Smashing Security podcast #270: Bearded Barbie, EDR scams, and hobbyist crime detectives

Apparently if Barbie were an actual woman she'd have a 39 inch bust, a 16 inch waist and 33 inch hips.

What's wrong with a woman wanting to get rid of a few ribs? What's your issue?

The issue is, Carole, that apparently people have worked out that she would only have room in her body for half a liver.

You never need the whole thing anyway though. I mean, many people have less than half a liver.

Hello, hello and welcome to Smashing Security, episode 270. My name's Graham Cluley.

And I'm Carole Theriault.

And this week, we're joined by family favourite. It's... who else could it be? It's Maria Vamarsis.

Yay! Family favorite. Hi. Not the returning family favorite.

Back on the pod again. Hi, everybody.

So, Maria, anything you want to talk about? Oh, no, we want to keep it for your pick of the week. Teaser.

Definitely your pick of the week.

Well, maybe we can just crack on then. Yeah, why not?

Let's just skip straight to pick of the week. The rest of it nobody cares about.

I'll thank this week's sponsors anyway. Collide and Keeper Security. It's their generous support that help us give you this show for free. Now, coming up on today's show, Graham, what do you got?

I'm going to be talking about Bearded Barbie.

Ooh, I like that. Okay, Maria, what about you?

The newest, hottest way to get your PII breach that you've never even heard of.

Ooh, and I'm going to do a sort of DNA dragnet. All this and much more coming up on this episode of Smashing Security.

Now, chums, do you remember in the 1960s, 1970s, when we were children, when we were growing up, that you would play with Action Man? I think in North America, he was called G.I. Joe.

Oh, yeah, G.I. Joe's, yeah. A lot of kids in the 80s had those too, though.

I used to have a million-dollar man, Steve Austin, the bionic man, in his red tracksuit with his bionic eye and his – I think he had two bionic legs, didn't he? Because if he only had one, he'd be running around in circles.

Did he have normal arms, though?

No, he definitely had a bionic arm as well. I'm pretty sure of that. We have the technology. We can rebuild him, all that. Well, of course, girls, women, they had their own dolly, didn't they? They had Barbie, who apparently celebrated her 63rd birthday last month. Full name Barbara Millicent Roberts.

She's looking fabulous at 63. The arches of her feet must be killing her in those heels all the time.

Well, I'm going to be doing a bit of body shaming when it comes to Barbie in a moment.

All right. You're about to get cancelled. Good luck, Graham.

Maria and I are going to eat popcorn.

I'm sitting back and watching this.

Barbie, of course, famous for her on-off boyfriend, Ken.

Yes. My niece is obsessed with them getting married and divorced.

Well, yes, this is what I was reading on Wikipedia. They split up in 2004. And it was only when Ken had a makeover in 2006 that they rekindled their relationship.

She was like, hello, bonjour, Ken. Loving the plastic surgery, dude. Literally.

Let's talk about Barbie and her boobs and all the rest of it. Apparently, if Barbie were an actual woman, she'd be five foot nine inches tall, which is quite tall, but you know, that's all right. She'd have a 39 inch bust, a 16 inch waist and 33 inch hips.

What's wrong with a woman wanting to get rid of a few ribs?

She sounds just like me. I mean, you know, those are exactly my measurements.

The issue is, Carole, that apparently people have worked out that she would only have room in her body for half a liver.

You never need the whole thing anyway, though. I mean, many people have less than half a liver.

If only she weren't made of plastic.

She'll have a BMI of 16.24 which would make her anorexic. She's got children's feet, size 3. And she has such top heavy weight distribution it would be impossible for her to walk normally. Apparently she would have to walk on all fours.

I suspect she also has ginormous eyes as well that probably take up brain space were she human.

Yes, quite large eyes. But what's particularly weird is her neck. It is twice as long as a normal woman's neck and much thinner. And it's been calculated that the chances of finding a single woman with the same naturally tall and thin neck like Barbie is one in 4.3 billion.

Okay, well, there's at least one on the planet. My art has a lot of long skinny necked women. I wonder if it's Barbie that did that to me.

