A bug unravels 3D printer security, cryptocurrency sites can’t stop getting hacked, and hear our special guest spill a cup of tea while inhabiting his wife’s knicker drawer.
All this and much more can be found in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by BBC cybersecurity correspondent Joe Tidy.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Oh boy, she looks rather litigious.
Yep.
And she wrote an article in 1999 for Salon.com.
Did someone just fall over?
I've just spilt my tea.
Oh no. Oh my God.
Back in a sec.
It's a crisis.
It is a crisis. I've done this and ruined laptops.
I'm back. I'm back. So just to describe to the listener what I'm dealing with here.
I'm actually broadcasting from my wife's knicker drawer because the kids are being ultra loud downstairs.
So what's happened is I've hung up a shirt in the cupboard I'm in and it's fallen down, hit my tea, and now I'm standing in a pool of tea. So it's going well.
I'm actually broadcasting from my wife's knicker drawer because the kids are being ultra loud downstairs.
So what's happened is I've hung up a shirt in the cupboard I'm in and it's fallen down, hit my tea, and now I'm standing in a pool of tea. So it's going well.
Smashing Security, episode 240. 3D printer hijacks, crypto fails, and a tech billionaire's revenge with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 240. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 240. My name's Graham Cluley.
I'm Carole Theriault.
And this week, Carole, we're joined by a special guest, someone who's never been on the show before.
We are joined by someone who I believe is the BBC's first and maybe only cybersecurity correspondent, Mr. Joe Tidy. Is that right, Joe? Hello.
We are joined by someone who I believe is the BBC's first and maybe only cybersecurity correspondent, Mr. Joe Tidy. Is that right, Joe? Hello.
Hello. Yes.
Well, at the moment, yeah, I'm the first and at the moment I'm the only one, but the way things are going, there'll be about, you know, there'll be a team of 100 of us soon.
Well, at the moment, yeah, I'm the first and at the moment I'm the only one, but the way things are going, there'll be about, you know, there'll be a team of 100 of us soon.
I know, but to be the first, right? You're gonna be able to talk about this till, you know, the end of your days.
Yeah, it's cool. Yeah, well, they got me in in 2018, along with a load of other specialists who were, I suppose, growth areas, you'd call it.
So there's a gender and identity correspondent, there's a population correspondent, an Africa religion correspondent, and then there's cybersecurity, or cyber, as I changed it.
About 6 months ago, I changed it to cyber so that I could do other stuff as well, like, you know, things like gaming and, you know, that sort of thing as well.
'Cause when you do a gaming story, for example, putting cybersecurity correspondent as your byline is a bit weird.
So there's a gender and identity correspondent, there's a population correspondent, an Africa religion correspondent, and then there's cybersecurity, or cyber, as I changed it.
About 6 months ago, I changed it to cyber so that I could do other stuff as well, like, you know, things like gaming and, you know, that sort of thing as well.
'Cause when you do a gaming story, for example, putting cybersecurity correspondent as your byline is a bit weird.
Hey, Carole, should we change the name of our podcast? Should we just be Smashing Cyber? What do you think?
No. No.
How about just Smashing?
A Smashing Podcast. Ah, wouldn't that be lovely?
Let's thank this week's sponsors, AT&T Networks and 1Password. It's their support that help us give you this show for free. Now, coming up on today's show, Graham, what do you got?
Oh, I've got something rather undesirable squirting out of my 3D printer.
Okay, Joe, what about you?
Have you got cream for that?
I've got something about the chaos in cryptocurrency exchanges, why on earth they are being hacked all the time and losing hundreds of millions of dollars.
I've got something about the chaos in cryptocurrency exchanges, why on earth they are being hacked all the time and losing hundreds of millions of dollars.
And I'm going to look at the tech version of a celeb divorce. All this and much more coming up on this episode of Smashing Security.
Now, chums, chums, to introduce my story this week, I'm going to give you a little puzzle.
I'm going to name 4 things, and I would like you to tell me which of the following is real and which are fake. So which is which, right?
I have the carbonara constable, the spaghetti detective, the taramasalata traffic warden, and the Pizza Police. It's not from some new version of Cluedo that I'm getting these.
Which of those do you think might be real and which might be fake?
I'm going to name 4 things, and I would like you to tell me which of the following is real and which are fake. So which is which, right?
I have the carbonara constable, the spaghetti detective, the taramasalata traffic warden, and the Pizza Police. It's not from some new version of Cluedo that I'm getting these.
Which of those do you think might be real and which might be fake?
I have no idea.
I think taramasalata to me sounds a bit far— I mean, they all sound far-fetched, but I don't know what that would mean.
That would be hard to spell as well.
Exactly.
Poor SEO on that one. I'm going to guess the real one, Pizza Police.
The Pizza Police does sound plausible, doesn't it? Yeah, maybe it does exist. Well, we'll find out during the course of my story which one is the real one.
Because I am talking this week about 3D printers. Do either of you own a 3D printer, or have you played with 3D printers?
Because I am talking this week about 3D printers. Do either of you own a 3D printer, or have you played with 3D printers?
I've played with one. I don't own one. Bet Joe's played with them loads.
No, you know what? I've never done a 3D printing story. I feel like as a tech journalist, I have missed a rite of passage.
I need to go and get my face or something printed for a piece to camera, don't I? It's gotta be done.
I need to go and get my face or something printed for a piece to camera, don't I? It's gotta be done.
I don't think you have to use body parts, Joe.
I remember there was a story, I think it was Thom Brewster at Forbes. He got his own face 3D printed and created a mask of himself.
My colleague Rory Cellan-Jones did the exact same thing as well. I literally think it's a rite of passage, yeah.
They hang it in their living room or something.
Well, no, you use it to beat facial recognition systems. It's a Mission: Impossible-style thing.
Yeah, but what do you do afterwards, right? It's not like he wears it all the time.
No, he could get his wife to wear it.
He could do a bit of Silence of the Lambs cosplay or something. If you're gonna go down a dark route.
Well, 3D printers, for those who aren't aware, they work by extruding— great word, that— extruding molten plastic through a tiny nozzle.
And it's the nozzle which moves very precisely, you know, X, Y, but not just X and Y, but Z axis as well, under the control of a computer.
And molten plastic, a polymer, is squirted out, cools down, and then some more plastic is squirted out, hopefully sticking to the previous piece.
It's a bit like doing icing on a cake, Carole.
And it's the nozzle which moves very precisely, you know, X, Y, but not just X and Y, but Z axis as well, under the control of a computer.
And molten plastic, a polymer, is squirted out, cools down, and then some more plastic is squirted out, hopefully sticking to the previous piece.
It's a bit like doing icing on a cake, Carole.
Mm-hmm.
And it builds up your 3D model bit by bit. It's very clever, and there are all kinds of potential uses.
Some people are really excited about the potential for printing 3D spare body parts.
So if you feel, oh, you know, my right calf isn't quite impressive enough, maybe you could get it replaced with a 3D part, or if there's a valve or something, or if you were on an International Space Station and you needed something, you could print it out.
Some people are really excited about the potential for printing 3D spare body parts.
So if you feel, oh, you know, my right calf isn't quite impressive enough, maybe you could get it replaced with a 3D part, or if there's a valve or something, or if you were on an International Space Station and you needed something, you could print it out.
Yeah, or if you were missing a limb, right? You could probably print out your actual—
Right.
I've seen some people do superhero-type limbs. So, there was a little girl, I remember, she got a 3D-printed Iron Man arm, which is pretty cool.
That is cool, isn't it? But it can go wrong. 3D printing can go rather badly wrong.
If you've got a cheap and nasty 3D printer, it might break down or catch fire— I think the fire hazards are sometimes a problem— it can make a pretty awful smell, and it's not uncommon to encounter 3D-printed objects that haven't quite come out as planned.
If you've got a cheap and nasty 3D printer, it might break down or catch fire— I think the fire hazards are sometimes a problem— it can make a pretty awful smell, and it's not uncommon to encounter 3D-printed objects that haven't quite come out as planned.
Yeah.
So if I wanted to replace a particular body part, I could ask my 3D printer to produce it, and then something unsatisfactory comes out the other end.
