think we talked about that in episode 143.
Oh yes, it was 143.
I did my research. I did what you did last week.
Yeah, it's 143. Excellent episode, vintage.
You know, but Graham, think about it, right? You go around telling the whole world I have huge feet.
Oh, I wonder what you're going to say there. Yes. Well, you do. You do have big feet.
Oh, oh, oh, oh.
But be proud of it, Carole.
Compared to whom? Are you a chiropodist?
Compared to me. I've got small feet.
Yeah, but are your feet normal?
No, they're not. They're quite small.
What do you know of feet exactly? How many feet have you studied?
I think we're sisters in feet, actually. I have fairly substantial-sized feet.
Jessica, Jessica, be very careful trying to compare your foot size to Carole's, because I think you're going to come off worse. If we're going to have a foot-off—
If you want our listeners to trust them, believe you, Graham, maybe you gotta stop talking shit. Wow, my feet ain't too big.
Well, and on that bombshell, I think we're ready for sponsors.
Okay, I'm not gonna lie to you, passwords often are a pain in the you-know-where, but they don't always have to be. Take for instance LastPass's single sign-on feature.
Now, single sign-on is very cool because it is integrated with more than 1,200 different applications, applications that your users need to do their jobs.
And this simplifies accessing those applications, making it far more streamlined. Want to learn more? Check it out at lastpass.com/smashing. On with the show.
Now, single sign-on is very cool because it is integrated with more than 1,200 different applications, applications that your users need to do their jobs.
And this simplifies accessing those applications, making it far more streamlined. Want to learn more? Check it out at lastpass.com/smashing. On with the show.
And welcome back. Can you join us on our favorite part of the show, the part of the show that we to call Pick of the Week.
Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related necessarily.
Should not be.
Well, my Pick of the Week this week is not security related.
Well done, clue. 160th time.
It is a website. And it's called Grumpy. It's called— the URL is grumpy.website, and it is a blog.
I'm going in right now.
Which rants and gives examples about bad user interface design and problems.
I have one at the moment which I saw is actually mentioned on this, which is whenever I— so I have an iPhone, and whenever I try and share something with someone else, I press the little share extension-y button thing and it— whatever I do, it tells me that I can share via Messages.
And I can share with Messages to my next-door neighbor, who I've only ever sent a message to once in my life. And I cannot remove her from that list.
I do not want to share any messages.
I have one at the moment which I saw is actually mentioned on this, which is whenever I— so I have an iPhone, and whenever I try and share something with someone else, I press the little share extension-y button thing and it— whatever I do, it tells me that I can share via Messages.
And I can share with Messages to my next-door neighbor, who I've only ever sent a message to once in my life. And I cannot remove her from that list.
I do not want to share any messages.
You don't want her there as an accidental share message, right?
Certainly not. Certainly not.
Does she listen to the show?
No, she does not, as far as I am aware.
You'd have to hope not.
But she is lovely, but I wouldn't like to embarrass myself any more than I already have done by living next to her.
But, you know, it's things like that, and they have got a long catalogue of all kinds of irritating things about web pages, about user interface design. It's all there.
Now, what I find ironic about this is that I actually have a complaint about the Grumpy website's own design of its website, which really infuriates me and infuriated me when I went to it.
But, you know, it's things like that, and they have got a long catalogue of all kinds of irritating things about web pages, about user interface design. It's all there.
Now, what I find ironic about this is that I actually have a complaint about the Grumpy website's own design of its website, which really infuriates me and infuriated me when I went to it.
That is beautiful. I love that.
I think I know what it is. Okay, let's see if I'm right.
Well, grumpy.website, you can go and check it out for yourself. It has a page which is infinitely scrolling.
Yes.
Is that what you spotted?
No, I thought you would think that it doesn't go into two columns or 3 columns when widened.
No, no, that's— I'm all right with that.
But I cannot stand— in fact, my dislike for infinitely scrolling websites is never-ending because I like to get to the bottom of a page because I would love to tell you who the individuals are who are behind the Grumpy Websites.
