Clearview AI receives something of a slap in the face, and who is wrestling over an internet wormhole?
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
And don’t miss our featured interview with Artur Kane of GoodAccess.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
They couldn't believe their luck because they thought $50,000, brilliant, nothing, that's nothing, that's probably in the bottom of my shoe somewhere.
Hold on, yes it is.
There's probably someone snorting that in the corporate bathroom right now.
Smashing Security, episode 274, Hands Off My Biometrics and a Wormhole Squirmish, with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 274. My name's Graham Cluley.
Smashing Security, episode 274, Hands Off My Biometrics and a Wormhole Squirmish, with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 274. My name's Graham Cluley.
And I'm Carole Theriault.
And Carole, this time on the show, we are joined by—
No one again.
Oh, for goodness' sake.
But it's not my fault this week.
And it's not my fault either.
It's the stupid guest's fault.
No. Well, no, it's his employer.
Yes.
Who's unfortunately dumped a whole load of work on them at the last moment.
We will get them on at some point.
One day.
We are on our own, but we have a lot of content, so it'll be fine.
Cool.
Don't you think?
Of course it will. Of course it is. It's going to be marvelous.
Of course it will.
It'll probably be better, actually.
Probably. Now, why don't we thank this week's sponsors, Collide, Rumble, and Good Access? It's their support that helps us give you this show for free.
Now, coming up on today's show, Graham, what do you got?
Now, coming up on today's show, Graham, what do you got?
I'm gonna be master of my own domain. Okay.
And I'm just gonna ask, how legal is the whole face printing thing?
Plus, a fabulous featured interview with Artur Kane from Good Access, who's gonna explain anytime, anywhere secure remote access.
All this and much more coming up on this episode of Smashing Security.
Plus, a fabulous featured interview with Artur Kane from Good Access, who's gonna explain anytime, anywhere secure remote access.
All this and much more coming up on this episode of Smashing Security.
Now, chum, remember Carl Sagan.
Remind me.
Astronomer, cosmologist, owner, I imagine, of a tweed jacket. You remember him? He had a kind of— Oh, I can't do a Carl Sagan impression.
Did he send a record into space?
He put everything into space. He's no longer alive.
Right. Yeah, yeah.
He sort of made space popular. Before him, space, hardly anyone noticed it.
Okay, I may be wrong, but I seem to think that he's involved or created an album to communicate with aliens. And it was being played in space.
He might have done.
It may have been something completely different. A listener will correct me on Twitter.
He was an extraordinary American author and science communicator that everyone apart from you looked up to and admired.
Okay, well, I'm maybe too young. I suspect people my age and younger probably don't know him.
Anyway, he had fans around the world, including computer engineer Dick Merriman.
And Dick Merriman, back in 1994, was watching Carl Sagan's famous TV show, which is called Cosmos, with his wife Linda. That's Dick's wife Linda, not Carl Sagan's wife.
And now Carl Sagan, he wrote the book Contact in the mid-1980s. Is that the one with Jodie Foster? I've never seen it.
And Dick Merriman, back in 1994, was watching Carl Sagan's famous TV show, which is called Cosmos, with his wife Linda. That's Dick's wife Linda, not Carl Sagan's wife.
And now Carl Sagan, he wrote the book Contact in the mid-1980s. Is that the one with Jodie Foster? I've never seen it.
The movie, not the book.
Well, he wrote the book.
Right, right, right.
And it was then turned into a movie.
Yeah, I never read the book, but yeah, there was a movie with Steve Guttenberg.
Oh, okay. What, from Police Academy?
I think it's Sagan.
You sure? No. Really?
It's just a podcast. Thank God it's not a test.
Go on. Okay.
People can look it up for themselves. Don't trust me.
Well, when Sagan wrote this book, he needed a way to transport Jodie Foster, who was playing the hero of the story, from Earth to a star which was 8 light years away, which obviously is an astronomically long distance.
And what he used was the concept of a tunnel or a wormhole connecting distant locations in space and time. Quite fascinating thing if you're into all that Einstein kind of gubbins.
Anyway.
And what he used was the concept of a tunnel or a wormhole connecting distant locations in space and time. Quite fascinating thing if you're into all that Einstein kind of gubbins.
Anyway.
Gubbins.
This idea of wormholes blew the mind of our hero of this particular story, Dick Merriman, who was watching this back in 1994.
And he turned to his wife, he says, "I love the idea of a wormhole." "I'm gonna make me one." Yeah, well, no, you're absolutely right.
He said, "We're gonna get a wormhole." Now, he wasn't able to make one in his backyard, unfortunately. It's not that easy.
And he turned to his wife, he says, "I love the idea of a wormhole." "I'm gonna make me one." Yeah, well, no, you're absolutely right.
He said, "We're gonna get a wormhole." Now, he wasn't able to make one in his backyard, unfortunately. It's not that easy.
Right.
So he did the next best thing, and he did what no one had ever done on the internet before, which is he bought the internet domain wormhole.com.
He owned wormhole.com, and that was back in 1994. The website wormhole.com continues to exist to this day. He didn't have any use for wormhole.com as a website.
So he just put an image of a wormhole, a sort of cosmic image, on its single page. And there's a one-line description of what a wormhole is.
He owned wormhole.com, and that was back in 1994. The website wormhole.com continues to exist to this day. He didn't have any use for wormhole.com as a website.