Large round eyes.
Sorry, you're just obsessed with my eye size at the moment. I guess it could be a worse thing that you're focusing on.
I like this though. As a listener to your podcast, I like that there's a theme running throughout.
Exactly, right?
We have to give a reward for people that listen week in and week out. Little Easter eggs.
Exactly. It's like The Archers a bit.
So one of the things that can go wrong is if your nozzle — I don't know if you've ever had this problem. If your nozzle isn't properly aligned. Oh yeah, sure, sure.
Then when it squirts out, when it extrudes the polymer, it may fail to attach itself to the existing model that's been made.
And you end up finding out that you have basically a pile of plastic spaghetti.
Then when it squirts out, when it extrudes the polymer, it may fail to attach itself to the existing model that's been made.
And you end up finding out that you have basically a pile of plastic spaghetti.
Aha. Right.
So what was the word? What was the word?
The Spaghetti Detective.
Okay.
Because most people do not have the time or the inclination to watch their 3D printer like a hawk for hours on end or even days. It can take days.
Yeah, that was the point I was going to make. It can take — we made rockets actually. And it took a very long time to make maybe 6-inch-sized rockets.
And because all the different components are built together, so it's very slow. It's just layer by layer by layer.
And because all the different components are built together, so it's very slow. It's just layer by layer by layer.
Well, a service like the Spaghetti Detective, it uses a webcam and some cunning artificial intelligence. So it watches your printer and what it's doing.
And if it detects that something has gone wrong, with the AI through the webcam.
For instance, if it starts extruding spaghetti, the Spaghetti Detective will interrupt the print job, will stop it, and send you a text message or an email saying, you might want to, you know, you might want to try again with this, something's gone badly wrong.
So it's very clever. And this Spaghetti Detective toolkit is open source. So if you've got the nous, you can set it up for yourself on a server. And off you go.
And if it detects that something has gone wrong, with the AI through the webcam.
For instance, if it starts extruding spaghetti, the Spaghetti Detective will interrupt the print job, will stop it, and send you a text message or an email saying, you might want to, you know, you might want to try again with this, something's gone badly wrong.
So it's very clever. And this Spaghetti Detective toolkit is open source. So if you've got the nous, you can set it up for yourself on a server. And off you go.
Yeah. Okay. It's clever, but whatever you've printed from what I'm hearing, it will already be ruined, right? So say you've done, you're doing something that's 8 inches tall.
If you've done 3 inches and it starts screwing up, it stops it. You're gonna have to start again. But I suppose you don't have to wait till the whole thing is built.
If you've done 3 inches and it starts screwing up, it stops it. You're gonna have to start again. But I suppose you don't have to wait till the whole thing is built.
Exactly. Better that you find that out on Tuesday than wait till Thursday.
Yeah. So you get a 3-inch piece of rubbish instead of a 10-inch piece of rubbish.
I imagine you can probably remelt down the plastic as well.
I think you can. I'm just thinking about this.
I imagine this doesn't work very well if you are trying to 3D print spaghetti because it'll keep warning you, hey, you're making spaghetti.
I imagine this doesn't work very well if you are trying to 3D print spaghetti because it'll keep warning you, hey, you're making spaghetti.
Well, I know. Yes, stop.
You need a Raspberry Pi with little nail scissors to, you know, cut it each time.
Yes. Anyway, the point I'm making is you've got to be a bit of a nerd to set up a server, to run this piece of software, to set up the webcam and go to all that effort.
And so maybe you want to use a cloud-based service to do all of this for you, like thespaghettidetective.com.
And so maybe you want to use a cloud-based service to do all of this for you, like thespaghettidetective.com.
Got you.
Which is run by a guy called Kenneth Yang.
Right.
Now, our friend Kenneth, he maintains the server, he tweaks the code, he keeps it secure so you don't have to. And you can have a certain number of prints watched per year for free.
But many people probably we'll pay them a little bit of money in order to have this sort of surveillance going on, which is kind of handy. What could possibly go wrong?
Well, last week, a Reddit user called OKRUB499—
But many people probably we'll pay them a little bit of money in order to have this sort of surveillance going on, which is kind of handy. What could possibly go wrong?
Well, last week, a Reddit user called OKRUB499—
Great username.
Which suggests to me 498 other people have chosen the OKRUB moniker before him. OKRUB499, he woke up, and he found on his 3D printer a message which had been printed out in 3D.
So it's all sort of raised in the polymer. He hadn't set off a job. And it said, "TSD is not secure. I randomly connected. Sorry, had to inform you." Written in the plastic?
Written in the plastic.
So it's all sort of raised in the polymer. He hadn't set off a job. And it said, "TSD is not secure. I randomly connected. Sorry, had to inform you." Written in the plastic?
Written in the plastic.
Oh, really?
Yes. So raised up. So we will put a link in the show notes so everyone can see a photograph of this.
Now, TSD is, of course, the Spaghetti Detective, and it turned out that the Spaghetti Detective contained a security vulnerability that allowed users to link to other users' 3D printers via this cloud-based service.
So not if you had set up the Spaghetti Detective yourself, but if you'd used Kenneth's spaghettidetective.com service.
Now, TSD is, of course, the Spaghetti Detective, and it turned out that the Spaghetti Detective contained a security vulnerability that allowed users to link to other users' 3D printers via this cloud-based service.
So not if you had set up the Spaghetti Detective yourself, but if you'd used Kenneth's spaghettidetective.com service.
Ah.
Now, friend of the show, Paul Ducklin, he wrote about this on the Naked Security blog. And he was actually pretty impressed with how thespaghettidetective.com responded to this.
And he says, if you're looking for lessons to learn from how they responded, take note that he never said, we take your security seriously.
He didn't excuse himself by saying, at least credit card numbers weren't affected.
And he didn't downplay the bug because it was only present for 8 hours and apparently affected fewer than 100 people. So it wasn't the world's biggest problem. It wasn't huge.
But actually, when you read— and again, we'll put in a link in the show notes so we can read the full analysis of what went wrong as posted on by the Spaghetti Detective on their site.
It's really impressive because they're completely transparent. They say, they actually call it a stupid mistake. They say it was horrible. They offer their sincere apologies.
They say, "We screwed up." Hallelujah.
And he says, if you're looking for lessons to learn from how they responded, take note that he never said, we take your security seriously.
He didn't excuse himself by saying, at least credit card numbers weren't affected.
And he didn't downplay the bug because it was only present for 8 hours and apparently affected fewer than 100 people. So it wasn't the world's biggest problem. It wasn't huge.
But actually, when you read— and again, we'll put in a link in the show notes so we can read the full analysis of what went wrong as posted on by the Spaghetti Detective on their site.
It's really impressive because they're completely transparent. They say, they actually call it a stupid mistake. They say it was horrible. They offer their sincere apologies.
They say, "We screwed up." Hallelujah.
By "we," he probably means me.
Yes.
'Cause I can't imagine there's many people.
It is just him. It is actually. He actually says, "I screwed up." That's right.
Yeah. Right. That's refreshing, isn't it?
Can I read— Let me read it. It's really good.
Yeah.
"I screwed up. It was the first security breach the Spaghetti Detective has had in two years of her existence.
But it was an embarrassing one, and I can't forgive myself for." I the way he's gendered the AI.
But it was an embarrassing one, and I can't forgive myself for." I the way he's gendered the AI.
Isn't that lovely? I really that.
Good old Kenneth. This reminds me, do you remember this story about the PewDiePie fan hackers?
Yes.
Who managed to take over some ports. I say some, about 50,000, I think it was, in the initial attack.
And they got printers around the world to print out, "Subscribe to PewDiePie's." Do you remember that?
And they got printers around the world to print out, "Subscribe to PewDiePie's." Do you remember that?
Yeah, yeah, yeah.
A guy calling himself Hacker Giraffe.
That's it. And PewDiePie was in a race, wasn't he? I think with some Bollywood YouTube channel.
It was, yeah. T-Series was the name. I know all this because I went to somewhere in the Midwest to interview the Hacker Giraffe's accomplice who carried out the hack.
And it was such a strange and weird, interesting story.
And it was such a strange and weird, interesting story.
