Smashing Security podcast #272: Going ape over the Kardashians, and the face of romance scams

Industry veterans, chatting about computer security and online privacy.

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 / grahamcluley

Smashing Security podcast #272: Going ape over the Kardashians, and the face of romance scams

Members of The Bored Ape Yacht Club get that sinking feeling, a face unwittingly launches hundreds of romance scams, and is an as-yet unseen Kim Kardashian sex tape a load of old Roblox?

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by BBC cyber correspondent Joe Tidy.

0:00
0:00 0:00
0:00
Show full transcript
TranscriptThis transcript was generated automatically, probably contains mistakes, and has not been manually verified.
JOE TIDY
But there's also an advert for an as-yet unseen sex tape of Kim Kardashian.
GRAHAM CLULEY
It is a bit surprising that there is an as-yet unseen sex tape of Kim Kardashian, isn't it?
JOE TIDY
No comment.
CAROLE THERIAULT
How long have sex tapes been a big driver for celebs that need to have a little boost?
JOE TIDY
Mine hasn't taken off.
Unknown
Smashing Security, episode 272: Going Ape Over the Kardashians and the Face of Romance Scams with Carole Theriault and Graham Cluley.

Hello, hello, and welcome to Smashing Security Episode 272. My name's Graham Cluley.
CAROLE THERIAULT
And I'm Carole Theriault.
GRAHAM CLULEY
And Carole, we are joined this week by someone who's returning to the show. It is the BBC's cyber correspondent, Joe Tidy. Hello, Joe.
JOE TIDY
Hello.
CAROLE THERIAULT
Welcome back, Joe.
JOE TIDY
It's good to be back. I'll try not to spill my tea this time. Do you remember that? I sent my tea, launched it through the air, and it landed all over me and my wife's knicker drawer.
CAROLE THERIAULT
So you've been busy.
JOE TIDY
Yes, it's been quite busy. I've been doing some strange stories lately. But yeah, it's a very busy time.
GRAHAM CLULEY
And you're off to El Salvador, is that right?
JOE TIDY
Yeah, yeah. So I'm flying out in a few days' time.

We've been trying to get out there for a while actually, but we're going out there to do a documentary for the BBC about cryptocurrency because El Salvador is the first country in the world to make bitcoin legal tender.

And it's been a sort of semi-success slash we don't really know, we're going to go and find out.
GRAHAM CLULEY
Ooh, you go digging around and see what's really going on out there.
JOE TIDY
Exactly, and see actually whether or not people are using it. Because the president, Bukele, he loves it. He's a proper crypto bro. And he's trying to get the whole world using it.

But actually, I think the truth on the ground is different.
CAROLE THERIAULT
Crypto bro. I love it. I can't wait to watch it. Now, how about we thank this week's sponsors, Kolide and NetFoundry? Their support helps us give you this show for free.

Now, coming up on today's show, Graham, what do you got?
GRAHAM CLULEY
Oh, I'm going to be going ape over the latest theft of NFTs.
CAROLE THERIAULT
You're NFT mad these days. Joe, what about you?
JOE TIDY
Well, I told you I've been doing some weird stories lately. I'm going to tell you about the mysterious case of the Roblox sex room that Kim Kardashian's son apparently found.
CAROLE THERIAULT
Oh well, I think we should stop there. I don't need to have a story at all. No, and I'm going to talk about the face behind thousands of romance scams.

All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY
Now, chums, chums, are you property magnets? Have you ever been interested in investing in property? You know, becoming a landowner? That's where all the money is, isn't it?
CAROLE THERIAULT
Yes, I would love to do that. It just needs a lot of wonka, doesn't it?
JOE TIDY
Yeah, same.
GRAHAM CLULEY
Well, I think a lot of us, we look back jealously at ages gone by and people who invested in property long ago or land and now continue to live off the riches and think, well, how can we jump in?

Well, the answer might be, of course, with virtual property and virtual land.

If we aren't successful at actually buying real land here on planet Earth, maybe we can buy it in the metaverse instead.
CAROLE THERIAULT
What? You could actually just kill me and put me in a coffin and I could just live in Metaville of my—
JOE TIDY
Metaville.
GRAHAM CLULEY
I think you're thinking of Farmville. I think you're a little bit 2005 there, actually, Carole.

But anyway, let me get to that in a moment because there is more bad news from the world of cryptocurrency and NFTs.

You'll remember last week I told you about a man who had his cryptocurrency wallet emptied after hackers craftily gained access to his Apple iCloud account.

Because it turns out Apple on your iPhone are backing up all kinds of data from your apps unless you specifically tell it not to.

And the data it backed up included his MetaMask crypto wallet seed phrase.
JOE TIDY
Oh dear.
GRAHAM CLULEY
And so when the hackers gained access to his iCloud, they were able to empty out his wallet. Oh dear indeed.

Now, this week, word reaches us of another attack, this time not involving a phone call coming out of the blue, but instead a message which was posted on the official Instagram account of the Bored Ape Yacht Club.

Now, these chaps, these bros, these simians, we've talked about them before.

The Bored Ape Club, for anyone who hasn't heard us talking about these before or somehow missed this phenomenon, and I can understand why you might want to choose to ignore it, The Bored Ape Yacht Club is the cool place to be if you're into NFTs, non-fungible tokens.

What they are selling are NFTs, which are algorithmically generated cartoon apes, each one unique.
JOE TIDY
Yeah.
CAROLE THERIAULT
Anyone who's listened to the show will have heard this dozens of times.
GRAHAM CLULEY
You'll have heard this already. Exactly. And there are all kinds of perks which you get.
JOE TIDY
And anyone who watches Jimmy Kimmel or follows any rappers, I mean— Yeah, that's right. These NFTs are the NFTs, aren't they? They're the big ones.
GRAHAM CLULEY
Snoop Dogg, Justin Bieber. Madonna.
JOE TIDY
Eminem.
GRAHAM CLULEY
Yeah, Eminem. Paris Hilton went on the Jimmy Fallon Show. They compared apes with each other. Really weird stuff.

Now, another way in which the hype continues, apart from the celebrity endorsement, is that Yuga Labs, the parent company of the Bored Ape Yacht Club, announced airdrops.

And an airdrop, it's sort of asking you, well, you know, if you could own something in the cryptoverse, why does it have to be a picture of a cartoon ape?

Why couldn't you also own virtual land. So what Yuga Labs is saying and what they're about to launch is something where they'll have this Otherside metaverse.

They're calling it the Otherside, which is where there'll be virtual land and you can buy plots and maybe you can sell the plots to other people, all in the form of NFTs.