So he just put an image of a wormhole, a sort of cosmic image, on its single page. And there's a one-line description of what a wormhole is.
And he owns a wormhole.
And he owns the wormhole on the internet.
But what he was able to do, of course, is owning the domain meant that he could set up his own wormhole.com email address that he and his wife have used ever since.
But what he was able to do, of course, is owning the domain meant that he could set up his own wormhole.com email address that he and his wife have used ever since.
Okay.
And Dick Merriman, he's now 79 years old, 'cause it was a long time ago when he did this. He's still using that email address, .
Fabulous.
Please don't be so childish.
And he was probably feeling pretty pleased with himself, because if you purchase a vanity domain, if you purchase your own domain for your email, you don't have to go through any of that pain of getting your business cards reprinted, or when you switch from Hotmail to Yahoo to Gmail to ProtonMail or whatever.
And he was probably feeling pretty pleased with himself, because if you purchase a vanity domain, if you purchase your own domain for your email, you don't have to go through any of that pain of getting your business cards reprinted, or when you switch from Hotmail to Yahoo to Gmail to ProtonMail or whatever.
Yeah, that's often the biggest concern. A concern that we all face is getting our business cards changed. You're right.
So that is the end of the story. That's the end of it. That's the end of it.
It's a normal story that you tell.
No, no, no. Shh, shh, shh. No, no. Not the end of a story. Not the end. Because there is more. There is more to tell with this story.
Because 28 years after Dick bought the domain wormhole.com—
Because 28 years after Dick bought the domain wormhole.com—
Okay.
There are other people who are rather keen on owning it themselves. Enter an outfit called the Jump Trading Group.
Jump Trading Group.
Yes.
Okay, this is crypto again, isn't it? Is this crypto?
Well, Jump do have a toe in the world of crypto, yes. Amongst other things.
You're obsessed with crypto.
The whole world is crypto, Carole.
I'm not.
Jump says that they are building the next frontier in crypto infrastructure. They are the firm that is a significant player in the decentralized finance space.
And one of the things that they run is a crypto platform called—
And one of the things that they run is a crypto platform called—
Wormhole.
Wormhole.
And they want to own wormhole.com. So this is a domain fight.
Yeah, this is a domain fight. Now, you might have heard of this Wormhole company because earlier this year, it suffered a $320 million blockchain hack.
No, that's huge.
Yes, it was huge.
But it's also— it was unlike just about every other crypto hack because after Wormhole got hacked, the people who lost all their money actually got their money back because Jump, the owners of Wormhole, did this extraordinary thing of replacing all the stolen funds because it has quite a lot of money in its back pocket.
So it just, it didn't want to upset people. It didn't want them running off.
But it's also— it was unlike just about every other crypto hack because after Wormhole got hacked, the people who lost all their money actually got their money back because Jump, the owners of Wormhole, did this extraordinary thing of replacing all the stolen funds because it has quite a lot of money in its back pocket.
So it just, it didn't want to upset people. It didn't want them running off.
What?
Yes.
So they just said, oh, there's $320 million. No problem. Let me just get that outta my piggy bank.
Exactly. Which is pretty unusual, I think you'd agree.
Whoa. Yeah.
They replaced all the stolen funds.
I mean, it's the way it should be, but you know.
Right. Yeah. So I think it's fair to say that Jump and Wormhole the company have got a few quid.
No shit. Well, maybe not anymore.
Well. Had a few quid. But what they don't have is a good domain name because Wormhole the company hangs out at wormholenetwork.com.
Well, they could have probably done better than that. Wormholee.
Wormhole with the O being a zero, maybe. Something like that.
Anyway, Wormhole may be a hot name in the world of crypto, but anyone who visits, of course, wormhole.com sees Dirk Merriman's tribute to Carl Sagan and wormholes.
Whereas Wormhole, the company, says, well, we are the best of blockchains. That's what you see when you go to their site.
Anyway, Wormhole may be a hot name in the world of crypto, but anyone who visits, of course, wormhole.com sees Dirk Merriman's tribute to Carl Sagan and wormholes.
Whereas Wormhole, the company, says, well, we are the best of blockchains. That's what you see when you go to their site.
And we got a lot of Wonga. Maybe not now, but we did. Yep.
Yes. Yeah. A lot of it's gone down the plug hole. Right. It's not the wormhole.
So Wormhole obviously think there's a future in their business, and they really want to own the domain wormhole.com. So I've now set the scene. So I've taken 10 minutes.
In June 2021, someone at Jump approached Dick Merriman via a third-party domain broker, and they made him an offer for wormhole.com.
So Wormhole obviously think there's a future in their business, and they really want to own the domain wormhole.com. So I've now set the scene. So I've taken 10 minutes.
In June 2021, someone at Jump approached Dick Merriman via a third-party domain broker, and they made him an offer for wormhole.com.
Okay.
Now, considering that they had $320 million burning a hole in their pockets not so very long ago, how much do you think they were prepared to pay for the domain?
No idea. I mean, it's a negotiation, right? This is a site that hasn't been touched in decades. What would you offer?
$5,000? They offered $2,500. Dick Merriman, he got the request. He wasn't impressed. He thought, huh, $2,500. So he responded to the intermediary domain haggling service.
And apparently he said, "The price for wormhole.com is a firm $50,000." He said that's what he was prepared to accept, he said.