Oh fascinating. What impacts might you be having on fans of your art? People who go to crawl.wtf and may begin to get some sort of body dysmorphia from thinking why aren't I as gangly as Carole's art? Just in the neck department.

Yeah. Now you might be asking yourselves why is Graham talking about Barbie?

I am actively asking myself this entire segment. 10 minutes in we still don't have a clue.

It's because security researchers are now warning us about Barbie, or specifically bearded Barbie. You know, fancy that, isn't it? It's no way to talk about Ken, is it? Barbie having a beard. Anyway, researchers at Cyber Reason say that—

Did you just make a vagina joke?

No, no, no, that's not what a beard is, girl. You know what a beard is, right?

No.

Really? Tell me, I don't know. Graham, do you want to be the one to explain this?

Yeah, go ahead. Our listeners can look it up for themselves. A beard—so if you are of a homosexual persuasion and you don't want other people knowing you're homosexual, perhaps because you are closeted, but you know, perhaps for whatever reason, you didn't want your parents to know or whatever, you might have a beard, which is a person of the opposite sex who hangs out with you and pretends to be your partner. Is this right, Maria? Have I got this right?

Yep, yep. So basically fool the parents. Yeah, it was you have a bestie and when needed for a school dance or when mom and dad are not sure of your persuasion, you bring bestie home and you pretend bestie is your girlfriend. Right. And that's your beard. I'm amazed you didn't know this one, today I learned. Really?

They're very innocent north of the border, Maria, aren't we just? Anyway, researchers at Cyber Reason, they say that a Hamas-backed hacking group known as APT-C-23, or sometimes also known as Mole Rats, they say they've been catfishing targets in Israel.

Do you think that was their address? Apartment C-23? We've given it away.

Go find Apartment C-23 and bust that door down! Flash grenades! Boom!

Well, the gang have been targeting Israelis who work in defense, law enforcement, government agencies through fake Facebook profiles. According to the report, stolen images or AI-generated images of young, attractive women have been created by the hackers as Facebook profiles engineered to appeal to Israel's government, police and emergency services.

So cops are going, "Ooh, I'm looking for some hot women on Facebook because that's important."

They're a little bit more proactive than that. They're not just creating the profiles and waiting for someone to stumble across them. The profiles are actually actively maintained, not just with pictures of young, pulchritudinous, glossy, long hair, lip glistening—

Back up, back up, back up. What the heck was that? Why are you showing off? How many times did you practice that before you got on the show?

Pulchritudinous, pulchritudinous, pulchritudinous, pulchritudinous. I'm not good at that.

Anyway, so you know, these are women who—pulchritudinous. They're looking very glamorous, right? They've probably got their own livers. They don't walk on all fours.

Some people that crawl, and then they have a little leash and maybe a little puppy mask. You don't know about these either?

I'm from the north. But the hackers don't just set up a bunch of fake profiles, as I was trying to explain to Carole. They actively maintain them, constantly interacting with many Israeli people, slowly gaining trust. They've been operated for months, appearing more authentic all the time. They join popular Israeli groups, they write posts in Hebrew, they're adding friends of their potential victims as friends of theirs on Facebook. So they look they're hot, real people.

And do they go, "Ooh, I've just seen the new police stats, interesting," you know, to try and get—how are they targeting these particular groups?

They're hot, available young singles in your area.

Yeah, and they're going to pop up as potential friends because they're already made friends with your friends. And then maybe you message them and say, "Hey, I like the uniform."

Exactly. I was going to say, isn't there a uniform dating app? How would there not be if there's FarmersOnly.com?

Yeah. "Nice truncheon," you know, all that.

As an American, I don't know what a truncheon is. I'll have to guess. Is that a gun? Graham, can you explain?

A truncheon—oh no, you wouldn't have one of those in America, would you?

No, we just kill people. Shouldn't laugh. We just have a truncheon and a trusty whistle to stop the criminal in their tracks. "Stop," I say, "would you mind?"

I've never heard of Wink Chat. So this is an app just made for this? Or if you go and research it, it exists?

Well, they use a variety of disguises. So some of these may be legitimate apps. And others may be a case of go to a third party website and download it from an unapproved source because

We want to be really private. He's so revolting.