But I cannot stand— in fact, my dislike for infinitely scrolling websites is never-ending because I like to get to the bottom of a page because I would love to tell you who the individuals are who are behind the Grumpy Websites.
Let me tell you. I'll just go /about, shall I?
All right. Does that work?
Oh, no.
Oh, there you go. Well, I would like to go to the bottom of the page. Now, I do know how to view source, and so I would be able to do it.
But if I scrolled down, it just keeps on reloading more and more entries, and I can't stand—
But if I scrolled down, it just keeps on reloading more and more entries, and I can't stand—
You and I used to run a website that did that.
Did it?
Yeah.
I bet I complained about it.
Well, no, you complained about everything constantly. So this didn't stand out, actually.
Did I email you and you just never— Jessica, what's your pick of the week?
So my pick of the week is a book that I haven't finished, I must confess, but I started reading a book this weekend called The Courage to Be Disliked.
Oh, you should just ask Graham.
And it's interesting. I'm about halfway through and I would describe it as a philosophical exploration of psychology. And it's very interesting.
It's written as a dialogue between a young disillusioned guy and an older psychologist.
It's written as a dialogue between a young disillusioned guy and an older psychologist.
Ah, yeah.
So it took me a while to get used to the format. It does feel, or it felt to me, a little bit clunky, a little bit forced to begin with.
But now that I'm into it, I actually think it works really well as a format.
And it harks back to how philosophy was founded and, you know, this kind of idea of a debate and a dialogue between different people.
So as I said, I'm only halfway through and I'm still— I feel like I'm processing it.
It's the kind of book I might need to read a couple of times, but it's very thought-provoking and I think it contains some helpful perspectives on life, you know, on how we view ourselves and how we interact with other people.
There's a lot of focus on the problems that we have as humans. Stemming really from our interpersonal relationships with others.
But now that I'm into it, I actually think it works really well as a format.
And it harks back to how philosophy was founded and, you know, this kind of idea of a debate and a dialogue between different people.
So as I said, I'm only halfway through and I'm still— I feel like I'm processing it.
It's the kind of book I might need to read a couple of times, but it's very thought-provoking and I think it contains some helpful perspectives on life, you know, on how we view ourselves and how we interact with other people.
There's a lot of focus on the problems that we have as humans. Stemming really from our interpersonal relationships with others.
Oh, I was just gonna say, you're reminding me of two things when you were talking. So one is, have you read Sophie's World?
This is old, '90s, '80s maybe, and it's a similar concept of some— it's a young kid who's kind of learning about philosophy, and it's kind of done as an introduction.
I think that was— I think the whole idea is taken basically probably back from— okay, so I don't want to sound like such a geek here, but it's called the Socratic method.
This is old, '90s, '80s maybe, and it's a similar concept of some— it's a young kid who's kind of learning about philosophy, and it's kind of done as an introduction.
I think that was— I think the whole idea is taken basically probably back from— okay, so I don't want to sound like such a geek here, but it's called the Socratic method.
Yes, exactly. Yeah, exactly. So that's the way they've approached this. And it's interesting. Lots of kind of lessons come through.
And one that's really resonated with me is about feelings of inferiority. I'm basically saying we all have those. Every human being is going to have feelings of inferiority.
Completely normal, and actually they're fine when we use them to better ourselves or propel us forward or help us identify problems.
And one that's really resonated with me is about feelings of inferiority. I'm basically saying we all have those. Every human being is going to have feelings of inferiority.
Completely normal, and actually they're fine when we use them to better ourselves or propel us forward or help us identify problems.
Propel us forward. I think I know what you're thinking, Jessica.
You're worried that your feet are inferior to Carole's, and I can assure you that they will be smaller than Carole's, but don't—
You're worried that your feet are inferior to Carole's, and I can assure you that they will be smaller than Carole's, but don't—
It has been—
They can still propel you forward.
It's been plaguing me, you know, are my feet good enough to share shoes with Carole? And I might get the answer to that question one day.
We should talk sometime, honey.
We really should.