And Jump couldn't believe their luck, 'cause they thought, "$50,000." Brilliant. Nothing, that's nothing.
And apparently he said, "The price for wormhole.com is a firm $50,000." He said that's what he was prepared to accept, he said.
And Jump couldn't believe their luck, 'cause they thought, "$50,000." Brilliant. Nothing, that's nothing.
That's probably in the bottom of my shoe somewhere. Hold on, yes it is.
Yeah, there's probably someone snorting that in the corporate bathroom right now. Fantastic.
So Wormhole, the company, pressed the button, say, accept, and the domain-brokering service marked the deal status as agreement reached, and the process of transferring the domain began from Dick to Wormhole.
Uh-oh, no, oh, oh, it didn't.
Because Dick Merriman, who over the course of some days kept receiving messages from the domain broker service, asking him to set up his account and initiate the transfer in exchange for the payment, he began to have second thoughts.
So Wormhole, the company, pressed the button, say, accept, and the domain-brokering service marked the deal status as agreement reached, and the process of transferring the domain began from Dick to Wormhole.
Uh-oh, no, oh, oh, it didn't.
Because Dick Merriman, who over the course of some days kept receiving messages from the domain broker service, asking him to set up his account and initiate the transfer in exchange for the payment, he began to have second thoughts.
Oh.
Yeah.
And by mid-July, having not responded for quite some time, he said, nope, sorry, changed my mind. This was too easy. I'm either leaving a lot of money on the table or this is a scam.
Either way, not for sale. If you want to make a reasonable offer, then you're encouraged to do so.
Either way, not for sale. If you want to make a reasonable offer, then you're encouraged to do so.
OK, this annoys me, I think.
OK.
It annoys me because if you say to someone, what would you like for this? And they give you a number.
Yeah.
And you meet that number.
Yeah.
Shouldn't that be like, OK, we're all handshakes? But then, I don't know.
I mean, I think people have the right to say, "I've changed my mind," shouldn't they? It's difficult, isn't it?
Yeah, I totally— everyone should have a cooling-off period. I agree, actually. Everyone should have a cooling-off period of anything.
And let's remember, Dick, you know, I'm not saying—
But he signed everything and then said nothing for 6 weeks.
Yeah, I mean, he's— well, what he did was when he was first offered $2,500, he said, "No way, $50,000 or whatever, then we're talking." And they came back with $50,000, should he then have had to say, "Okay"?
No, because the way they would have tricked him, if they would have gone back and gone, "Ha ha ha, $50,000? Are you crazy?
No way!" And then he would have gone, "Okay, what about $40,000?" And then you would have been on the train. They just bit too soon. It's just bad negotiation tactics, really.
Anyway, okay, so he's twigged that there's maybe more money there.
No way!" And then he would have gone, "Okay, what about $40,000?" And then you would have been on the train. They just bit too soon. It's just bad negotiation tactics, really.
Anyway, okay, so he's twigged that there's maybe more money there.
So he thinks there's more money there.
Right.
And he's saying, "No, I'm not going to sell it for $50,000." 'You're either scamming me or I could be asking for a little more.' And then in a later email, he ups the price to $100,000 and then allegedly to $200,000.
And Jump were getting annoyed because they wanted wormhole.com. So they threatened legal action for breach of contract.
And they demanded that Dick had to honour the original message saying he would sell for $50,000. Interesting.
Dick replies to them, "Good luck with that." He says, "It's $100,000 is what I'm after." So there's a bit of back and forth, bit of haggling. Jump's still not happy.
They feel they're being messed around.
And Jump were getting annoyed because they wanted wormhole.com. So they threatened legal action for breach of contract.
And they demanded that Dick had to honour the original message saying he would sell for $50,000. Interesting.
Dick replies to them, "Good luck with that." He says, "It's $100,000 is what I'm after." So there's a bit of back and forth, bit of haggling. Jump's still not happy.
They feel they're being messed around.
I mean, yeah, they're already $320 million out of pocket, so I get it, right?
That hack actually happened later. That hack happened this year. This is still mid-last year, right? Anyway, Dick isn't happy. Either because he doesn't want to lose his email address.
Imagine the hassle of having to change it after so many years. He actually told the press, he said, "My email address is like family.
It's been around so long." I mean, Dick, don't forget, he's 79 years old. And it's just him and his wife living in a town with a petting zoo.
There's not much going on there, up against this huge corporation. And who have just filed a lawsuit against him.
And demanding that he also pays their legal fees for all the damages they say that he's caused and the costs.
Imagine the hassle of having to change it after so many years. He actually told the press, he said, "My email address is like family.
It's been around so long." I mean, Dick, don't forget, he's 79 years old. And it's just him and his wife living in a town with a petting zoo.
There's not much going on there, up against this huge corporation. And who have just filed a lawsuit against him.
And demanding that he also pays their legal fees for all the damages they say that he's caused and the costs.
So now they're playing just— they're just going, let's just twist the knife. Okay, yeah, no, I don't like them anymore. I don't like Wormhole anymore.
Right, right. Now, Dick, according to media reports, he says he's now giving up. He spoke to a lawyer. The lawyer said, oh, I'm not interested in taking on this case.
And so Dick has accepted he has to throw in the towel and accept, whether he likes it or not, the offer of $50,000. He says, "I'm tired.
I'm not happy, but I'll take it." He did sign.