And obviously, 'cause it's virtual land, they have an unlimited amount of this and they can choose when to release new stuff.

But what you do with an airdrop is you can say to people who've already bought some of your NFTs, we're gonna give away some of our virtual land space to you for free.
CAROLE THERIAULT
Can I ask a question?
GRAHAM CLULEY
Yes.
CAROLE THERIAULT
I just wanna know, is this virtual land space limited in size or is it infinitely sized?
GRAHAM CLULEY
Well, I imagine it's going to be limited, isn't it? 'Cause they obviously want to bump up the price.

People who buy it want to feel there's a limited number, just like there's gonna be a limited number of apes.
CAROLE THERIAULT
Right.
GRAHAM CLULEY
But there's always the potential for Yuga Labs to roll out more if they want to in the future.
CAROLE THERIAULT
We've just extended it by 8 bazillion fake miles.
JOE TIDY
So the one you bought last week is worth half.
CAROLE THERIAULT
Exactly.
GRAHAM CLULEY
But it might be a particularly attractive place, or you might be located next door to Kim Kardashian or whoever it is.

You know, there's all kinds of ways in which they could make these locations, just like you would choose between the old Kent Road and Mayfair, and one of them is going to be more attractive than the other and worth a different value.

So, the value of these land could be at different prices as well.

So, the idea is that if you've already got a Bored Ape NFT, if you get airdropped, you'll be given some land for free. And so people think, whoa, blimey, that's fantastic.
CAROLE THERIAULT
This is so generous. I can't believe it.
GRAHAM CLULEY
That's a reason why I want a Bored Ape NFT.

And so at the start of this week, the official Instagram account for the Bored Ape Yacht Club posted an image saying that an airdrop was happening right now and that fans should claim their virtual land.

All they had to do was click on the link in the Instagram's account profile and connect their wallet and bingo.
CAROLE THERIAULT
Are you kidding me? Okay.
GRAHAM CLULEY
I think you're ahead of me, Carole. What could possibly go wrong?
CAROLE THERIAULT
Mm-hmm.
GRAHAM CLULEY
Well, of course, what went wrong was although that message was posted in the official Bored Ape Yacht Club Instagram account, it wasn't posted by the Bored Ape Yacht Club.

Someone had hacked that account and posted the message, and they'd linked to a lookalike page in order to trick people to do this with their wallets.

And their wallets were instantly emptied by the hackers of their NFTs.

Millions of dollars worth of Bored Apes and Mutant Apes and all the other NFTs were transferred out of those wallets and instantly sold to the highest bidder on NFT auction sites.
CAROLE THERIAULT
If this is not a reason to discredit these stupid algorithmic ape designs and say, actually, they're worthless, because then they will have gotten away with nothing as opposed to something.

But that's too much to ask.
GRAHAM CLULEY
Well, they are of questionable value. What's your opinion on NFTs, Joe?
JOE TIDY
Well, I love this story. And you hear these stories all the time. There's something about NFTs and cryptocurrencies that make them extremely hackable.

Of course, this was actually a really simple, fiendish hack because of course they didn't hack the NFTs or anything. They just took over the Instagram account.

And of course these guys are the pioneers of the NFT world, the metaverse, the future Web3 that we're all hurtling towards, whether we like it or not.

But at the same time, they all have— probably they all share the same Instagram. There's probably an admin password. It was probably admin123.

And someone thought, you know what, instead of going after the actual NFTs, why don't we just take over their Instagram and get people to send the NFTs to us willingly.

It's really clever.
GRAHAM CLULEY
Yeah. What is interesting is that the Bored Ape Yacht Club say that they had all the security measures in place on their Instagram account.

They say they had two-factor authentication enabled, and one assumes it wasn't via SMS, you know, which is obviously a much weaker form of two-factor authentication.

You think they're probably too smart to use that, which makes me think, well, how did that account get hacked?
JOE TIDY
It's a good point. Yeah, I mean, I assumed— I didn't read that about the two-factor, but yeah, I mean, that does add a whole other layer of complexity, doesn't it?

Because obviously the SIM swapping side of things, that's been solved by the hackers.

So doing two-factor over your text or whatever isn't that secure, because if someone knows your number, then they can spoof that number and get the code they need.

But I mean, yeah, now you see, Graham, you've just got me very interested in this story. I wasn't going to cover it on the BBC, but now—
CAROLE THERIAULT
Well, yeah, well, just cut and paste, cut and paste.
GRAHAM CLULEY
Well, I think there's three possibilities. I think one possibility is that the hackers— and you can do this with two-factor authentication.

Two-factor authentication is not 100% security. There are ways of getting around it, although it's much more complex.

One way would be that at some point someone at the Bored Ape Yacht Club had their two-factor authentication code stolen. So maybe they were phished.

They were sent to a page where they were asked for their two-factor authentication code. It wasn't the real Instagram login page, it was somewhere else.

And at that instant, in real time, the hackers used the two-factor authentication code which was entered to gain access to the Instagram account themselves.

So you can do this using a sort of proxy phishing attack.
CAROLE THERIAULT
And the person didn't notice and didn't do anything about it. And they worked so quickly.
GRAHAM CLULEY
Well, there's—
JOE TIDY
Item 1.
GRAHAM CLULEY
Item 1. Okay.
CAROLE THERIAULT
2.
GRAHAM CLULEY
That's one method. The second method would be if the Bored Ape Yacht Club had more than one person using the Instagram account.
CAROLE THERIAULT
Which of course they probably did.
GRAHAM CLULEY
Which, yeah, it's quite possible they would.

Then they need some mechanism for people to share the two-factor authentication code, whether it be via a password manager or a Slack channel or whatever it is.
JOE TIDY
Now you're talking.
GRAHAM CLULEY
And now if that got hacked and someone else gained access to that, visibility of the two-factor code, then that would be a way for them to get in. So that's a possibility as well.

My third theory, and I can't think of any more than three at the moment, so I'm interested if anyone else, you know, any listeners have an idea as well, is that Instagram has a problem.

And you do find on the underground cybercrime forums people who claim that they can hack basically any Instagram account.

And that would probably be done either via vulnerability or, to my mind, more likely via rogue insider at Instagram who might have the ability to restore people's access to accounts.

And if they were a bit dodgy or if they were bribable, then they might be able to do it. You remember, of course, when Twitter got hacked and lots of celebrities—
JOE TIDY
Yeah, the great Twitter hack. That was the same thing, wasn't it? That was someone getting access to the backend through an employee.