I heard that way too loud in my ears. And oh okay all right

You bring this out in him I don't know what to say that's talking about truncheons and god knows what's going on I'm blushing

So once they've installed this piece of malware your poor target what's going to happen to them well they're going to have their SMS messages read and stolen. The bad guys can take over the camera. They can steal files from the device, images, record audio, get into your social networks, basically everything.

How do they have such low level access?

Because you've allowed it, because you're so hot and horny, Carole, to have your safe, discreet chat with this pulchritudinous woman. Again, with the word. It's a revolting- You've approved it to have access to absolutely everything. And away you go and this is what's happening and in some cases the hackers may even say oh I've got a hot video of myself maybe I can share that with you and they send you a RAR file and you may think oh how am I going to open this on my phone I'll forward it to my Windows computer and un-archive it there and there's so many

Red flags that have not gone up at this point. Yes, but Maria... It's because of the truncheons. It's because of the truncheons. Of the truncheon. Of the truncheon. The truncheon gets in the way of thinking. I understand. It is a known phenomenon.

You two may have a large amount of self-restraint, but if you were working for Israeli law enforcement or defense or the government or something like that... Remember, these women are very pulchritudinous, right? Right, where's the bell? The pulchritudinous bell. There's gonna come a point... Have you heard

The expression beating a dead horse?

Let's keep it clean, please. That's the thing, you see, because you're thinking, oh, I mustn't. I mustn't click. I mustn't click. But at the same time, she's really hot. I like her hair. She's been chatting to me for a while. She speaks lovely Hebrew. What, a RAR

File? I mean. Well, it's just a compression format. It's 1996.

What is this? Is she going to send over a Real Player? I mean, what?

Real Player. Oh, do you remember how painful that was?

Meet you on Yahoo. Maybe the ICQ number.

And the thing is, if you can't resist, your finger gets twitchy and eventually you think, oh, sorry, I'll just risk it this once.

There's free porn on the internet, guys. You don't need to open a RAR

File. Not of the woman who actually appears to like you. That's the difference, isn't it? This is a woman who you've been chatting to for a while and appears to be real and appears to like you. Why would you say,

Look, rather than doing all this dirty, dirty stuff online, why don't we just meet up in a coffee shop? Look, you're talking to two people that run Sticky Pickles. We are experts in this kind of stuff.

I feel like this should be our episode for tomorrow. This girl keeps sending me all these videos of herself, but they're in 1996 file formats. What do I do?

When the malware gets installed on their computers. It's e-donkey. It, of course, steals lots of data, PDFs, office files, image files, videos, images. It can even scoop up. So if you have a, again, this is another throwback. I don't know if you have a CD-ROM drive. If you have an attached CD-ROM drive.

Attached CD-ROM. Oh, my God.

The malware can scoop up the contents out because apparently these people it's targeting may be exchanging information on CD-ROM because it's safer than email or electronically. You see? And so that's a way to get hold of the really juicy stuff from your target.

Oh, man. Graham, is that why you gave me a Billy Idol Best Hits Ever CD for my birthday? It's actually loaded up. I don't have a CD player, so it's still sitting wherever it is. I'll return

It to you. No, I'll see if I can get you a CD player on eBay. If it's less than 10 pounds, that can be yours for your birthday.

And do you plug that into your cell phone?

Have you been listening? I'm just being obtuse. Anyway. I'm

Looking at my CD player right now.

Well done for Cyber Reason for taking apart this malware, finding out about these naughty girls, if they are girls.

No, they're not. They're profiles. They're profiles. Stop being so sexist. I'm not being sexist. Well, naughty girls. You're just being kind of a perv. Well, I'm a perv. All gratuitous. I haven't looked it up yet.

Maria, what's your story for us this week?

So, in the States, if you are in law enforcement and you want to get your hands on somebody's private information, then usually you have to go through the courts. Yeah, that's, yeah, I think that's kind of a universal thing. And generally when the cops or the feds go to the court they have to make a case in front of a judge for a warrant or search warrant or something like that and the judge has to sign off on it. That's the proper way for this kind of thing to go. Yeah, but in some cases law enforcement might go to a service provider with a warrant and say we want to make a bulk request of a whole bunch of customer data. So we're not going after one person. We want to go after everybody who has a certain location at a certain time or everybody who has searched for a certain keyword or phrase within a certain time and Hoover everybody's information up. And that's one way that your information could get taken without really being under a court notice. Right. Yeah. But there are also ways for law enforcement to get their hands on your info without going through the courts at all. So even worse than these two methods, right? So there's this little thing that I have recently learned about called an emergency data request or EDR. Have you heard of this? Emergency...

