Members of The Bored Ape Yacht Club get that sinking feeling, a face unwittingly launches hundreds of romance scams, and is an as-yet unseen Kim Kardashian sex tape a load of old Roblox?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by BBC cyber correspondent Joe Tidy.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
But there's also an advert for an as-yet unseen sex tape of Kim Kardashian.
It is a bit surprising that there is an as-yet unseen sex tape of Kim Kardashian, isn't it?
No comment.
How long have sex tapes been a big driver for celebs that need to have a little boost?
Mine hasn't taken off.
Smashing Security, episode 272: Going Ape Over the Kardashians and the Face of Romance Scams with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security Episode 272. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security Episode 272. My name's Graham Cluley.
And I'm Carole Theriault.
And Carole, we are joined this week by someone who's returning to the show. It is the BBC's cyber correspondent, Joe Tidy. Hello, Joe.
Hello.
Welcome back, Joe.
It's good to be back. I'll try not to spill my tea this time. Do you remember that? I sent my tea, launched it through the air, and it landed all over me and my wife's knicker drawer.
So you've been busy.
Yes, it's been quite busy. I've been doing some strange stories lately. But yeah, it's a very busy time.
And you're off to El Salvador, is that right?
Yeah, yeah. So I'm flying out in a few days' time.
We've been trying to get out there for a while actually, but we're going out there to do a documentary for the BBC about cryptocurrency because El Salvador is the first country in the world to make bitcoin legal tender.
And it's been a sort of semi-success slash we don't really know, we're going to go and find out.
We've been trying to get out there for a while actually, but we're going out there to do a documentary for the BBC about cryptocurrency because El Salvador is the first country in the world to make bitcoin legal tender.
And it's been a sort of semi-success slash we don't really know, we're going to go and find out.
Ooh, you go digging around and see what's really going on out there.
Exactly, and see actually whether or not people are using it. Because the president, Bukele, he loves it. He's a proper crypto bro. And he's trying to get the whole world using it.
But actually, I think the truth on the ground is different.
But actually, I think the truth on the ground is different.
Crypto bro. I love it. I can't wait to watch it. Now, how about we thank this week's sponsors, Kolide and NetFoundry? Their support helps us give you this show for free.
Now, coming up on today's show, Graham, what do you got?
Now, coming up on today's show, Graham, what do you got?
Oh, I'm going to be going ape over the latest theft of NFTs.
You're NFT mad these days. Joe, what about you?
Well, I told you I've been doing some weird stories lately. I'm going to tell you about the mysterious case of the Roblox sex room that Kim Kardashian's son apparently found.
Oh well, I think we should stop there. I don't need to have a story at all. No, and I'm going to talk about the face behind thousands of romance scams.
All this and much more coming up on this episode of Smashing Security.
All this and much more coming up on this episode of Smashing Security.
Now, chums, chums, are you property magnets? Have you ever been interested in investing in property? You know, becoming a landowner? That's where all the money is, isn't it?
Yes, I would love to do that. It just needs a lot of wonka, doesn't it?
Yeah, same.
Well, I think a lot of us, we look back jealously at ages gone by and people who invested in property long ago or land and now continue to live off the riches and think, well, how can we jump in?
Well, the answer might be, of course, with virtual property and virtual land.
If we aren't successful at actually buying real land here on planet Earth, maybe we can buy it in the metaverse instead.
Well, the answer might be, of course, with virtual property and virtual land.
If we aren't successful at actually buying real land here on planet Earth, maybe we can buy it in the metaverse instead.
What? You could actually just kill me and put me in a coffin and I could just live in Metaville of my—
Metaville.
I think you're thinking of Farmville. I think you're a little bit 2005 there, actually, Carole.
But anyway, let me get to that in a moment because there is more bad news from the world of cryptocurrency and NFTs.
You'll remember last week I told you about a man who had his cryptocurrency wallet emptied after hackers craftily gained access to his Apple iCloud account.
Because it turns out Apple on your iPhone are backing up all kinds of data from your apps unless you specifically tell it not to.
And the data it backed up included his MetaMask crypto wallet seed phrase.
But anyway, let me get to that in a moment because there is more bad news from the world of cryptocurrency and NFTs.
You'll remember last week I told you about a man who had his cryptocurrency wallet emptied after hackers craftily gained access to his Apple iCloud account.
Because it turns out Apple on your iPhone are backing up all kinds of data from your apps unless you specifically tell it not to.
And the data it backed up included his MetaMask crypto wallet seed phrase.
Oh dear.
And so when the hackers gained access to his iCloud, they were able to empty out his wallet. Oh dear indeed.
Now, this week, word reaches us of another attack, this time not involving a phone call coming out of the blue, but instead a message which was posted on the official Instagram account of the Bored Ape Yacht Club.
Now, these chaps, these bros, these simians, we've talked about them before.
The Bored Ape Club, for anyone who hasn't heard us talking about these before or somehow missed this phenomenon, and I can understand why you might want to choose to ignore it, The Bored Ape Yacht Club is the cool place to be if you're into NFTs, non-fungible tokens.
What they are selling are NFTs, which are algorithmically generated cartoon apes, each one unique.
Now, this week, word reaches us of another attack, this time not involving a phone call coming out of the blue, but instead a message which was posted on the official Instagram account of the Bored Ape Yacht Club.
Now, these chaps, these bros, these simians, we've talked about them before.
The Bored Ape Club, for anyone who hasn't heard us talking about these before or somehow missed this phenomenon, and I can understand why you might want to choose to ignore it, The Bored Ape Yacht Club is the cool place to be if you're into NFTs, non-fungible tokens.
What they are selling are NFTs, which are algorithmically generated cartoon apes, each one unique.
Yeah.
Anyone who's listened to the show will have heard this dozens of times.
You'll have heard this already. Exactly. And there are all kinds of perks which you get.
And anyone who watches Jimmy Kimmel or follows any rappers, I mean— Yeah, that's right. These NFTs are the NFTs, aren't they? They're the big ones.
Snoop Dogg, Justin Bieber. Madonna.
Eminem.
Yeah, Eminem. Paris Hilton went on the Jimmy Fallon Show. They compared apes with each other. Really weird stuff.
Now, another way in which the hype continues, apart from the celebrity endorsement, is that Yuga Labs, the parent company of the Bored Ape Yacht Club, announced airdrops.
And an airdrop, it's sort of asking you, well, you know, if you could own something in the cryptoverse, why does it have to be a picture of a cartoon ape?
Why couldn't you also own virtual land. So what Yuga Labs is saying and what they're about to launch is something where they'll have this Otherside metaverse.
They're calling it the Otherside, which is where there'll be virtual land and you can buy plots and maybe you can sell the plots to other people, all in the form of NFTs.
And obviously, 'cause it's virtual land, they have an unlimited amount of this and they can choose when to release new stuff.
But what you do with an airdrop is you can say to people who've already bought some of your NFTs, we're gonna give away some of our virtual land space to you for free.
Now, another way in which the hype continues, apart from the celebrity endorsement, is that Yuga Labs, the parent company of the Bored Ape Yacht Club, announced airdrops.
And an airdrop, it's sort of asking you, well, you know, if you could own something in the cryptoverse, why does it have to be a picture of a cartoon ape?
Why couldn't you also own virtual land. So what Yuga Labs is saying and what they're about to launch is something where they'll have this Otherside metaverse.
They're calling it the Otherside, which is where there'll be virtual land and you can buy plots and maybe you can sell the plots to other people, all in the form of NFTs.
And obviously, 'cause it's virtual land, they have an unlimited amount of this and they can choose when to release new stuff.
But what you do with an airdrop is you can say to people who've already bought some of your NFTs, we're gonna give away some of our virtual land space to you for free.
Can I ask a question?