And we're seeing this a lot with the— Have you seen the Lapsus$ cybercrime gang? Yes.
GRAHAM CLULEY
Yeah.
JOE TIDY
That seems to be their specialty. They are very good social engineers and they can get into the backend of systems.

And sometimes they have been advertising on their Telegram, hey, anyone work for any of these big companies, please talk to us. We'll pay you for access.
GRAHAM CLULEY
If you're a company who thinks you might get targeted, it'd probably be wise to subscribe to that Telegram channel and keep an eye open, see if your name gets mentioned.
JOE TIDY
It's a pretty good channel, to be honest. I've been on there quite a bit. It's got about 50,000 followers.
GRAHAM CLULEY
It's amazing.
JOE TIDY
Yeah, get the popcorn out.
CAROLE THERIAULT
Don't you think it's kind of in the name though?

Maybe they just got so bored, the guys at the Bored Yacht Ape Club, that one of them just thought, you know what, I'll just rip off all our users and slam that money into a secret account.

And then we'll just say, oh God, I have no idea what happened. Let's reinvest. We're good guys.
JOE TIDY
And here's some Bored Frog Yacht Club NFT things.
CAROLE THERIAULT
Yeah, TM that, Joe. TM it. Could be worth billions.
GRAHAM CLULEY
I've got another theory as to why these NFT-related scams keep happening, which is, in effect, NFTs themselves are a bit of a scam, right?

Because if you want the image or if you want the song, you can just download it, just right-click on it, save as, and copy it to your hard drive.

You don't have to own the NFT or the link in the blockchain to it.

So maybe NFTs and cryptocurrency are really focused on the gullible anyway, in which case maybe you are more prone to getting hacked or being duped or connecting your wallet.

Maybe there is a sort of inherent background radiation of gullibility here, which the bad guys are taking advantage of. Am I being harsh?
JOE TIDY
No, I think there's something there. And I also think there's even more to it than that.

I think that perhaps people who are involved in NFTs and crypto schemes, they might be on the more kind of trusting— maybe I wouldn't use the word gullible.

Maybe I would say they are very trusting of new ideas on the internet. But also, they want to get rich.

If there's one thing we know about NFT or crypto bros, they want the next thing that's going to go up in value.

I think very rarely will people admit to— well, they would probably lie, actually. But I think very rarely would they say, oh, I'm doing this for the art.

I'm doing this because I like the image. No, you're not. You're doing it because you want to get rich or you want to be part of a rich boy club.

And I think this story with this latest hack is also indicative of the direction we're going in because NFTs historically have been looked at by nonbelievers as, as you say, a bit of a con because you don't even have the copyright for the image.

All you've got is this bit of code on the blockchain.
CAROLE THERIAULT
And no one even knows what ownership means.
JOE TIDY
Yeah, but with Bored Apes, what we're seeing is these guys, they recognize there's the flaw in the system.

So now they're saying, "No, no, no, it's not just the code in the blockchain, you're part of our club." So we're now releasing land in the metaverse, we're doing these things with toxic— they're combining two apes with some toxic thing and then you get another ape.

And then they're starting to do physical events as well. So they're having to work a lot harder, I think, to convince people that actually these products are worth it.

And this post that caused this hack kind of shows that.
CAROLE THERIAULT
Yeah, interesting, interesting.
GRAHAM CLULEY
Mm-hmm.
CAROLE THERIAULT
Great, Graham. Well, thanks. I'm loving learning about NFTs every single week.
GRAHAM CLULEY
You can be quite catty, can't you, Carole?
CAROLE THERIAULT
Occasionally, yeah.
GRAHAM CLULEY
Yeah. It's just, you're not the Bored Ape, you're sort of the Bored Carole Yacht Club.
CAROLE THERIAULT
Yes.
JOE TIDY
The Bored Cat. Yes. There are some really popular cat NFTs actually out there.
CAROLE THERIAULT
Oh, really? Oh my God.
GRAHAM CLULEY
Oh, don't tempt her. Now she's interested. So Joe, what have you got for us this week?
JOE TIDY
Well, as I say, this isn't really cybersecurity, but my brief does extend in other directions. And this one, I just couldn't resist looking into.

So do any of you watch, or have you watched, Keeping Up with the Kardashians?
CAROLE THERIAULT
No.
GRAHAM CLULEY
My only contact with Kardashians has been in Star Trek: Deep Space Nine and things like that. Is she in that? I think so. I think I've heard of the Cardassians. That's it though.
CAROLE THERIAULT
What is this? This is Cardassians. Is that— What are you doing that for? Shields?
GRAHAM CLULEY
Yeah, they've got sort of bumpy foreheads, haven't they? And they're not the Ferengi ones.
JOE TIDY
Oh, are they not— They're not Klingons?
GRAHAM CLULEY
No, no, they don't—
JOE TIDY
They've got bumpy heads.
GRAHAM CLULEY
Well, they've got bumpy— Basically every alien in Star Trek has a bumpy head.
CAROLE THERIAULT
That's how you show aliens from people in Star Trek.
GRAHAM CLULEY
They have a Cornish pasty sellotaped to their forehead. That's how they do the makeup on them.
JOE TIDY
The creativity on that show, eh? It's amazing. So anyway, okay, you are Kardashian non-believers currently.
GRAHAM CLULEY
Newbies. Yes, happily so. Okay, happily so.
JOE TIDY
Well, there was a show called Keeping Up with the Kardashians. It was massive, and then they had a couple of years' pause.

They're back with a new show called Kardashians, which again took a long time in the creativity department to come up with that. And this one's on Hulu and Disney+.

It launched a couple of weeks ago, and in the first episode, the whole episode revolves around this dramatic moment when Kim Kardashian's son, Saint, runs into the room with his iPad, and he says, "Mummy, mummy, look what I found on Roblox." Roblox, of course, this ginormous game.
GRAHAM CLULEY
Yeah.
JOE TIDY
Where lots of mini games inside a big game. Really, really popular with young people.

So he runs in and says, "Mummy, I found a Kim Kardashian experience on Roblox." Look at this on Roblox!
CAROLE THERIAULT
Who made that? Who?
JOE TIDY
Who made that?
CAROLE THERIAULT
Let me see.
GRAHAM CLULEY
Let me see.
CAROLE THERIAULT
Click on it.
JOE TIDY
As you see on the screen, they all look very shocked.
CAROLE THERIAULT
There was a picture of my cry face, and then I looked at it and it said something super inappropriate, like Kim's new sex tape.

