Criminals are caught in a encrypted chat trap, should you trust Apple’s repair team with your sexy snaps, and do you think the FBI should be able to tell who has been reading the USA Today website?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.
And don’t miss our featured interview with Dr Simon Wiseman, the CTO of Deep Secure.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
And because it's secure and encrypted, there's no need to talk in code. It's less, "Hey, D-Dog, it's time Mickey Blue Eyes swam with the fishes." That's good code, Graham.
You know what? Everyone would be fooled by that. You are a genius.
Impenetrable code. Very good.
Smashing Security, Episode 231: Sexy Snaps and Encrypted Chat Traps with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 231.
My name's Graham Cluley.
My name's Graham Cluley.
And I'm Carole Theriault.
And Carole, we're joined this week by, well, he's a favorite of the fans. It's Dave Bittner from the Cyberwar and Hacking Humans. Hello, Dave.
Hello, hello. Good to be back.
Hi, Dave. Thank you for coming on the show again.
The pleasure is mine.
Now I hear your house is under attack at the moment. Is that right, Dave?
It is. It's under an aural attack. We are deep in the midst of cicada land here on the East Coast of the United States, which means, oh, I don't know, 85 dB of constant noise.
But also, cicadas are big, dumb bugs, and they just fly around into everything. They're harmless.
They don't bite or sting or anything, but they just sort of buzz around and crash into you, and when you're driving, you get them on your windshield, and it's a nuisance, but it only happens every 17 years, so there's that.
But also, cicadas are big, dumb bugs, and they just fly around into everything. They're harmless.
They don't bite or sting or anything, but they just sort of buzz around and crash into you, and when you're driving, you get them on your windshield, and it's a nuisance, but it only happens every 17 years, so there's that.
Are you sure you're looking at this the right way? Surely this is just free protein? Don't you just get your barbecue out and—
Well, yes, there are people who are doing that. I am told that when you cook them up, they taste like shrimp, but I'm going to take other people's word for that.
Oh really? I would totally try. Well, totally.
Yeah, if it—
I'll be there in 17 years.
Okay, there you go.
It's a date.
No, but the dogs and all the birds, all the other critters, are having a feast off of these things.
Exactly. I think you just got this the wrong way. Okay. How about we thank this week's sponsors? 1Password, Deep Secure, and KnowBe4.
It's their support that helps us give you this show for free. Now coming up on today's show, Graham, what do you got?
It's their support that helps us give you this show for free. Now coming up on today's show, Graham, what do you got?
I'm going to be talking about the amazing Anom encrypted secure chat app thing.
Okay, I know nothing about that. Good. Dave, what about you?
I've got the story of the FBI serving a process warrant in a child sexual abuse materials case.
Oh, great. Sounds fun.
Sherry?
I am going to reveal a screw-up at Apple that they tried to keep quiet. Plus, we have a featured interview.
Simon Wiseman from Deep Pharmakure, he's their CTO, explains how their tech works so that they can guarantee zero malware.
All this and much more coming up on this episode of Smashing Security.
Simon Wiseman from Deep Pharmakure, he's their CTO, explains how their tech works so that they can guarantee zero malware.
All this and much more coming up on this episode of Smashing Security.
Now, chums, chums, are either of you a godfather?
Yes, I am.
Yes, I am.
I'm so bored of these bored questions. Why can't they even just be—
Have you ever found yourself stuffing cotton wool into your cheeks? Slurring your words.
Making people offers they can't refuse.
Horse heads in other people's beds.
Yeah.
Yep.
Are you Mr. Big, Dave? Don't answer that. Carole, are you a kingpin or queenpin?
Queenpin.
Of an organised crime syndicate? Well, I can tell you it's not easy, is it? It's not easy being the godfather of crime. Because who can you trust?
Everyone's double-crossing everybody else. There you are one minute whispering commands into the ear of your consigliere. No records are being kept of what you've ordered to happen.
Nothing to lead back to you. But that was back in the simple days, right, of Marlon Brando in The Godfather movie. But now we've got tech up to our eyeballs.
So you've got to be very careful with how you communicate. And many people these days are using smartphones to communicate. And I've been watching—
Everyone's double-crossing everybody else. There you are one minute whispering commands into the ear of your consigliere. No records are being kept of what you've ordered to happen.
Nothing to lead back to you. But that was back in the simple days, right, of Marlon Brando in The Godfather movie. But now we've got tech up to our eyeballs.
So you've got to be very careful with how you communicate. And many people these days are using smartphones to communicate. And I've been watching—
We even have tech on our eyeballs, really. Glassware?
Yes, yes, yes. Those kind of crazy things.
I know a chap who wears these weird sort of IoT sunglasses, and they've got this big bulbous bit at the side, which I don't know if it's Bluetooth or what it is, but he's— yeah, it's kind of crazy.
Now, I've been watching Line of Duty on TV, so I know—
I know a chap who wears these weird sort of IoT sunglasses, and they've got this big bulbous bit at the side, which I don't know if it's Bluetooth or what it is, but he's— yeah, it's kind of crazy.
Now, I've been watching Line of Duty on TV, so I know—
Still?
No, I have been. I've watched all of it now. But I know what cops do when they want to know what someone's been up to. They grab—
Based on the TV show.
Very realistic.
Yeah, it's, yeah, I understand how to do forensic science after watching a series of CSI. I'm with you, I'm with you.
Zoom in, magnify.
Ants.
5?
Yeah.
What they do is they grab your phone. I think this is what real police do, right? It's now, can we grab their phones? 'Cause people have got their phones on them all the time.
People are sending emails, people are instant messaging, people are taking photographs, people are calling each other. Can we get the call log?
Can we track where they were at a particular time? Can we find out who called them? A treasure trove of information for the cops.
Well, there are apps out there which aim to fix all of that if you are a criminal.
So what they do is they say, look, we will help your communications remain secure if you're nabbed by the police. And one of those is called—
People are sending emails, people are instant messaging, people are taking photographs, people are calling each other. Can we get the call log?
Can we track where they were at a particular time? Can we find out who called them? A treasure trove of information for the cops.
Well, there are apps out there which aim to fix all of that if you are a criminal.
So what they do is they say, look, we will help your communications remain secure if you're nabbed by the police. And one of those is called—
Yeah, but that doesn't mean it's not just for criminals. Presumably it's for anybody who wants to keep their stuff private.
Oh, well, this particular one, Carole, is specifically targeted at criminals. It's called ANOM, and the O is a zero. A-N-0-M.
It's a secure messaging app, runs on a stripped-down smartphone. Not any old smartphone. This is a smartphone which can't make phone calls, can't send emails.
It looks like a terrible phone. You think this is a blip all in phone.
All I've got on this phone is some sort of calculator app, but it's designed purely for criminals to have end-to-end secure encrypted communications with each other.
And the idea is you can trust it because ANOM runs out of Switzerland, right? And we know—
It's a secure messaging app, runs on a stripped-down smartphone. Not any old smartphone. This is a smartphone which can't make phone calls, can't send emails.
It looks like a terrible phone. You think this is a blip all in phone.
All I've got on this phone is some sort of calculator app, but it's designed purely for criminals to have end-to-end secure encrypted communications with each other.
And the idea is you can trust it because ANOM runs out of Switzerland, right? And we know—
Okay, so say you and I, the three of us, we were cohorts in some big-ass crime and we wanted to talk about it, but we live in different locations, right?
And we don't have landlines anymore. So rather than, we would use this app to communicate because we would be clear that, you know, no one can listen in on, right? That's right.
And we don't have landlines anymore. So rather than, we would use this app to communicate because we would be clear that, you know, no one can listen in on, right? That's right.
No one can intercept the messages.
Gotcha.
And it comes out of Switzerland. And I think, I don't know about you, but when I see a piece of security software which comes outta Switzerland, I kind of think, oh, that's great.
Because Switzerland likes secrets, doesn't it? Switzerland never wants to upset anyone. They'll look after your secrets like it were Nazi gold. You know, they will happily—
Because Switzerland likes secrets, doesn't it? Switzerland never wants to upset anyone. They'll look after your secrets like it were Nazi gold. You know, they will happily—
Swear. Or Trump, or Trump. I don't know, it wasn't—
Kind of their thing.
It's kind of their thing, right?
Watches, cuckoo clocks, and yeah.
Secret bank accounts.
And even if you're caught with an An0m phone, the cops may not realise what it's used for. And the way you access the encrypted chat system—
I'm sorry, I'm not clear. Is this a phone, an actual phone, or is this an app on a phone?
It is an app running on an actual phone, but a particular phone. So you buy the phone which comes with the app. So it's a specially modified phone.
And I buy this at the robbery emporium?
Well, yeah. Or you buy it from a criminal. So you can go to a NOMS website and you can request one of these.
And what criminals are doing is they realise that their criminal mates need these phones as well.
Or if you are the godfather, Dave, you buy 100 of these phones and then you sell them to your cohorts, maybe making a little bit of a profit yourself.
And when you get one of these phones—
And what criminals are doing is they realise that their criminal mates need these phones as well.
Or if you are the godfather, Dave, you buy 100 of these phones and then you sell them to your cohorts, maybe making a little bit of a profit yourself.
And when you get one of these phones—
I'm taking it out of your take.
And when you buy one of these phones, you also take out a subscription for the service. So you're paying money every 6 months or so to keep it going. And they give you a special PIN.
So the way you access the actual chat app is you open the calculator on your phone, you enter a particular number, and that then secretly craftily opens the chatting app, right?
So you have the option as well, if you enter the wrong code, to wipe the phone. So if the cops get you, you'd think, well, I want to be sure everything's wiped off this.
So the way you access the actual chat app is you open the calculator on your phone, you enter a particular number, and that then secretly craftily opens the chatting app, right?
So you have the option as well, if you enter the wrong code, to wipe the phone. So if the cops get you, you'd think, well, I want to be sure everything's wiped off this.
This phone will self-destruct in 5 seconds. Yeah.
And do people use this phone to do other stuff too? They would have other stuff on it because they can do an auto-wipe? Or they would just have this for, you know, contacting—
I think if you're a serious criminal, you just use it for this.