They aren't a problem when we use them positively, but when we associate them with stopping us doing something, when we think, "Oh, I can't wear high heels because my feet are too big," or "I can't borrow shoes because my feet are too small," this actually turns into an inferiority complex.
And what I found interesting was the link then to that actually turning into a superiority complex.
So basically, if we feel so bad about something, we think it limits us and we can't do something, we will quite quickly try and turn that into us feeling superior over people because we basically, as humans, can't cope with feeling deeply inferior for a very long time.
They aren't a problem when we use them positively, but when we associate them with stopping us doing something, when we think, "Oh, I can't wear high heels because my feet are too big," or "I can't borrow shoes because my feet are too small," this actually turns into an inferiority complex.
And what I found interesting was the link then to that actually turning into a superiority complex.
So basically, if we feel so bad about something, we think it limits us and we can't do something, we will quite quickly try and turn that into us feeling superior over people because we basically, as humans, can't cope with feeling deeply inferior for a very long time.
Graham, look, it's okay that you have small feet.
Yeah, I'm now feeling inferior because I feel so superior. I'm just— this is an endless loop.
Yeah.
Oh my goodness, this is disheartening.
Well, the good news is, according to the book, there is hope. We need to move away from competing with others. So Graham, you know, you may be jealous of our feet.
Yes, I am.
But you shouldn't compare yourselves to our frankly objectively superior feet—
Larger—
You should instead just focus on—
Superior in all ways! When have we ever walked somewhere and you have had an easier time of it than me?
But if you keep competing that way, it just leads to folly. And instead, let's see Graham Cluley just focus on being your best self.
Live your best life rather than trying to live the life of others.
Live your best life rather than trying to live the life of others.
Maybe we could get you some bigger shoes and fake feet. You know, those 3D printers?
Well, like clowns have. Or like a Sasquatch.
You see? This is you trying to be superior again. This is you dealing with your inferiority by trying to belittle people with maybe better feet.
I'm gonna send you some chunky socks, Graham. That's all you can do.
You can double up on that.
You know what's depressing to me is this isn't even the end of the show. We've still got to get through Carole's Pick of the Week.
I just don't know how much more of this abuse I can take. This has been a terrible psychological experience for me.
I just don't know how much more of this abuse I can take. This has been a terrible psychological experience for me.
Oh yes, now you're playing the victim, even though you're the one who attacked their feet originally.
What have I done? I've just thrown a grenade.
Come on then, Carole, what's your Pick of the Week?
Oh, well, mine's going to be great. It's a BBC podcast that I've just listened to called Fake Heiress, or heiress depending on where you come from.
What do people say, heiress?
Well, people say herbs and herbs.
They do do that.
Yes, they do do that.
Huge and huge and huge.
Yeah. So this is a 6-parter, and it's half investigation, half dramatization. Which is kind of a cool format.
And it's of a 20-something woman who cons socialites, hotels, and even banks into letting her live the high life. And she got away with it in New York City for years.
So she is Anna Delvey. This is how she presents herself, right? As a wealthy German heiress.
And it's of a 20-something woman who cons socialites, hotels, and even banks into letting her live the high life. And she got away with it in New York City for years.
So she is Anna Delvey. This is how she presents herself, right? As a wealthy German heiress.
Oh, I think I've heard of her before.
Yes.
And she claimed to belong to the international jet set, and she had an Instagram account, you know, glamorous.
And she had art launches and filled her days with VIP parties and stayed at luxe hotels. But she really was Anna Sorokin, and she had no family fortune whatever.
Her parents were Russian immigrants who moved to Germany when she was a teenager, and she invented the heiress persona, seemingly as a bid to fit in with the elite circles, and then took it to unfathomable extremes.
Seriously, it's actually shocking. So I say go check it out. It's on BBC Sounds, or wherever you get your podcast, and it's called Fake Heiress. I can't even say it anymore.
I've got myself into—
And she had art launches and filled her days with VIP parties and stayed at luxe hotels. But she really was Anna Sorokin, and she had no family fortune whatever.