Yes.
I just wanna know, is this virtual land space limited in size or is it infinitely sized?
Well, I imagine it's going to be limited, isn't it? 'Cause they obviously want to bump up the price.
People who buy it want to feel there's a limited number, just like there's gonna be a limited number of apes.
People who buy it want to feel there's a limited number, just like there's gonna be a limited number of apes.
Right.
But there's always the potential for Yuga Labs to roll out more if they want to in the future.
We've just extended it by 8 bazillion fake miles.
So the one you bought last week is worth half.
Exactly.
But it might be a particularly attractive place, or you might be located next door to Kim Kardashian or whoever it is.
You know, there's all kinds of ways in which they could make these locations, just like you would choose between the old Kent Road and Mayfair, and one of them is going to be more attractive than the other and worth a different value.
So, the value of these land could be at different prices as well.
So, the idea is that if you've already got a Bored Ape NFT, if you get airdropped, you'll be given some land for free. And so people think, whoa, blimey, that's fantastic.
You know, there's all kinds of ways in which they could make these locations, just like you would choose between the old Kent Road and Mayfair, and one of them is going to be more attractive than the other and worth a different value.
So, the value of these land could be at different prices as well.
So, the idea is that if you've already got a Bored Ape NFT, if you get airdropped, you'll be given some land for free. And so people think, whoa, blimey, that's fantastic.
This is so generous. I can't believe it.
That's a reason why I want a Bored Ape NFT.
And so at the start of this week, the official Instagram account for the Bored Ape Yacht Club posted an image saying that an airdrop was happening right now and that fans should claim their virtual land.
All they had to do was click on the link in the Instagram's account profile and connect their wallet and bingo.
And so at the start of this week, the official Instagram account for the Bored Ape Yacht Club posted an image saying that an airdrop was happening right now and that fans should claim their virtual land.
All they had to do was click on the link in the Instagram's account profile and connect their wallet and bingo.
Are you kidding me? Okay.
I think you're ahead of me, Carole. What could possibly go wrong?
Mm-hmm.
Well, of course, what went wrong was although that message was posted in the official Bored Ape Yacht Club Instagram account, it wasn't posted by the Bored Ape Yacht Club.
Someone had hacked that account and posted the message, and they'd linked to a lookalike page in order to trick people to do this with their wallets.
And their wallets were instantly emptied by the hackers of their NFTs.
Millions of dollars worth of Bored Apes and Mutant Apes and all the other NFTs were transferred out of those wallets and instantly sold to the highest bidder on NFT auction sites.
Someone had hacked that account and posted the message, and they'd linked to a lookalike page in order to trick people to do this with their wallets.
And their wallets were instantly emptied by the hackers of their NFTs.
Millions of dollars worth of Bored Apes and Mutant Apes and all the other NFTs were transferred out of those wallets and instantly sold to the highest bidder on NFT auction sites.
If this is not a reason to discredit these stupid algorithmic ape designs and say, actually, they're worthless, because then they will have gotten away with nothing as opposed to something.
But that's too much to ask.
But that's too much to ask.
Well, they are of questionable value. What's your opinion on NFTs, Joe?
Well, I love this story. And you hear these stories all the time. There's something about NFTs and cryptocurrencies that make them extremely hackable.
Of course, this was actually a really simple, fiendish hack because of course they didn't hack the NFTs or anything. They just took over the Instagram account.
And of course these guys are the pioneers of the NFT world, the metaverse, the future Web3 that we're all hurtling towards, whether we like it or not.
But at the same time, they all have— probably they all share the same Instagram. There's probably an admin password. It was probably admin123.
And someone thought, you know what, instead of going after the actual NFTs, why don't we just take over their Instagram and get people to send the NFTs to us willingly.
It's really clever.
Of course, this was actually a really simple, fiendish hack because of course they didn't hack the NFTs or anything. They just took over the Instagram account.
And of course these guys are the pioneers of the NFT world, the metaverse, the future Web3 that we're all hurtling towards, whether we like it or not.
But at the same time, they all have— probably they all share the same Instagram. There's probably an admin password. It was probably admin123.
And someone thought, you know what, instead of going after the actual NFTs, why don't we just take over their Instagram and get people to send the NFTs to us willingly.
It's really clever.
Yeah. What is interesting is that the Bored Ape Yacht Club say that they had all the security measures in place on their Instagram account.
They say they had two-factor authentication enabled, and one assumes it wasn't via SMS, you know, which is obviously a much weaker form of two-factor authentication.
You think they're probably too smart to use that, which makes me think, well, how did that account get hacked?
They say they had two-factor authentication enabled, and one assumes it wasn't via SMS, you know, which is obviously a much weaker form of two-factor authentication.
You think they're probably too smart to use that, which makes me think, well, how did that account get hacked?
It's a good point. Yeah, I mean, I assumed— I didn't read that about the two-factor, but yeah, I mean, that does add a whole other layer of complexity, doesn't it?
Because obviously the SIM swapping side of things, that's been solved by the hackers.
So doing two-factor over your text or whatever isn't that secure, because if someone knows your number, then they can spoof that number and get the code they need.
But I mean, yeah, now you see, Graham, you've just got me very interested in this story. I wasn't going to cover it on the BBC, but now—
Because obviously the SIM swapping side of things, that's been solved by the hackers.
So doing two-factor over your text or whatever isn't that secure, because if someone knows your number, then they can spoof that number and get the code they need.
But I mean, yeah, now you see, Graham, you've just got me very interested in this story. I wasn't going to cover it on the BBC, but now—
Well, yeah, well, just cut and paste, cut and paste.
Well, I think there's three possibilities. I think one possibility is that the hackers— and you can do this with two-factor authentication.
Two-factor authentication is not 100% security. There are ways of getting around it, although it's much more complex.
One way would be that at some point someone at the Bored Ape Yacht Club had their two-factor authentication code stolen. So maybe they were phished.
They were sent to a page where they were asked for their two-factor authentication code. It wasn't the real Instagram login page, it was somewhere else.
And at that instant, in real time, the hackers used the two-factor authentication code which was entered to gain access to the Instagram account themselves.
So you can do this using a sort of proxy phishing attack.
Two-factor authentication is not 100% security. There are ways of getting around it, although it's much more complex.
One way would be that at some point someone at the Bored Ape Yacht Club had their two-factor authentication code stolen. So maybe they were phished.
They were sent to a page where they were asked for their two-factor authentication code. It wasn't the real Instagram login page, it was somewhere else.
And at that instant, in real time, the hackers used the two-factor authentication code which was entered to gain access to the Instagram account themselves.
So you can do this using a sort of proxy phishing attack.
And the person didn't notice and didn't do anything about it. And they worked so quickly.
Well, there's—
Item 1.
Item 1. Okay.
2.
That's one method. The second method would be if the Bored Ape Yacht Club had more than one person using the Instagram account.
Which of course they probably did.
Which, yeah, it's quite possible they would.
Then they need some mechanism for people to share the two-factor authentication code, whether it be via a password manager or a Slack channel or whatever it is.
Then they need some mechanism for people to share the two-factor authentication code, whether it be via a password manager or a Slack channel or whatever it is.
Now you're talking.
And now if that got hacked and someone else gained access to that, visibility of the two-factor code, then that would be a way for them to get in. So that's a possibility as well.
My third theory, and I can't think of any more than three at the moment, so I'm interested if anyone else, you know, any listeners have an idea as well, is that Instagram has a problem.
And you do find on the underground cybercrime forums people who claim that they can hack basically any Instagram account.
And that would probably be done either via vulnerability or, to my mind, more likely via rogue insider at Instagram who might have the ability to restore people's access to accounts.