You don't risk putting anything else on it because you might put some piece of spyware on it, which could then snoop on you. You wouldn't want that. Right.
So it's a bit like EncroChat, which we talked about a few weeks ago with Paul Roberts. It's making money.
The organisation is obviously acting a little bit dodgily and it's assisting criminal gangs.
You don't risk putting anything else on it because you might put some piece of spyware on it, which could then snoop on you. You wouldn't want that. Right.
So it's a bit like EncroChat, which we talked about a few weeks ago with Paul Roberts. It's making money.
The organisation is obviously acting a little bit dodgily and it's assisting criminal gangs.
And they're in Switzerland. Untouchable.
Right.
Right.
And because it's secure and encrypted, there's no need to talk in code with your fellow criminals, right? Because you feel fairly secure about your communications.
It's less, "Hey, D-dog, it's time Mickey Blue Eyes swam with the fishes." That's good code, Graham.
It's less, "Hey, D-dog, it's time Mickey Blue Eyes swam with the fishes." That's good code, Graham.
You know what? Everyone would be fooled by that. You are a genius.
Impenetrable code. Very good.
Anyway, so good news for criminals, right?
Mm.
No!
No, no, no!
This— what? No, Dave! What?
Go on, Graham.
This is not good. This is not good news for criminals.
Because word reaches us from down under that the Australian Federal Police have arrested hundreds of people, seized tons of drugs and weapons, confiscated millions of dollars worth of assets, all from criminals who were using this An0m encrypted chat service.
So to find out how they did this, we need to travel back in time 3 years.
Because word reaches us from down under that the Australian Federal Police have arrested hundreds of people, seized tons of drugs and weapons, confiscated millions of dollars worth of assets, all from criminals who were using this An0m encrypted chat service.
So to find out how they did this, we need to travel back in time 3 years.
How long?
3 years.
Okay.
I don't have that kind of time.
Well, we'll make up for it later. So if you go back 3 years, what happened was the Australian police and the FBI, they were having a few beers together, right?
Chit-chatting about this because they had just successfully shut down another encrypted messaging service beloved by criminals called Phantom Secure.
And when Phantom Secure was shut down and dismantled, the cops thought, hang on a minute, we've shut down that, that just means the bad guys are going to go somewhere else, doesn't it?
Yeah, because nature abhors a vacuum.
Chit-chatting about this because they had just successfully shut down another encrypted messaging service beloved by criminals called Phantom Secure.
And when Phantom Secure was shut down and dismantled, the cops thought, hang on a minute, we've shut down that, that just means the bad guys are going to go somewhere else, doesn't it?
Yeah, because nature abhors a vacuum.
And they're looking for a super secure way to communicate.
Right. So they're thinking— so at first the police are thinking, well, which one should we try and dismantle next?
And then they went, ahahaha, or in Australia, they went, oh ho, oh ho. Oh no, that's different. Anyway, so they went, crikey, mate, you know what we best do?
And then they went, ahahaha, or in Australia, they went, oh ho, oh ho. Oh no, that's different. Anyway, so they went, crikey, mate, you know what we best do?
Crikey.
We should create our own secure messaging app and pretend it's for criminals. And that's what they did.
So they created this whole criminal infrastructure, secure chatting system called ANOM.
They then got police informers to seed the app with other criminals and said, oh yeah, I'm using this app, you know, I've upgraded, I don't use WhatsApp anymore, I use this instead.
So they created this whole criminal infrastructure, secure chatting system called ANOM.
They then got police informers to seed the app with other criminals and said, oh yeah, I'm using this app, you know, I've upgraded, I don't use WhatsApp anymore, I use this instead.
Did you read about the flashcard things? Don't use that one either.
No, don't. And eventually the big criminal bosses were using it as well based on other criminals' recommendations. And of course, they are the equivalent to social media influencers.
They are.
So if the big boss is using a particular chat app—
If Don Corleone was on Facebook, they'd all be on Facebook.
You better—
Yeah. Why aren't you following me on Instagram? Right?
Bit of a status symbol having one of these devices.
Yeah, exactly. Exactly. And so everyone begins to do it.
And some of the criminal bosses even sold the phones, the subscriptions, not realizing that ultimately the money was filling the coffers of the very police who were going to use the app against them, because the police were able to watch in real time messages being sent between hundreds of criminals for years.
And some of the criminal bosses even sold the phones, the subscriptions, not realizing that ultimately the money was filling the coffers of the very police who were going to use the app against them, because the police were able to watch in real time messages being sent between hundreds of criminals for years.
And fund— and fund the investigation.
Yes!
You know, Graham, this does spit in the face of your theory that if you pay for something, you get what you pay for, you know, as opposed to getting free apps.
Mm-hmm. Very, very true. Very true, Carole.
It must have been extremely fun to create this app, you know, with this, we have to dupe people for the good.
We'll do a website. We'll make sure it's got a dark—
Black background.
Yes, a dark mode. Exactly. Make it look as criminal as possible. And the police reckon that they've stopped huge shipments of drugs.
They've intercepted about 20 death threats, and they reckon, you know, other innocent people may have had their lives saved because of all these.
And so all these arrests have happened in Australia as we speak.
They've intercepted about 20 death threats, and they reckon, you know, other innocent people may have had their lives saved because of all these.
And so all these arrests have happened in Australia as we speak.
So the reason it's come out that you know about this app is because of the arrests?
Yes. So the police have now gone public on it.
Hmm.
Now, Graham, I've been following a lot of the conversation of this on your Twitter and other places.
I've seen people say that the bad guys were starting to catch on to this in the past couple months.
There was a blog post where someone— I guess the bad guys have their own security researchers, and someone figured out that traffic on this app wasn't just going between folks, it was going somewhere else.
They were starting to get suspicious. Too late, so it seems.
I've seen people say that the bad guys were starting to catch on to this in the past couple months.
There was a blog post where someone— I guess the bad guys have their own security researchers, and someone figured out that traffic on this app wasn't just going between folks, it was going somewhere else.
They were starting to get suspicious. Too late, so it seems.
Yeah, from that blog post, it looked like they were saying it appears some information may be being sent to an American server or something, wasn't it?
It was.
And that would have forced the cop's hand to come clean anyway, right? Because if they are already sniffing around thinking this could be not legit, right?
They're starting to put in fake information or whatever.
They're starting to put in fake information or whatever.
I guess there comes a point where the cops think how much are we going to get if we carry on doing this as opposed to basically playing our cards now?
You know, is there more to be gained from saying, okay, we've got information about all these hundreds of people, we think we can go and arrest them and do some damage, or hang on a little bit longer?
So maybe that is one of the things which influenced them.
You know, is there more to be gained from saying, okay, we've got information about all these hundreds of people, we think we can go and arrest them and do some damage, or hang on a little bit longer?
So maybe that is one of the things which influenced them.
Yeah, but certainly one for the good guys, right? I mean, it is. Now, what do you all think this does for people's confidence in secure messaging apps in general?
I mean, the ones in general use, like Signal, which is open source, so presumably folks are able to inspect the code of an app like Signal to make sure there's nothing like this going on, but how sure can you be?
I mean, the ones in general use, like Signal, which is open source, so presumably folks are able to inspect the code of an app like Signal to make sure there's nothing like this going on, but how sure can you be?
In theory, yes.
In theory, you're more confident when you hear something's open source, but of course, if everyone is feeling that same confidence and nobody actually goes and looks at the source code to see if there are vulnerabilities or if there's some backdoor in it or whatever, and I'm sure in the case of Signal, someone probably has, but oftentimes people just assume, don't they, that, well, it must be all right, comes from Switzerland.
In theory, you're more confident when you hear something's open source, but of course, if everyone is feeling that same confidence and nobody actually goes and looks at the source code to see if there are vulnerabilities or if there's some backdoor in it or whatever, and I'm sure in the case of Signal, someone probably has, but oftentimes people just assume, don't they, that, well, it must be all right, comes from Switzerland.
Well, it's not even that though. I'm sure the criminals they were going after were not cyber whiz kids, right?
So these are people that are probably shifting boxes of stuff or whatever, who knows, but not whiz kids. So if someone—
So these are people that are probably shifting boxes of stuff or whatever, who knows, but not whiz kids. So if someone—
A lot of them may be, but yeah, but there may also be others who are on the sidelines, or people who are just curious, you know.
They come across something— I mean, this thing had a Twitter account. They come across it, maybe they get hold of the app, and they're just— people are just interested.
They come across something— I mean, this thing had a Twitter account. They come across it, maybe they get hold of the app, and they're just— people are just interested.
I just wonder if a smart criminal would have just gone, why don't we just use Telegram or Signal at this stage?
I'm sure plenty of them are. And of course, there's lots of pressure from governments to try and put backdoors into some of these messaging services.
Right, but does this weaken the case for that argument? Because if folks can say, well listen, you have other ways to get at this information besides weakening encryption, right?
Here's an example.
You put out your own app, so why should we weaken encryption when you can get— when you were so successful getting all these bad guys all around the globe by other means?
Here's an example.
You put out your own app, so why should we weaken encryption when you can get— when you were so successful getting all these bad guys all around the globe by other means?
Well, you could use the same argument to say, didn't it work great with ANOM?
Wouldn't it work even better if WhatsApp and Facebook Messenger and Signal and everything else were to do it as well?
Wouldn't it work even better if WhatsApp and Facebook Messenger and Signal and everything else were to do it as well?
True. Yeah, true.
Anyway, I don't know who to trust now.
Well, but you know, it's a good thing that the bad guys are looking over their shoulders, isn't it?
Yes, yes.
If it makes them uncertain, I'm sure for those years when they found that, for instance, shipments of drugs were being intercepted, they were probably in— there's probably infighting and suspicions as to who might have said something.
You know, only you knew this information.
If it makes them uncertain, I'm sure for those years when they found that, for instance, shipments of drugs were being intercepted, they were probably in— there's probably infighting and suspicions as to who might have said something.
You know, only you knew this information.
Right, right. Who was the rat?
Well, David, what have you got for us this week?
Back in February, USA Today, which is a publication here in the US, they published a news story about the tragic death of two FBI agents who were in the process of serving a warrant in a CSAM case, and CSAM is Child Sexual Abuse Materials.