As long as it wasn't your holiday. You're not that weird.
That would be fun. Sort of geek I am, I'd enjoy that. Not sure the wife and kids would enjoy it, but you know.
It would just be amazing that you had a wife and kids, Joe, if you wanted to do that kind of thing.
Yeah. No, but that was an amazing story. Yeah.
I think they did about 50,000 printers in the first wave and then they did about another 150 in the second wave and then they went into hiding and got really scared.
And now I talked to this guy who's really proud of it and, you know, he's tried to make me do a story sort of outing his identity many times and us sort of saying, mate, you know, just because it was a meme back then doesn't mean it's not a security issue.
You might still be in trouble for this.
I think they did about 50,000 printers in the first wave and then they did about another 150 in the second wave and then they went into hiding and got really scared.
And now I talked to this guy who's really proud of it and, you know, he's tried to make me do a story sort of outing his identity many times and us sort of saying, mate, you know, just because it was a meme back then doesn't mean it's not a security issue.
You might still be in trouble for this.
Yeah, well, obviously you shouldn't connect to other people's devices without their permission. You shouldn't do this kind of thing.
But I think we can sort of turn a little blind eye to that on this occasion because it was— the vulnerability was only present for a short time.
But I think we can sort of turn a little blind eye to that on this occasion because it was— the vulnerability was only present for a short time.
Yeah, but I think we should also commend them for that, right? Commend— what are they called? The Spaghetti Detective.
The Spaghetti Detective.
Yeah, the Spaghetti Detective. But why is it founder of TSD? Oh, the Spaghetti Detective. Oh my God, I just got it. I was like, why the T? Why the T?
Are you still hunting for the Tiramisu Latta traffic warden?
Yeah, exactly. That's the real story, isn't it?
Joe, what have you got for us this week?
Well, I've been a little bit obsessed with cryptocurrency exchanges. And I did a story, well, everyone did this story, didn't they?
About, I think it was last week or week before last about this $600 million hack of the cryptocurrency exchange service, the Poly Network, which in itself was an amazing story because of course all the money was stolen by the hacker who then proceeded to pay himself in Ethereum.
And every time he paid himself little bits, he would write a note, which is publicly available to everyone.
So he started by bragging about the hack and then he started saying, how can I launder this money? And then he changed tack and said, actually, it was all a security exercise.
I'm gonna return it all. And he did, which is amazing in itself.
But then of course, within a few days, you've got another hack of a Japanese cryptocurrency exchange called Liquid, and that's $100 million gone.
And then I've just been looking into this and it's just an absolute mess.
So there's this list I found on a website and I haven't verified these numbers, so I can't do the whole BBC thing.
Well, I will do the whole BBC thing and say this is unverified currently. But I'm gonna put this all onto a, sort of pen to paper and try and write something on this.
So I'm basically using you guys as a help for my article. So this is in 2020, there was one called AltBit, which had $70,000 hacked out of it.
November 2019, South Korean one called Upbit, $51 million. Then in the same month, $500,000 was lost. Then there was one in Singapore called BitPoint, $28 million.
And then in May that year, $40 million. And then of course there's the Coincheck one, $560 million worth hacked.
And then there was, of course, the big one, which is one that's probably the most famous one, which is Mt. Gox, which is $460 million.
But I didn't really know about this kind of problem until the $600 million recent story. And it is just incredible.
Your mind boggles at how this can happen, because I've been speaking to loads of the people who are caught up in this, you know, the victims.
And you often think, in the tech team, we kind of look at these stories and we think, oh, you know, does the average person care about this?
Because these are kind of crypto bros who have lost a bit of money speculating and gambling in the crypto world.
But then I spoke to this other person who said that their mom and dad, for example, had one bitcoin in the Liquid exchange, which they very nearly lost and they had to sell rapidly as a panic sell.
And now they've lost loads of money on it. And that was going to be their kind of little retirement pot.
So I just think it's amazing that these exchanges are custodians of so much money, yet they seem to be really badly secured.
About, I think it was last week or week before last about this $600 million hack of the cryptocurrency exchange service, the Poly Network, which in itself was an amazing story because of course all the money was stolen by the hacker who then proceeded to pay himself in Ethereum.
And every time he paid himself little bits, he would write a note, which is publicly available to everyone.
So he started by bragging about the hack and then he started saying, how can I launder this money? And then he changed tack and said, actually, it was all a security exercise.
I'm gonna return it all. And he did, which is amazing in itself.
But then of course, within a few days, you've got another hack of a Japanese cryptocurrency exchange called Liquid, and that's $100 million gone.
And then I've just been looking into this and it's just an absolute mess.
So there's this list I found on a website and I haven't verified these numbers, so I can't do the whole BBC thing.
Well, I will do the whole BBC thing and say this is unverified currently. But I'm gonna put this all onto a, sort of pen to paper and try and write something on this.
So I'm basically using you guys as a help for my article. So this is in 2020, there was one called AltBit, which had $70,000 hacked out of it.
November 2019, South Korean one called Upbit, $51 million. Then in the same month, $500,000 was lost. Then there was one in Singapore called BitPoint, $28 million.
And then in May that year, $40 million. And then of course there's the Coincheck one, $560 million worth hacked.
And then there was, of course, the big one, which is one that's probably the most famous one, which is Mt. Gox, which is $460 million.
But I didn't really know about this kind of problem until the $600 million recent story. And it is just incredible.
Your mind boggles at how this can happen, because I've been speaking to loads of the people who are caught up in this, you know, the victims.
And you often think, in the tech team, we kind of look at these stories and we think, oh, you know, does the average person care about this?
Because these are kind of crypto bros who have lost a bit of money speculating and gambling in the crypto world.
But then I spoke to this other person who said that their mom and dad, for example, had one bitcoin in the Liquid exchange, which they very nearly lost and they had to sell rapidly as a panic sell.
And now they've lost loads of money on it. And that was going to be their kind of little retirement pot.
So I just think it's amazing that these exchanges are custodians of so much money, yet they seem to be really badly secured.
But don't they have the PR around cryptocurrency of it being completely safe has done a lot of harm, right?
Because I think so. If you look at the Liquid case, so they claim to be the most secure exchange in the world.
And they said that all of our cryptocurrency is stored in cold storage, which means it's not directly linked to the internet.
Yet now it appears, and we still are waiting to hear back from Liquid, so I don't know the full facts, but it appears that wasn't the case.
And what I find amazing about this world, I don't know if you guys are into your crypto, but it's really hard to find people to speak about this in a level-headed way.
Because if you're an expert in crypto, then there's a good chance you're a crypto fan.
So as a reporter, I find these stories so intimidating to do because you're sort of dipping into a world that is almost cult-like in a sense.
And they said that all of our cryptocurrency is stored in cold storage, which means it's not directly linked to the internet.
Yet now it appears, and we still are waiting to hear back from Liquid, so I don't know the full facts, but it appears that wasn't the case.
And what I find amazing about this world, I don't know if you guys are into your crypto, but it's really hard to find people to speak about this in a level-headed way.
Because if you're an expert in crypto, then there's a good chance you're a crypto fan.
So as a reporter, I find these stories so intimidating to do because you're sort of dipping into a world that is almost cult-like in a sense.
There's a religious fervour, isn't there?
There is, there is.
It's the crypto maniacs and the people who are very, very anti-crypto. And there's not many people straddling both sides.
Exactly.
I think the BBC's Crypto Queen opened my eyes to that because you got an idea of how far and wide people were believing that this is how they would get rich, that they were early to the game and they're gonna make a killing here.
Yeah, that was a great series actually.
Yes. Amazing, amazing.
But I think you make a really good point, Joe, which is that actually many regular people now will have some element of cryptocurrency because of all the mania that has happened in recent years with it zooming up and other investments maybe not doing that with the likes of the late John McAfee, always touting cryptocurrencies.
There will be many people who will have put away a little nest egg thinking, well, it's worth us chucking £20,000 or whatever it may be in there to see what happens.
There will be many people who will have put away a little nest egg thinking, well, it's worth us chucking £20,000 or whatever it may be in there to see what happens.
Yeah. And let me add something to that, actually.