And so Dick has accepted he has to throw in the towel and accept, whether he likes it or not, the offer of $50,000. He says, "I'm tired.
I'm not happy, but I'll take it." He did sign.
And he didn't complain within a short period, a cooling-off period.
Well, I don't know if there was a cooling-off period.
No, but there would— I mean, you could argue that there should be, right? That would have been maybe a legal—
He doesn't remember ever signing up for this domain brokering service, which maybe he did do years and years and years ago, just out of curiosity to see what people would offer him.
Apparently Carl Sagan's estate once inquired about the domain as well, and he offered to give it to them for free 'cause he loves Carl Sagan.
And then they decided they didn't want it after all. They wanted to use it for a particular project.
But some people have suggested this domain could have sold for up to half a million dollars if properly negotiated.
But it just feels, you know, when he said, "Oh, you know, oh, I don't accept $2,500, then we've got a deal," is that really a contract?
Is that really him saying, "I will honor this regardless of who comes forward and offers to pay me $2,500"?
Apparently Carl Sagan's estate once inquired about the domain as well, and he offered to give it to them for free 'cause he loves Carl Sagan.
And then they decided they didn't want it after all. They wanted to use it for a particular project.
But some people have suggested this domain could have sold for up to half a million dollars if properly negotiated.
But it just feels, you know, when he said, "Oh, you know, oh, I don't accept $2,500, then we've got a deal," is that really a contract?
Is that really him saying, "I will honor this regardless of who comes forward and offers to pay me $2,500"?
Well, I don't think it was as—
They were on the phone or in person, right? Did he sign his name to something saying, "Yes, an agreement was reached"?
This would all have been on the internet. Would all have been online.
Well, then, yeah. If he put on his electronic signature, I don't know. Really, really great story, Graham. Great.
I just think you don't old people.
Yes, that's my problem.
Well, I've noticed some things.
I just don't you occasionally. It's different.
Carole, what have you got for us this week?
You might remember, Graham, we discussed in the past facial recognition company Clearview AI.
Yes.
Yeah.
For our listeners, this is the software database company of more than 3 billion+ images of faces scraped from websites Facebook, Instagram, LinkedIn, Twitter, that sort of thing.
For our listeners, this is the software database company of more than 3 billion+ images of faces scraped from websites Facebook, Instagram, LinkedIn, Twitter, that sort of thing.
As I recall from past episodes, they had some kind of app which you could buy at a vast price or had special access to where you could go to a bar, scan someone's face, you know, from across the room, and it would give you their name and all their social networking, and, you know, you'd know lots of information about people.
It was horrible.
It was horrible.
Yeah, yeah, literally you can present a picture of anybody and presto, it identifies the right person.
In fact, the company claims that it's 100% accurate, although some reporters have witnessed the software misidentify some people.
In fact, the company claims that it's 100% accurate, although some reporters have witnessed the software misidentify some people.
Yeah.
I mean, can you identify identical twins? You know, Mr. Ton Phat of Clearview AI, can you?
Oh, that's a good point.
And I once used one of those things where you upload your photograph and it says, "We will find your celebrity twin." So I was interested in that and I uploaded myself and it told me Henry Kissinger.
Oh, really? Yes.
And I once used one of those things where you upload your photograph and it says, "We will find your celebrity twin." So I was interested in that and I uploaded myself and it told me Henry Kissinger.
Oh, really? Yes.
Oh my God, I wouldn't wanna know what it would give me.
Anywho, back in 2020, Kashmir Hill of The New York Times, she published an alarming and damning piece about Clearview AI, how it's, you know, been peddled to police departments with 30-day free trials all over the country, how it was being misused by fat cats to identify pretty young things going about their business.
And listeners might remember I got a bit riled, which is why I also covered the story a few weeks later here on Smashing Security.
And basically the premise is, you know, Clearview is offering access to this database to private companies, wealthy individuals, federal, state, and local law enforcement agencies.
And the company claimed that through this enormous database, it could instantaneously identify people with unprecedented accuracy, enabling covert and remote surveillance of individuals on a massive scale.
So, scary much?
Anywho, back in 2020, Kashmir Hill of The New York Times, she published an alarming and damning piece about Clearview AI, how it's, you know, been peddled to police departments with 30-day free trials all over the country, how it was being misused by fat cats to identify pretty young things going about their business.
And listeners might remember I got a bit riled, which is why I also covered the story a few weeks later here on Smashing Security.
And basically the premise is, you know, Clearview is offering access to this database to private companies, wealthy individuals, federal, state, and local law enforcement agencies.
And the company claimed that through this enormous database, it could instantaneously identify people with unprecedented accuracy, enabling covert and remote surveillance of individuals on a massive scale.
So, scary much?
Yeah, it's terrifying, isn't it?
Terrifying. Yeah. So other people thought like us and thought this isn't great, the ACLU of Illinois and friends.
And many of these, the friends representing people who've been face-printed by Clearview without their consent.
And they did something about this way back in 2020, and we have just had an update.
And many of these, the friends representing people who've been face-printed by Clearview without their consent.
And they did something about this way back in 2020, and we have just had an update.
Oh, okay.
But first, you just need to know, and I'm sorry, Graham, I know this is gonna be hard for you, okay? But I have to talk a little bit about how the law works in the States, okay?
Oh, thank goodness. I thought you were gonna say we have to talk about Piers Morgan or something.