So the FBI were going after someone who they alleged was involved in this horrible crime of imagery of child sexual abuse.
So a team of law enforcement officers were attempting to execute this warrant.
Evidently, the person that they were after had some sort of doorbell camera, saw them coming, and fired through the door at all these law enforcement people who were knocking on the door to serve him the warrant.
Two officers.
So the FBI were going after someone who they alleged was involved in this horrible crime of imagery of child sexual abuse.
So a team of law enforcement officers were attempting to execute this warrant.
Evidently, the person that they were after had some sort of doorbell camera, saw them coming, and fired through the door at all these law enforcement people who were knocking on the door to serve him the warrant.
Two officers.
With a gun.
With a gun, yes.
It wasn't with the doorbell, Carole. They haven't yet made IoT doorbells that can shoot guns.
It could have been a water pistol. It could have been through a straw, little paper balls through a straw.
Yeah.
You know, don't assume, Graham.
Okay.
Yeah, so real gun, real bullets, real people died. So two officers were killed, three others were wounded.
Holy moly.
Yeah, SWAT team was brought in. There was more gunfire exchanged.
This was in America, wasn't it? I'm guessing from what clues you've given me.
How could you tell, Graham? How could you tell? Eventually the suspect, my understanding is he took his own life again via gunshot.
It's a tragic situation all around, starting with the child sexual abuse material, obviously the FBI officers killed in the line of duty, but where it gets interesting is the FBI served Gannett, who publishes USA Today, served them with a subpoena, and they wanted information about basically everyone who accessed a news article during a 35-minute window starting just after 8:00 PM on the day of the shootings.
Now, the demand, which was signed by a senior FBI agent, it didn't ask the names of the people who read the story, but they were looking for IP addresses, mobile phone information that could lead to the identities of the folks who read the information.
So now—
It's a tragic situation all around, starting with the child sexual abuse material, obviously the FBI officers killed in the line of duty, but where it gets interesting is the FBI served Gannett, who publishes USA Today, served them with a subpoena, and they wanted information about basically everyone who accessed a news article during a 35-minute window starting just after 8:00 PM on the day of the shootings.
Now, the demand, which was signed by a senior FBI agent, it didn't ask the names of the people who read the story, but they were looking for IP addresses, mobile phone information that could lead to the identities of the folks who read the information.
So now—
Yeah, I'm not following either.
So the shooting has happened.
Yeah.
USA Today has published this story about something which happened earlier that day, right?
Right. Hours later, USA Today publishes the story. The story is still online, by the way. You can go read the story.
Okay. And then the FBI investigating the shooting want to know who's been reading the news article which came out after the shooting.
Correct. Correct.
It's a bit odd.
So, the— what people are supposing is that the FBI thinks, or thought, that perhaps someone else who was involved in this crime, in the child sexual abuse materials crime, may have been reading the article.
Perhaps if we know who was interested in what went down here, who had an immediate interest in it, that might lead us to more of the people who were after it.
Perhaps if we know who was interested in what went down here, who had an immediate interest in it, that might lead us to more of the people who were after it.
So but I'm guessing USA Today probably has what, there'd be 1,000 a minute clicks? It doesn't narrow the pool that much.
No, no, it wouldn't. But beyond that, there are serious First Amendment rights issues here with this subpoena.
Now, one of the interesting things I learned when reading this article is that this is a particular case where the FBI does not have to go in front of a judge to get a subpoena like this.
This FBI agent only had to get the sign-off from one of his superiors at the FBI in order to proceed with this subpoena.
And the reason behind this is that they say in cases like this, particularly with horrific things like child sexual abuse, they have made the case that they need to be able to act quickly because people are in jeopardy.
Now, in this case, many hours went between the shooting and the publication of the news article, so it doesn't seem as though there was any real time constraint here on gathering this information.
So the folks at Gannett, USA Today, they pushed back, they refused the subpoena, they said it was a clear violation of the First Amendment.
Now, one of the interesting things I learned when reading this article is that this is a particular case where the FBI does not have to go in front of a judge to get a subpoena like this.
This FBI agent only had to get the sign-off from one of his superiors at the FBI in order to proceed with this subpoena.
And the reason behind this is that they say in cases like this, particularly with horrific things like child sexual abuse, they have made the case that they need to be able to act quickly because people are in jeopardy.
Now, in this case, many hours went between the shooting and the publication of the news article, so it doesn't seem as though there was any real time constraint here on gathering this information.
So the folks at Gannett, USA Today, they pushed back, they refused the subpoena, they said it was a clear violation of the First Amendment.
Because they would have to give the details, the information that they had IP addresses on every single person that had read that article, right?
Exactly.
Right, right, right.
And so I've been trying to think of an analogy for this, and it's kind of the difference between going in front of a judge and saying, hey, we suspect that this person was reading this article, and we would like to have a subpoena just to verify that as part of the investigation we're doing.
As opposed to saying, we want to search every house in the neighborhood, right?
Because we think the bad guy might have driven through this neighborhood, so we want to search every house in the neighborhood. We just want to throw this web out there.
And you can't do that.
As opposed to saying, we want to search every house in the neighborhood, right?
Because we think the bad guy might have driven through this neighborhood, so we want to search every house in the neighborhood. We just want to throw this web out there.
And you can't do that.
Yeah, we have seen these sort of dragnet, sort of scooping up of data in the past, haven't we? I remember there have been some cases where there have been physical bank robberies.
And the FBI has requested information from technology companies regarding who might have been in the location around about that time in order to narrow down the potential list of suspects, which has caused some controversy in the past.
And the FBI has requested information from technology companies regarding who might have been in the location around about that time in order to narrow down the potential list of suspects, which has caused some controversy in the past.
We had cases back here years ago where folks were trying to get the lists of books that people signed out from libraries.
And, you know, are you entitled to the privacy of knowing— of other people knowing what books you've signed out from a library?
And, you know, are you entitled to the privacy of knowing— of other people knowing what books you've signed out from a library?
So that could be embarrassing for you, Dave, if you took out like an erotic romance or something, or some sort of bodice ripper?
Well, not just one, but yes, absolutely. Absolutely.
Carole, what have you got for us?
So picture it.
Your iPhone.
You're both iPhone users. iPhone users, aren't you?
Yeah.
Now imagine it started acting all buggy, like not the way you expect it to work. And you're getting frustrated and you panic a little bit. You push a lot of buttons.
You might even decide to turn it on and off again, but to no avail, right? So you have options in this case, don't you? So what would you do?
You might, like, say you've run out of ideas. You can't fix it. Your friends can't fix it. So you need to get it repaired somewhere.
Now, where would you go typically in that scenario when one of your Apple products do not perform appropriately?
You might even decide to turn it on and off again, but to no avail, right? So you have options in this case, don't you? So what would you do?
You might, like, say you've run out of ideas. You can't fix it. Your friends can't fix it. So you need to get it repaired somewhere.
Now, where would you go typically in that scenario when one of your Apple products do not perform appropriately?
First choice would be the local Apple Store or Apple sort of partner, yeah.
Like, so like with my car, I just take it to any old, well, not any old garage, but like not the official whatever company garage.
But with my phone, I tend to go to the Apple Store too. I once had insurance.
It was covered under some insurance that we had, some bank insurance or something, and I dropped my phone anyway got soaked.
But with my phone, I tend to go to the Apple Store too. I once had insurance.
It was covered under some insurance that we had, some bank insurance or something, and I dropped my phone anyway got soaked.
And what did it fall— what, honestly, I'll tell you, you won't believe me.
It fell into a bucket of water outside.
Like, I was outside working and it got too hot, and then I was trying to open the door and it just fell right off the top of my book, slid right into this. Yeah.
Anyway, so I sent it off and they sent me back a phone, but it was like a— it was— anyway, it wasn't very good. So I've always thought, go Apple, go Apple, go Apple.
So this story is all about someone who did exactly this. It starts on January 14th, 2016. Right. And our main character is an unnamed 21-year-old student.
And it becomes pretty crystal clear why she's unnamed. So this student, we're going to give her a name. Should we give her a name? Wilhelmina. Let's call her Wilhelmina. Okay.
Wilhelmina. She, her phone was all buggy. So she sent her phone off to repair.
So you know how there's two ways you can do it, you can go to the Apple Store, or you can send it off, right? And you put it in the mail and they go and take care of it.
And the phone was then given to a repair facility run by Apple. So Apple don't do all the work necessarily themselves. They have contractors that do some of the work.
So in this case, it was a contractor called Pegatron in Sacramento, California.
Like, I was outside working and it got too hot, and then I was trying to open the door and it just fell right off the top of my book, slid right into this. Yeah.
Anyway, so I sent it off and they sent me back a phone, but it was like a— it was— anyway, it wasn't very good. So I've always thought, go Apple, go Apple, go Apple.
So this story is all about someone who did exactly this. It starts on January 14th, 2016. Right. And our main character is an unnamed 21-year-old student.
And it becomes pretty crystal clear why she's unnamed. So this student, we're going to give her a name. Should we give her a name? Wilhelmina. Let's call her Wilhelmina. Okay.
Wilhelmina. She, her phone was all buggy. So she sent her phone off to repair.
So you know how there's two ways you can do it, you can go to the Apple Store, or you can send it off, right? And you put it in the mail and they go and take care of it.
And the phone was then given to a repair facility run by Apple. So Apple don't do all the work necessarily themselves. They have contractors that do some of the work.
So in this case, it was a contractor called Pegatron in Sacramento, California.
By the way, I just want to, just for the record, point out that Pegatron is widely considered to be the kinkiest of the Transformers. I didn't even know it was a Transformer.
Is that true?
No, it's not true. She's so innocent.
Okay, so we have this Apple contractor that is looking after the phone now.
Yes.
And during that time, two technicians got access to the phone. And while they were quote unquote repairing the phone, they found some sensitive information.
Now, as app tech repair folk, this must happen all the time.
Now, as app tech repair folk, this must happen all the time.
Yeah.
Someone comes in with a problem, I can't get my photos, or my phone's frozen. I can't get any information off it.