No, it was an inappropriate thing that popped up on his Roblox about me. That says they're leaking something that someone said.
JOE TIDY
And Kim is very upset to find not only is it a room with her—lots of pictures of her cry face, as she calls it, but there's also an advert for an as-yet unseen sex tape of Kim Kardashian.
CAROLE THERIAULT
This is supposed to be unreleased footage from my old sex tape. The last thing that I want as a mom is for my past to be brought up 20 years later.
GRAHAM CLULEY
It is a bit surprising that there is an as-yet unseen sex tape of Kim Kardashian, isn't it? It's—
JOE TIDY
No comment.
CAROLE THERIAULT
Has she done these before, sex tapes?
JOE TIDY
Oh yeah, so in 2007, there was a sex tape released of her, and I think it was a rapper, I think.

Anyway, that in some ways put her on the path to become this incredible reality TV star and businesswoman that she is. Right, so there are tapes out there.

Anyway, so obviously very, very serious. You know, this is her 6-year-old son. He stumbled across a room with pictures of his mum crying, which is, you know, maybe a bit disturbing.

And then there's this advert for a sex tape. Very, very serious thing.

And as Kim Kardashian says in the show, you know, thank God he can't read, because that would be pretty disturbing.
GRAHAM CLULEY
Like the other members of the Kardashians are.
JOE TIDY
Again, no comment.
CAROLE THERIAULT
Yeah, me neither.
JOE TIDY
Anyway, so normally you'd look at that thing and you think, yeah, all right, whatever.

But Roblox came out last week and said, yes, there was a Kim Kardashian experience room and this message was there. We deleted the room and we've banned the creator.

And I thought, wow, there's a story there. You know, that's pretty shocking that that was on there.

Then when you start looking into it, and this is why I'm really fascinated by this story, Roblox says only a few dozen people actually discovered that room.

Of the hundreds of millions of players out there, and of the millions of rooms on Roblox, only a few dozen, according to their data, actually found that room.

So the chances of that being Saint completely on his own—
CAROLE THERIAULT
Yeah.
JOE TIDY
I mean, as one Roblox developer put it to me, it's astronomically small that he would have stumbled across that room while they were rolling, I might add.
GRAHAM CLULEY
Oh, oh, oh, hang on a moment. Hang on a moment. I think I know where he's going here. Are you suggesting that maybe this was done for the cameras a little bit?
JOE TIDY
Whoa, whoa, whoa. I would never say such a thing with such a litigious family as the Kardashians. But I spoke to their family representative for the BBC article I wrote.

And they said lots of things to me which they won't allow me to comment on. But they would allow me to say that it was not falsified. The scene was not falsified. So—
GRAHAM CLULEY
But maybe re-enacted.
JOE TIDY
Well, yes, I think he wasn't reading a script because—
GRAHAM CLULEY
I mean, okay, so you say it's astronomically small that they would discover these things.

I have a son who quite likes watching YouTube videos, and I think he's done jolly well keeping up with the number of videos posted on YouTube. I think he is catching up quickly.
JOE TIDY
What, 100 hours every minute?
GRAHAM CLULEY
Exactly. There seem to be very few Minecraft or Fortnite videos that he has now not seen. So maybe Saint Kardashian could be put to work on finding other material.

If Roblox isn't very good at policing itself, maybe they could actually put this young lad — maybe he's the most talented member of the family.
JOE TIDY
As a super moderator.
GRAHAM CLULEY
Yeah.
CAROLE THERIAULT
Could it be some kind of weird algorithm thing because they're close in geographic location based on pseudo-anonymised personalised information, so they would be delivered to them?

But as a kid?
JOE TIDY
Yeah, quite possibly. But according to Roblox people—
GRAHAM CLULEY
Yeah.
JOE TIDY
I spoke to a few of them. They said the only possibilities are he did completely stumble across it. Astronomically small possibility of it happening.

He searched for his name or her name, and then spent a long time going through all the various keyword rooms.
CAROLE THERIAULT
And can't read.
GRAHAM CLULEY
Apparently.
JOE TIDY
And can't read.
CAROLE THERIAULT
Yeah.
GRAHAM CLULEY
God help him if he ever does that on Google and finds out more about his mother.
JOE TIDY
Yes.

And the other possibility, which I'm afraid the community is leaning towards, is that either the producers made it and handed in the iPad, or they found it and handed in the iPad.
GRAHAM CLULEY
How dare you?
JOE TIDY
Well—
GRAHAM CLULEY
What a terrible theory.
JOE TIDY
It is an accusation.
CAROLE THERIAULT
It's a theory. It's a theory.
GRAHAM CLULEY
It was a theory.
JOE TIDY
But as far as the Kardashians have said, and Hulu, they are just saying, "Hey, thanks for making it the most watched episode on their platform ever."
GRAHAM CLULEY
How convenient.
CAROLE THERIAULT
Of course. You see? How long have sex tapes been a big driver for celebs that need to have a little boost?
JOE TIDY
Mine hasn't taken off.
GRAHAM CLULEY
Link's in the show notes to Joe Tidy's sex tape. Carole, what have you got for us?
CAROLE THERIAULT
So recently, a friend dropped by for dinner. Okay, we're gonna call them Dodo. Okay, and Dodo has been single for a while, right?
JOE TIDY
Not Dido.
CAROLE THERIAULT
No, not Dido, we're just gonna call him Dodo.

And so, you know, I was encouraging Dodo to consider pursuing a few online dating sites, you know, just to peruse them and just see what spring 2022 post-COVID has done to online dating.

And Dodo grumbled saying they weren't ready, yada yada. But as you know, Graham, I like to push people.

So I said, why don't we just build a free account, you know, with your middle name or something, and we can go see what's out there?
GRAHAM CLULEY
This is purely for your own entertainment, isn't it? It's purely for you just to have a more fun dinner party.
CAROLE THERIAULT
No, no, it's not. It's not. It's also to help these people, you know, get out there again.
GRAHAM CLULEY
It's altruistic.
CAROLE THERIAULT
Ah.
GRAHAM CLULEY
Okay, all right.
CAROLE THERIAULT
Anyway, so my thinking was to show them, you know, there's quality people that are there.

So I randomly chose Match.com, because I've not been on online dating, right, in what decade? So, or how long have I been married?

And anyway, so you know, I just chose it randomly, and I have to fill in this huge number of forms, and in order to peruse these potential datees.

And a mandatory element in this process was uploading a photograph.
GRAHAM CLULEY
Right.
CAROLE THERIAULT
A picture of Dodo. Now, of course, Dodo was not ready to do this because, well, you know, they just weren't.