I think lots of people don't know how to get it out now and they'll be like, they'll get around to it, they'll get around to it, they'll get around to it.
You know, it's probably going to still go up - it's a marvellous way where you can actually go and find nothing in there.
I think lots of people don't know how to get it out now and they'll be like, they'll get around to it, they'll get around to it, they'll get around to it.
You know, it's probably going to still go up - it's a marvellous way where you can actually go and find nothing in there.
It is such a faff. The whole thing is such a faff. Buying crypto, I've bought a little bit in the past and then lost it for 5 years or whatever.
And actually I recently found it and it's sort of 0.001 bitcoin. You're lucky. I don't really know what to do with it, you know.
And the funny thing is in my job, and it's probably the same for you guys as well, the only way to truly understand these things is to get involved and to use it.
And, you know, buy things and move your money around and stuff. But yeah, it is quite hard - it's quite a close-knit community, which is sort of a closed community full of weirdos.
And actually I recently found it and it's sort of 0.001 bitcoin. You're lucky. I don't really know what to do with it, you know.
And the funny thing is in my job, and it's probably the same for you guys as well, the only way to truly understand these things is to get involved and to use it.
And, you know, buy things and move your money around and stuff. But yeah, it is quite hard - it's quite a close-knit community, which is sort of a closed community full of weirdos.
Let's just call a spade a spade. They're all nuts.
I tell you, if you're going around checking all these different cryptos and putting your money in and out just to see how it all works, you should write it all down.
I'd love - I mean, that's gold for people, right? To understand what they're getting involved in.
I'd love - I mean, that's gold for people, right? To understand what they're getting involved in.
Well, there was a brilliant piece that my colleague did actually in this similar vein. We had one of our bosses leave to go into somewhere else. He was the head of tech at BBC.
So we all chipped in and got him an NFT, a non-fungible token, just for a laugh. And it was delegated to my colleague Christina to actually go and buy the blooming thing.
And she must have spent three weeks trying to, first of all, buy this. Was it Ethereum or Ether?
I can't remember what the cryptocurrency was, but the faff she went through to get this, to actually secure this NFT, this useless bit of digital— And then she wrote a piece about it and it was great.
It's that sort of thing that shows you—
So we all chipped in and got him an NFT, a non-fungible token, just for a laugh. And it was delegated to my colleague Christina to actually go and buy the blooming thing.
And she must have spent three weeks trying to, first of all, buy this. Was it Ethereum or Ether?
I can't remember what the cryptocurrency was, but the faff she went through to get this, to actually secure this NFT, this useless bit of digital— And then she wrote a piece about it and it was great.
It's that sort of thing that shows you—
NFTs, come on.
The NFT world is another just crazy, crazy thing that it's hard to wrap your head around. It really is.
The money that— did you see that about Beeple, this digital artist who made $70 million, I think it was?
The money that— did you see that about Beeple, this digital artist who made $70 million, I think it was?
Yeah. Insane.
In the wrong line of work.
Carole, what have you got for us this week?
Something very light and weird. So— Okay, so we're gonna start with celebrity divorces. And we all know that there's been many contentious ones in the past.
So Hulk and Linda Hogan, 2007.
So Hulk and Linda Hogan, 2007.
Sorry, I thought you said celebrity. You're starting with Hulk Hogan. Hulk Hogan's a celebrity. That's how high we're going, are we?
I thought you meant the Incredible Hulk. I was like, is that a real thing?
Paul McCartney and Heather Mills, Graham?
Oh, yes.
Yeah? $50 million? And Brad Pitt and Angelina Jolie, started in 2016. Apparently, it's not even settled yet and costing millions and millions and millions. Oh, yeah.
The celebs that didn't follow suit are the so sweet and earnest you want to vomit— Can you guess who I'm talking about?
The celebs that didn't follow suit are the so sweet and earnest you want to vomit— Can you guess who I'm talking about?
Oh, you're talking about— Come on.
Who am I talking about?
You're talking about Chris Martin and Gwyneth Paltrow. Yes!
Oh, the conscious uncoupling.
Yes, the uncoupling. The conscious uncoupling.
Exactly.
Bless them.
Bless them.
I wonder who gets to keep the candles.
Yes, you take the patchouli, I'll take the lavender. But this is kind of unusual in tech billionaire land.
According to The Times, tech billionaires have typically divorced very quietly behind closed doors, and it's rare that they're willing to trade blows in a public courtroom and expose the complex web of their personal finances.
Makes sense. But they do happen. And just this week in tech and mainstream media, it's all abuzz with this high-stake tech divorce.
So in the left corner, we have robotics guru and startup entrepreneur Scott Hassan.
He was one of the code writers for the original search algorithm for Google known as BackRub back in '96.
He's kind of known as the third unofficial Google founder in some circles, along with Larry Page and Sergey Brin.
According to The Times, tech billionaires have typically divorced very quietly behind closed doors, and it's rare that they're willing to trade blows in a public courtroom and expose the complex web of their personal finances.
Makes sense. But they do happen. And just this week in tech and mainstream media, it's all abuzz with this high-stake tech divorce.
So in the left corner, we have robotics guru and startup entrepreneur Scott Hassan.
He was one of the code writers for the original search algorithm for Google known as BackRub back in '96.
He's kind of known as the third unofficial Google founder in some circles, along with Larry Page and Sergey Brin.
Mm-hmm.
And he's also known for creating those screens on wheels.
You know, before we all had phones in our pockets, you'd have video conferencing, and there'd be a screen on a long kind of neck, and it had— almost like those IVs in hospitals.
It looked like an IV, but it had a screen on it.
You know, before we all had phones in our pockets, you'd have video conferencing, and there'd be a screen on a long kind of neck, and it had— almost like those IVs in hospitals.
It looked like an IV, but it had a screen on it.
What are you talking about?
Oh yeah, that you wheel around in a school or whatever.
Yeah!
Oh, so he made that?
Yeah, he made that. It's apparently gone bust now.
So he's done an incredible bit of sort of coding. And then a really basic bit of metal hardware.
So you're talking about a television? What is this? What is this thing?
I don't know how you call it. They had them even in the White House. They were basically for virtual meetings before we all could Zoomify and whatever.
And it's a screen you bring in, like video conferencing, but it would be keeping at the height of the person.
So you could bring it down to be chair height or standing up, so you could have a coffee meeting. I don't know, I'll finish this. Anyway, it went bust.
And it's a screen you bring in, like video conferencing, but it would be keeping at the height of the person.
So you could bring it down to be chair height or standing up, so you could have a coffee meeting. I don't know, I'll finish this. Anyway, it went bust.
Okay.
So that's in the left corner. In the other corner, we have Allison Hoon, a senior research fellow at Stanford University Robotics Laboratory. So also a smart cookie.
And they were married for 13 years. And for the last 7, they've been trying to divorce. And the problem is they don't agree on the settlement.
And so this week, this Tuesday, they've gone to trial and it's proving to be a popcorn-eating worthy affair.
Because it's been open to the public, and some allegations have been a little bit surprising.
And they were married for 13 years. And for the last 7, they've been trying to divorce. And the problem is they don't agree on the settlement.
And so this week, this Tuesday, they've gone to trial and it's proving to be a popcorn-eating worthy affair.
Because it's been open to the public, and some allegations have been a little bit surprising.
Such as— you can't say things like that.
The New York Post. The New York Post. I'm getting there, I'm getting it.
Oh, that quality publication. Yes, the New York Post.
Well, you know, because I can validate from other news sources. So, but $1.8 billion is their estate. $1.8 billion.
I've never even heard of this guy.
Yeah, and Hassan wants to give her a disputed fraction of this. So he basically, they have a company, he has a company with lots of shares in it.
And the accusation is basically tried to dump the company for a pittance and a tax dodge and a divorce shrinking of the settlement.
And the accusation is basically tried to dump the company for a pittance and a tax dodge and a divorce shrinking of the settlement.
Right.
And she's like, dude, you should be going according to law and look after your shareholders. So you know, an age-old fight of the blisteringly rich, right?
So, we're talking, no one's going hungry here, right? On any side. But it's been rough waters for quite a while now.