It's a bit like when the boss's laptop stops working, right?
And the IT team, he gives it to the IT team and he sort of says to them, or he goes to the head of IT and says, look, I need you to be discreet with this, right? Right, right.
Something funny's happened on it. I don't want you letting every member of IT looking at this laptop. Could you just handle this yourself?
And the IT team, he gives it to the IT team and he sort of says to them, or he goes to the head of IT and says, look, I need you to be discreet with this, right? Right, right.
Something funny's happened on it. I don't want you letting every member of IT looking at this laptop. Could you just handle this yourself?
We don't have to talk about my browsing history.
Yeah, exactly right.
So these guys must be expert at averting their eyes, you know, from notifications or texts or emails or pics or whatever.
So, okay, so Wilhelmina sent off her phone for repair, you know, via the appropriate Apple channels. And it wasn't like she was standing over them.
She wasn't at the Genius Bar or anything. She sent it via the mail.
But according to legal findings seen by The Telegraph, these two unnamed technicians that found the sensitive content— when I say sensitive, I mean pictures of her in various stages of undress and a sex video.
And not only found it— so say, say you were this kind of person, Graham.
So, okay, so Wilhelmina sent off her phone for repair, you know, via the appropriate Apple channels. And it wasn't like she was standing over them.
She wasn't at the Genius Bar or anything. She sent it via the mail.
But according to legal findings seen by The Telegraph, these two unnamed technicians that found the sensitive content— when I say sensitive, I mean pictures of her in various stages of undress and a sex video.
And not only found it— so say, say you were this kind of person, Graham.
What, the one with a sex?
No, no, no, the one that has received— you're working, you're in tech support, whatever. And you see these big sexy, sexy videos.
Do you— dum dee dum? Yes.
I hate the idea, but I can almost imagine they might load it up for their own enjoyment somewhere. That would be the worst thing I can imagine.
I'll keep this for later if it's sexy, sexy.
I'll keep this for later if it's sexy, sexy.
Mm-hmm. When I was in college, I had a friend who worked at a Fotomat. You know what a Fotomat is?
Right.
So the Fotomat was a little photo booth in the middle of a parking lot where you would drop off your photos and then you'd come back the next day and they were developed.
And for the young members of our audience, this was a thing that used to happen.
You took photos on this thing called film, and then the next day it would be developed and you get your pictures back.
Anyway, he worked at the Fotomat, and he said— he told me that in the little booth there, they had a binder that they called the Who's Your Daddy binder.
And that was where whenever someone would come in with photos from, say, a bachelor party or something like that, they would run off extra copies of the spicy photos, and they would go in the folder for the employees to enjoy.
So there's a long history of this.
And for the young members of our audience, this was a thing that used to happen.
You took photos on this thing called film, and then the next day it would be developed and you get your pictures back.
Anyway, he worked at the Fotomat, and he said— he told me that in the little booth there, they had a binder that they called the Who's Your Daddy binder.
And that was where whenever someone would come in with photos from, say, a bachelor party or something like that, they would run off extra copies of the spicy photos, and they would go in the folder for the employees to enjoy.
So there's a long history of this.
Closer to home than you even know. I can't even tell you. But anyway, we're not going into that on another show, perhaps.
All right, okay, so what these guys do, instead of just putting it into their who's your daddy photo album, post it up on her own Facebook account.
All right, okay, so what these guys do, instead of just putting it into their who's your daddy photo album, post it up on her own Facebook account.
What?
Making it look like she had uploaded the content herself.
Oh my goodness.
And Wilhelmina—
Wow—
Our unnamed student, some of your name, okay, none the wiser, only finds out when her friends contact her and go, probably say something like, hey, did you mean to have a pic of your hoochie coochie all over the public newsfeed?
Mm-hmm.
So why would, why would they do that? Do you think it was an accident?
Do you think they meant to post it to their mates from their Facebook account and they accidentally logged into hers from her phone?
Do you think they meant to post it to their mates from their Facebook account and they accidentally logged into hers from her phone?
So it's like a colossal fuck-up as opposed to just complete ridiculous insanity.
That's all I'm thinking is that they must have—
It must have been a mistake on their part because clearly I don't think so.
They must have shat themselves both simultaneously.
Imagine, if you will, that Beavis and Butt-Head are working at this repair shop, and they are incredibly bored, right?
And these two guys just, they hang out together, and they're the two goofballs, and they're always looking for things to do to fight the boredom and keep themselves interested, and as they say, one thing led to another, and Beavis said to Butt-Head, "Hey, wouldn't it be funny?
Look, I can access her Facebook. I've got an idea. Watch this." And they had a good laugh before they realized what they had actually done.
And these two guys just, they hang out together, and they're the two goofballs, and they're always looking for things to do to fight the boredom and keep themselves interested, and as they say, one thing led to another, and Beavis said to Butt-Head, "Hey, wouldn't it be funny?
Look, I can access her Facebook. I've got an idea. Watch this." And they had a good laugh before they realized what they had actually done.
I think it's very heartwarming to know that Apple spent a lot of time vetting their contractors that take care of these very important devices that have become instrumental to our lives.
Right?
So what's happened to these guys?
Wilhelmina, most likely mortified and furious, right? And she's like, "I don't even have my fucking phone.
It's at Apple." She probably was fielding a bunch of calls from her Auntie Jean and ex-boyfriends and all the— Anyway, so she lawyers up. She lawyers up and takes on Apple.
And lawyers for Wilhelmina threatened to sue Apple, citing invasion of privacy and severe emotional distress, right?
And apparently, reportedly, demanded $5 million in damages during the negotiations.
It's at Apple." She probably was fielding a bunch of calls from her Auntie Jean and ex-boyfriends and all the— Anyway, so she lawyers up. She lawyers up and takes on Apple.
And lawyers for Wilhelmina threatened to sue Apple, citing invasion of privacy and severe emotional distress, right?
And apparently, reportedly, demanded $5 million in damages during the negotiations.
Yeah, sure. Why not?
I mean, that's the—
We don't know how much she got.
That's the money Tim Cook has in the couch in his office. I mean, right, at Apple, just probably nestled within his budget.
Sure.
Right.
I don't think, I don't think it's that outrageous an amount of money to request, actually.
No, me neither. Apple, I think, and we don't know how much she actually got. We don't know how much she actually ended up getting.
But the thing is, she's not allowed to speak about this. She had to sign an NDA to get the wonga.
I really don't like the whole, you know, "STFU if you want this cash." I don't really like that.
But the thing is, she's not allowed to speak about this. She had to sign an NDA to get the wonga.
I really don't like the whole, you know, "STFU if you want this cash." I don't really like that.
Well, I guess that's the bargain you do, isn't it?
Is that you can either take them to court and have it decided by a judge, which will then all be public, or you can settle on the steps of the courthouse, and they say, "Look, we'll give you more than you wanted if you agree to do this." It's just a business relationship.
Is that you can either take them to court and have it decided by a judge, which will then all be public, or you can settle on the steps of the courthouse, and they say, "Look, we'll give you more than you wanted if you agree to do this." It's just a business relationship.
For life? I think there should be a limit of 3 years or something. I can understand, but I don't think you should be able to erase stuff from history by paying people off.
And it'd be illegal. Yeah.
And it'd be illegal. Yeah.
Hey, Carole, you found out about this somehow.
Well, exactly. How did I find out about it? Right?
How do we know? You're Wilhelmina.
Well, the settlement only came to light because Pegatron, this was the intermediate company, the contractor for Apple, had gone to their own insurance company to get the money to pay for whatever they decided they were going to pay for this.
And their insurance company said, "No, we're not going to compensate you for the amount." So it refused to pay.
And in that, Apple said, "You have to call us the customer." But during a bunch of legal fights going back and forth, it eventually became clear that the customer was Apple.
So it leaked.
And their insurance company said, "No, we're not going to compensate you for the amount." So it refused to pay.
And in that, Apple said, "You have to call us the customer." But during a bunch of legal fights going back and forth, it eventually became clear that the customer was Apple.
So it leaked.
And are Pegatron suing Beavis and Butt-Head?
No, they're fired, right? I mean, they're just gone.
They're fired, but they've caused a lot of damage.
Yeah.
Yeah, they're fired. They've been eradicated from the organization.
Apple confirmed the incident statement to The Guardian Monday, and the woman, of course, has not responded to any of it. So she can't. She can't say anything.
She can't say that's bullshit. She can't say that's true. She can't say anything. Apple spokesperson, of course, says, "We take privacy and security." What do you think?
What are the next words?
Apple confirmed the incident statement to The Guardian Monday, and the woman, of course, has not responded to any of it. So she can't. She can't say anything.
She can't say that's bullshit. She can't say that's true. She can't say anything. Apple spokesperson, of course, says, "We take privacy and security." What do you think?
What are the next words?
Very seriously. Extremely seriously.
So can we decide who the victims are here? Who are the victims, right? Obviously Wilhelmina, right?
Wilhelmina?
Yes.
Definitely a victim.
I would argue that maybe Apple are a victim because they've been let down by Pegatron. Yeah.
By a third party. Yep. Third party vulnerability.
I think in a way, Pegatron are a victim because they've been let down by Beavis and Butt-Head who did something utterly, utterly moronic and unethical and immoral. Maybe.
And maybe, maybe Pegatron should have had, I mean, even if you have rules in place, if people are doing that kind of diagnostic work to fix a phone, is there any way to prevent them from—
And maybe, maybe Pegatron should have had, I mean, even if you have rules in place, if people are doing that kind of diagnostic work to fix a phone, is there any way to prevent them from—
Yes. Ah, yes, there is.
Right.
Yes, there is. Okay, number one, say your phone's screwed. Now, this is— this, of course, all depends on the fact of how screwed or fucked up your phone is.
If you happen to dump it in a big pile of water, you're not gonna be able to do any of this stuff.
If you happen to dump it in a big pile of water, you're not gonna be able to do any of this stuff.
Who would be dumb enough to drop it into some—
Exactly, only a numpty. A numpty. Okay, so if possible, back up your iOS device.
You should be doing this anyway, right, to the cloud, but have a backup of your device, your iOS device, and then erase your iOS device before you send it off.