Data requests, EDR. It's as if someone's in danger, isn't it?

Yeah. Law enforcement basically goes, this is a matter of urgent life or death. We need somebody's home address, phone number, known IP addresses, and forget all the paperwork. Someone's life is in danger right now. Yeah, PDQ, PDQ. Yeah. So the cops or the feds, all they have to do to submit an EDR to an ISP or phone provider is submit their request from an official email address. They're at law enforcement dot gov or whatever. And maybe attach a little PDF affidavit that says, yes, this is a totally legitimate real request. And that request goes to a special department or a person usually at the company in question. And that person knows that their job is to answer these requests as fast as possible.

Oh, my God. Okay, they better not have automated this. So if you were the company in question receiving requests like this, you're basically being told if you don't hand over this customer data basically immediately someone's gonna die. Someone's gonna die, literally life or death. Yeah, so generally they usually hand it right over because there's no time to check this. Okay. I think, yeah, I think I just need to understand exactly how it's working, because I'm not getting it because I'm a bit slow today, I guess. Today.

Okay, person with official looking email sends email to a inbox at a company saying, I need this customer's data right now, right now, right now, right now. And the company goes, okay.

Yeah. This is looking like it's coming from police department, blah, blah. Yeah, and they go...

Okay, here it is. Yeah, here it is. Yeah, it's that easy. Right, okay, gotcha. It's really not any more complicated than that. So do you want to guess how much a law enforcement email account goes for on the dark web? In US dollars. I have no idea what the crypto amount would be. I'm going to say 10K. 10K. Graham, what about you?

I'm going to say $10.

It's somewhere in the middle. Although closer to your guess, Graham, it's 150 bucks. One, five, zero. Not much. Not much. So one hacker posted a law enforcement email for sale on the dark web with this little message. You can breach users and get private images from people on Snapchat, nudes, go hack your girlfriend or something. Ha ha. You won't get the login for the account, but you'll basically obtain everything in the account if you play your cards right. I am not legally responsible if you mishandle this. This is very illegal and you will get raided if you don't use a VPN. You can also breach into government systems for this, find lots of more private data and sell it for way, way more.

Whoa. This is bad. So hang on. So I could pretend to be a policeman. I could contact Snapchat and say, it's a matter of life and death. I need to see this person's nudes.

What would be the justification? I think you'd get all of it. You...

Would probably get all their PII and then enough information that you could then log into their account and all their data, like all of their data, probably. So companies have been a little bit mum on exactly how much data they've handed over. But yes, a number of big tech firms have fallen for this. In the last few weeks, we found out that the chat giant Discord did hand over information about an 18-year-old user from Indiana. And then Bloomberg just reported a few days afterwards that both Apple and Meta have fallen for this as well. So they won't say how many times, they won't say what they've handed over, who was affected, but basically Bloomberg says that yes, they've fallen for this. The thing is, the company that is getting this request is basically faultless because they're like, look, someone presented a valid EDR. What am I supposed to do?

I think we need to get the blockchain involved. That would fix this problem. Maybe if you could verify everything on the blockchain. Blockchain, blockchain.

Graham, do you need some water or something? Yes, it's so weird today. I had water last week. We know what happened. Good question. I think watch this space because this is basically swatting on steroids. It's not great.

Good caveat there, yes. You weren't actually advising all our listeners to kill themselves.

No, not usually anyway. I jumped in, Graham. I jumped in. I saved us.

Well done, well done.

Thanks. But what occurred to me is that we are definitely going to need a term for this, right? Because we have things like phishing and whaling and smishing and they're all kind of ridiculous. So I don't know what we would call an attack like this when you impersonate a cop to use an EDR to get somebody's info. Any thoughts what we should call something like this?