Even at the beginning, apparently, when he planned to divorce, he did it by text. So, it's probably safe to say this was not a conscious uncoupling.
So, we're talking, no one's going hungry here, right? On any side. But it's been rough waters for quite a while now.
Even at the beginning, apparently, when he planned to divorce, he did it by text. So, it's probably safe to say this was not a conscious uncoupling.
At least he didn't wheel in some screen and do a teleconference.
Welcome to Duncansville, population you.
Can I butt in here with a personal anecdote?
Sure.
Right. I was once dating a young lady. Okay. And I was—
You're quite old now as a young man, right?
I just want to make sure.
I was probably in my early 30s and she was a similar age as well. And basically she kind of disappeared, right? I thought she's blanking me. She's not replying.
She's ghosting me or whatever. Clearly she doesn't want to be with me. She's not returning my calls, she's not returning my texts, etc.
So it happened for a couple of weeks and I thought, oh, clearly I've been dumped. You know, it would have been nice to have known, but clearly I've been dumped.
And so I thought, just to be all upfront about things, sent her a text basically saying it's over, right? Fair enough, you know, look after yourself, etc.
And then she got really, really arsey. And she got arsey because she said, well, there was no way, how dare you dump me via text.
It's like, I've been trying to communicate with you for weeks, you know.
She's ghosting me or whatever. Clearly she doesn't want to be with me. She's not returning my calls, she's not returning my texts, etc.
So it happened for a couple of weeks and I thought, oh, clearly I've been dumped. You know, it would have been nice to have known, but clearly I've been dumped.
And so I thought, just to be all upfront about things, sent her a text basically saying it's over, right? Fair enough, you know, look after yourself, etc.
And then she got really, really arsey. And she got arsey because she said, well, there was no way, how dare you dump me via text.
It's like, I've been trying to communicate with you for weeks, you know.
Maybe she was afraid of being dumped, so she was just ghosting you.
Yeah, she wanted—
Well, she claimed, she claimed she was on holiday in Scotland, and apparently mobile phones don't work up there.
And this was 20— this was 20-some years ago, right?
20-odd years ago. But I just, you know— but I've since, I've since been characterized as someone who dumped someone by text.
And maybe this tech mogul guy was in a similar scenario.
And maybe this tech mogul guy was in a similar scenario.
You weren't married to her for 13 years.
No, I wasn't. No, that's true. I'd probably been dating her about 5 weeks. Yeah.
Yeah.
So you're saying it's all about the context. We don't know the context.
It is all about the context, yes.
We don't know if he just sent an emoji or a GIF. Who knows?
I didn't send her an emoji of a dumper truck or something like that. Yeah, just a big shit.
Okay, now what I thought— I didn't expect to get you to open up like that, Graham, so I'm very thrilled. I thought you'd be going, why the heck are we talking about this?
I don't understand.
I don't understand.
It's her loss, Graham. It's her loss.
Maybe it is.
Plenty of fish in the sea.
Well, Hassan was presumably so enraged by the fiscal demands from the other side, decided to do something that some might call dumb. And it involves computers.
So ipso facto, Smashing Security worthy, right?
So ipso facto, Smashing Security worthy, right?
Excellent.
Hassan has admitted that earlier this year in February, when everything was very fraught with respect to the divorce, and maybe he couldn't take it anymore.
Maybe his meditation teacher quit. He came to the decision it'd be a good idea to create and make a website live, cleverly entitled AllisonHoon.com, his wife's full name.
Maybe his meditation teacher quit. He came to the decision it'd be a good idea to create and make a website live, cleverly entitled AllisonHoon.com, his wife's full name.
Oh, right.
I've put a screenshot of the website into our document.
Yeah, I'm looking at it right now.
So, oh, okay. Alison. Yeah, got it.
Okay. So what we have just for our listeners here, you have contact information for Alison, right? Her LinkedIn, her Twitter, her Facebook.
You have a list of a number of articles that she's written, but kind of a random selection. And then you have some lawsuits. Oh, yes.
And apparently these connected over to a Google Drive where you could find all kinds of information on these lawsuits, what was going on. And these are from her past.
And they're not necessarily— they're involving sexual harassment and all kinds of ugly stuff. Now, this is the problem. He did a good job of hiding his fingerprints, right?
His fingerprints were all over this. And she had no idea this was live. So this went out in February, and Hoon only discovered it on August 5th.
I knew you would do that, Graham, because you can't believe that people don't Google their names every day, can you?
You have a list of a number of articles that she's written, but kind of a random selection. And then you have some lawsuits. Oh, yes.
And apparently these connected over to a Google Drive where you could find all kinds of information on these lawsuits, what was going on. And these are from her past.
And they're not necessarily— they're involving sexual harassment and all kinds of ugly stuff. Now, this is the problem. He did a good job of hiding his fingerprints, right?
His fingerprints were all over this. And she had no idea this was live. So this went out in February, and Hoon only discovered it on August 5th.
I knew you would do that, Graham, because you can't believe that people don't Google their names every day, can you?
But every hour or so.
I mean, surely you set up a Google alert.
Exactly. There must be Google detectives or something.
I thought she worked in technology. I thought she— I mean, and he apparently created the algorithm for Google. Maybe he's— oh, maybe he wrote the algorithm.
So it would pop this up at the top of the results or something.
So it would pop this up at the top of the results or something.
Or not pop up on any results. Yeah.
Yeah. Hide it.
Well, yes.
So if anyone was looking for information on her, maybe because she was looking for a job or if she was starting a new relationship, they would end up on this page and they'd think, oh, this looks—
So if anyone was looking for information on her, maybe because she was looking for a job or if she was starting a new relationship, they would end up on this page and they'd think, oh, this looks—
Oh boy. Yeah.
She looks rather litigious. She wrote an article in 1999 for Salon.com called Penguin Wiggles Its Flippers.
Did someone just fall over?
I've just spilt my tea.
Oh no!
Oh no!
Back in a sec.
It's okay. It's a crisis.
It is a crisis. I've done this and ruined laptops.
I'm back. I'm back. So just to describe to the listener what I'm dealing with here. I'm actually broadcasting from my wife's knicker drawer.
Because the kids are being ultra loud downstairs.
So what's happened is I've hung up a shirt in the cupboard I'm in and it's fallen down, hit my tea, and now I'm standing in a pool of tea. So it's going well.
Because the kids are being ultra loud downstairs.
So what's happened is I've hung up a shirt in the cupboard I'm in and it's fallen down, hit my tea, and now I'm standing in a pool of tea. So it's going well.
Oh, at least your laptop isn't though.
The laptop's good. We're okay. I can still see alisonhoon.com.
Okay, phew!
So anyway, this sounds ill-advised, this website. I don't know about you guys, but it feels—
Yeah, a little bit. I mean, even if he's covered his tracks, he is the person who is having this multi-year divorce disagreement with—
Yeah.
Can you read the disclaimer at the top, Grim? Can you read the disclaimer at the top?
Okay, let's look at this. Website contains links to certain public information related to Alison Hoon. It is not sponsored by or affiliated with Alison Hoon.
The material and information contained on this website is for general information purposes only.
You should not rely upon the material and information on the website as a basis for making any business, legal, or any other decisions. Now on with the dirt. I added that last bit.
The material and information contained on this website is for general information purposes only.
You should not rely upon the material and information on the website as a basis for making any business, legal, or any other decisions. Now on with the dirt. I added that last bit.
So what, do lawyers go, yeah, yeah, go ahead, go ahead, do that, just add this at the top?
Yeah, looks good to me.
Cut and paste this at the top, and you're good to go, my sunshine. Looks so weird. So apparently when she found out about it, she told her lawyer.
Lawyer called in the forensic pros, who apparently failed to find anything. But Hoon, no idiot, did.
Lawyer called in the forensic pros, who apparently failed to find anything. But Hoon, no idiot, did.
So she told The Post, I stayed up all night and discovered a back door that Scott inadvertently did not close.
I was able to determine that the Google Drive site which contained all the lawsuit documents, was registered by Scott Wendell— Scott's middle name.
I was able to determine that the Google Drive site which contained all the lawsuit documents, was registered by Scott Wendell— Scott's middle name.