And if they were a bit dodgy or if they were bribable, then they might be able to do it. You remember, of course, when Twitter got hacked and lots of celebrities—
My third theory, and I can't think of any more than three at the moment, so I'm interested if anyone else, you know, any listeners have an idea as well, is that Instagram has a problem.
And you do find on the underground cybercrime forums people who claim that they can hack basically any Instagram account.
And that would probably be done either via vulnerability or, to my mind, more likely via rogue insider at Instagram who might have the ability to restore people's access to accounts.
And if they were a bit dodgy or if they were bribable, then they might be able to do it. You remember, of course, when Twitter got hacked and lots of celebrities—
Yeah, the great Twitter hack. That was the same thing, wasn't it? That was someone getting access to the backend through an employee.
And we're seeing this a lot with the— Have you seen the Lapsus$ cybercrime gang? Yes.
And we're seeing this a lot with the— Have you seen the Lapsus$ cybercrime gang? Yes.
Yeah.
That seems to be their specialty. They are very good social engineers and they can get into the backend of systems.
And sometimes they have been advertising on their Telegram, hey, anyone work for any of these big companies, please talk to us. We'll pay you for access.
And sometimes they have been advertising on their Telegram, hey, anyone work for any of these big companies, please talk to us. We'll pay you for access.
If you're a company who thinks you might get targeted, it'd probably be wise to subscribe to that Telegram channel and keep an eye open, see if your name gets mentioned.
It's a pretty good channel, to be honest. I've been on there quite a bit. It's got about 50,000 followers.
It's amazing.
Yeah, get the popcorn out.
Don't you think it's kind of in the name though?
Maybe they just got so bored, the guys at the Bored Yacht Ape Club, that one of them just thought, you know what, I'll just rip off all our users and slam that money into a secret account.
And then we'll just say, oh God, I have no idea what happened. Let's reinvest. We're good guys.
Maybe they just got so bored, the guys at the Bored Yacht Ape Club, that one of them just thought, you know what, I'll just rip off all our users and slam that money into a secret account.
And then we'll just say, oh God, I have no idea what happened. Let's reinvest. We're good guys.
And here's some Bored Frog Yacht Club NFT things.
Yeah, TM that, Joe. TM it. Could be worth billions.
I've got another theory as to why these NFT-related scams keep happening, which is, in effect, NFTs themselves are a bit of a scam, right?
Because if you want the image or if you want the song, you can just download it, just right-click on it, save as, and copy it to your hard drive.
You don't have to own the NFT or the link in the blockchain to it.
So maybe NFTs and cryptocurrency are really focused on the gullible anyway, in which case maybe you are more prone to getting hacked or being duped or connecting your wallet.
Maybe there is a sort of inherent background radiation of gullibility here, which the bad guys are taking advantage of. Am I being harsh?
Because if you want the image or if you want the song, you can just download it, just right-click on it, save as, and copy it to your hard drive.
You don't have to own the NFT or the link in the blockchain to it.
So maybe NFTs and cryptocurrency are really focused on the gullible anyway, in which case maybe you are more prone to getting hacked or being duped or connecting your wallet.
Maybe there is a sort of inherent background radiation of gullibility here, which the bad guys are taking advantage of. Am I being harsh?
No, I think there's something there. And I also think there's even more to it than that.
I think that perhaps people who are involved in NFTs and crypto schemes, they might be on the more kind of trusting— maybe I wouldn't use the word gullible.
Maybe I would say they are very trusting of new ideas on the internet. But also, they want to get rich.
If there's one thing we know about NFT or crypto bros, they want the next thing that's going to go up in value.
I think very rarely will people admit to— well, they would probably lie, actually. But I think very rarely would they say, oh, I'm doing this for the art.
I'm doing this because I like the image. No, you're not. You're doing it because you want to get rich or you want to be part of a rich boy club.
And I think this story with this latest hack is also indicative of the direction we're going in because NFTs historically have been looked at by nonbelievers as, as you say, a bit of a con because you don't even have the copyright for the image.
All you've got is this bit of code on the blockchain.
I think that perhaps people who are involved in NFTs and crypto schemes, they might be on the more kind of trusting— maybe I wouldn't use the word gullible.
Maybe I would say they are very trusting of new ideas on the internet. But also, they want to get rich.
If there's one thing we know about NFT or crypto bros, they want the next thing that's going to go up in value.
I think very rarely will people admit to— well, they would probably lie, actually. But I think very rarely would they say, oh, I'm doing this for the art.
I'm doing this because I like the image. No, you're not. You're doing it because you want to get rich or you want to be part of a rich boy club.
And I think this story with this latest hack is also indicative of the direction we're going in because NFTs historically have been looked at by nonbelievers as, as you say, a bit of a con because you don't even have the copyright for the image.
All you've got is this bit of code on the blockchain.
And no one even knows what ownership means.
Yeah, but with Bored Apes, what we're seeing is these guys, they recognize there's the flaw in the system.
So now they're saying, "No, no, no, it's not just the code in the blockchain, you're part of our club." So we're now releasing land in the metaverse, we're doing these things with toxic— they're combining two apes with some toxic thing and then you get another ape.
And then they're starting to do physical events as well. So they're having to work a lot harder, I think, to convince people that actually these products are worth it.
And this post that caused this hack kind of shows that.
So now they're saying, "No, no, no, it's not just the code in the blockchain, you're part of our club." So we're now releasing land in the metaverse, we're doing these things with toxic— they're combining two apes with some toxic thing and then you get another ape.
And then they're starting to do physical events as well. So they're having to work a lot harder, I think, to convince people that actually these products are worth it.
And this post that caused this hack kind of shows that.
Yeah, interesting, interesting.
Mm-hmm.
Great, Graham. Well, thanks. I'm loving learning about NFTs every single week.
You can be quite catty, can't you, Carole?
Occasionally, yeah.
Yeah. It's just, you're not the Bored Ape, you're sort of the Bored Carole Yacht Club.
Yes.
The Bored Cat. Yes. There are some really popular cat NFTs actually out there.
Oh, really? Oh my God.
Oh, don't tempt her. Now she's interested. So Joe, what have you got for us this week?
Well, as I say, this isn't really cybersecurity, but my brief does extend in other directions. And this one, I just couldn't resist looking into.
So do any of you watch, or have you watched, Keeping Up with the Kardashians?
So do any of you watch, or have you watched, Keeping Up with the Kardashians?
No.
My only contact with Kardashians has been in Star Trek: Deep Space Nine and things like that. Is she in that? I think so. I think I've heard of the Cardassians. That's it though.
What is this? This is Cardassians. Is that— What are you doing that for? Shields?
Yeah, they've got sort of bumpy foreheads, haven't they? And they're not the Ferengi ones.
Oh, are they not— They're not Klingons?
No, no, they don't—
They've got bumpy heads.
Well, they've got bumpy— Basically every alien in Star Trek has a bumpy head.
That's how you show aliens from people in Star Trek.
They have a Cornish pasty sellotaped to their forehead. That's how they do the makeup on them.
The creativity on that show, eh? It's amazing. So anyway, okay, you are Kardashian non-believers currently.
Newbies. Yes, happily so. Okay, happily so.
Well, there was a show called Keeping Up with the Kardashians. It was massive, and then they had a couple of years' pause.
They're back with a new show called Kardashians, which again took a long time in the creativity department to come up with that. And this one's on Hulu and Disney+.
It launched a couple of weeks ago, and in the first episode, the whole episode revolves around this dramatic moment when Kim Kardashian's son, Saint, runs into the room with his iPad, and he says, "Mummy, mummy, look what I found on Roblox." Roblox, of course, this ginormous game.
They're back with a new show called Kardashians, which again took a long time in the creativity department to come up with that. And this one's on Hulu and Disney+.