But they suggested that we grab any random photograph from a Google search that looked vaguely matchy to the profile that we put together and post it.
GRAHAM CLULEY
So you just go to Google Image Search, you look for BBC Newsround presenters of roundabout year 2000. Oh, here's one, a guy called Joe.

Okay, well, we'll put that up — something like that, yeah?
CAROLE THERIAULT
No, but have you heard of people doing this before? Not to be bad, but just because they wanna—
GRAHAM CLULEY
Yeah, because they don't wanna use their own photo. I get that.
CAROLE THERIAULT
Yeah. So someone could be using my photo to do this.
GRAHAM CLULEY
I don't think — can't help them. I don't, yeah, I don't think, Carole, come on, I don't think anyone—
CAROLE THERIAULT
As I have purple hair at the moment.
GRAHAM CLULEY
Anyone going on a dating site is gonna use your photo.
CAROLE THERIAULT
Okay, so I get it. I get it that people wanna do this to stay anonymous, right? That's probably why they're doing it.

But at the same time, it's really freaky that photos can just be uploaded willy-nilly.
GRAHAM CLULEY
I think the photos should be willy-nilly, ideally. Otherwise, you're definitely not gonna get anyone liking you. Sorry, it's a grubby joke. It's gone above your head.
JOE TIDY
And mine.
GRAHAM CLULEY
Yeah.
JOE TIDY
Something about willies.
CAROLE THERIAULT
Yeah, something about dicks.
GRAHAM CLULEY
I don't know.
CAROLE THERIAULT
Exactly.
GRAHAM CLULEY
Just let's move on.
CAROLE THERIAULT
So this whole process, right, got me to thinking about the people whose faces are used in things like romance scams.

I mean, a scammer doesn't throw up his or her own face up there, right? Their mug is never used.

Ideally, they find one that's attractive, more beautiful than them, and, you know, someone to kind of woo the victim. And the question is, how do they find these faces?

Do they just do a Google search my friend Dodo, or what?

So I was surfing the web looking for the story, and I landed on this article on how a US Army colonel had been the face of thousands of romance scams around the world for almost a decade now.
GRAHAM CLULEY
That's a bit like Alex Eccleston. Do you remember Alex came on the show and he said his photo was often used in romance scams?
CAROLE THERIAULT
Yes, that's right.
GRAHAM CLULEY
He's middle-aged looking. Well, he's quite good looking, in a sort of George Clooney sort of, you know — in other words, barely good looking at all.
CAROLE THERIAULT
It all starts with, you know, typical romance scam stuff, okay? So take Brandy's mom, Deborah.

So she gets a message on Facebook from a hot military guy called Colonel Blackmon, right?

And they get to chatting, and he asks about her family, what she does for work, does she have any grandchildren, tells her how beautiful her smile is.

He says his wife had left him after trying to kill their son, Alvin. So, you know, has stories.
GRAHAM CLULEY
Blimey.
CAROLE THERIAULT
And it wasn't until he started asking for money that the daughter, Brandy, felt something wasn't right.
GRAHAM CLULEY
Good for her.
JOE TIDY
Right?
CAROLE THERIAULT
Blackman was telling Deborah that doctors had found tumors on his son's stomach, that he desperately needed surgery. This was typical romance scam stuff at the moment.

And when Brandy searched Daniel Blackman, it wasn't what she expected because the real Daniel Blackman, the Army colonel in Oklahoma and happily married with kids.

And so when they contacted him, you know, they said, hey, do you know that your face is being used? He's like, oh yeah, it's been used since 2014.
JOE TIDY
Oh, he knows about it.
CAROLE THERIAULT
Yes, he knows. Most of the profiles use Blackman's full name and photos he'd shared previously on Twitter, though some used only his photos and a different name.

His selfies were their profile photos. They'd rip off pictures he posted online in uniform and shared them with women they spoke with.

There's this other woman who I just had to put in because her name was so fantastic. Connie Poindexter.
JOE TIDY
That's made up. That's not real.
CAROLE THERIAULT
It's gotta be. It's gotta be. Surely.
GRAHAM CLULEY
That's a deepfaked name if ever I've heard one.
JOE TIDY
Well, I was gonna say, you can get AI-made faces, can't you?
GRAHAM CLULEY
Yes!
JOE TIDY
So you can, with your friend, Carole, you could have used a person that doesn't really exist. I think the website is called This Person Does Not Exist.
CAROLE THERIAULT
Yeah.
GRAHAM CLULEY
Yeah.
CAROLE THERIAULT
Yes. And it is pretty scary how accurate they're getting. It's getting just too spooky. But this apparently happens all the time. Military romance scams are really common.

And the Army's Criminal Investigation Division has an entire webpage dedicated to informing people on how to spot and report them.

So if you kind of have a woo romance on one of these socials with someone who's military-ish, you should go and check out because they often say things like, oh, I'm off on, you know, I'm deployed and I can't get access to my bank account.

Can you fire me some money? Seems to be a huge scammy bit. Clever they use.
JOE TIDY
Did you watch this, what's his name? The Tinder Swindler, Simon.
GRAHAM CLULEY
Oh yeah.
JOE TIDY
Did you watch that one?
GRAHAM CLULEY
Yeah. Yeah, it was good, wasn't it?
CAROLE THERIAULT
Unbelievable.
JOE TIDY
It was about twice as long as it needed to be, but I thought it was very good.
CAROLE THERIAULT
Yeah, well, a lot of things are that way now, right?
GRAHAM CLULEY
Why not drag them out? Including our podcast.
CAROLE THERIAULT
So the thing is, though, is how— I was wondering, how is this for the real Colonel Blackman, right? Like, this has been going on for 10 years.

So I was reading through all these articles and you know, basically he gets regular messages on Twitter telling him that his profile is being used.

In fact, he's updated his Twitter profile to say, I'm the real Daniel Blackman. I do not follow if I don't know you. I'm only public on Twitter.

I'm happily married, not deployed, and won't ask for money. And that's just sitting there on his Twitter thing. He spends his time looking for fake accounts.

He goes out, he goes and tells people, hey, I think you're being scammed by someone pretending to be me. And he says often the people don't believe him.
GRAHAM CLULEY
Yeah.
JOE TIDY
God, he must spend so— must waste so much of his time.
CAROLE THERIAULT
Well, that's what I'm thinking. He says his wife doesn't even talk to him about it because it frustrates her so much.