I don't know. Why don't we stay simple? EDRing.

EDRing? It's not very catchy. No. I'll leave it to you then, Graham. You're so good at this.

Yes, Graham. What do you think we should call it? Pulchritudinous?

A wise one. Apparently Graham's neighbor's kids call him King Graham the Great.

Oh, I'm sure that won't go straight to your head. Yeah. Well, I told them to. And they do. I also insist on no eye contact. I've got them under control. Well, Maria, we are in sync. Mine also has cops and murders. And murders.

Not really. Sometimes a little bit. You know, Midsomer Murders, that kind of thing. Forensic Files, clearly.

Yeah, Forensic Files is pretty good. Okay. Yes. Because I have a quiz.

I'll be so out of my element. Yeah, you're going to play blind.

And Graham, you have a little bit of knowledge in this area, okay? Between 2019 and 2020, the U.S. murder rate went A, up, B, down, or C, stayed the same. 2019 to 2020.

During the pandemic?

Yep.

I would think it went up because all those people staying at home and getting fed up with their partners.

I think it dropped. Interesting. It rose massively. The largest single-year increase in more than a century, up 30%.

Wow. Good thing I stayed at home.

Yes, and they like you there. Now, question two. What percentage do you guys think of murders get solved? So a quarter, half, three quarters, or almost all?

I would say almost all.

You'd say almost all? Okay.

I was thinking less than half, a quarter. So yeah, no, it would decline from 61% of murders that were solved in 2019 to 54%. So just over half are solved.

Was it 1472?

Yes, correct, Graham. No, 1986 was when a first case was. And you know, it helps place suspects at a crime scene. It also enables forensic genealogists to solve cases that went cold decades ago. So we have the technology to extract DNA evidence. So why are there so many unsolved crimes? More than half go unsolved.

Why would that be? Well, the DNA testing labs are very busy, I would think. And there's probably a queue and it costs money. To be able to match it to the right person, right? Because you may have this DNA and go, we know everything about the DNA, but we don't have a match. And maybe the person who's murdered, no one really

Ever liked them anyway. You know, is it? That

Was more of my thoughts, oh, they're dead, whatever. Yeah, exactly. They're not complaining.

Right. Another reason on this is the DNA testing companies like Ancestry and 23andMe have largely resisted cops accessing their database. So they've joined together and kind of said, no, no. Are they behind the murders? Are they behind the murders? Murders!

Is that why they're holding on to all that DNA information? We don't want it leaking out and people finding out we were responsible. So you might remember the Golden State Killer. So this is someone who's committed 13 murders and dozens and dozens of rapes in California. The whole case went unsolved for decades. They had no idea who the person was. Until the FBI decided in 2018 to use DNA evidence from a sexual assault to build out the perp's likely family tree, known as forensic genetic genealogy.

DNA solves?

Yeah, dnasolves.com. And on the homepage, you'll see featured cases. Right. And you will see they'll give you highlights of a case that they're trying to solve. This will often be an old case, a cold case. And they'll say we need five thousand in order to process this data and then we'll submit it. Right. So that cops will have more information in order to. Worse than I thought. Yeah. Right. So you can go through this and you can kind of go, oh, I really want to help a particular type of person. So you might just go and fund specific cases. This

Is GoFundMe for justice. Oh, come on. This is heartbreaking.

Is it, Maria? Is it? Is it?

I hate that it exists. I understand that. It's not bad. I hate that it exists.

There should be another way, is what you're saying.

Because, yeah, if it didn't exist at the moment, the argument would be, well, the cases will just sit and gather dust until we have enough money and resources to do it.

Which will be on St. Never's Day. So, yeah. Exactly. And there's all kinds of groups sprouting up all over the place. There's this company called Othram, which is a purpose built police DNA resource, right? It's receiving money from philanthropic donors all over the place. You have nonprofits called Season of Justice, which raised 250k through some crowdfunding and so far has made grants towards 53 unsolved murders. You've got DNA detectives on Facebook, helping strangers find unknown parents. So many, go for it, go nuts. Oh, I mean, I'm just looking at that big contribute DNA button and I'm

Because they want your DNA in order to say the more DNA we have, the more that we can sort against it and find the real perps. We need lots of DNA to do that. So contribute it, give it away.