It launched a couple of weeks ago, and in the first episode, the whole episode revolves around this dramatic moment when Kim Kardashian's son, Saint, runs into the room with his iPad, and he says, "Mummy, mummy, look what I found on Roblox." Roblox, of course, this ginormous game.
Yeah.
Where lots of mini games inside a big game. Really, really popular with young people.
So he runs in and says, "Mummy, I found a Kim Kardashian experience on Roblox." Look at this on Roblox!
So he runs in and says, "Mummy, I found a Kim Kardashian experience on Roblox." Look at this on Roblox!
Who made that? Who?
Who made that?
Let me see.
Let me see.
Click on it.
As you see on the screen, they all look very shocked.
There was a picture of my cry face, and then I looked at it and it said something super inappropriate, like Kim's new sex tape.
No, it was an inappropriate thing that popped up on his Roblox about me. That says they're leaking something that someone said.
No, it was an inappropriate thing that popped up on his Roblox about me. That says they're leaking something that someone said.
And Kim is very upset to find not only is it a room with her—lots of pictures of her cry face, as she calls it, but there's also an advert for an as-yet unseen sex tape of Kim Kardashian.
This is supposed to be unreleased footage from my old sex tape. The last thing that I want as a mom is for my past to be brought up 20 years later.
It is a bit surprising that there is an as-yet unseen sex tape of Kim Kardashian, isn't it? It's—
No comment.
Has she done these before, sex tapes?
Oh yeah, so in 2007, there was a sex tape released of her, and I think it was a rapper, I think.
Anyway, that in some ways put her on the path to become this incredible reality TV star and businesswoman that she is. Right, so there are tapes out there.
Anyway, so obviously very, very serious. You know, this is her 6-year-old son. He stumbled across a room with pictures of his mum crying, which is, you know, maybe a bit disturbing.
And then there's this advert for a sex tape. Very, very serious thing.
And as Kim Kardashian says in the show, you know, thank God he can't read, because that would be pretty disturbing.
Anyway, that in some ways put her on the path to become this incredible reality TV star and businesswoman that she is. Right, so there are tapes out there.
Anyway, so obviously very, very serious. You know, this is her 6-year-old son. He stumbled across a room with pictures of his mum crying, which is, you know, maybe a bit disturbing.
And then there's this advert for a sex tape. Very, very serious thing.
And as Kim Kardashian says in the show, you know, thank God he can't read, because that would be pretty disturbing.
Like the other members of the Kardashians are.
Again, no comment.
Yeah, me neither.
Anyway, so normally you'd look at that thing and you think, yeah, all right, whatever.
But Roblox came out last week and said, yes, there was a Kim Kardashian experience room and this message was there. We deleted the room and we've banned the creator.
And I thought, wow, there's a story there. You know, that's pretty shocking that that was on there.
Then when you start looking into it, and this is why I'm really fascinated by this story, Roblox says only a few dozen people actually discovered that room.
Of the hundreds of millions of players out there, and of the millions of rooms on Roblox, only a few dozen, according to their data, actually found that room.
So the chances of that being Saint completely on his own—
But Roblox came out last week and said, yes, there was a Kim Kardashian experience room and this message was there. We deleted the room and we've banned the creator.
And I thought, wow, there's a story there. You know, that's pretty shocking that that was on there.
Then when you start looking into it, and this is why I'm really fascinated by this story, Roblox says only a few dozen people actually discovered that room.
Of the hundreds of millions of players out there, and of the millions of rooms on Roblox, only a few dozen, according to their data, actually found that room.
So the chances of that being Saint completely on his own—
Yeah.
I mean, as one Roblox developer put it to me, it's astronomically small that he would have stumbled across that room while they were rolling, I might add.
Oh, oh, oh, hang on a moment. Hang on a moment. I think I know where he's going here. Are you suggesting that maybe this was done for the cameras a little bit?
Whoa, whoa, whoa. I would never say such a thing with such a litigious family as the Kardashians. But I spoke to their family representative for the BBC article I wrote.
And they said lots of things to me which they won't allow me to comment on. But they would allow me to say that it was not falsified. The scene was not falsified. So—
And they said lots of things to me which they won't allow me to comment on. But they would allow me to say that it was not falsified. The scene was not falsified. So—
But maybe re-enacted.
Well, yes, I think he wasn't reading a script because—
I mean, okay, so you say it's astronomically small that they would discover these things.
I have a son who quite likes watching YouTube videos, and I think he's done jolly well keeping up with the number of videos posted on YouTube. I think he is catching up quickly.
I have a son who quite likes watching YouTube videos, and I think he's done jolly well keeping up with the number of videos posted on YouTube. I think he is catching up quickly.
What, 100 hours every minute?
Exactly. There seem to be very few Minecraft or Fortnite videos that he has now not seen. So maybe Saint Kardashian could be put to work on finding other material.
If Roblox isn't very good at policing itself, maybe they could actually put this young lad — maybe he's the most talented member of the family.
If Roblox isn't very good at policing itself, maybe they could actually put this young lad — maybe he's the most talented member of the family.
As a super moderator.
Yeah.
Could it be some kind of weird algorithm thing because they're close in geographic location based on pseudo-anonymised personalised information, so they would be delivered to them?
But as a kid?
But as a kid?
Yeah, quite possibly. But according to Roblox people—
Yeah.
I spoke to a few of them. They said the only possibilities are he did completely stumble across it. Astronomically small possibility of it happening.
He searched for his name or her name, and then spent a long time going through all the various keyword rooms.
He searched for his name or her name, and then spent a long time going through all the various keyword rooms.
And can't read.
Apparently.
And can't read.
Yeah.
God help him if he ever does that on Google and finds out more about his mother.
Yes.
And the other possibility, which I'm afraid the community is leaning towards, is that either the producers made it and handed in the iPad, or they found it and handed in the iPad.
And the other possibility, which I'm afraid the community is leaning towards, is that either the producers made it and handed in the iPad, or they found it and handed in the iPad.
How dare you?
Well—
What a terrible theory.
It is an accusation.
It's a theory. It's a theory.
It was a theory.
But as far as the Kardashians have said, and Hulu, they are just saying, "Hey, thanks for making it the most watched episode on their platform ever."
How convenient.
Of course. You see? How long have sex tapes been a big driver for celebs that need to have a little boost?
Mine hasn't taken off.
Link's in the show notes to Joe Tidy's sex tape. Carole, what have you got for us?
So recently, a friend dropped by for dinner. Okay, we're gonna call them Dodo. Okay, and Dodo has been single for a while, right?
Not Dido.
No, not Dido, we're just gonna call him Dodo.
And so, you know, I was encouraging Dodo to consider pursuing a few online dating sites, you know, just to peruse them and just see what spring 2022 post-COVID has done to online dating.
And Dodo grumbled saying they weren't ready, yada yada. But as you know, Graham, I like to push people.
So I said, why don't we just build a free account, you know, with your middle name or something, and we can go see what's out there?
And so, you know, I was encouraging Dodo to consider pursuing a few online dating sites, you know, just to peruse them and just see what spring 2022 post-COVID has done to online dating.
And Dodo grumbled saying they weren't ready, yada yada. But as you know, Graham, I like to push people.
So I said, why don't we just build a free account, you know, with your middle name or something, and we can go see what's out there?
This is purely for your own entertainment, isn't it? It's purely for you just to have a more fun dinner party.
No, no, it's not. It's not. It's also to help these people, you know, get out there again.
It's altruistic.
Ah.
Okay, all right.
Anyway, so my thinking was to show them, you know, there's quality people that are there.
So I randomly chose Match.com, because I've not been on online dating, right, in what decade? So, or how long have I been married?
And anyway, so you know, I just chose it randomly, and I have to fill in this huge number of forms, and in order to peruse these potential datees.
And a mandatory element in this process was uploading a photograph.