And because the scammers often pretend that Blackman's now a widower, you know, she's been killed off in multiple different ways.
JOE TIDY
You could write fan fiction about this guy.
CAROLE THERIAULT
Right?
JOE TIDY
The backstory's amazing.
CAROLE THERIAULT
And when he reports these scams to socials, he gets a report in 12 hours that says it doesn't violate community standards.
GRAHAM CLULEY
Can I say, I don't want to watch the Kardashians. I want to watch the Blackmans. I want a reality fly-on-the-wall program following him and his wife. I can just imagine.
JOE TIDY
It sounds horrendous.
CAROLE THERIAULT
And this is a victim that we rarely think about. The person— we always think about the person who's being targeted, but not the person who's being used.

And what I'm amazed at is he's been used again and again and again. He says, you know, an account gets closed down finally, and then there's 5 new ones.

And it's been going on for almost a decade.
GRAHAM CLULEY
He must be a pretty hot hunk of love. Have you checked him out, Carole?
CAROLE THERIAULT
Yes, he's, you know, a distinguished gentleman.
JOE TIDY
Distinguished, yes, that's how I'd describe him. We did a story on BBC about a woman who was deepfaked in a romance scheme.

So she was doing FaceTime calls with this individual, and the signal was always quite bad, which obviously meant that the picture could be wrong, but his mouth was moving and the picture seemed okay.

And it was this, I think he was some sort of surgeon in Turkey, but that wasn't who they were talking to. It was someone else in Nigeria.

And the BBC reporter tracked down the actual surgeon in Turkey and said, how do you feel about this? And they were really upset and angry about it.

This was a professional, you know, person who was trying to do a good job as a surgeon, and there he was, his image being used and abused by these scammers.
CAROLE THERIAULT
And who knows if Mr. Colonel Blackman's going to be walking around sometime and get clocked in the face by some outraged woman.

Yeah, who just thinks, you, you know, you stole my cash. Anyway, so it's pretty insidious. And just, just, Joe, get the BBC to do more work on the poor people that are used.
JOE TIDY
I will, I will do my best. I tell you what, if someone hadn't have done that story already, that is a brilliant story. The fact that it's been happening to him for so long.
GRAHAM CLULEY
Yeah.
JOE TIDY
I mean, the rows with his wife about it, the time he spent. It reminds me of that guy on Twitter who's called John Lewis.

And every Christmas, everyone has a go at him for the Christmas ad or something. And he's like, I'm not the real John Lewis. Please leave me alone.
GRAHAM CLULEY
Kolide sends employees important, timely, and relevant security recommendations for their Linux, Mac, and Windows devices right inside Slack.

Kolide is perfect for organizations that care deeply about compliance and security but don't want to get there by locking down devices to the point where they become unusable.

So instead of frustrating your employees, Kolide educates them about security and device management while directing them to fix important problems.

Sign up today by visiting smashingsecurity.com/kolide, that's smashingsecurity.com/kolide, enter your email when prompted, and you will receive a free Kolide goodie bag after your trial activates.

You can try Kolide with all of its features on an unlimited number of devices for free for 14 days, no credit card required.

Try it out at smashingsecurity.com/kolide, that's smashingsecurity.com/kolide.
CAROLE THERIAULT
Smashingsecurity.com/kolide.
GRAHAM CLULEY
And thanks to Kolide for supporting the show.
CAROLE THERIAULT
The network is dead. Long live the network. This is the tagline from our sponsor this week, NetFoundry. Protecting applications is getting more complicated.

We all care about security, but man, it's hard. You see, all networks according to NetFoundry are insecure. Period. And the Zero Trust security model is the way to go.

It was created with the idea of never trust, always verify. But historically, this has been seriously hard to implement.

NetFoundry have created OpenZT to provide an open source, free, and easy way for you to embed Zero Trust networking into anything.

Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an edge router for any cloud. And the best bit, no networking engineering skills required.

This is something you guys definitely want to check out. Visit smashingsecurity.com/netfoundry. That's N-E-T-F-O-U-N-D-R-Y. And thanks to NetFoundry for sponsoring the show.
GRAHAM CLULEY
And welcome back. Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.
CAROLE THERIAULT
Pick of the Week.
JOE TIDY
Pick of the Week.
GRAHAM CLULEY
Pick of the Week is the part of the show where everyone chooses something they like.

Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.

It doesn't have to be security related necessarily.
CAROLE THERIAULT
Better not be.
GRAHAM CLULEY
Well, my Pick of the Week this week is not security related.

My pick of the week is, you know, in the UK, I'm sure many of us are aware of the continual dumpster fire, which is the state of British politics. There's all kinds of things.

There's parties going on. There's Sharon Stone-style allegations, all sorts of extraordinary stories going on from the House of Commons.

And one of the key players who works for the government is Nadine Dorries, MP. Who is Secretary of State for Digital Culture, Media and Sport.

Currently she is trying to sell off Channel 4, I believe, and she's not necessarily a fan of BBC either. So Joe might choose not to say very much during this segment. I don't know.
CAROLE THERIAULT
I will. I love BBC.
GRAHAM CLULEY
We said this last time. We love the BBC.
CAROLE THERIAULT
More than I love Nourrice.
GRAHAM CLULEY
Yeah, the current government is not so keen. But anyway, never mind.

Because Nadine Dorries, aside from previously announcing how much she shared her password with her colleagues in the office and all sorts of bad advice she has given about computer security over the years.

She used to be an author. She used to write romantic fiction.

And I have been following, and thanks to our listener Yogi for pointing out this Twitter account for me, 'cause I've become addicted to it.

She used to write sort of romantic fiction. And there is a Twitter account. No, no, no.
JOE TIDY
I had no idea. I'm looking at it now. It's amazing.
GRAHAM CLULEY
There is a Twitter account called Daily Dorries. Dorries is D-O-R-R-I-E-S, where they choose a segment of one of her books.
JOE TIDY
Usually quite racy, I see.
GRAHAM CLULEY
There's a lot of raciness.
CAROLE THERIAULT
Okay, can we read one? Can we read one?
JOE TIDY
I've got one here. Pinning her to the wall with his forearm across her chest, Patrick fumbled with his free hand at his belt and trousers. I won't say any more. Family show.
CAROLE THERIAULT
Okay, it's a bit like My Dad Wrote a Porno.
GRAHAM CLULEY
Yes, yeah, but more embarrassing. It is rather fun. She has some habits in terms of her terminology as well. I've been looking at quite a few of these.

So I'm going to give you a quick pop quiz, okay? Which of the following is a term commonly used by Nadine Dorries to describe the male appendage? Okay. Does she use the word langer? B.