You should be doing this anyway, right, to the cloud, but have a backup of your device, your iOS device, and then erase your iOS device before you send it off.
Yeah.
So it's Settings, General, Reset, Erase All Content. And then Apple get a device that has nothing on it, and it's okay, they can fix the inside components of it.
And then all you do when you get it back is you can reload up all your information from your backup.
And then all you do when you get it back is you can reload up all your information from your backup.
Right.
There's also advice about making sure the activation lock is disabled because of course you can't send a locked device over.
Because, and in fact, even if you go into the store, they'll often ask you to disable your password, right. So yeah, you want to think again, and they take the phone to the back.
And the reason they do that is they don't have to come back and forth every two minutes to, you know, can you reactivate? Can you have your fingerprint, right.
So, you know, erasing your device before you bring it to an Apple Store if possible sounds to me like a really smart idea.
And the other thing you do is remove the SIM card from the device. Also, if you're mailing it in, remove the case, screen protectors, and keep your cables and chargers.
Apparently people sometimes send them in, never see them again.
Because, and in fact, even if you go into the store, they'll often ask you to disable your password, right. So yeah, you want to think again, and they take the phone to the back.
And the reason they do that is they don't have to come back and forth every two minutes to, you know, can you reactivate? Can you have your fingerprint, right.
So, you know, erasing your device before you bring it to an Apple Store if possible sounds to me like a really smart idea.
And the other thing you do is remove the SIM card from the device. Also, if you're mailing it in, remove the case, screen protectors, and keep your cables and chargers.
Apparently people sometimes send them in, never see them again.
See, I would think if I had this sort of material on my phone—
What, sexy naked videos of you?
Okay, exactly, exactly.
Dancing to some show tune.
Yeah, as if that were even possible. I would just write off the phone. I would just get a new phone.
If I had a backup, you know, the phone's broken, okay, it's not worth sending off to someone else and risk that falling into the wrong hands.
If I could afford it, right, I would just buy a new phone and restore from backup.
If I had a backup, you know, the phone's broken, okay, it's not worth sending off to someone else and risk that falling into the wrong hands.
If I could afford it, right, I would just buy a new phone and restore from backup.
Exactly, Dave. Not everyone's as rich as the host of the CyberWire and Hacking Humans. Not everyone's dripping in diamonds you guys are, right?
Lighting cigars with $100 bills. Yes, absolutely.
Exactly. Walking around with a faux fur coat.
Your big-ass sponsors.
Now, the other thing I will point out is that there are apps available that allow you to store this sort of stuff under a separate password from the main password on the phone.
So if you want to have this sort of thing on your device, perhaps you want to have it under a second layer of protection so that if the repair folks need access to the phone, that's fine, but they won't have access to this secure folder where you keep this sort of thing.
So if you want to have this sort of thing on your device, perhaps you want to have it under a second layer of protection so that if the repair folks need access to the phone, that's fine, but they won't have access to this secure folder where you keep this sort of thing.
Yeah, or just don't keep that kind of stuff. I don't know.
Well, let's not be hasty, Carole. I mean, everybody's, you know—
Just be pure as driven snow like me.
It's been a long time under lockdown, Carole. People have needs. They have impulses.
I know, they don't have to save the stuff. There is a web browser. Geez. So what's a con game?
It's a fraud that works by getting the victim to misplace their confidence in the con artist. In the world of security, we call confidence tricks social engineering.
And as our sponsors KnowBe4 can tell you, human error is how most organizations get compromised. Where there's human contact, there can be con games.
It's important to build the kind of security culture in which your employees are enabled to make smart security decisions.
And to do that, they need new school security awareness training. KnowBe4, the provider of the world's largest security awareness and simulated phishing platform.
See how your security culture stacks up against KnowBe4's free phishing test. Get it now at knowbe4.com/freetest. That's K-N-O-W-B-E and the number 4 dot com slash free test.
Think of KnowBe4 for your security training.
It's a fraud that works by getting the victim to misplace their confidence in the con artist. In the world of security, we call confidence tricks social engineering.
And as our sponsors KnowBe4 can tell you, human error is how most organizations get compromised. Where there's human contact, there can be con games.
It's important to build the kind of security culture in which your employees are enabled to make smart security decisions.
And to do that, they need new school security awareness training. KnowBe4, the provider of the world's largest security awareness and simulated phishing platform.
See how your security culture stacks up against KnowBe4's free phishing test. Get it now at knowbe4.com/freetest. That's K-N-O-W-B-E and the number 4 dot com slash free test.
Think of KnowBe4 for your security training.
Around 80% of business data breaches result from weak or reused passwords.
Using 1Password can close the gaps in your company's security, combat shadow IT, and help your employees stay both productive and secure wherever they are.
1Password makes the secure thing to do the easiest thing to do. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise.
Provision employees using trusted systems, respond rapidly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
Find out more and try 1Password for free for 14 days at 1password.com. And thanks to 1Password for supporting the show.
Using 1Password can close the gaps in your company's security, combat shadow IT, and help your employees stay both productive and secure wherever they are.
1Password makes the secure thing to do the easiest thing to do. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise.
Provision employees using trusted systems, respond rapidly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
Find out more and try 1Password for free for 14 days at 1password.com. And thanks to 1Password for supporting the show.
Deep Secure Threat Removal is a very cool product which takes incoming poisoned Word documents, ransomware documents, booby-trapped PowerPoint slides, and the like, and creates brand new files with just the good stuff and none of the bad.
It is a neat way of handling brand new threats coming into organizations via web, email, or file sharing, and it can run along your existing antivirus.
Threat Removal gives you the good stuff by delivering files that are 100% threat-free, fully functional, and fully revisable.
Adding Threat Removal to your defense can help you reduce administrative costs as it doesn't require signature updates or security ransomware patches and reduces the time your security team spends on false positives and remediation.
Visit deep-secure.com/smashingsecurity. That's deepsecure with a hyphen dot com smashing security for more information and to set up your free trial today.
And deep thanks to Deep Secure for sponsoring the show.
It is a neat way of handling brand new threats coming into organizations via web, email, or file sharing, and it can run along your existing antivirus.
Threat Removal gives you the good stuff by delivering files that are 100% threat-free, fully functional, and fully revisable.
Adding Threat Removal to your defense can help you reduce administrative costs as it doesn't require signature updates or security ransomware patches and reduces the time your security team spends on false positives and remediation.
Visit deep-secure.com/smashingsecurity. That's deepsecure with a hyphen dot com smashing security for more information and to set up your free trial today.
And deep thanks to Deep Secure for sponsoring the show.
And welcome back. Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.
Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.
Better not be.
Well, my Pick of the Week this week is not security-related. I remember as a child loving a series of books which I've recently been reading with my son.
Sometimes I read them, sometimes he reads them. They are called the Three Investigators books.
Sometimes I read them, sometimes he reads them. They are called the Three Investigators books.
Ooh, okay.
They came out in the '60s, I think, originally. And there's something like over 40 of them. It features Jupiter Jones, Pete Crenshaw, and Bob Andrews of Rocky Beach, California.
Jupiter lives on a scrapyard with his uncle and aunt, and they have a base hidden behind a pile of rubbish. And what happens is these 3 teenagers, they get mysteries to solve.
So they're running a little detective agency and they investigate anything, sometimes with the help of their English chauffeur who drives them around in a Rolls-Royce.
Jupiter lives on a scrapyard with his uncle and aunt, and they have a base hidden behind a pile of rubbish. And what happens is these 3 teenagers, they get mysteries to solve.
So they're running a little detective agency and they investigate anything, sometimes with the help of their English chauffeur who drives them around in a Rolls-Royce.
Is there any ladies in this? Any girls?
There's no lady. There are very few lady folk.
Oh yeah, we don't really exist. I keep forgetting.
Well, back in the '60s you didn't, Carole.
We were only 20% of the population back then.
Right. Right, exactly.
Yeah, no girls allowed.
These are just 3 guys, 3 guys solving mysteries.
If you want girls solving mysteries, that's what Nancy Drew is for. Come on.
Exactly. Exactly.
Now, sometimes the Three Investigators is known as Alfred Hitchcock and the Three Investigators because through some sort of shady marketing arrangement, Alfred Hitchcock would sometimes frame the books or frame the story.
So he'd have a chapter at the beginning just introducing the characters. And then at the end of the story, they would go and explain the mystery to him and tie up the loose ends.
But he didn't write the books. A lot of people thought Alfred Hitchcock wrote books. He didn't write the books.
The early ones were written by a chap called Robert Arthur, and then they were written by others as well.
They are great stories, like The Mystery of the Green Ghost, The Whispering Mummy, The Stuttering Parrot.
I still love them to this day, and I found a fan website at 3investigatorsbooks.com where we can find out more.
In fact, Carole, I don't know if you remember, when we used to work for a certain computer security company—
Now, sometimes the Three Investigators is known as Alfred Hitchcock and the Three Investigators because through some sort of shady marketing arrangement, Alfred Hitchcock would sometimes frame the books or frame the story.
So he'd have a chapter at the beginning just introducing the characters. And then at the end of the story, they would go and explain the mystery to him and tie up the loose ends.
But he didn't write the books. A lot of people thought Alfred Hitchcock wrote books. He didn't write the books.
The early ones were written by a chap called Robert Arthur, and then they were written by others as well.
They are great stories, like The Mystery of the Green Ghost, The Whispering Mummy, The Stuttering Parrot.
I still love them to this day, and I found a fan website at 3investigatorsbooks.com where we can find out more.
In fact, Carole, I don't know if you remember, when we used to work for a certain computer security company—
I hardly remember, it's hazy.
All those years ago, I was on eBay, and I had a bookshelf behind me, which I was slowly filling up with old Three Investigators books in order to complete my collection.
And so I've loved them a long old time, and they're great. And that is my pick of the week.
And so I've loved them a long old time, and they're great. And that is my pick of the week.
Do you think that's why you're not great with women? Because all the books you read just had boys in them? You just never learned about them?
What do you mean I'm not great with women?
Maybe.
What do you mean?
Maybe I should buy you some— Yeah, maybe I'll buy you some Nancy Drew.