I have not murdered anybody though. So as far as I know anyway, so I mean, if they're looking for say murderers, how does having my non-murderer DNA help them? I don't quite understand.

Because you might have a relative. Isn't that the reason? It might be Uncle Bob, right? Yeah. Uncle Bob is a bit shifty. So, yeah.

So basically sort of accidentally snitch on a relative, you know, if they murdered somebody.

Well, without snitching. And in fact, if your brother or sister, for example, did it, then there'd be information on you, right? Even though you didn't decide to partake because you share DNA.

Let's go out on a not so long limb here. Nobody in my family has murdered anybody. So seriously. Good to know. Yeah. So, I mean, I'm why would I? I still don't understand why I would want to get my data. But what if there was

A cold case from 200 years ago, or maybe 25 years ago, and it was a distant cousin?

I don't really like the idea of people having my DNA data. Why? Because they might get hacked? Well, I know that some of these websites have been hacked in the past, and DNA data has been stolen. But other than that, also, you don't know how it might be misused in the future. If some evil regime comes into play governing our countries in the far-flung future, and they may decide, oh, well, we don't really want podcasters anymore. Can we round up anyone who's podcasted in the past or have genetic similarities to podcasting?

And there's not much regulation out there for this either, right? So there's companies snapping up these companies. Like 23andMe, I think, has just been bought. Ancestry has also just been bought. There's lots of money going around in this area, and they're being bought by people that want to make a buck. It's going to take ages for regulation to catch up. So there's this little Wild West thing happening.

It's all these margins, gray area stuff. I get the need for the financial contributions as much as I'm just, I hate that that's necessary, but I get it. It sucks, but I get it. But I just, why do you need my DNA for that?

To your point though, Maria, that you made earlier saying, I don't really like this. There seems, and I know nothing of DNA evidence really, right? But I did see a number of reports and papers that were saying, look, there is nuance to interpreting DNA. So there is suggestion that there can be bias based on race or based on anything. That adds a little cloud to that.

So Uncle Bob made me not be dodgy after all.

Well, exactly. And then you've put him in the clink just by swabbing your mouth and slapping it across. Yeah.

Maria. So I don't think you should do it.

I wasn't planning on it, but it raises more questions than it answers.

And you're not alone because people are sitting on the fence when it comes to DNA evidence being used. So in a Pew survey of more than 4,000 U.S. adults, 48% said they were okay with DNA testing companies sharing customers' genetic data with police. A third said no way, and 18% were don't know.

So a lot of people sitting on the fence, it seems to be a prime place to scoop up some DNA then. Just something to think about, folks.

I'm still sore that I did an Ancestry thing years and years ago with my parents. And it's when it was new. My mom was very into it. And so it's, yep, now that's out there. So I got burned by that. And now it's, all right, I'll be real careful with this stuff.

Yeah, well, you could now go to, you could go to a website and go see if you have long lost relatives. GEDmatch.com.

Yeah, I think they've been hacked in the past.

There you go. Fun times.