Or langer, or langer. Which of those is the one?
JOE TIDY
Ooh.
GRAHAM CLULEY
Ooh. B. Yes, yes, B, langer, is correct. So for instance, we have, John McCarthy whispered to Tommy, 'Aye, Tommy, keep your fly buttons done up tight.

If ye have to go into Molly Barrett's, put a shovel head down your trousers and over ye langer. The feckin' cat's a lunatic, so it is.' I don't even know what half of this means.
JOE TIDY
Oh my god. Which one was that from? I see she's done quite a few. There's 'From the Ballymara Road', 2015. 'The Angels of Lovely Lane', 2016.
GRAHAM CLULEY
Mine was—
JOE TIDY
'Hide Her Name'.
GRAHAM CLULEY
'Hide Her Name'. That's the one which I was just quoting from. There's another one here.

So, 'She stared in transfixed terror, her mind screaming a rejection of what she was seeing, as the final flow of his exudate slowly oozed out onto the end of his langer and formed into a threatening drop.' So she is in charge of culture in the United Kingdom.

So check out the Daily Dorries Twitter account.
JOE TIDY
I will downstream that, as she calls it. Did you see that story?
GRAHAM CLULEY
Oh yes. She's been talking about downstreams, hasn't she? Yes, bless her.
CAROLE THERIAULT
These are not old. She's got some written in 2018.
GRAHAM CLULEY
Well, yes, she's a popular— Before she became an MP, I mean, she's—
CAROLE THERIAULT
The Velvet Ribbon, written in 2020.
GRAHAM CLULEY
She's cranking them out.
CAROLE THERIAULT
While she's working! She's probably doing it while she's at work.
JOE TIDY
So I can see on here— Oh my god! There's probably about 6 different novels. And I don't know much about publishing, but you can't self-publish 6. So she must have a deal and—
GRAHAM CLULEY
Wow.
JOE TIDY
I had no idea.
CAROLE THERIAULT
Or a ghostwriter?
GRAHAM CLULEY
Yeah. No, no, no, I think this— she had a name for herself.
CAROLE THERIAULT
Wow.
GRAHAM CLULEY
She's quite fascinating in all kinds of ways. But we won't go into all that right now. But that is my pick of the week.
CAROLE THERIAULT
I like it. I'm going to as well.
GRAHAM CLULEY
Joe, what's your pick of the week?
JOE TIDY
Well, I have recently discovered a very obscure late-night ITV comedy starring Rob Brydon called Director's Commentary. Have you ever heard of it?
CAROLE THERIAULT
Oh.
JOE TIDY
No. I'm not surprised. It was a one series. I wouldn't say it was a hit, but it's brilliant. And I've just— me and my mates used to watch it. Late night, usually intoxicated.

And it's got a really weird kind of brand of humour, which— So basically the premise is, they take really old, pretty naff programmes like Bonanza, which is a Western from, I don't know what it was, the '70s, something like that?
GRAHAM CLULEY
Early '60s, I think.
JOE TIDY
Oh, okay, that old. I don't know.
GRAHAM CLULEY
Yeah, it's quite old.
JOE TIDY
Stuff like that. And they— He pretends to be the director who directed that, the scenes from that. Do you remember those old director's commentaries you used to get on DVDs?
CAROLE THERIAULT
Yes.
JOE TIDY
Where you'd have a director sort of—
GRAHAM CLULEY
Love them.
JOE TIDY
—smoking a cigar and telling you how they came up with the genius ideas for various shots and things. So he's one of these insufferable directors.

And the character he plays is cool. He's called Peter Delane. And he talks like that. And I just love it. And I want everyone to watch it. And I want it to come back.

And I want there to be another second and third and fourth series. Maybe Netflix will pick it up.
GRAHAM CLULEY
I'm definitely going to check this out because I really like Rob Brydon. I find him funny. But I know Carole has a bit of a problem with him.
CAROLE THERIAULT
I do, but you know what? This might work for me because he plays someone unlikable, right?
JOE TIDY
Yeah, he does. He's a prick. He's a complete prick.
CAROLE THERIAULT
I don't like when Rob Brydon is being all nice and kind, and I just think he should be a bad guy.
JOE TIDY
Oh, yeah. I don't think he's played a bad guy, has he? No, and he'd be a great bad guy. It's not a bad idea. There's some really good lines in it.

So, in Bonanza, someone walks into a house, and the guy shouts on the programme, "It's open!" And the guy walks in and he goes— And there's loads of these little lines I remember.

And he goes, "Yes, because of course in those days, you didn't have to lock the door. You didn't have to carry a gun." Stuff like that. It just sticks in your head.
GRAHAM CLULEY
Carole, have you ever seen The Trip, which is a series he made with Steve Coogan?
JOE TIDY
Did you find that? No. Oh, that's brilliant.
CAROLE THERIAULT
No, I didn't, because I was afraid that I wouldn't like it, but maybe I should. I don't know.
GRAHAM CLULEY
There is a culinary aspect to it. They go to lots of restaurants and check out the food. You might find it repellent if you don't like Rob Brydon, but I found it very, very funny.
JOE TIDY
It's one of those kind of sit back and let it wash over you type comedies, isn't it? And you're just in their company, basically. Yeah, Steve Coogan and Rob Brydon.
CAROLE THERIAULT
Well, I love Steve Coogan actually, but—
JOE TIDY
And they do impressions quite a lot. That's the best bit. They have competitive impressions.
GRAHAM CLULEY
So they will compete as to who can do the best Michael Caine, for instance.
CAROLE THERIAULT
Sounds like a drive that you and I once took, Graham.
GRAHAM CLULEY
Carole, what's your pick of the week?
CAROLE THERIAULT
Oh, controversial one. Okay. Yeah, it's called American Vigilante. It is a podcast.

I was compelled to listen to the entire podcast in just a few days, which is unusual when I race through that quickly.

But I was baffled and annoyed by what I was listening to, yet I wasn't putting it down. So I'm bringing it to you, my dear listener, to spread the pain.

And I made Graham listen as well. So, well, let me just give the premise, Graham, and then you can dive in with your view, okay? So, it's like an interview, an interviewee setup.

Former BBC journalist Sam Walker. See, Graham, not Samantha Fox, as I told you it was.
GRAHAM CLULEY
I was pretty certain it wasn't Samantha Fox.
CAROLE THERIAULT
I know, as soon as I said it, I knew it was not. Anyway, so she, Sam Walker, is having these long chats with this character called KC. This is our American vigilante.

Like a smart, contradictory, violent man who leads a group of men to distribute justice for people that have been wronged.