Oh, that sounds so basic.
We didn't use his last name, but yeah. The email contact has Hassan in it.
And to add salt to the wound, she's quoted saying, so the genius of Silicon Valley was exposed by his wife using her technical knowledge. Poetic justice. So it sounds bitter.
It does sound bitter, doesn't it? I think this is much cleverer than you imagine.
And to add salt to the wound, she's quoted saying, so the genius of Silicon Valley was exposed by his wife using her technical knowledge. Poetic justice. So it sounds bitter.
It does sound bitter, doesn't it? I think this is much cleverer than you imagine.
I think he has deliberately done this and acted like an utter, utter buffoon in order to devalue his company through his technical incompetence. Oh!
He's playing a lot of games.
Which means she ends up— Yes, she ends up with less money. She's fallen for it.
Wow.
That's why they're in court right now. That's what she's suing him for, for actually doing that.
Because there's all these reports of him, once the divorce started, or once they separated, he stopped showing up at the office on time. He missed meetings.
Missed meetings all the time. He was basically just, you know, running it to the ground is the argument.
Because there's all these reports of him, once the divorce started, or once they separated, he stopped showing up at the office on time. He missed meetings.
Missed meetings all the time. He was basically just, you know, running it to the ground is the argument.
Now he's proven he's a complete twit.
So when asked if he put up the site, Hassan admitted, I did, but I have taken it down.
It came together in a moment of frustration when I felt Alison and her attorney were telling one-sided stories to the press. This is the robotics god, apparently.
I thought aggregating publicly available information without commenting or editorializing would help.
It only ended making our dispute more public and tense, which was never what I intended.
It came together in a moment of frustration when I felt Alison and her attorney were telling one-sided stories to the press. This is the robotics god, apparently.
I thought aggregating publicly available information without commenting or editorializing would help.
It only ended making our dispute more public and tense, which was never what I intended.
Who hasn't made a website about their partner when they're angry?
Well, I don't know if either of you've been to the website sarahcan't-receive-text-messages-while-she's-in-scotland.com.
But if you do, I've got—
After 20 years, I still have a variety of information about her.
You need to work on your SEO there.
Word to the wise, don't post shit on sites. That's basically it.
Especially if you've got a very intelligent ex-wife.
Yeah, and a lot of fricking money.
Yeah.
You know, I mean, I do feel for them. They're probably going to end up only with, I don't know, $500 million each after all this.
Cybercrime is at an all-time high and it's not slowing down. So why should you?
This August, you are invited to Security Summer School, a brand new webinar series hosted by the 1Password team.
Learn from security experts at top organizations, hear about sizzling security trends, and get quick tips for building a culture of security at home and at work.
You can get exclusive perks like 1Password swag for attending events, the chance to network with top security leaders, and much, much more.
Find out more and enroll now at www.1passwordsummerschool.com. That's www.onepasswordsummerschool, all one word, .com.
This August, you are invited to Security Summer School, a brand new webinar series hosted by the 1Password team.
Learn from security experts at top organizations, hear about sizzling security trends, and get quick tips for building a culture of security at home and at work.
You can get exclusive perks like 1Password swag for attending events, the chance to network with top security leaders, and much, much more.
Find out more and enroll now at www.1passwordsummerschool.com. That's www.onepasswordsummerschool, all one word, .com.
Listeners, it is time to get serious about preventing and detecting credential abuse, privilege escalation, and entitlement exposures.
My friends over at Attivo Networks have tackled this challenge, and I want to share how it works.
The Attivo Identity Visibility Bundle finds exposed admin credentials from the endpoint.
Conducts over 200 continuous checks on Active Directory and identifies risky entitlement and over-provisioning in cloud environments.
The Attivo Identity Detection Bundle cloaks production credentials and AD objects to hide and deny access and deceives tools like Bloodhound, steering the attacker into decoys for threat intelligence gathering.
If you want to learn more and kick credential attacks to the curb, go to attivonetworks.com. That's Attivo, A-T-T-I-V-O, networks.com.
And thanks to Attivo Networks for sponsoring the show.
My friends over at Attivo Networks have tackled this challenge, and I want to share how it works.
The Attivo Identity Visibility Bundle finds exposed admin credentials from the endpoint.
Conducts over 200 continuous checks on Active Directory and identifies risky entitlement and over-provisioning in cloud environments.
The Attivo Identity Detection Bundle cloaks production credentials and AD objects to hide and deny access and deceives tools like Bloodhound, steering the attacker into decoys for threat intelligence gathering.
If you want to learn more and kick credential attacks to the curb, go to attivonetworks.com. That's Attivo, A-T-T-I-V-O, networks.com.
And thanks to Attivo Networks for sponsoring the show.
And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. Doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. Doesn't have to be security related necessarily.
Better not be.
Now, if you've been listening to recent episodes of Smashing Security, I've been discussing one of my favorite TV shows, which is of course Columbo, one of the greatest TV shows of all time.
And that got me thinking quite a lot about the TV crime genre and having plowed my way through quite a lot of Columbo, I thought, what else did I used to like?
And I'm gonna give you another one right now, which some people may not have seen. It is, of course, Cracker.
And that got me thinking quite a lot about the TV crime genre and having plowed my way through quite a lot of Columbo, I thought, what else did I used to like?
And I'm gonna give you another one right now, which some people may not have seen. It is, of course, Cracker.
Ah.
Do you remember Cracker? Joe, you're probably too young for Cracker.
Rings a bell.
Yeah, I love Cracker.
Was that Robbie Coltrane?
Yes, Robbie Coltrane.
It's Robbie Coltrane. Yeah.
It came out in the early 1990s. British gritty TV crime series set in Manchester. Robbie Coltrane is a thoroughly unpleasant—
Yes.
But still genius criminal psychologist, or cracker, who is assisting the police force.
He's the opposite of Columbo, isn't he? He's the dirty living Columbo.
Yeah, I mean, Columbo is quite shabby and shambolic.
No, no, exactly. They both wear the same trench coats. They kind of have a similar feel about them.
But Columbo, you kind of want to give him a hug and curl up with him and spoon him, whereas you don't want to do that with Robbie Coltrane as Cracker.
Is Columbo the one that always says, "And one other thing," or something at the end? One more thing, right?
Yeah, yeah. Joe, Joe, I just can't. I've tried.
You only brought this thing in to do your impression, didn't you?
Yeah, I did.
Oh, Joe. I just need a little loose ends, you see. I've been on the BBC News website, a couple of things. I just don't understand. I'm sure you can explain it to me.
Columbo's brilliant, but Cracker is somewhat different. Cracker— I mean, both are brilliant in their own way, but they're very different.
Cracker has a great cast, including Ricky Tomlinson, Geraldine Somerville, Robert Carlyle, Christopher Eccleston, who has one of the most truly memorable moments in TV drama history.
I'm not going to give you any spoilers. OMG. What happens at the beginning of Series 2 of Cracker? Unbelievable.
Columbo's brilliant, but Cracker is somewhat different. Cracker— I mean, both are brilliant in their own way, but they're very different.
Cracker has a great cast, including Ricky Tomlinson, Geraldine Somerville, Robert Carlyle, Christopher Eccleston, who has one of the most truly memorable moments in TV drama history.
I'm not going to give you any spoilers. OMG. What happens at the beginning of Series 2 of Cracker? Unbelievable.
What, 1990? When would it start?
Some people will be watching this based on my recommendation.
That's very true. And lucky them. Lucky them.
Yes. And so I don't want to spoil it for them. In the very first episode of Cracker, do you know who appears?
No.
A man being investigated is Adrian Dunbar. Do you know who Adrian Dunbar is?
No.
No.
Oh, Joseph, Jesus, Mary, and a donkey.
Oh, from that?
He's the guy who became Ted Hastings from Line of Duty.
Oh!
It's Jesus, Mary, Joseph, and the wee donkey.
Now we're cooking on gas.
Yeah, that's right.
Yeah.
Yeah, here's some great lines. Great lines.
Whoever's writing them is brilliant. Now we're sucking on diesel, is it?
Yes, that's right. Love it. That's the— yeah, so good.