So I randomly chose Match.com, because I've not been on online dating, right, in what decade? So, or how long have I been married?
And anyway, so you know, I just chose it randomly, and I have to fill in this huge number of forms, and in order to peruse these potential datees.
And a mandatory element in this process was uploading a photograph.
Right.
A picture of Dodo. Now, of course, Dodo was not ready to do this because, well, you know, they just weren't.
But they suggested that we grab any random photograph from a Google search that looked vaguely matchy to the profile that we put together and post it.
But they suggested that we grab any random photograph from a Google search that looked vaguely matchy to the profile that we put together and post it.
So you just go to Google Image Search, you look for BBC Newsround presenters of roundabout year 2000. Oh, here's one, a guy called Joe.
Okay, well, we'll put that up — something like that, yeah?
Okay, well, we'll put that up — something like that, yeah?
No, but have you heard of people doing this before? Not to be bad, but just because they wanna—
Yeah, because they don't wanna use their own photo. I get that.
Yeah. So someone could be using my photo to do this.
I don't think — can't help them. I don't, yeah, I don't think, Carole, come on, I don't think anyone—
As I have purple hair at the moment.
Anyone going on a dating site is gonna use your photo.
Okay, so I get it. I get it that people wanna do this to stay anonymous, right? That's probably why they're doing it.
But at the same time, it's really freaky that photos can just be uploaded willy-nilly.
But at the same time, it's really freaky that photos can just be uploaded willy-nilly.
I think the photos should be willy-nilly, ideally. Otherwise, you're definitely not gonna get anyone liking you. Sorry, it's a grubby joke. It's gone above your head.
And mine.
Yeah.
Something about willies.
Yeah, something about dicks.
I don't know.
Exactly.
Just let's move on.
So this whole process, right, got me to thinking about the people whose faces are used in things like romance scams.
I mean, a scammer doesn't throw up his or her own face up there, right? Their mug is never used.
Ideally, they find one that's attractive, more beautiful than them, and, you know, someone to kind of woo the victim. And the question is, how do they find these faces?
Do they just do a Google search my friend Dodo, or what?
So I was surfing the web looking for the story, and I landed on this article on how a US Army colonel had been the face of thousands of romance scams around the world for almost a decade now.
I mean, a scammer doesn't throw up his or her own face up there, right? Their mug is never used.
Ideally, they find one that's attractive, more beautiful than them, and, you know, someone to kind of woo the victim. And the question is, how do they find these faces?
Do they just do a Google search my friend Dodo, or what?
So I was surfing the web looking for the story, and I landed on this article on how a US Army colonel had been the face of thousands of romance scams around the world for almost a decade now.
That's a bit like Alex Eccleston. Do you remember Alex came on the show and he said his photo was often used in romance scams?
Yes, that's right.
He's middle-aged looking. Well, he's quite good looking, in a sort of George Clooney sort of, you know — in other words, barely good looking at all.
It all starts with, you know, typical romance scam stuff, okay? So take Brandy's mom, Deborah.
So she gets a message on Facebook from a hot military guy called Colonel Blackmon, right?
And they get to chatting, and he asks about her family, what she does for work, does she have any grandchildren, tells her how beautiful her smile is.
He says his wife had left him after trying to kill their son, Alvin. So, you know, has stories.
So she gets a message on Facebook from a hot military guy called Colonel Blackmon, right?
And they get to chatting, and he asks about her family, what she does for work, does she have any grandchildren, tells her how beautiful her smile is.
He says his wife had left him after trying to kill their son, Alvin. So, you know, has stories.
Blimey.
And it wasn't until he started asking for money that the daughter, Brandy, felt something wasn't right.
Good for her.
Right?
Blackman was telling Deborah that doctors had found tumors on his son's stomach, that he desperately needed surgery. This was typical romance scam stuff at the moment.
And when Brandy searched Daniel Blackman, it wasn't what she expected because the real Daniel Blackman, the Army colonel in Oklahoma and happily married with kids.
And so when they contacted him, you know, they said, hey, do you know that your face is being used? He's like, oh yeah, it's been used since 2014.
And when Brandy searched Daniel Blackman, it wasn't what she expected because the real Daniel Blackman, the Army colonel in Oklahoma and happily married with kids.
And so when they contacted him, you know, they said, hey, do you know that your face is being used? He's like, oh yeah, it's been used since 2014.
Oh, he knows about it.
Yes, he knows. Most of the profiles use Blackman's full name and photos he'd shared previously on Twitter, though some used only his photos and a different name.
His selfies were their profile photos. They'd rip off pictures he posted online in uniform and shared them with women they spoke with.
There's this other woman who I just had to put in because her name was so fantastic. Connie Poindexter.
His selfies were their profile photos. They'd rip off pictures he posted online in uniform and shared them with women they spoke with.
There's this other woman who I just had to put in because her name was so fantastic. Connie Poindexter.
That's made up. That's not real.
It's gotta be. It's gotta be. Surely.
That's a deepfaked name if ever I've heard one.
Well, I was gonna say, you can get AI-made faces, can't you?
Yes!
So you can, with your friend, Carole, you could have used a person that doesn't really exist. I think the website is called This Person Does Not Exist.
Yeah.
Yeah.
Yes. And it is pretty scary how accurate they're getting. It's getting just too spooky. But this apparently happens all the time. Military romance scams are really common.
And the Army's Criminal Investigation Division has an entire webpage dedicated to informing people on how to spot and report them.
So if you kind of have a woo romance on one of these socials with someone who's military-ish, you should go and check out because they often say things like, oh, I'm off on, you know, I'm deployed and I can't get access to my bank account.
Can you fire me some money? Seems to be a huge scammy bit. Clever they use.
And the Army's Criminal Investigation Division has an entire webpage dedicated to informing people on how to spot and report them.
So if you kind of have a woo romance on one of these socials with someone who's military-ish, you should go and check out because they often say things like, oh, I'm off on, you know, I'm deployed and I can't get access to my bank account.
Can you fire me some money? Seems to be a huge scammy bit. Clever they use.
Did you watch this, what's his name? The Tinder Swindler, Simon.
Oh yeah.
Did you watch that one?
Yeah. Yeah, it was good, wasn't it?
Unbelievable.
It was about twice as long as it needed to be, but I thought it was very good.
Yeah, well, a lot of things are that way now, right?
Why not drag them out? Including our podcast.
So the thing is, though, is how— I was wondering, how is this for the real Colonel Blackman, right? Like, this has been going on for 10 years.
So I was reading through all these articles and you know, basically he gets regular messages on Twitter telling him that his profile is being used.
In fact, he's updated his Twitter profile to say, I'm the real Daniel Blackman. I do not follow if I don't know you. I'm only public on Twitter.
I'm happily married, not deployed, and won't ask for money. And that's just sitting there on his Twitter thing. He spends his time looking for fake accounts.
He goes out, he goes and tells people, hey, I think you're being scammed by someone pretending to be me. And he says often the people don't believe him.
So I was reading through all these articles and you know, basically he gets regular messages on Twitter telling him that his profile is being used.
In fact, he's updated his Twitter profile to say, I'm the real Daniel Blackman. I do not follow if I don't know you. I'm only public on Twitter.
I'm happily married, not deployed, and won't ask for money. And that's just sitting there on his Twitter thing. He spends his time looking for fake accounts.
He goes out, he goes and tells people, hey, I think you're being scammed by someone pretending to be me. And he says often the people don't believe him.
Yeah.
God, he must spend so— must waste so much of his time.
Well, that's what I'm thinking. He says his wife doesn't even talk to him about it because it frustrates her so much.
And because the scammers often pretend that Blackman's now a widower, you know, she's been killed off in multiple different ways.
And because the scammers often pretend that Blackman's now a widower, you know, she's been killed off in multiple different ways.