Her parents were Russian immigrants who moved to Germany when she was a teenager, and she invented the heiress persona, seemingly as a bid to fit in with the elite circles, and then took it to unfathomable extremes.
Seriously, it's actually shocking. So I say go check it out. It's on BBC Sounds, or wherever you get your podcast, and it's called Fake Heiress. I can't even say it anymore.
I've got myself into—
Surely at the beginning the BBC will say you're into fake heiress or something with it.
Yes, but I'm not English, so, you know, I don't talk like this.
Sorry about that. Well, that just about wraps it up for this week on Smashing Security. I hope you've enjoyed the show.
Jessica, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
Jessica, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
You can find me on Twitter @DrJessicaBarker.
Marvelous. And you can follow us on Twitter @SmashingSecurity, no G, Twitter wouldn't allow us to have a G. And on Reddit as well.
We have a thriving Smashing Security subreddit, so come join us and chat about the show.
And don't forget, if you want to be sure never to miss another episode, subscribe in your favorite podcast app.
We have a thriving Smashing Security subreddit, so come join us and chat about the show.
And don't forget, if you want to be sure never to miss another episode, subscribe in your favorite podcast app.
Do it now!
Do it!
Go and find Smashing Security in your podcast app and you'll never miss a single episode.
Now, big shout out to all of you for listening this week and supporting us with a few dollars on Patreon and giving us sweet-ass reviews.
Also, a huge thank you to this week's Smashing Security sponsor, LastPass. Its support helps us give you the show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
Also, a huge thank you to this week's Smashing Security sponsor, LastPass. Its support helps us give you the show for free.
Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
Until next time, cheerio, bye-bye, bye-bye.
Hey, there we go. That was lively. Yes, in a rainstorm.
Yeah, I don't know.
Yeah, no, it's cool, it's cool. We were honest about it, who cares?
Well, the water has now actually reached mid-thigh, so, oh yes.
Oh, are you wanting to move? Are you wanting to go to use the little boy?
I don't think it's a— I'd have to go outside.
It's not a pool, Graham. It's not a pool.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Jessica Barker – @drjessicabarker
Show notes:
- Smashing Security #162: Robocalls, health hacks, and facial recognition fears — Carole talks about the activities of Clearview AI.
- The Daily: The End of Privacy as We Know It? — Apple Podcasts.
- Emotet Malware Advisory — US Department of Homeland Security.
- Emotet Wishes You a Merry Christmas from Greta Thunberg — Proofpoint.
- Coronavirus – hackers exploit fear of infection to spread malware — Graham Cluley.
- Emotet evolves with new Wi-Fi spreader — Binary Defense.
- Dear Ashley Madison user, I know everything about you. Pay up or else — Ars Technica.
- Here's what an Ashley Madison blackmail letter looks like — Graham Cluley.
- Nancy Pelosi rips up Trump's speech after divisive State of the Union address — The Guardian.
- Tweet by Dan Scavino Jr.
- Video of Pelosi brings renewed attention to 'cheapfakes' — AP News.
- Tool to Help Journalists Spot Doctored Images Is Unveiled by Jigsaw — The New York Times.
- Smashing Security #143: Hacking from outer space, Ukrainian cryptomining, and deepfaked Canadians.
- First survey of its kind for 50 years finds most Americans still think they have above average intelligence — Research Digest.
- Grumpy Website.
- The Courage to Be Disliked: The Japanese Phenomenon That Shows You How to Change Your Life and Achieve Real Happiness — Amazon.com.
- Sophie's World: A Novel About the History of Philosophy — Amazon.com.
- Fake Heiress – The woman who scammed New York — BBC Radio Four.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: LastPass
LastPass Enterprise makes password security effortless for your organization.
LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, Spotify, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Zemana has created a program to detect deepfake content. According to the Deepfake Detection Challenge worldwide they are really close to making the best solution for this problem: https://www.deepware.ai/
I m making research about this problem and I would love to read about them more on your site…
Greetings,
Can you please make your links open into a new tab?