No, no, no, no.
That was the first thought I had.
No, no, no, just so people understand. So, you know, we have an international audience.
And so basically in the States, some laws are federal and some are state-based, which is why you have things like jazz cigarettes being available in some states and legal in some states, whereas in other states you face jail time if you're caught with that on your person.
And so basically in the States, some laws are federal and some are state-based, which is why you have things like jazz cigarettes being available in some states and legal in some states, whereas in other states you face jail time if you're caught with that on your person.
Right. Yeah.
And privacy rights for individuals are similar.
So some states like California, New York, Texas, Arkansas, Illinois, there's a few, have started introducing stronger legislation to curb tech companies from mishandling or misusing or abusing personal info.
And some states went even further to these privacy bills and put in a biometric privacy law.
So some states like California, New York, Texas, Arkansas, Illinois, there's a few, have started introducing stronger legislation to curb tech companies from mishandling or misusing or abusing personal info.
And some states went even further to these privacy bills and put in a biometric privacy law.
All right.
And Illinois was the first state to establish one, the Illinois Biometric Information Privacy Act, or BIPA.
How does— not living in the United States, I don't— I mean, I find it hard to get my head around these sort of two levels of laws and things. How does it happen?
How does it work out with things like data?
Because if there are very strict data protection laws in one particular state, or how much they need to keep you private, which aren't being applied in other states, presumably tech companies just have to go by the toughest legislation rather than thinking, oh well, because you live in Alaska, then we can do all kinds of great things with your data.
But do you see what I mean?
How does it work out with things like data?
Because if there are very strict data protection laws in one particular state, or how much they need to keep you private, which aren't being applied in other states, presumably tech companies just have to go by the toughest legislation rather than thinking, oh well, because you live in Alaska, then we can do all kinds of great things with your data.
But do you see what I mean?
Yeah, I totally see what you mean. And I think it's a complete nightmare.
I think it is really a complete nightmare because every single state— but you know what I find odd is in the UK, we have this thing called common law, which just means there is kind of some laws and some precedent, but we're going to leave it up to the judge to make a decision.
It's like you don't really know the laws. Anyway, we digress. Okay.
But you, so BIPA, you would be right to assume that BIPA requires companies to first notify, right, and get a written-up consent before they collect, capture, or obtain residents' biometric identifiers, right?
So before they get fingerprints or face prints or iris scans, they need you saying, yeah, no problem with that.
I think it is really a complete nightmare because every single state— but you know what I find odd is in the UK, we have this thing called common law, which just means there is kind of some laws and some precedent, but we're going to leave it up to the judge to make a decision.
It's like you don't really know the laws. Anyway, we digress. Okay.
But you, so BIPA, you would be right to assume that BIPA requires companies to first notify, right, and get a written-up consent before they collect, capture, or obtain residents' biometric identifiers, right?
So before they get fingerprints or face prints or iris scans, they need you saying, yeah, no problem with that.
Yeah.
And there's a few other states that have a law similar to this, you know, but their own version.
But Illinois is unique because it provides aggrieved parties with a private right of action.
So other states rely on public authorities to bring an enforced action, but here you can be private.
Okay, so the ACLU and the ACLU of Illinois and a bunch of others get on the bandwagon and make use of the Illinois BIPA to make a stink about Clearview's business practices.
But Illinois is unique because it provides aggrieved parties with a private right of action.
So other states rely on public authorities to bring an enforced action, but here you can be private.
Okay, so the ACLU and the ACLU of Illinois and a bunch of others get on the bandwagon and make use of the Illinois BIPA to make a stink about Clearview's business practices.
Yeah.
And they filed a lawsuit on May 28, 2020, alleging violation of Illinois's residents privacy rights under the Illinois BIPA Act.
Okay, okay, yes. That sounds wonderful.
And two years go by.
What was that?
We've just received an update. Right?
Yeah.
So this week, May 9th, a legal settlement was filed stipulating that as part of the settlement in ACLU versus Clearview AI, the company is now permanently banned from making its faceprint database available to most businesses and other private actors.
So basically, your typical guy off the street or girl off the street can't just go and say, I'd like an account, please, and then have access to 3 billion faces.
What's very cool about this is they somehow got it nationwide. So it's not just for Illinois, but nationwide they're going to be banned from doing this permanently.
So basically, your typical guy off the street or girl off the street can't just go and say, I'd like an account, please, and then have access to 3 billion faces.
What's very cool about this is they somehow got it nationwide. So it's not just for Illinois, but nationwide they're going to be banned from doing this permanently.
So the police and co., they will be able to access this data still for law enforcement purposes, is that right?
Yes. So the wording is very interesting, right, on how they— who is going to have access. So it's certain businesses, most businesses, but they're not detailing which ones.
But we do know that Clearview AI certainly boasts that they represent, or they have, 3,100 US agencies using their software, including FBI and the DOJ, right?
Or the Department of Homeland Security.
And what's also weird is on their website they still proudly boast— I mean, I know this just happened yesterday, but the website proudly boasts that Clearview AI search technology is lawful and constitutional.
Even though it has been determined to be illegal in countries like Canada and Australia, 6 months ago, the UK, you know, ICO announced that it had found alleged serious breaches of the UK's data protection laws and issued a provisional notice to stop further processing of all personal data of the people of the UK and to delete it.