Collide sends employees important, timely and relevant security recommendations for Linux, Mac and Windows devices right inside Slack. Collide is perfect for organisations that care deeply about compliance and security, but don't want to get there by locking down devices to the point where they become unusable. So instead of frustrating your employees, Collide educates them about security and device management while directing them to fix important problems. Sign up today by visiting smashingsecurity.com slash collide. That's smashingsecurity.com slash K-O-L-I-D-E. Enter your email when prompted and you will receive a free Collide goodie bag after your trial activates. You can try Collide with all of its features on an unlimited number of devices for free for 14 days, no credit card required. Try it out at smashingsecurity.com slash Collide. That's smashingsecurity.com slash K-O-L-I-D-E, and thanks to Collide for supporting the show. So imagine this scenario. You're out of the office unexpectedly and a colleague pings you because they need access to some system you have credentials for. Now, listeners would never send passwords over email or Slack, but what about your co-workers? How many organisations out there are sending logins back and forth in plain text? Worse yet, how many just store all of their logins on a shared spreadsheet? We all know that human errors are the biggest threat to your organization's security. But did you know that stolen passwords account for over 80% of all data breaches? There are tools out there that allow you to share credentials, set access permissions, and monitor the dark web for stolen logins. Keeper Security's enterprise password management platform does just that. Keeper locks down logins, payment cards, confidential documents, API keys, and database passwords in a patented zero-knowledge encrypted vault, and it takes less than an hour to deploy across your organisation. Sign up for a Keeper free trial for your organisation today and get a free three-year personal plan. So get started by visiting smashingsecurity.com slash Keeper Security. That's smashingsecurity.com slash Keeper Security. And welcome back, and you join us at our favourite part of the show, the part of the show that we like to call Pick Of The Week. Pick Of The Week is the part of the show where everyone chooses to say anything. It could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security-related, necessarily. Well, my Pick Of The Week this week is not security-related. I have sometimes been called into question on this podcast regarding my pronunciation of certain words. Yes, I'm afraid so. I still haven't quite got over the seizure discussion. And there have been a few others over time. Now, I found a YouTube channel earlier today by a French chap, a winemaker. He says he's trained in Bordeaux. His name is Julien Miquel. And you know that champagne, Moët & Chandon?

Yes. You know that, Carole? No, you don't, actually, because did you know it is not pronounced Moët? Does he have a very strong French accent?

He has a slight French accent.

So his whole channel is about how he pronounces words?

Well, no, there's a lot about wine and that sort of guff as well, and I don't care about that. But it appears to me that his more popular videos are about how to pronounce words like Wednesday.

How do you pronounce Wednesday?

Let's listen to him explaining Wednesday right now.

We are looking at how to pronounce this word as well as how to say the name of all seven days in a week. How do you go about pronouncing this one? Wednesday. Wednesday. You could simply, as you can see on your screen, spell it as W-E-N-Z-day and then day. Wednesday. It's actually very easy. Wednesday. Gorgeous. He has a little charm about him, I think.

I'm just, there's everything on the internet. There's so much. Let's hope my response to your pick of the week is a bit more positive than yours was to mine. I would hope so. It's an appeal for money.

Well good luck with that.

Yes, it's a really great way to start on that. I'm doing in early August a 200 mile bike ride.

You're insane.

Across two days.

Oh my goodness.

Yeah, across two days. So August 6th and 7th I'm doing what's called the Pan Mass Challenge and it raises, 100% of everything that's donated goes towards cancer research at the Dana-Farber Cancer Institute. And they do a lot of cancer research, especially for children's cancers. So basically, I'm raising money for a cancer fundraiser, a cancer research fundraiser. Child cancer. Not just child cancer, but a lot of child cancers.

You had to play the cancer card though to get that. So now I feel like a git in my buildup to your pick of the week.

I've already decided that Smashing Security is going to give her $100.

Awesome. Yeah, that would be amazing. Thank you, because I have to raise $6,000.

All right, listeners, you've heard Maria. It's time to crack open those wallets if you can. If not, you can just send Maria good luck.

Yes, you can follow me on Strava or whatever, cheer me on as I'm training for this. That would be amazing.

How do we donate money, Maria, to this cause?

So I definitely, I'll give you the link to my PMC profile where you can donate. But if you're listening and just need to write down the link bit.ly slash Maria PMC, and it's all lowercase because it is case sensitive. So bit.ly slash Maria PMC will take you to my fundraiser page. And you can see on there the scant amount of money that I've raised so far, as well as the log of all the training rides that I've done. I just did a 50 mile ride on Saturday.

You're incredible. 50 miles? I don't even think Graham's electric car can drive that far.

I also have an electric car, but it can definitely go more than 50 miles. Yeah, you can see the log of all my training rides. And I'm working my way up to doing 100 in a day and then about 80 the next day.

Okay people have got to go to this bit.ly slash maria pmc.

Yeah all lowercase on the maria. All lowercase, isn't that crazy? Yeah so yeah there you go. If you work for a company that does corporate match, you can please do that too because you've got plenty of time to do that. And because my ride's in early August 2022, so I would love your support. I'm very bad at fundraising, but I really want to raise money for this great cause.

You're an inspiration, Maria. 50 miles at the weekend, 200 miles in September.