And the pitch is that he's basically recalling the missions that he and his cohorts have been on over the years.
GRAHAM CLULEY
And the missions are like, you know, people who've lost their children or had their kids kidnapped.

And when the police have failed to get people back, he and his team will go in and find the missing person and bring them home.
CAROLE THERIAULT
Yeah. And the way they do this is fairly violent. Like, all in all caps violent. Yes. Right? Like action movie level violence.
JOE TIDY
What does all caps mean? I just think that means shouting. So they're just shouting the whole time.
GRAHAM CLULEY
They're not using cap guns, if that's what you're thinking.
CAROLE THERIAULT
A lot of guns. A lot of guns. A lot of knives. A lot of explosives. A lot of trucks that are armoured. All kinds of stuff.
JOE TIDY
And does that come out well on audio then, on the podcast?
CAROLE THERIAULT
He's retelling these stories. You're not kind of live with him.

He's like, "This happened, this happened, this happened." And our journalist, Sam Walker, is kind of like, "Do I believe him? I don't know. Do you? I don't know. Let's see.

Carry on listening and we'll figure it out together." They're very good at that, aren't they?
JOE TIDY
Some of the American podcasters, they're very good at that.
CAROLE THERIAULT
Drives me nuts!
GRAHAM CLULEY
And this guy, KC, who claims to be a vigilante, he's a compelling storyteller, isn't he? I mean, he knows how to tell the yarn.

It's just the question of, did this actually happen or not?
CAROLE THERIAULT
And does it matter, is my question.
GRAHAM CLULEY
Of course it matters, Chris.
JOE TIDY
I think, yeah. The journalist in me, I want to know the truth. I want to know what happened. Well, you're going to have to check it out. Yeah, I know.

But I don't want to if it doesn't tell me, because I'll just have the frustration at the end.
CAROLE THERIAULT
Well, maybe it does tell you. Graham's not finished it yet.
GRAHAM CLULEY
I haven't finished it yet. Are you going to make me listen to all of it to find out?
CAROLE THERIAULT
I'm not gonna make you do anything. But I think you will, because it's compelling.
GRAHAM CLULEY
It is interesting, because there are points where you think, "That cannot be true.

That is just nonsense." But the amount of detail he gives sometimes, apparently off the cuff, about things which happened, you just think, "How could he just make this up?" But see, that's what I'm thinking.
CAROLE THERIAULT
I'm thinking, yeah, no, I was the opposite on that. I think there's so much detail in everything that it makes me feel contrived at times.
GRAHAM CLULEY
Yeah. Sometimes I just think, yeah, I think it's impossible for that to have happened.

But there's also another part of me which wonders, would it be possible to create a podcast where you don't say whether it's fiction? I mean, this doesn't say it's fiction.

It doesn't say it's factual. Where you interview someone and you present it as though it were true.

And it turns out actually this is just an actor I hired and now I've got a top top podcast with hundreds of thousands of people listening to it, believing that this guy really did this.
JOE TIDY
Because it's like the programme, Would I Lie to You? The panel show.
GRAHAM CLULEY
With Rob Brydon.
JOE TIDY
They just make up stories. With Rob Brydon.
GRAHAM CLULEY
We're back there. I don't know, but it is interesting. I have listened to about 5 or 6 episodes so far. So clearly, I'm slightly intrigued. Right, I'm downloading it.
JOE TIDY
Thank you for the recommendation.
CAROLE THERIAULT
And I look forward to getting a few messages about it once you've—
JOE TIDY
Either, "Fuck you, Carole!" A few frustrated messages in caps.
CAROLE THERIAULT
Anyway, that's American Vigilante. It's from Crowd Network, and you can find it wherever you get your podcasts. Enjoy. You've been warned.
GRAHAM CLULEY
Terrific. Well, that just about wraps up the show for this week. Joe, thank you so much for coming on the show. We really appreciate you spending the time. Thanks for having me.

I'm sure lots of our listeners would love to follow you online. What is the best way for folks to do that?
JOE TIDY
I'm afraid I'm one of those journalists that's addicted to and constantly posting on Twitter. So it's @JoeTidy, J-O-E-T-I-D-Y.
CAROLE THERIAULT
We're going to start calling you guys musky babies.
GRAHAM CLULEY
Yeah, I think Elon's about to rename it, isn't he?
JOE TIDY
Isn't he going to? My account?
CAROLE THERIAULT
He could do. What, to twatter?
GRAHAM CLULEY
He said he was gonna call it Titter at one point, or maybe give it the, I don't know what he's gonna, anyway.

And you can follow us on Titter at Smashing Security, no G, Twitter aren't allowed to have a G. Maybe Elon will allow us in the future.

And we're also on Reddit, there's a Smashing Security subreddit.

And make sure never to miss another episode, follow Smashing Security in your favorite podcast app, such as Apple Podcasts. And if you fancy it, leave us a review.

Really appreciate it.
CAROLE THERIAULT
And huge thank you to this episode's sponsors, Kolide and NetFoundry, and to our wonderful Patreon community. It's thanks to them all that this show is free.

For episodes, show notes, sponsorship info, guest list, and the entire catalog of more than 271 episodes, check out smashingsecurity.com.
GRAHAM CLULEY
Until next time, cheerio. Bye-bye. Bye. Bye-bye.
JOE TIDY
271 episodes. So how long has it been going for?
GRAHAM CLULEY
Ah, tell me about it, man. Insane. December 2016, I think we started.
JOE TIDY
Yep. That is awesome. Congratulations. Thanks. Thank you.
GRAHAM CLULEY
I think it's just stuck to the weekly schedule basically, other than the occasional holiday.
JOE TIDY
Do you have seasons or something? Or do you literally every week?
GRAHAM CLULEY
We just take off Christmas and so a couple of weeks around then, and sometimes we might take a couple of weeks off around August. But other than that, that's amazing. It's insane.

Hosts:

Graham Cluley:

Carole Theriault:

Guest:

Joe Tidy – @joetidy

Show notes:

Sponsor: Kolide

At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.

Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.

Try Kolide Free for 14 Days; no credit card required.

Sponsor: NetFoundry

NetFoundry’s OpenZiti is an open source, free and easy way for the world to embed zero trust networking into anything.

Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an Edge Router for any cloud.

No networking engineering skills required. No more pain of inbound ports, VPNs, complex firewall rules, public DNS, and more.

Learn more and try it for yourself at netfoundry.io/smashingsecurity

Follow the show:

Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and hosts the popular "Smashing Security" podcast. Follow him on TikTok, LinkedIn, Bluesky and Mastodon, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.