So good. So, I have been watching Cracker on BritBox, which has lots of old classic TV. Which is the kind of thing I like.
There was a US remake of Cracker called Fitz, which I've never seen. I imagine is terrible. So go and check out the original Cracker. It is quite brilliant.
And that is my pick of the week.
There was a US remake of Cracker called Fitz, which I've never seen. I imagine is terrible. So go and check out the original Cracker. It is quite brilliant.
And that is my pick of the week.
I approve, Graham. Good pick of the week.
Thank you very much.
Long in the tooth, but yeah, if you like gritty—
It is long in the tooth.
—detective stuff.
Very, very good TV drama.
What's my pick of the week? Well, mine's a bit unusual.
The thing that I've been obsessing over lately is I've got a wildlife camera, one of these ones that you stick in the corner of your garden and then it's got a sensor, a load of lasers or whatever.
And then whenever an animal that's big enough goes past it or near it, it turns on. And I've managed to get this little fox that we've got that comes and visits our garden.
You can tell how exciting my life is, by the way. But the thing I've been really trying to get is this rat.
There's a rat living somewhere in our garden which we haven't managed to capture. I've seen it once at 6 in the morning, came down for a cup of tea.
There it was sitting on the patio, just chilling out. But I still haven't got it.
And it's a sort of cat and mouse or rat and mouse, if you like, game between me and this creature, which is driving me mad. I've caught— I've got the back of it.
So in one footage, one little video I've got for about half a second, you just see the back of this thing running across the camera. But that is the thing that I'm obsessed with.
And if you've got a garden, and if you've got— I think it was £50 or £60 or something— I strongly recommend these because they are quite good fun, especially with kids as well.
My little boys will wake up in the morning, we'll go and see what the camera got overnight. They'll normally be quite— oh, that's gorgeous. I'll be more excited than they are.
But yeah, we've got a hedgehog, we've got a fox, and we have got the back of a rat.
The thing that I've been obsessing over lately is I've got a wildlife camera, one of these ones that you stick in the corner of your garden and then it's got a sensor, a load of lasers or whatever.
And then whenever an animal that's big enough goes past it or near it, it turns on. And I've managed to get this little fox that we've got that comes and visits our garden.
You can tell how exciting my life is, by the way. But the thing I've been really trying to get is this rat.
There's a rat living somewhere in our garden which we haven't managed to capture. I've seen it once at 6 in the morning, came down for a cup of tea.
There it was sitting on the patio, just chilling out. But I still haven't got it.
And it's a sort of cat and mouse or rat and mouse, if you like, game between me and this creature, which is driving me mad. I've caught— I've got the back of it.
So in one footage, one little video I've got for about half a second, you just see the back of this thing running across the camera. But that is the thing that I'm obsessed with.
And if you've got a garden, and if you've got— I think it was £50 or £60 or something— I strongly recommend these because they are quite good fun, especially with kids as well.
My little boys will wake up in the morning, we'll go and see what the camera got overnight. They'll normally be quite— oh, that's gorgeous. I'll be more excited than they are.
But yeah, we've got a hedgehog, we've got a fox, and we have got the back of a rat.
Now tell me, what are you— so let's say the rat comes over and kind of goes, you know, gives you the finger or something, right?
Flips you the V's, something like that, on the camera.
Flips you the V's, something like that, on the camera.
What do you do then? Then I'll flip the V's back. I'll sit out all night long, wait to return the favour. I don't know what we've talked about.
You see, this all came about because my wife said, can you do something about the rat? I think she meant, can you put a rat trap out?
I don't think she meant, can you get some footage of it on a wildlife camera? So there's been a bit of a disagreement in the household, but I think ultimately that's what she wants.
But I think if we can name it and if we can see it, then we can be friends with it. It can be our pet.
You see, this all came about because my wife said, can you do something about the rat? I think she meant, can you put a rat trap out?
I don't think she meant, can you get some footage of it on a wildlife camera? So there's been a bit of a disagreement in the household, but I think ultimately that's what she wants.
But I think if we can name it and if we can see it, then we can be friends with it. It can be our pet.
Do you know how much— you know how big their litters are and how often?
No, go on.
I think it's something like every 8 or 12 weeks, and they can have 10 to 12 or something.
So you're telling me there isn't just one rat? Well, we—
I had a rat, and I— look, I'm obviously on the other side. I'm kind of with your wife on this, right? I saw the rat and I was like, I have no problem with the rat.
I do not want him living in our garden because we have a walled garden as well, right? I don't want him to go, this is perfect.
We've got bird food, we've got this watering bag, everything we need. This is awesome, right? And come on, honey, come on, right?
And then having thousands of babies everywhere because they just nest and they nest.
I do not want him living in our garden because we have a walled garden as well, right? I don't want him to go, this is perfect.
We've got bird food, we've got this watering bag, everything we need. This is awesome, right? And come on, honey, come on, right?
And then having thousands of babies everywhere because they just nest and they nest.
Yeah, I may have compounded the issue because I put— I had— I decided to build a little pond.
I got a big plant pot which is left over from previous nonsense, and I was bored in February in height of lockdown, and I thought, right, I'm going to bury this in the garden, fill it with water, and I've suddenly got a lovely wildlife pond.
It hasn't worked that way. Some of the stuff that grows in there, it's what you'd see in Prometheus. It's horrendous.
Have you ever seen a, what's it called now, a long-tailed rat larvae? Oh, look at— oh, the way they swim, they are otherworldly and terrifying.
I got a big plant pot which is left over from previous nonsense, and I was bored in February in height of lockdown, and I thought, right, I'm going to bury this in the garden, fill it with water, and I've suddenly got a lovely wildlife pond.
It hasn't worked that way. Some of the stuff that grows in there, it's what you'd see in Prometheus. It's horrendous.
Have you ever seen a, what's it called now, a long-tailed rat larvae? Oh, look at— oh, the way they swim, they are otherworldly and terrifying.
So you've got a kind of swamp because you're not doing anything with the water? You don't have the right reeds to clean the water or anything?
Well, I put the reeds in, but then I accidentally kicked a football in and decapitated the pond wildlife.
I love this. I thought you were going to tell us that you'd caught the rat waterskiing across your pond.
You know, that's the dream. Yeah, well, I put it on YouTube, it goes viral, I become a multimillionaire. Yep, influencer, you know.
Make it an NFT, exactly, just do a couple of conferences a year, and that's me done.
Make it an NFT, exactly, just do a couple of conferences a year, and that's me done.
I can look at my rats all day. I can make a house for them, a huge house in my garden.
Teach him how to cook. Yeah, Disney reference there, Ratatouille.
Don't you got that?
Oh yeah, great, great movie. One of my favorites. Carole, what's your pick of the week?
Well, you know my penchant for audio dramas. Well, this week I have yet another one, a glorious one called Keeping the Wolf Out.
It's a BBC full-cast detective series set in Budapest, 1964. So, 8 years after the Hungarian uprising, when people revolted against Soviet rule.
The country is still at this time, 1964, it's still fraught with political intensity, paranoia about who's listening in on who, because any dissidence is, you know, it's pretty risky.
So in Keeping the Wolf Out, we follow a special investigator, so similar to your Cracker, but a younger guy called Bertalan Lazar and his spy wife, Renzsiska.
And boy, they face a lot of turbulent times. And they try to find out the truth and unmask the true baddies as part of their jobs.
But it's not always easy because a lot of people higher up are up to no good.
But the gorgeous thing is they come together at night and they commune and share over dinner and the relationship between them is just phenomenal. It just oozes with character.
They're sassy, funny, sexy, vulnerable. It's just great. You'd love it, Graham. Joe, I can tell you'd love it. If you were going, "Cracker sounds good," this is just— and it's audio.
It's a BBC full-cast detective series set in Budapest, 1964. So, 8 years after the Hungarian uprising, when people revolted against Soviet rule.
The country is still at this time, 1964, it's still fraught with political intensity, paranoia about who's listening in on who, because any dissidence is, you know, it's pretty risky.
So in Keeping the Wolf Out, we follow a special investigator, so similar to your Cracker, but a younger guy called Bertalan Lazar and his spy wife, Renzsiska.