You could write fan fiction about this guy.
Right?
The backstory's amazing.
And when he reports these scams to socials, he gets a report in 12 hours that says it doesn't violate community standards.
Can I say, I don't want to watch the Kardashians. I want to watch the Blackmans. I want a reality fly-on-the-wall program following him and his wife. I can just imagine.
It sounds horrendous.
And this is a victim that we rarely think about. The person— we always think about the person who's being targeted, but not the person who's being used.
And what I'm amazed at is he's been used again and again and again. He says, you know, an account gets closed down finally, and then there's 5 new ones.
And it's been going on for almost a decade.
And what I'm amazed at is he's been used again and again and again. He says, you know, an account gets closed down finally, and then there's 5 new ones.
And it's been going on for almost a decade.
He must be a pretty hot hunk of love. Have you checked him out, Carole?
Yes, he's, you know, a distinguished gentleman.
Distinguished, yes, that's how I'd describe him. We did a story on BBC about a woman who was deepfaked in a romance scheme.
So she was doing FaceTime calls with this individual, and the signal was always quite bad, which obviously meant that the picture could be wrong, but his mouth was moving and the picture seemed okay.
And it was this, I think he was some sort of surgeon in Turkey, but that wasn't who they were talking to. It was someone else in Nigeria.
And the BBC reporter tracked down the actual surgeon in Turkey and said, how do you feel about this? And they were really upset and angry about it.
This was a professional, you know, person who was trying to do a good job as a surgeon, and there he was, his image being used and abused by these scammers.
So she was doing FaceTime calls with this individual, and the signal was always quite bad, which obviously meant that the picture could be wrong, but his mouth was moving and the picture seemed okay.
And it was this, I think he was some sort of surgeon in Turkey, but that wasn't who they were talking to. It was someone else in Nigeria.
And the BBC reporter tracked down the actual surgeon in Turkey and said, how do you feel about this? And they were really upset and angry about it.
This was a professional, you know, person who was trying to do a good job as a surgeon, and there he was, his image being used and abused by these scammers.
And who knows if Mr. Colonel Blackman's going to be walking around sometime and get clocked in the face by some outraged woman.
Yeah, who just thinks, you, you know, you stole my cash. Anyway, so it's pretty insidious. And just, just, Joe, get the BBC to do more work on the poor people that are used.
Yeah, who just thinks, you, you know, you stole my cash. Anyway, so it's pretty insidious. And just, just, Joe, get the BBC to do more work on the poor people that are used.
I will, I will do my best. I tell you what, if someone hadn't have done that story already, that is a brilliant story. The fact that it's been happening to him for so long.
Yeah.
I mean, the rows with his wife about it, the time he spent. It reminds me of that guy on Twitter who's called John Lewis.
And every Christmas, everyone has a go at him for the Christmas ad or something. And he's like, I'm not the real John Lewis. Please leave me alone.
And every Christmas, everyone has a go at him for the Christmas ad or something. And he's like, I'm not the real John Lewis. Please leave me alone.
Kolide sends employees important, timely, and relevant security recommendations for their Linux, Mac, and Windows devices right inside Slack.
Kolide is perfect for organizations that care deeply about compliance and security but don't want to get there by locking down devices to the point where they become unusable.
So instead of frustrating your employees, Kolide educates them about security and device management while directing them to fix important problems.
Sign up today by visiting smashingsecurity.com/kolide, that's smashingsecurity.com/kolide, enter your email when prompted, and you will receive a free Kolide goodie bag after your trial activates.
You can try Kolide with all of its features on an unlimited number of devices for free for 14 days, no credit card required.
Try it out at smashingsecurity.com/kolide, that's smashingsecurity.com/kolide.
Kolide is perfect for organizations that care deeply about compliance and security but don't want to get there by locking down devices to the point where they become unusable.
So instead of frustrating your employees, Kolide educates them about security and device management while directing them to fix important problems.
Sign up today by visiting smashingsecurity.com/kolide, that's smashingsecurity.com/kolide, enter your email when prompted, and you will receive a free Kolide goodie bag after your trial activates.
You can try Kolide with all of its features on an unlimited number of devices for free for 14 days, no credit card required.
Try it out at smashingsecurity.com/kolide, that's smashingsecurity.com/kolide.
Smashingsecurity.com/kolide.
And thanks to Kolide for supporting the show.
The network is dead. Long live the network. This is the tagline from our sponsor this week, NetFoundry. Protecting applications is getting more complicated.
We all care about security, but man, it's hard. You see, all networks according to NetFoundry are insecure. Period. And the Zero Trust security model is the way to go.
It was created with the idea of never trust, always verify. But historically, this has been seriously hard to implement.
NetFoundry have created OpenZT to provide an open source, free, and easy way for you to embed Zero Trust networking into anything.
Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an edge router for any cloud. And the best bit, no networking engineering skills required.
This is something you guys definitely want to check out. Visit smashingsecurity.com/netfoundry. That's N-E-T-F-O-U-N-D-R-Y. And thanks to NetFoundry for sponsoring the show.
We all care about security, but man, it's hard. You see, all networks according to NetFoundry are insecure. Period. And the Zero Trust security model is the way to go.
It was created with the idea of never trust, always verify. But historically, this has been seriously hard to implement.
NetFoundry have created OpenZT to provide an open source, free, and easy way for you to embed Zero Trust networking into anything.
Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an edge router for any cloud. And the best bit, no networking engineering skills required.
This is something you guys definitely want to check out. Visit smashingsecurity.com/netfoundry. That's N-E-T-F-O-U-N-D-R-Y. And thanks to NetFoundry for sponsoring the show.
And welcome back. Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.
Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security related necessarily.
Better not be.
Well, my Pick of the Week this week is not security related.
My pick of the week is, you know, in the UK, I'm sure many of us are aware of the continual dumpster fire, which is the state of British politics. There's all kinds of things.
There's parties going on. There's Sharon Stone-style allegations, all sorts of extraordinary stories going on from the House of Commons.
And one of the key players who works for the government is Nadine Dorries, MP. Who is Secretary of State for Digital Culture, Media and Sport.
Currently she is trying to sell off Channel 4, I believe, and she's not necessarily a fan of BBC either. So Joe might choose not to say very much during this segment. I don't know.
My pick of the week is, you know, in the UK, I'm sure many of us are aware of the continual dumpster fire, which is the state of British politics. There's all kinds of things.
There's parties going on. There's Sharon Stone-style allegations, all sorts of extraordinary stories going on from the House of Commons.
And one of the key players who works for the government is Nadine Dorries, MP. Who is Secretary of State for Digital Culture, Media and Sport.
Currently she is trying to sell off Channel 4, I believe, and she's not necessarily a fan of BBC either. So Joe might choose not to say very much during this segment. I don't know.
I will. I love BBC.
We said this last time. We love the BBC.
More than I love Nourrice.
Yeah, the current government is not so keen. But anyway, never mind.
Because Nadine Dorries, aside from previously announcing how much she shared her password with her colleagues in the office and all sorts of bad advice she has given about computer security over the years.
She used to be an author. She used to write romantic fiction.
And I have been following, and thanks to our listener Yogi for pointing out this Twitter account for me, 'cause I've become addicted to it.
She used to write sort of romantic fiction. And there is a Twitter account. No, no, no.
Because Nadine Dorries, aside from previously announcing how much she shared her password with her colleagues in the office and all sorts of bad advice she has given about computer security over the years.
She used to be an author. She used to write romantic fiction.
And I have been following, and thanks to our listener Yogi for pointing out this Twitter account for me, 'cause I've become addicted to it.
She used to write sort of romantic fiction. And there is a Twitter account. No, no, no.
I had no idea. I'm looking at it now. It's amazing.