But we do know that Clearview AI certainly boasts that they represent, or they have, 3,100 US agencies using their software, including FBI and the DOJ, right?
Or the Department of Homeland Security.
And what's also weird is on their website they still proudly boast— I mean, I know this just happened yesterday, but the website proudly boasts that Clearview AI search technology is lawful and constitutional.
Even though it has been determined to be illegal in countries like Canada and Australia, 6 months ago, the UK, you know, ICO announced that it had found alleged serious breaches of the UK's data protection laws and issued a provisional notice to stop further processing of all personal data of the people of the UK and to delete it.
Yes, but if you're American, you probably think there's a lot of things you're allowed to do in Canada and Australia and the UK which are illegal back in the good old US of A, and they probably can't believe that we allow certain things.
I don't know what, things like stretching owls or something, or juggling yogurts.
I don't know what, things like stretching owls or something, or juggling yogurts.
Yeah, I mean, I know there are some countries that are very, very excited about having this software, right? But it's kind of cool that some countries are banning it.
And I don't know, I mean, what's good about this? I can see it identifying bodies that you can't identify might be a useful use. That's the only thing I can— finding family.
And I don't know, I mean, what's good about this? I can see it identifying bodies that you can't identify might be a useful use. That's the only thing I can— finding family.
I've got bits of my body I'd love to identify. I can't work out what they might be.
Well, my pick of the week will help with that.
Oh, okay. Curious. I'll stay tuned. Do you know what assets are connected to your network? Most organizations don't.
For your security program to be effective, you need an inventory of all your devices so you can make critical decisions fast.
Well, Rumble was made by the creator of Metasploit, which explains why it finds many devices that other solutions miss, including orphaned machines running outdated operating systems.
Quickly find systems affected by the latest security news. Just think of Log4j, SolarWinds, and Kaspersky.
It can even tell you which machines are missing endpoint protection from your local network all the way to the cloud.
Sign up for a free trial and build your asset inventory in minutes. Get your trial at rumble.run. That's rumble.run. And thanks to Rumble for supporting the show.
For your security program to be effective, you need an inventory of all your devices so you can make critical decisions fast.
Well, Rumble was made by the creator of Metasploit, which explains why it finds many devices that other solutions miss, including orphaned machines running outdated operating systems.
Quickly find systems affected by the latest security news. Just think of Log4j, SolarWinds, and Kaspersky.
It can even tell you which machines are missing endpoint protection from your local network all the way to the cloud.
Sign up for a free trial and build your asset inventory in minutes. Get your trial at rumble.run. That's rumble.run. And thanks to Rumble for supporting the show.
So we all know that users these days sometimes have to connect from an unsecured network using any device they have at hand, and companies have no control over the device applications, clouds, and the infrastructure that connects it all together.
This rapid shift in online work created security gaps that bad actors used to the full.
And most importantly, companies need to emphasize the reduction of risk of a data breach if a user's credentials are stolen. This is why you need to check out GoodAccess.
This is a global company based in the Czech Republic with a proven 10-year track record.
They are a bunch of security enthusiasts dedicated to delivering anytime, anywhere secure remote access for small and medium-sized businesses worldwide.
And this begins with a free GoodAccess starter product for unlimited usage by up to 100 employees. Yes, you heard right, 100 employees. Learn more at smashingsecurity.com/goodaccess.
And big thank yous to GoodAccess for sponsoring the show.
This rapid shift in online work created security gaps that bad actors used to the full.
And most importantly, companies need to emphasize the reduction of risk of a data breach if a user's credentials are stolen. This is why you need to check out GoodAccess.
This is a global company based in the Czech Republic with a proven 10-year track record.
They are a bunch of security enthusiasts dedicated to delivering anytime, anywhere secure remote access for small and medium-sized businesses worldwide.
And this begins with a free GoodAccess starter product for unlimited usage by up to 100 employees. Yes, you heard right, 100 employees. Learn more at smashingsecurity.com/goodaccess.
And big thank yous to GoodAccess for sponsoring the show.
Kolide sends employees important, timely, and relevant security recommendations their Linux, Mac, and Windows devices right inside Slack.
Kolide is perfect for organizations that care deeply about compliance and security but don't want to get there by locking down devices to the point where they become unusable.
So instead of frustrating your employees, Kolide educates them about security and device management while directing them to fix important problems.
Sign up today by visiting smashingsecurity.com/kolide. That's smashingsecurity.com/kolide.
Enter your email when prompted, and you will receive a free Kolide goodie bag after your trial activates.
You can try Kolide with all of its features on an unlimited number of devices for free, no credit card required. Try it out at smashingsecurity.com/kolide.
That's smashingsecurity.com/kolide. Kolide, and thanks to Kolide for supporting the show.
And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Kolide is perfect for organizations that care deeply about compliance and security but don't want to get there by locking down devices to the point where they become unusable.
So instead of frustrating your employees, Kolide educates them about security and device management while directing them to fix important problems.
Sign up today by visiting smashingsecurity.com/kolide. That's smashingsecurity.com/kolide.
Enter your email when prompted, and you will receive a free Kolide goodie bag after your trial activates.
You can try Kolide with all of its features on an unlimited number of devices for free, no credit card required. Try it out at smashingsecurity.com/kolide.
That's smashingsecurity.com/kolide. Kolide, and thanks to Kolide for supporting the show.
And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security related necessarily.