You're my inspiration. In August. In August. In August, yeah. Sorry, he fell asleep. That's okay. All right. So, yeah.

The thing is, if I did the ride in August, I'd probably finish in September. That's the thing.

Honestly, my worry is that that will also be my situation. That's why I'm training so hard because I know I'm going to be one of the very, very last people to roll through the finish line because I'm very short. And I'm not that strong or fast a rider, but I'm training hard, so I'm not taking 15 hours to complete.

Maria, are you allowed to use an e-bike? Or does it have to be a real bike?

No, I think that goes against the spirit of the whole thing.

Oh, okay. I won't tell. You are going to be knackered and your legs and your poor bottom, what kind of saddle do you have?

I have a Terry saddle which makes amazing saddles specifically for women's anatomy. If you want to know, I will happily answer any cyclist nerd questions on Twitter. I love this stuff so if anyone wants to ask me about my gorgeous Bianchi, I'll gladly talk about it. And not bore everybody else. All right.

The words we're learning this week, beard, Bianchi.

Bianchi. Bianchi. Like Bianca Jagger. It's a type of bike, Graham.

Well, I went for a Netflix movie. Well, it should have been a series, but it's a beautiful stop motion animation comedy horror drama for adults. And it's called, okay what's it called? It's called The House. Oops, you made a big impression.

No, no.

I suddenly thought it was called Home but it's called The House. It came out in January. Okay, did you see it Maria?

I saw the preview for it and I wanted to watch it and I think I just was not in a good place for that at the time.

So worth watching though, it's so good. So it features the voices of Mia Goth, Jarvis Cocker, Susan Wacoma, Helena Bonham Carter. Filmed in the UK. And it basically has three different stories all set in the same house. The first story has a father, Raymond, a mother, daughters, Mabel and Isobel. And they're pretty poor. And the dad, Raymond, is drunk and irritated and feels like a failure. He was just visited by wealthy, stuck-up relatives and he just feels like a bit of a loser. And whilst he's walking around grumbling, grumbling, he encounters a mysterious architect called Mr. Van Schoenbeek. And he meets him in the forest one night, and he accepts Mr. Van Schoenbeek's offer to move into a new luxurious house built for them at no charge. And then things start getting super peculiar. I loved it. It's really refreshing. Just look and feel and stop motion, right? It's just a beautiful way to communicate stuff. And lots of work, right? Each of the segments apparently required more than 20 weeks to produce. So if this sounds cool or you've heard of it and you were kind of hemming and hawing, I say check it out. It's called The House on Netflix. That's my pick of the week.

And is it just for adults or would it be appropriate for younger people as well?

No, not young people. No, but maybe tweenies. I don't know. There's going to be an age limit. Look at the age limit. Judge for yourself. I'm not taking that on.

I'll have to give it another shot because I tried watching it. I just it was early January. So I was like, this is a little too dark for me.

It is dark. And it is horror-y, but it's also got some really cute bits. And Jarvis Cocker has a great voice and he has a great character and attitude.

I love the animation style.

Me too.

I thought it was just incredible. So I need to give it another shot. All right. I will do that. There you go.

Super duper. Well, I think we've just about wrapped it up for this week. Maria, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?

bit.ly slash Maria PMC or at M. Vamarsis on Twitter. You can talk to me there too.

And you can follow us on Twitter at Smashing Security, no G, and we also have a Smashing Security subreddit. And don't forget to ensure you never miss another episode. Follow Smashing Security in your favourite podcast app. And maybe if you really like the show, you could tell someone about it or leave us a review.

And a huge thank you to this episode's sponsors, Collide, Keeper Security, and to our wonderful Patreon community. It's thanks to them all that this show is free. For episode show notes, sponsorship info, guest lists, and the entire back catalogue of more than 269 episodes, check out smashingsecurity.com.

Until next time, cheerio.

Bye-bye.

Bye. Bye. And I just remembered something. I didn't plug the thing where I said I'd wear a company's logo on my back if they gave me enough money.

So come on, Elon Musk. Come on, Geoff Bezos. Come on, Church of Scientology. Any of you want to spot? She doesn't care.

Some discretion will be used, but we can have that conversation. Let's put it that way.