Miss Marple. Dave, what's your pick of the week?
So back in the day, and by the day, I mean 1994, there was a game called SimTower.
And this is when— Remember when The Sims were spinning off all sorts of different types of games. You had SimLife, you had, I don't know what, SimZoo. There were all sorts of—
And this is when— Remember when The Sims were spinning off all sorts of different types of games. You had SimLife, you had, I don't know what, SimZoo. There were all sorts of—
SimCity.
SimCity, right, right. So SimTower was a game where you were trying to build this, an office building, a mixed-use office building.
So you could have, part of it was a hotel and part of it had, you could put a movie theater in and you had to build in parking garages and all sorts of things.
So you could have, part of it was a hotel and part of it had, you could put a movie theater in and you had to build in parking garages and all sorts of things.
Yeah, I remember it. It was great.
Yeah, it was a fun game. And the key to success in the game was managing your elevators, was moving people around.
'Cause that's how you scored points in the game, and if people got angry that they couldn't get to where they were going, that was bad for your score in the game.
So that, I think, kicked off my fascination with games that involve moving people around efficiently and those sorts of things.
'Cause that's how you scored points in the game, and if people got angry that they couldn't get to where they were going, that was bad for your score in the game.
So that, I think, kicked off my fascination with games that involve moving people around efficiently and those sorts of things.
Logistics, basically.
Yes.
Travel, transportation logistics.
Absolutely, absolutely. So there is a game that popped up in my Apple Arcade subscription, and it's called Mini Motorways.
And it is similar to SimTower in that you are building little roads to connect people's homes to little shopping malls and parking garages.
And as the game goes on, more and more homes spawn into this world, and more garages and malls spawn into this world.
So it gets faster and you have to connect more cars and you get traffic jams and you get bridges and you can build little freeways and things.
It's a game that's very simple from the outset, but as you play it, you start to figure out ways to get higher and higher scores and deliver more people to their destinations.
It can get a little fast and furious towards the end because there are so many cars and you're trying to manage them. So it's a lot of fun.
And it is similar to SimTower in that you are building little roads to connect people's homes to little shopping malls and parking garages.
And as the game goes on, more and more homes spawn into this world, and more garages and malls spawn into this world.
So it gets faster and you have to connect more cars and you get traffic jams and you get bridges and you can build little freeways and things.
It's a game that's very simple from the outset, but as you play it, you start to figure out ways to get higher and higher scores and deliver more people to their destinations.
It can get a little fast and furious towards the end because there are so many cars and you're trying to manage them. So it's a lot of fun.
And are you addicted?
Well, yes. Addicted is a strong word, Carole.
I would say that at the end of a busy day, if I'm looking to unwind, I will often fire up Mini Motorways and sort of disengage my brain and spend 20 minutes or so building a little community and trying to get cars to their destinations.
And that is why Mini Motorways is my pick of the week.
I would say that at the end of a busy day, if I'm looking to unwind, I will often fire up Mini Motorways and sort of disengage my brain and spend 20 minutes or so building a little community and trying to get cars to their destinations.
And that is why Mini Motorways is my pick of the week.
No worries about you sending your phone off to Apple to get repaired, right?
No.
Hey, we got a weirdo here. He's playing Mini Motorways. Yeah.
And that's it. So it's on Apple Arcade.
It's on Apple Arcade. It's on other— I think it's on Steam.
It's—
There are desktop PC versions of it. So it's probably been out for a while, but it's new to me and I enjoy it very much.
It looks very cute. Carole, what's your pick of the week?
Okay, mine is a TV anthology called Love, Death & Robots. Have you guys seen it? Either of you?
No.
No.
Okay, so animated anthology series. It started back in March 2019, and I remember hearing about it, but I never watched at the time. But season one has a whopping 18 episodes.
Some of them are as short as six minutes and others are as long as almost 20.
And the idea is that you have different animators, different storytellers delivering standalone sci-fi stories.
And I'm guessing what they were told is make it about love, death, and robots. That was it, right? Season two has just recently come out, which is why it's hit the news again.
Unfortunately, it's a lot shorter, less contributors. But it's really quite great. I found it fantastic.
Now, the press, when I went looking about this to cover it for today, a lot of them were saying, "Oh, God, it's mediocre." Some of them are stupid, and there's a lot of negativity.
I don't agree with it. Obviously, I like some of the stories better than others. I like some of the animation better than others. Some were a bit gruesome, indulgently so.
There's sex bots in some. So, it's not for kids or anything. And it's a bit gratuitous, but it doesn't matter. The animation is just mind-blowing.
Some of them are as short as six minutes and others are as long as almost 20.
And the idea is that you have different animators, different storytellers delivering standalone sci-fi stories.
And I'm guessing what they were told is make it about love, death, and robots. That was it, right? Season two has just recently come out, which is why it's hit the news again.
Unfortunately, it's a lot shorter, less contributors. But it's really quite great. I found it fantastic.
Now, the press, when I went looking about this to cover it for today, a lot of them were saying, "Oh, God, it's mediocre." Some of them are stupid, and there's a lot of negativity.
I don't agree with it. Obviously, I like some of the stories better than others. I like some of the animation better than others. Some were a bit gruesome, indulgently so.
There's sex bots in some. So, it's not for kids or anything. And it's a bit gratuitous, but it doesn't matter. The animation is just mind-blowing.
Oh, really?
There's one story where these people— and this is the only one where there's actual people. Everybody else is computer animated.
But there's these two people and they open up their fridge and there's a tiny world inside their freezer and they can see— and it's basically just civilization occurring from the beginning.
But there's these two people and they open up their fridge and there's a tiny world inside their freezer and they can see— and it's basically just civilization occurring from the beginning.
That's not that unusual, actually.
College dorm rooms all over the world.
But you can take your pick. Now, if you're a little bit chicken shit or scaredy-cat, 'cause some of them are a little bit scary.
In the show notes, I have put a Vulture write-up about each episode. You can take a read and watch those that you fancy, 'cause there's no tie between them.
Anyway, I say check it out. I loved it. Love, Death & Robots on Netflix. That's my pick of the week.
In the show notes, I have put a Vulture write-up about each episode. You can take a read and watch those that you fancy, 'cause there's no tie between them.
Anyway, I say check it out. I loved it. Love, Death & Robots on Netflix. That's my pick of the week.
Terrific. Now, Carole, you've been chatting with Simon Wiseman from Deep Secure, right?
Yes, Simon Wiseman. Okay, this is such an interesting interview. He basically talks us through the idea of how you can deliver malware-free, zero malware, any chance of malware.
In our world, that's really? Well, maybe you need to listen to see how he's done it. It's pretty clever. So today I am pleased to be joined by Deep Secure CTO, Dr. Simon Wiseman.
Welcome to Smashing Security. Thank you for speaking with us.
In our world, that's really? Well, maybe you need to listen to see how he's done it. It's pretty clever. So today I am pleased to be joined by Deep Secure CTO, Dr. Simon Wiseman.
Welcome to Smashing Security. Thank you for speaking with us.
Well, thanks for having me along.
Now, I have to say before we start that you do have the best name I've ever...
So Simon's obviously a smart person's name, probably because of that brain game Simon Says when we were kids. But you also have Wiseman as a surname. It's genius.
So Simon's obviously a smart person's name, probably because of that brain game Simon Says when we were kids. But you also have Wiseman as a surname. It's genius.
I know, it didn't do me well at school. That's not what they call me there. No, I got ribbed rotten for it.
Well, not anymore. Who's laughing now?
I guess so.
So Deep Secure is a pretty interesting and innovative cybersecurity company. It says you're trusted with safeguarding some of the most uncompromisable systems around the globe.
So that is what we were gonna dig into today. But let's first maybe set the stage. What can you tell us about you and Deep Secure?
So that is what we were gonna dig into today. But let's first maybe set the stage. What can you tell us about you and Deep Secure?
Well, Deep Secure, we're a tech company based in the UK, and we're really dedicated to cybersecurity. That's all we do.
We create software products, we provide services to defend organizations of all sizes, you know, across all sectors, really defending them against malware.
And our core technology is Threat Removal. And that just exists to stop malware. And it really does work. We once put it to the test.
We put over 30 million examples of known malware in front of it, and that batch included malware of every kind.
It was executables, macros in Office documents, PDFs, image files, the lot, right? And every one of those files was either made safe or blocked.
And we've even had highly skeptical customers do similar tests, including some government agencies who didn't just try publicly known malware.
And, you know, Threat Removal just won out every time.
We create software products, we provide services to defend organizations of all sizes, you know, across all sectors, really defending them against malware.
And our core technology is Threat Removal. And that just exists to stop malware. And it really does work. We once put it to the test.
We put over 30 million examples of known malware in front of it, and that batch included malware of every kind.
It was executables, macros in Office documents, PDFs, image files, the lot, right? And every one of those files was either made safe or blocked.
And we've even had highly skeptical customers do similar tests, including some government agencies who didn't just try publicly known malware.
And, you know, Threat Removal just won out every time.
Really interesting, because a lot of companies say, you know, we stop malware, but no one says all. So how are you confident with saying that all malware is stopped?
Well, actually, that's easy for us, because Threat Removal doesn't use detection to spot the malware, so we're not able to be fooled by an attacker hiding it from us.
Everyone else is looking for the bad things so that they can be blocked. That's just not a winning strategy because those bad guys are actually really good at...
They're really good at hiding their malware and inventing new ways of getting past you. And in the end, they will always win.
Everyone else is looking for the bad things so that they can be blocked. That's just not a winning strategy because those bad guys are actually really good at...
They're really good at hiding their malware and inventing new ways of getting past you. And in the end, they will always win.
Yeah. So what you're saying is Threat Removal is the name of Deep Secure's technology. And this technology, it doesn't use detection to spot malware, but it just removes what?
All the stuff that can make malware exist?
All the stuff that can make malware exist?
Yeah, it delivers you the kind of information that you need, but without the data that was carrying it, and then which is where the malware lives.
So we give you what you want, right? But without the malware.
So we give you what you want, right? But without the malware.
Right, right, right. How did you come up with this idea?