There is a Twitter account called Daily Dorries. Dorries is D-O-R-R-I-E-S, where they choose a segment of one of her books.
Usually quite racy, I see.
There's a lot of raciness.
Okay, can we read one? Can we read one?
I've got one here. Pinning her to the wall with his forearm across her chest, Patrick fumbled with his free hand at his belt and trousers. I won't say any more. Family show.
Okay, it's a bit like My Dad Wrote a Porno.
Yes, yeah, but more embarrassing. It is rather fun. She has some habits in terms of her terminology as well. I've been looking at quite a few of these.
So I'm going to give you a quick pop quiz, okay? Which of the following is a term commonly used by Nadine Dorries to describe the male appendage? Okay. Does she use the word langer? B.
Or langer, or langer. Which of those is the one?
So I'm going to give you a quick pop quiz, okay? Which of the following is a term commonly used by Nadine Dorries to describe the male appendage? Okay. Does she use the word langer? B.
Or langer, or langer. Which of those is the one?
Ooh.
Ooh. B. Yes, yes, B, langer, is correct. So for instance, we have, John McCarthy whispered to Tommy, 'Aye, Tommy, keep your fly buttons done up tight.
If ye have to go into Molly Barrett's, put a shovel head down your trousers and over ye langer. The feckin' cat's a lunatic, so it is.' I don't even know what half of this means.
If ye have to go into Molly Barrett's, put a shovel head down your trousers and over ye langer. The feckin' cat's a lunatic, so it is.' I don't even know what half of this means.
Oh my god. Which one was that from? I see she's done quite a few. There's 'From the Ballymara Road', 2015. 'The Angels of Lovely Lane', 2016.
Mine was—
'Hide Her Name'.
'Hide Her Name'. That's the one which I was just quoting from. There's another one here.
So, 'She stared in transfixed terror, her mind screaming a rejection of what she was seeing, as the final flow of his exudate slowly oozed out onto the end of his langer and formed into a threatening drop.' So she is in charge of culture in the United Kingdom.
So check out the Daily Dorries Twitter account.
So, 'She stared in transfixed terror, her mind screaming a rejection of what she was seeing, as the final flow of his exudate slowly oozed out onto the end of his langer and formed into a threatening drop.' So she is in charge of culture in the United Kingdom.
So check out the Daily Dorries Twitter account.
I will downstream that, as she calls it. Did you see that story?
Oh yes. She's been talking about downstreams, hasn't she? Yes, bless her.
These are not old. She's got some written in 2018.
Well, yes, she's a popular— Before she became an MP, I mean, she's—
The Velvet Ribbon, written in 2020.
She's cranking them out.
While she's working! She's probably doing it while she's at work.
So I can see on here— Oh my god! There's probably about 6 different novels. And I don't know much about publishing, but you can't self-publish 6. So she must have a deal and—
Wow.
I had no idea.
Or a ghostwriter?
Yeah. No, no, no, I think this— she had a name for herself.
Wow.
She's quite fascinating in all kinds of ways. But we won't go into all that right now. But that is my pick of the week.
I like it. I'm going to as well.
Joe, what's your pick of the week?
Well, I have recently discovered a very obscure late-night ITV comedy starring Rob Brydon called Director's Commentary. Have you ever heard of it?
Oh.
No. I'm not surprised. It was a one series. I wouldn't say it was a hit, but it's brilliant. And I've just— me and my mates used to watch it. Late night, usually intoxicated.
And it's got a really weird kind of brand of humour, which— So basically the premise is, they take really old, pretty naff programmes like Bonanza, which is a Western from, I don't know what it was, the '70s, something like that?
And it's got a really weird kind of brand of humour, which— So basically the premise is, they take really old, pretty naff programmes like Bonanza, which is a Western from, I don't know what it was, the '70s, something like that?
Early '60s, I think.
Oh, okay, that old. I don't know.
Yeah, it's quite old.
Stuff like that. And they— He pretends to be the director who directed that, the scenes from that. Do you remember those old director's commentaries you used to get on DVDs?
Yes.
Where you'd have a director sort of—
Love them.
—smoking a cigar and telling you how they came up with the genius ideas for various shots and things. So he's one of these insufferable directors.
And the character he plays is cool. He's called Peter Delane. And he talks like that. And I just love it. And I want everyone to watch it. And I want it to come back.
And I want there to be another second and third and fourth series. Maybe Netflix will pick it up.
And the character he plays is cool. He's called Peter Delane. And he talks like that. And I just love it. And I want everyone to watch it. And I want it to come back.
And I want there to be another second and third and fourth series. Maybe Netflix will pick it up.
I'm definitely going to check this out because I really like Rob Brydon. I find him funny. But I know Carole has a bit of a problem with him.
I do, but you know what? This might work for me because he plays someone unlikable, right?
Yeah, he does. He's a prick. He's a complete prick.
I don't like when Rob Brydon is being all nice and kind, and I just think he should be a bad guy.
Oh, yeah. I don't think he's played a bad guy, has he? No, and he'd be a great bad guy. It's not a bad idea. There's some really good lines in it.
So, in Bonanza, someone walks into a house, and the guy shouts on the programme, "It's open!" And the guy walks in and he goes— And there's loads of these little lines I remember.
And he goes, "Yes, because of course in those days, you didn't have to lock the door. You didn't have to carry a gun." Stuff like that. It just sticks in your head.
So, in Bonanza, someone walks into a house, and the guy shouts on the programme, "It's open!" And the guy walks in and he goes— And there's loads of these little lines I remember.
And he goes, "Yes, because of course in those days, you didn't have to lock the door. You didn't have to carry a gun." Stuff like that. It just sticks in your head.
Carole, have you ever seen The Trip, which is a series he made with Steve Coogan?
Did you find that? No. Oh, that's brilliant.
No, I didn't, because I was afraid that I wouldn't like it, but maybe I should. I don't know.
There is a culinary aspect to it. They go to lots of restaurants and check out the food. You might find it repellent if you don't like Rob Brydon, but I found it very, very funny.
It's one of those kind of sit back and let it wash over you type comedies, isn't it? And you're just in their company, basically. Yeah, Steve Coogan and Rob Brydon.
Well, I love Steve Coogan actually, but—
And they do impressions quite a lot. That's the best bit. They have competitive impressions.
So they will compete as to who can do the best Michael Caine, for instance.
Sounds like a drive that you and I once took, Graham.
Carole, what's your pick of the week?
Oh, controversial one. Okay. Yeah, it's called American Vigilante. It is a podcast.
I was compelled to listen to the entire podcast in just a few days, which is unusual when I race through that quickly.
But I was baffled and annoyed by what I was listening to, yet I wasn't putting it down. So I'm bringing it to you, my dear listener, to spread the pain.
And I made Graham listen as well. So, well, let me just give the premise, Graham, and then you can dive in with your view, okay? So, it's like an interview, an interviewee setup.
Former BBC journalist Sam Walker. See, Graham, not Samantha Fox, as I told you it was.
I was compelled to listen to the entire podcast in just a few days, which is unusual when I race through that quickly.
But I was baffled and annoyed by what I was listening to, yet I wasn't putting it down. So I'm bringing it to you, my dear listener, to spread the pain.
And I made Graham listen as well. So, well, let me just give the premise, Graham, and then you can dive in with your view, okay? So, it's like an interview, an interviewee setup.
Former BBC journalist Sam Walker. See, Graham, not Samantha Fox, as I told you it was.
I was pretty certain it wasn't Samantha Fox.
I know, as soon as I said it, I knew it was not. Anyway, so she, Sam Walker, is having these long chats with this character called KC. This is our American vigilante.
Like a smart, contradictory, violent man who leads a group of men to distribute justice for people that have been wronged.