Better not be.
Well, this week, my pick of the week was suggested to me by a loyal listener who goes by the name of Yogi.
Oh.
Who we both know, Carole.
Yes, is she a loyal listener?
I think she's tuned into my past picks of the week and think I need some help. And what I've been recommended is a YouTube channel called Owl Kitty.
I will put a link in the show notes. Carole, you can check out Owl Kitty right now. Owl Kitty, real name Lizzie, is a black cat living in Portland, Oregon.
And what Owl Kitty's owner does is he has very—
I will put a link in the show notes. Carole, you can check out Owl Kitty right now. Owl Kitty, real name Lizzie, is a black cat living in Portland, Oregon.
And what Owl Kitty's owner does is he has very—
Adorable.
Very cleverly managed to integrate his cat into famous movie sequences. Presumably using some kind of green screen.
I would watch this film. It's like King Kong of cats.
Right, so what are you seeing, Carole? What are you seeing?
I'm just watching a parody of Jurassic Park. So literally, it's like you've got this monstrous Jurassic Park-sized cat. I'm gonna go look, see if there's another.
So, yeah. So, regular movies, but with this person's cat. And I also saw some behind-the-scenes videos of how they make these, because obviously cats do not perform on demand.
And it may take quite a few takes and some very clever techniques.
And it may take quite a few takes and some very clever techniques.
I love claws. Claws for jaws. Oh, Yogi, very good. You keep them coming. Graham did a whole year of board games once, so we need you.
There's a Fifty Shades of Grey.
Oh my God.
Titanic, all sorts. The Shining. Anyway, lots of fun. Owl Kitty is my pick of the week. Excellent. Carole, what's your pick of the week?
Oh, Graham. Okay. I have to ask you a sensitive question.
Okay.
It's about your danglers. I beg you. Do you think about them? Do you think about them regularly?
Are you talking about a medallion or something? I don't wear a medallion. Is that what you mean by dangler?
No, between your legs. Danglers. Do you have hopes and dreams for them?
Yes, yes.
What are they?
Big plans. I've always had big dreams, I tell you, as to what their future might be. Often not achieved, but it would—
But what? What role do they play?
What role do they play? Well, they have a very important role. I use them every day. In a variety of ways, mostly— Are we talking about the same thing? I don't think so.
What are you talking about?
What are you talking about?
What is your problem here?
What are you talking about? Put me out of my misery.
Your ballsack.
Oh, for God's sake, Carole. Really? Yes.
I said I was polite with the word.
What do you mean hopes and dreams for it? It's, you know—
Well, exactly. I think it's a very weird thing to say about that as well, right? I'm with you on that. What a weird question. Well, it turns out some people do.
It seems that some people perhaps wonder if their danglers feel left out of the whole, you know, deep penetration testing activity that might go on north of their location.
That's a bit security related.
It seems that some people perhaps wonder if their danglers feel left out of the whole, you know, deep penetration testing activity that might go on north of their location.
That's a bit security related.
But you know, is this a sex thing? Is this what you're talking about?
Yes, yes. Well, well, you tell me once you see it.
Okay.
And, and someone decided that, you know, maybe they too could get in on some of that deep penetration testing activity.
So I'm going to introduce you, without further ado, let me introduce you to what must be the most fantastical piece of erotic paraphernalia I've ever seen. The Balldo.
So I'm going to introduce you, without further ado, let me introduce you to what must be the most fantastical piece of erotic paraphernalia I've ever seen. The Balldo.
The Balldo.
The Balldo.
Okay.
Okay. So check the link in the show notes. Let's have a look. And you can describe it to our listeners.
The world's first ball dildo. How does this work? So— Oh, I'm really confused.
So you have a piece of silicone shaped kind of torpedo.
Yes.
With two circular holes on either side of the shaft so you can smoosh in your orbs.
Wouldn't that be rather painful?
Well, yes, it turns out that yes, because journalist Eric Ravenscroft road tested this, and his findings were less than satisfactory.
Let me give you a few quotes here from his road test.
Let me give you a few quotes here from his road test.
Oh, I can see he scored it 2 out of 10. I wonder why it got 2.
Yes, 2 out of 10. This is from Wired.
It's apparently, quote, it was challenging with an uncomfortably large girth, requires lubrication, which impedes the application process because, you know, the things slip out.
And very awkward angles. So, can I just—
It's apparently, quote, it was challenging with an uncomfortably large girth, requires lubrication, which impedes the application process because, you know, the things slip out.
And very awkward angles. So, can I just—
Journalists—
Get sent a lot of shit.
Journalists used to be like Woodward and Bernstein, right? They would investigate Watergate. They would bring down presidents.
And The Wired have hired someone to put his cock and balls into a bit of pink silicone, smooshing them in.
And The Wired have hired someone to put his cock and balls into a bit of pink silicone, smooshing them in.
Okay, this is not what I think happened.
What I think happened is he gets to work, dum-da-dum-da-dum, going through the press releases, dum-da-dum-da-dum, "Bald-o, the world's first ball dildo." And he was like, "Hello," and then asked his editor if he could do it, wrote a great story that I actually really giggled at.
I found it very fun. So if you want to read it, it's in Wired by Erica Ravenscroft. And the world's first ball dildo. And that is my pick of the week.
He calls it a Dadaist interrogation of the very concept of pleasure.