It goes back quite a way, actually, because I started life doing cybersecurity research in the defense sector.
Okay.
And as you can imagine, there were a lot of projects there in that community where we're looking for ways of defeating malware.
And the best idea that was had was to convert complex sort of data files into something simpler that just couldn't carry malware.
But the big problem with it is that the users didn't get the information they really needed because everything had to be simplified.
So a document might get turned into a series of images of the pages, which is okay if you want to read the document, but it's no longer editable.
So not half as useful as it needs to be. And even then, it doesn't necessarily stop all the malware because an attacker might do something new.
Find a way of fitting malware into that simple data that you allow in. And even simple images can contain malware.
So the idea was good, but really not close enough to be generally useful. But that's what we wanted to do at Deep Secure.
We wanted to find a way of delivering the users all the information that they need without leaving the attackers with a way in. And then eventually the lightbulb moment came.
Really, it was pretty simple in the end. We just throw away all the data and make completely new data to carry the same information as the original had.
In other words, kind of you give the users all the information, but you make a new box to put it in.
And the best idea that was had was to convert complex sort of data files into something simpler that just couldn't carry malware.
But the big problem with it is that the users didn't get the information they really needed because everything had to be simplified.
So a document might get turned into a series of images of the pages, which is okay if you want to read the document, but it's no longer editable.
So not half as useful as it needs to be. And even then, it doesn't necessarily stop all the malware because an attacker might do something new.
Find a way of fitting malware into that simple data that you allow in. And even simple images can contain malware.
So the idea was good, but really not close enough to be generally useful. But that's what we wanted to do at Deep Secure.
We wanted to find a way of delivering the users all the information that they need without leaving the attackers with a way in. And then eventually the lightbulb moment came.
Really, it was pretty simple in the end. We just throw away all the data and make completely new data to carry the same information as the original had.
In other words, kind of you give the users all the information, but you make a new box to put it in.
So there can't be anything sitting in the corner lurking in another corner, because you created the box, you know the box is safe.
That's exactly right, yeah.
Huh.
And we don't— we're not trying to work out whether the data is safe or not. We always throw it away. And that means the attacker has no opportunity to fool us.
They can't sneak the malware past our check because we're not checking for bad things. And that's why we can end up with that 100% effectiveness claim.
They can't sneak the malware past our check because we're not checking for bad things. And that's why we can end up with that 100% effectiveness claim.
Okay. So can we walk through how this works in practice? Do you mind?
Well, yeah, this is, of course, the tricky bit. The theory is nice and simple. But I think that's the breakthrough that we made here.
DeepSecure, we've managed to engineer that theory into something that's workable in practice. I mean, you've got to have something that's effective and scalable and easy to deploy.
Otherwise, no one can adopt it. And it's got to be fast and unobtrusive. So it doesn't get in the way of the user's day job. And all that's pretty tricky stuff.
But that's what we've got with threat removal. It stops the malware but doesn't stop you working. Now to do that, the first thing we have to do is to get into the data flows.
Because we need to get every file 100% malware-free before it gets delivered. So we need to be inside the delivery mechanisms.
And so we've built the interfaces needed to add this into your email, web, file-sharing gateways. And we've provided interfaces so you can integrate it into your internet portal.
And once we're in these places, then we can get to work on the data, which is where the proper threat removal process kicks in.
DeepSecure, we've managed to engineer that theory into something that's workable in practice. I mean, you've got to have something that's effective and scalable and easy to deploy.
Otherwise, no one can adopt it. And it's got to be fast and unobtrusive. So it doesn't get in the way of the user's day job. And all that's pretty tricky stuff.
But that's what we've got with threat removal. It stops the malware but doesn't stop you working. Now to do that, the first thing we have to do is to get into the data flows.
Because we need to get every file 100% malware-free before it gets delivered. So we need to be inside the delivery mechanisms.
And so we've built the interfaces needed to add this into your email, web, file-sharing gateways. And we've provided interfaces so you can integrate it into your internet portal.
And once we're in these places, then we can get to work on the data, which is where the proper threat removal process kicks in.
Yeah.
So that's where a file contains data and it carries the information you need.
That data is like a pile of bytes encoding the text and graphics you see in a document or the numbers and formulas that you work with in a spreadsheet.
But the data is where the malware hides, right? The data doesn't go in the information, it goes in the data.
So if we deliver you the information but not the data, you get what you want, but you don't get any malware.
Fun bit is that even if the data is clean, we still don't give it to you because we're not trying to figure out whether the data is infected or not.
We always throw it away, and because we know that if we try to decide, the bad guys would just find a way of beating us.
That data is like a pile of bytes encoding the text and graphics you see in a document or the numbers and formulas that you work with in a spreadsheet.
But the data is where the malware hides, right? The data doesn't go in the information, it goes in the data.
So if we deliver you the information but not the data, you get what you want, but you don't get any malware.
Fun bit is that even if the data is clean, we still don't give it to you because we're not trying to figure out whether the data is infected or not.
We always throw it away, and because we know that if we try to decide, the bad guys would just find a way of beating us.
It makes you so unique because is there anyone else that approaches it this way?
No, this is unique, I think. You know, everyone else is looking for what's bad. We're just getting out what you need, and it's a completely different paradigm.
Is this all done in the cloud and then it's sent to me if I were the user, for example?
It can be in the cloud, it can be on-premise gateways, it can be in all sorts of places, just as long as we can get into the data flow.
So we need to get to the data before it gets to you, and then so we can clean it up.
So we need to get to the data before it gets to you, and then so we can clean it up.
And this basically means the recipient or the user just never receives malware using this type of approach.
Well, that's right.
Yeah.
Everyone else is trying to do better detection and that's never going to stop the bad guys completely. They're always going to find a way to evade detection.
They're just going to be beating you. And that's why at Smashing Security, we decided we really needed to stop the malware, not just slow it down.
And, you know, we want to give the user what they want. That's the information. And we don't give them any malware.
And even if it's zero-day malware, you know, which is so hard to detect, all because we throw the data away, whether there's any recognizable malware in it or not.
That's why we defeat zero-day malware as well.
They're just going to be beating you. And that's why at Smashing Security, we decided we really needed to stop the malware, not just slow it down.
And, you know, we want to give the user what they want. That's the information. And we don't give them any malware.
And even if it's zero-day malware, you know, which is so hard to detect, all because we throw the data away, whether there's any recognizable malware in it or not.
That's why we defeat zero-day malware as well.
It's a bit like an old house with maybe sneaky mold in the corners, right?
And you could send the experts in to try and find the mold and get rid of the mold, or you could just take all the furniture out and put them in a brand new house and say, here, look, no mold here at all, you're safe.
And you could send the experts in to try and find the mold and get rid of the mold, or you could just take all the furniture out and put them in a brand new house and say, here, look, no mold here at all, you're safe.
That's a perfect analogy for what we're doing. Definitely.
Yeah, you can have it. Yeah, it's yours. So what about the user experience? Okay, so I'm, say I'm your customer and I think this is fantastic and I want to use this. What do I see?
What do I do?
What do I do?
Well, this is the real joy. The user doesn't know anything about this. They don't know any of this is happening because it's completely invisible.
They get the information they were sent and they get it immediately. So they don't see anything odd.
The files that arrive, you know, they look and feel just the same as the originals, except of course, any malware might be missing.
But all the details there, you know, if you download a PDF, it looks pixel perfect. It's searchable like the original. It's no different.
If you get emailed a Word document, you know, you get all the text and formatting and graphics and stuff that's in it, everything that was in the original, but it's just different data.
But you can't tell that. They look and feel the same.
They get the information they were sent and they get it immediately. So they don't see anything odd.
The files that arrive, you know, they look and feel just the same as the originals, except of course, any malware might be missing.
But all the details there, you know, if you download a PDF, it looks pixel perfect. It's searchable like the original. It's no different.
If you get emailed a Word document, you know, you get all the text and formatting and graphics and stuff that's in it, everything that was in the original, but it's just different data.
But you can't tell that. They look and feel the same.
And is it slower though? Is there a delay?
Oh, well, no. I mean, that speed's the other thing, you know, which you would perhaps notice. But no, this is blisteringly fast, right?
Blisteringly fast.
I love that. If you're browsing the web, all this happens as you download data.
There's no slowdown and there's no delay while you have half a dozen antivirus scanning engines check the data over. It just arrives.
And if you sent an email, it just turns up immediately. There's no waiting 10 minutes while it sits in a sandbox being analyzed.
And there's no prospect of it getting parked in a quarantine queue just because it smacks of some known malware.
And then you have to wait ages for the administrators to work out that it's okay for you to have it. You know, your email just turns up and it's clean.
And that's what's revolutionary, really.
There's no slowdown and there's no delay while you have half a dozen antivirus scanning engines check the data over. It just arrives.
And if you sent an email, it just turns up immediately. There's no waiting 10 minutes while it sits in a sandbox being analyzed.
And there's no prospect of it getting parked in a quarantine queue just because it smacks of some known malware.
And then you have to wait ages for the administrators to work out that it's okay for you to have it. You know, your email just turns up and it's clean.
And that's what's revolutionary, really.
You know, it is because I'm thinking from an IT person's perspective where they're overworked, under-resourced, the whole gamut.
And this kind of takes that whole problem of their users opening something that they shouldn't or having the wrong settings or because if all the files come through this way, they're all clean.
And then it just takes that whole worry away from them.
And this kind of takes that whole problem of their users opening something that they shouldn't or having the wrong settings or because if all the files come through this way, they're all clean.
And then it just takes that whole worry away from them.
Well, yeah, the other beneficiaries, if you like, are the security operations team. Now, they're the ones who sit at the back looking after the antivirus defenses.
And what they don't get now is an endless series of alerts where some malware's got past those outer defenses and now they've got to go and track it down.
Or they don't have to spend time looking at that quarantine queue, checking out the important files that have been wrongly blocked.
And that frees them up so they can focus on security issues other than malware, which are the ones that really need their skills and analytics, like identity theft and insider attacks.
And what they don't get now is an endless series of alerts where some malware's got past those outer defenses and now they've got to go and track it down.