And the pitch is that he's basically recalling the missions that he and his cohorts have been on over the years.
Like a smart, contradictory, violent man who leads a group of men to distribute justice for people that have been wronged.
And the pitch is that he's basically recalling the missions that he and his cohorts have been on over the years.
And the missions are like, you know, people who've lost their children or had their kids kidnapped.
And when the police have failed to get people back, he and his team will go in and find the missing person and bring them home.
And when the police have failed to get people back, he and his team will go in and find the missing person and bring them home.
Yeah. And the way they do this is fairly violent. Like, all in all caps violent. Yes. Right? Like action movie level violence.
What does all caps mean? I just think that means shouting. So they're just shouting the whole time.
They're not using cap guns, if that's what you're thinking.
A lot of guns. A lot of guns. A lot of knives. A lot of explosives. A lot of trucks that are armoured. All kinds of stuff.
And does that come out well on audio then, on the podcast?
He's retelling these stories. You're not kind of live with him.
He's like, "This happened, this happened, this happened." And our journalist, Sam Walker, is kind of like, "Do I believe him? I don't know. Do you? I don't know. Let's see.
Carry on listening and we'll figure it out together." They're very good at that, aren't they?
He's like, "This happened, this happened, this happened." And our journalist, Sam Walker, is kind of like, "Do I believe him? I don't know. Do you? I don't know. Let's see.
Carry on listening and we'll figure it out together." They're very good at that, aren't they?
Some of the American podcasters, they're very good at that.
Drives me nuts!
And this guy, KC, who claims to be a vigilante, he's a compelling storyteller, isn't he? I mean, he knows how to tell the yarn.
It's just the question of, did this actually happen or not?
It's just the question of, did this actually happen or not?
And does it matter, is my question.
Of course it matters, Chris.
I think, yeah. The journalist in me, I want to know the truth. I want to know what happened. Well, you're going to have to check it out. Yeah, I know.
But I don't want to if it doesn't tell me, because I'll just have the frustration at the end.
But I don't want to if it doesn't tell me, because I'll just have the frustration at the end.
Well, maybe it does tell you. Graham's not finished it yet.
I haven't finished it yet. Are you going to make me listen to all of it to find out?
I'm not gonna make you do anything. But I think you will, because it's compelling.
It is interesting, because there are points where you think, "That cannot be true.
That is just nonsense." But the amount of detail he gives sometimes, apparently off the cuff, about things which happened, you just think, "How could he just make this up?" But see, that's what I'm thinking.
That is just nonsense." But the amount of detail he gives sometimes, apparently off the cuff, about things which happened, you just think, "How could he just make this up?" But see, that's what I'm thinking.
I'm thinking, yeah, no, I was the opposite on that. I think there's so much detail in everything that it makes me feel contrived at times.
Yeah. Sometimes I just think, yeah, I think it's impossible for that to have happened.
But there's also another part of me which wonders, would it be possible to create a podcast where you don't say whether it's fiction? I mean, this doesn't say it's fiction.
It doesn't say it's factual. Where you interview someone and you present it as though it were true.
And it turns out actually this is just an actor I hired and now I've got a top top podcast with hundreds of thousands of people listening to it, believing that this guy really did this.
But there's also another part of me which wonders, would it be possible to create a podcast where you don't say whether it's fiction? I mean, this doesn't say it's fiction.
It doesn't say it's factual. Where you interview someone and you present it as though it were true.
And it turns out actually this is just an actor I hired and now I've got a top top podcast with hundreds of thousands of people listening to it, believing that this guy really did this.
Because it's like the programme, Would I Lie to You? The panel show.
With Rob Brydon.
They just make up stories. With Rob Brydon.
We're back there. I don't know, but it is interesting. I have listened to about 5 or 6 episodes so far. So clearly, I'm slightly intrigued. Right, I'm downloading it.
Thank you for the recommendation.
And I look forward to getting a few messages about it once you've—
Either, "Fuck you, Carole!" A few frustrated messages in caps.
Anyway, that's American Vigilante. It's from Crowd Network, and you can find it wherever you get your podcasts. Enjoy. You've been warned.
Terrific. Well, that just about wraps up the show for this week. Joe, thank you so much for coming on the show. We really appreciate you spending the time. Thanks for having me.
I'm sure lots of our listeners would love to follow you online. What is the best way for folks to do that?
I'm sure lots of our listeners would love to follow you online. What is the best way for folks to do that?
I'm afraid I'm one of those journalists that's addicted to and constantly posting on Twitter. So it's @JoeTidy, J-O-E-T-I-D-Y.
We're going to start calling you guys musky babies.
Yeah, I think Elon's about to rename it, isn't he?
Isn't he going to? My account?
He could do. What, to twatter?
He said he was gonna call it Titter at one point, or maybe give it the, I don't know what he's gonna, anyway.
And you can follow us on Titter at Smashing Security, no G, Twitter aren't allowed to have a G. Maybe Elon will allow us in the future.
And we're also on Reddit, there's a Smashing Security subreddit.
And make sure never to miss another episode, follow Smashing Security in your favorite podcast app, such as Apple Podcasts. And if you fancy it, leave us a review.
Really appreciate it.
And you can follow us on Titter at Smashing Security, no G, Twitter aren't allowed to have a G. Maybe Elon will allow us in the future.
And we're also on Reddit, there's a Smashing Security subreddit.
And make sure never to miss another episode, follow Smashing Security in your favorite podcast app, such as Apple Podcasts. And if you fancy it, leave us a review.
Really appreciate it.
And huge thank you to this episode's sponsors, Kolide and NetFoundry, and to our wonderful Patreon community. It's thanks to them all that this show is free.
For episodes, show notes, sponsorship info, guest list, and the entire catalog of more than 271 episodes, check out smashingsecurity.com.
For episodes, show notes, sponsorship info, guest list, and the entire catalog of more than 271 episodes, check out smashingsecurity.com.
Until next time, cheerio. Bye-bye. Bye. Bye-bye.
271 episodes. So how long has it been going for?
Ah, tell me about it, man. Insane. December 2016, I think we started.
Yep. That is awesome. Congratulations. Thanks. Thank you.
I think it's just stuck to the weekly schedule basically, other than the occasional holiday.
Do you have seasons or something? Or do you literally every week?
We just take off Christmas and so a couple of weeks around then, and sometimes we might take a couple of weeks off around August. But other than that, that's amazing. It's insane.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Joe Tidy – @joetidy
Show notes:
- Jimmy Fallon and Paris Hilton show off their Bored Ape Yacht Club NFTs. — Twitter.
- NFTs Stolen After Bored Ape Yacht Club Instagram, Discord Hacked — CoinDesk.
- Image of scam posted on Bored Ape Yacht Club's Instagram account — Twitter.
- Bored Ape Yacht Club confirms it had two-factor authentication enabled — Twitter.
- Kardashians deny faking Roblox sex tape scene — BBC News.
- How an Army colonel became the face of romance scams around the world — Task and Purpose.
- Army Col. Daniel Blackmon: The accidental face of military romance scams — Task and Purpose.
- Daily Dorries — Twitter (parental discretion advised)
- Hacking the House: do MPs care about cyber-security? — BBC News.
- Rob Brydon's Directors Commentary — YouTube.
- "This Is How Michael Caine Speaks" from The Trip — YouTube.
- American Vigilante — Crowd Network.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: Kolide
At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.
Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.
Try Kolide Free for 14 Days; no credit card required.
Sponsor: NetFoundry
NetFoundry’s OpenZiti is an open source, free and easy way for the world to embed zero trust networking into anything.
Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an Edge Router for any cloud.
No networking engineering skills required. No more pain of inbound ports, VPNs, complex firewall rules, public DNS, and more.
Learn more and try it for yourself at netfoundry.io/smashingsecurity
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