And boy, they face a lot of turbulent times. And they try to find out the truth and unmask the true baddies as part of their jobs.
But it's not always easy because a lot of people higher up are up to no good.
But the gorgeous thing is they come together at night and they commune and share over dinner and the relationship between them is just phenomenal. It just oozes with character.
They're sassy, funny, sexy, vulnerable. It's just great. You'd love it, Graham. Joe, I can tell you'd love it. If you were going, "Cracker sounds good," this is just— and it's audio.
At any point, do the detectives check whether or not a 3D printer is spewing out spaghetti?
No, 'cause it's 1964. Oh, they didn't check that. So I don't even think they know. They may not even know about spaghetti back then, I don't know.
No tiramisu latte? No traffic wardens? No, nothing like that.
Sounds good. So is it an acted-out drama type thing?
Yes, full cast, full cast. So it's written by Philip Palmer.
Don't you just love the BBC for making things like that?
100%. I think it's just so good.
I love the BBC. The BBC makes so much incredible, brilliant stuff.
And are you saying that because I'm here?
No, I think— I mean, I mean it too, actually. I'm a huge BBC fan, huge.
BBC gets slagged off by so many people, and it's just—
And you don't deserve it. I don't know what they want. What's better?
When they announced BBC Sounds, this app that you can download in the UK, I was like, oh, not another app. We don't need another app, BBC. What are you doing?
And it's actually, you know, I'm not just saying this because I work for the BBC, because BBC's got problems, but what a stroke of genius. I use that app.
All my family and friends use the app every day. It is really good. And you're right, I think they've invested massively in audio.
They've seen the podcasts and dramas like the one you're talking about are massive. And I think, yeah, I mean, it's paying off.
Obviously there's always going to be the hashtag defund the BBC. That will always be there, and they may win one day. Hopefully not.
But yeah, it's really nice to see when they do something like that.
And it's actually, you know, I'm not just saying this because I work for the BBC, because BBC's got problems, but what a stroke of genius. I use that app.
All my family and friends use the app every day. It is really good. And you're right, I think they've invested massively in audio.
They've seen the podcasts and dramas like the one you're talking about are massive. And I think, yeah, I mean, it's paying off.
Obviously there's always going to be the hashtag defund the BBC. That will always be there, and they may win one day. Hopefully not.
But yeah, it's really nice to see when they do something like that.
So you can find it on BBC Sounds. I also saw it available on Amazon, so look where you typically find your audiobooks and you may be able to find it.
So it's called Keeping the Wolf Out and by Philip Palmer, and it's awesome. Brilliant. Great. That sounds good.
So it's called Keeping the Wolf Out and by Philip Palmer, and it's awesome. Brilliant. Great. That sounds good.
Well, that just about wraps it up for this week. Joe, I'm sure lots of our listeners would love to follow you online and find out what you're up to.
What's the best way for people to that?
What's the best way for people to that?
Well, I don't know why you'd want to, but if you were that way inclined, Twitter's the one that I use the most. It's just @JoeTidy.
You can follow us on Twitter @SmashingSecurity, no G, Twitter won't allow us to have a G. And we're also running a Smashing Security subreddit as well.
And to make sure you never miss another episode of the show, follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Overcast, and Google Podcasts.
And to make sure you never miss another episode of the show, follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Overcast, and Google Podcasts.
And huge thank you to this episode's sponsors, Atevo Networks and 1Password, and to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 239 episodes, check out smashingsecurity.com.
For episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 239 episodes, check out smashingsecurity.com.
Until next time, cheerio, bye-bye.
Bye.
Bye-bye. Joe, can I ask you something?
Yeah. Your name's Tidy. Are you?
Yes. I think I'm quite neat. I'm quite tidy. I'm not sort of clean.
I don't think she's asking about manscaping. Was it back sack and crack?
Hello peeps, it's Carole Theriault here. I have two things for you this week.
One, a very sweet review from Ninov196600 who writes, discovered the Smashing Security a few weeks ago, already addicted. I love it. Keep them coming. We will, Ninov.
You have quite a big back catalog. If you miss the sound of our voices in between each new show. Now, an announcement.
Graham and I have been a bit remiss about putting up some unique content onto Patreon. And what we would like to know is, what would you guys like to know?
Would you like us to focus on a specific topic? Would you like to ask us questions about how we got to where we are or what we do?
Do you want to ask Graham his most embarrassing story? I mean, the choice is yours. And the wilder the better, I say.
And don't worry, even if you don't support Patreon, it will come out eventually on this feed. We like free content for everybody if we can.
Tweet us, email us, and let us know what you would like to know, 'cause after all, all we want to do is make you happy. See you next week.
One, a very sweet review from Ninov196600 who writes, discovered the Smashing Security a few weeks ago, already addicted. I love it. Keep them coming. We will, Ninov.
You have quite a big back catalog. If you miss the sound of our voices in between each new show. Now, an announcement.
Graham and I have been a bit remiss about putting up some unique content onto Patreon. And what we would like to know is, what would you guys like to know?
Would you like us to focus on a specific topic? Would you like to ask us questions about how we got to where we are or what we do?
Do you want to ask Graham his most embarrassing story? I mean, the choice is yours. And the wilder the better, I say.
And don't worry, even if you don't support Patreon, it will come out eventually on this feed. We like free content for everybody if we can.
Tweet us, email us, and let us know what you would like to know, 'cause after all, all we want to do is make you happy. See you next week.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Joe Tidy – @joetidy
Show notes:
- We Broke Into A Bunch Of Android Phones With A 3D-Printed Head — Forbes.
- Wake up this morning and see this on my 3D printer (I use octoprint and now I’m scared) — Reddit.
- What’s *THAT* on my 3D printer? Cloud bug lets anyone print to everyone — Naked Security.
- A detailed analysis of the security incident last night — The Spaghetti Detective.
- The PewDiePie Hackers: Could hacking printers ruin your life? — BBC News.
- The $600 million Poly Network hacker's Q&A — Twitter.
- Crypto hacker offered reward after $600m heist — BBC News.
- Hackers steal nearly $100m in Japan crypto heist — BBC News.
- Altsbit Crypto Exchange Gets Hacked, 'Almost All Funds' Are Gone — Bitcoinist.
- Bitpoint Exchange Hacked for $32 Million in Cryptocurrency — CoinDesk.
- Coincheck: World's biggest ever digital currency 'theft' — BBC News.
- The Inside Story of Mt. Gox, Bitcoin's $460 Million Disaster — Wired.
- Buying a pink NFT cat was a crypto nightmare — BBC News.
- Hearings Continue In Case Of Wealthy Robotics Founder Sued By His Wife For ‘Indefensible’ Sale Price Of His Startup — Forbes.
- Google ‘founder’ created revenge site against estranged wife — New York Post.
- Billionaire investor who helped launch Google is accused of 'divorce terrorism' in bitter break-up — Daily Mail.
- Cracker (British TV series) — Wikipedia.
- Cracker — BritBox.
- K&F Concept 4K WiFi 30MP Trail Camera Game Camera with 940nm Infrared Outdoor IP66 Waterproof Hunting Infrared Night Vision Camera — K&F Concept.
- Keeping the Wolf Out — BBC Radio 4.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: 1Password
Cybercrime is at an all-time high, and it’s not slowing down, so why should you? This August, you’re invited to Security Summer School, a brand new webinar series hosted by the 1Password team.
Learn from security experts at top organizations, hear about sizzling security trends, and get quick tips for building a culture of security at home and work.
Get exclusive perks like 1Password swag for attending events, enjoy the chance to network with top security leaders, and much much more. Find out more and enroll now at www.1passwordsummerschool.com
Sponsor: Attivo Networks
It’s time to get serious about preventing and detecting credential abuse, privilege escalation, and entitlement exposures.
Attivo Networks gives you visibility on identity exposures, vulnerabilities, and attack paths from endpoints to Active Directory to the cloud – all while creating an active defense, delaying and derailing attacks, empowering the defender and eliminating an attacker’s advantage.
Learn more and kick credential attacks to the curb, by visiting www.attivonetworks.com
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, Spotify, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