Or they don't have to spend time looking at that quarantine queue, checking out the important files that have been wrongly blocked.
And that frees them up so they can focus on security issues other than malware, which are the ones that really need their skills and analytics, like identity theft and insider attacks.
Yeah. So tell me a bit about the organizations that are showing tons of interest. It seems to me that any organization would benefit from this.
But yeah, well, I mean, ultimately, who on the planet wants to be a victim of a cyber attack, right?
But threat removal is sort of meant for enterprises, and that's because it sits in the infrastructure, right?
So it doesn't help the people at home unless, of course, it gets built into the services they use.
But threat removal is sort of meant for enterprises, and that's because it sits in the infrastructure, right?
So it doesn't help the people at home unless, of course, it gets built into the services they use.
Right.
So you're talking to Google then, right?
Well, yeah, that'd be great. But just because it's the ultimate defense against malware, it doesn't mean it's only for the super paranoid.
You know, because it's fast and efficient, it's good for any organization that's fed up with their anti-malware defenses letting stuff in.
Commercial organizations now are routinely targeted by cybercriminals, right?
And these criminals are now tooled up with the kind of malware that hostile nation states use to attack defense systems. The really bad stuff is hitting ordinary organizations now.
You know, because it's fast and efficient, it's good for any organization that's fed up with their anti-malware defenses letting stuff in.
Commercial organizations now are routinely targeted by cybercriminals, right?
And these criminals are now tooled up with the kind of malware that hostile nation states use to attack defense systems. The really bad stuff is hitting ordinary organizations now.
Yeah.
These organizations, they're not super paranoid, but they're being hit by all sorts of things.
Poisoned Word documents and booby-trapped spreadsheets, images with hidden extras that you'd rather not have, the full works.
And as they go through digital transformation, things are just going to get worse as they expose an ever larger attack surface, get more and more connected, and become more reliant on the systems that they use working properly all the time.
And that, I think, is generating a real need for this guaranteed malware-free business information across all sorts of organizations.
So it's the kind of enterprise who really doesn't want to fall victim to malware but has to connect to other people that they don't trust.
Poisoned Word documents and booby-trapped spreadsheets, images with hidden extras that you'd rather not have, the full works.
And as they go through digital transformation, things are just going to get worse as they expose an ever larger attack surface, get more and more connected, and become more reliant on the systems that they use working properly all the time.
And that, I think, is generating a real need for this guaranteed malware-free business information across all sorts of organizations.
So it's the kind of enterprise who really doesn't want to fall victim to malware but has to connect to other people that they don't trust.
That's all of us really these days.
Well, yeah, I mean, but they really want to do it. And that includes, you know, defense, intelligence, other high-risk government systems for sure.
But there's also parts of the critical infrastructure where malware could lead to really disastrous loss of service. So, you know, think about banking, for example.
If the banking system was taken down, we're in a mess.
But increasingly, we're winning over customers more in the sort of private sector who just understand that blocking 95% of known malware just doesn't cut it anymore.
And I'm saying 95% here because that actually is the typical success rate of antivirus detection.
But there's also parts of the critical infrastructure where malware could lead to really disastrous loss of service. So, you know, think about banking, for example.
If the banking system was taken down, we're in a mess.
But increasingly, we're winning over customers more in the sort of private sector who just understand that blocking 95% of known malware just doesn't cut it anymore.
And I'm saying 95% here because that actually is the typical success rate of antivirus detection.
I think most people would say 99% is not good enough anymore.
Well, indeed. If you think about that, 99% actually means 1% gets through, right?
Yeah.
Which explains why your security teams spend all their time mopping up the mess. So some organizations want to think differently there.
Threat removal is giving them a real alternative, you know, something that's just simply better, faster, cheaper. The other thing you mentioned there was the cloud.
Now, the cloud, the move to the cloud is really helping drive adoption of this because it lets customers add it in easily into their existing defenses.
We've already got a service that lets developers build threat removal into their web applications and portals in the cloud.
And we've just started delivering protection for web cloud gateways.
So that's all pretty neat, but even better, actually, just around the corner, coming up soon, we've got a really neat solution for a cloud solution for email coming as well, which will be really knocking people's socks off, I think.
Threat removal is giving them a real alternative, you know, something that's just simply better, faster, cheaper. The other thing you mentioned there was the cloud.
Now, the cloud, the move to the cloud is really helping drive adoption of this because it lets customers add it in easily into their existing defenses.
We've already got a service that lets developers build threat removal into their web applications and portals in the cloud.
And we've just started delivering protection for web cloud gateways.
So that's all pretty neat, but even better, actually, just around the corner, coming up soon, we've got a really neat solution for a cloud solution for email coming as well, which will be really knocking people's socks off, I think.
Wow, brilliant. Okay, I know that loads of our listeners are going to try this out for themselves, and you guys can. All you need to do is visit deep-secure.com/smashingsecurity.
So that's deepsecure with a hyphen dot com smashing security. And there you can learn loads of information about what threat removal is and even download a free trial of the tool.
And that leaves me to say thank you, Dr. Simon Wiseman, CTO of Deep Secure. Really appreciate you coming on the show.
So that's deepsecure with a hyphen dot com smashing security. And there you can learn loads of information about what threat removal is and even download a free trial of the tool.
And that leaves me to say thank you, Dr. Simon Wiseman, CTO of Deep Secure. Really appreciate you coming on the show.
That was great. Thank you.
Oh, that's certainly an interesting approach to things, isn't it? Well, we've just about wrapped it up for this week.
Dave, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
Dave, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
On Twitter, I am @Bittner. That's B-I-T-T-N-E-R. And everything else you can find over at thecyberwire.com.
Tremendous. And you can follow us on Twitter at Smashing Security, no G. Twitter must have a G. And we're also up on Reddit as well. Look for our subreddit up there.
And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast app, such as Spotify, Google Podcasts, and Pocket Casts.
And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast app, such as Spotify, Google Podcasts, and Pocket Casts.
And thanks to this episode's sponsors, 1Password, KnowBe4, and Deep Secure, and to our wonderful Patreon community. It's thanks to all of them that this show is free.
Now for episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 230 episodes, check out smashingsecurity.com.
Now for episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 230 episodes, check out smashingsecurity.com.
Until next time, cheerio. Bye-bye.
Bye-bye.
Bye-bye.
Hey everybody, Carole Theriault here. We've got yet more fantastic reviews to share with you. Sent last week from BabaMall1980, they write, "I found this during lockdown.
I've listened to them all now." Well done. "Just gutted I've got to wait a whole week between episodes now.
Off to sign up to Patreon as I can't believe this is free." Geez, you really wanted to make sure I'd read this out. Well, kudos, I did.
We've also got one from 425Slam who says, "Discovered this great show during last year while working from home and commenced to binge. Fun and informative.
I especially love Pick of the Week. Those picks led me down so many great rabbit holes. Thanks so much." You are welcome, 425Slam. There were a few snafus with my audio this week.
The regulars of you will know that. And it took a lot of work to edit to make it sound good. And so these reviews mean particularly a lot this week, especially when we're struggling.
So huge thank you. Thank you to you all, and keep them coming. See you next week.
I've listened to them all now." Well done. "Just gutted I've got to wait a whole week between episodes now.
Off to sign up to Patreon as I can't believe this is free." Geez, you really wanted to make sure I'd read this out. Well, kudos, I did.
We've also got one from 425Slam who says, "Discovered this great show during last year while working from home and commenced to binge. Fun and informative.
I especially love Pick of the Week. Those picks led me down so many great rabbit holes. Thanks so much." You are welcome, 425Slam. There were a few snafus with my audio this week.
The regulars of you will know that. And it took a lot of work to edit to make it sound good. And so these reviews mean particularly a lot this week, especially when we're struggling.
So huge thank you. Thank you to you all, and keep them coming. See you next week.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Dave Bittner:
Show notes:
- AFP-led Operation Ironside smashes organised crime — Australian Federal Police.
- AN0M: Hundreds arrested in massive global crime sting using messaging app — BBC News.
- Fake encrypted app cooked up over beers by Aussie cops and the FBI leads to global sting — Daily Mail.
- FBI Effort to Expose 'USA Today' Readers Was Likely Unlawful, Experts Say — Gizmodo.
- Sunrise, Florida, shooting: 2 FBI agents killed in shootout identified — USA Today.
- Apple paid woman millions after technicians used her iPhone to post explicit videos — The Guardian.
- Get your iPhone, iPad, or iPod touch ready for service — Apple Support.
- The Three Investigators.
- Mini Motorways.
- Mini Motorways gameplay video — YouTube.
- Mini Metro — A strategy simulation game about designing a subway map for a growing city.
- Love Death & Robots review – prestige TV with added sexbots — The Guardian.
- Netflix’s Love, Death & Robots Volume 2 Ranked Best to Worst — Vulture.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: 1Password
Around 80% of business data breaches result from weak or reused passwords. Using 1Password can close the gaps in your company’s security, combat shadow IT, and help your employees stay both productive and secure, wherever they are.
1Password makes the secure thing to do the easiest thing to do.
Instant control, effortless management. Quickly deploy 1Password to a single team, multiple teams, or your entire enterprise. Provision employees using trusted systems, respond quickly to domain breach reports, and offer every business user a free 1Password Families account for work-from-home security.
Find out more and try 1Password free for 14 days at 1Password.com 1password.com
Sponsor: Deep Secure
Deep Secure Threat Removal takes incoming poisoned Word documents, boobytrapped PowerPoint slides and the like, and creates brand new files with just the good stuff (and none of the bad). It is a great way of handling brand new threats coming into organisations via the web, email or file sharing and can run alongside your existing anti-virus.
Threat Removal gives you the good stuff by delivering files that are 100% threat-free, fully functional and fully revisable.
Visit deep-secure.com/smashingsecurity for more information, and set up your free trial today.
Sponsor: KnowBe4
Did you know that 91% of successful data breaches started with a spear phishing attack?
Find out what percentage of your employees are at risk with KnowBe4’s free phishing security test.
Plus, see how you stack up against your peers with the new phishing industry benchmarks.
Find out more at www.knowbe4.com/freetest
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, Spotify, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