What I think happened is he gets to work, dum-da-dum-da-dum, going through the press releases, dum-da-dum-da-dum, "Bald-o, the world's first ball dildo." And he was like, "Hello," and then asked his editor if he could do it, wrote a great story that I actually really giggled at.
I found it very fun. So if you want to read it, it's in Wired by Erica Ravenscroft. And the world's first ball dildo. And that is my pick of the week.
He calls it a Dadaist interrogation of the very concept of pleasure.
Oh, call me Dada. All right. Well, I have questions, none of which I want to ask on the podcast.
I have not tested it. So you may want to email Eric.
I imagine, Carole, you would find it hard to test. I would hope. Well, thank goodness at the very least that there are vendors out there who like to sponsor our podcast.
I had this really interesting chat all about VPNs with Artur Kane of Good Access. Check it out. Shall we crack on and see how we do?
Let's do this.
Okay. So Artur Kane is a chief marketing officer at Good Access. This is Good Access is a global company based in the Czech Republic with 10+ years on the market.
And this team at Good Access is made up of 50 security enthusiasts dedicating themselves to delivering anytime, anywhere secure remote access. Very warm welcome to you, Artur.
Thanks for coming on the show.
And this team at Good Access is made up of 50 security enthusiasts dedicating themselves to delivering anytime, anywhere secure remote access. Very warm welcome to you, Artur.
Thanks for coming on the show.
My pleasure. Great to talk to you finally, Carole. How are you today?
I'm great, thank you. I think you're the first interviewee that's ever asked me that. So thank you very much.
Well, let's make sure that we're all comfortable in our seats here.
Now, we are going to chat about all things VPNs. But first, maybe we should start with the work landscape and how it's changed from your perspective.
Well, it's changed tremendously over the past few years, obviously, since the pandemic kicked in. Most of the workers left the office and started working from home.
And immediately companies had to respond and sort of become more digital than ever and make sure all these workers and consultants can access their systems from remote and at the same time be protected.
And if the company wasn't ready for that, they had to do quite a lot to, from day one, be able to operate as usual.
And so what we see a lot is most of these workers and remote consultants, they tend to use whichever device is at their hand.
And suddenly companies lost control over the endpoints and devices that workers use to access critical systems, which increases the potential of data loss, data breach, and other risks.
And immediately companies had to respond and sort of become more digital than ever and make sure all these workers and consultants can access their systems from remote and at the same time be protected.
And if the company wasn't ready for that, they had to do quite a lot to, from day one, be able to operate as usual.
And so what we see a lot is most of these workers and remote consultants, they tend to use whichever device is at their hand.
And suddenly companies lost control over the endpoints and devices that workers use to access critical systems, which increases the potential of data loss, data breach, and other risks.
You're totally right, because you've got workers working from home, they may be using their own machines, they're tunneling in God knows how into the network, they're plugging in their own IoT devices and plugging into their own home network.
So it's kind of a nightmare for the IT guy in charge, I imagine.
So it's kind of a nightmare for the IT guy in charge, I imagine.
And, you know, not all companies have IT guys and girls, right?
So smaller companies, especially, you know, software developers and marketing consultancy firms, they don't always have IT department to take care of these things.
So it's often, you know, business C-level owner, co-founder who suddenly needs to, you know, step into the role of IT guy and do this stuff.
So smaller companies, especially, you know, software developers and marketing consultancy firms, they don't always have IT department to take care of these things.
So it's often, you know, business C-level owner, co-founder who suddenly needs to, you know, step into the role of IT guy and do this stuff.
Exactly. Okay. So you've got these smaller companies with maybe less IT savviness available. What does this whole new landscape mean for privacy and security at the company?
SPEAKER_02. I would actually start to explain the VPN landscape if you allow me.
SPEAKER_02. I would actually start to explain the VPN landscape if you allow me.
Please do. SPEAKER_02. Most of us know VPNs from the ads on YouTube, telling us that we should protect ourselves and anonymize what we do on the internet and evade surveillance.
But VPN has been here for decades, and bigger companies with their IT departments, with their systems hosted in data centers or more recently clouds, had to find a way how to create a secure tunnel which is encrypted to access these systems remotely.
And VPNs, they served this way for many years.
For decades now, the main problem with traditional VPNs, while they establish the point-to-site secure remote access, they usually tend to give free access to whichever site the user is connecting to.
So once they get access to the VPN, to the tunnel, they can go to the data center and exploit anything that's in there.
So in modern approach to VPNs, and modern approach to how do we secure network traffic, privacy, and data over the public internet, the concept of zero trust emerged.
And zero trust essentially means not providing access to everyone everywhere, but do a use case or role-based access to whichever specific data and systems they need for their work, crucially, and lowering the potential of the business breach, if that makes sense.
But VPN has been here for decades, and bigger companies with their IT departments, with their systems hosted in data centers or more recently clouds, had to find a way how to create a secure tunnel which is encrypted to access these systems remotely.
And VPNs, they served this way for many years.
For decades now, the main problem with traditional VPNs, while they establish the point-to-site secure remote access, they usually tend to give free access to whichever site the user is connecting to.
So once they get access to the VPN, to the tunnel, they can go to the data center and exploit anything that's in there.
So in modern approach to VPNs, and modern approach to how do we secure network traffic, privacy, and data over the public internet, the concept of zero trust emerged.
And zero trust essentially means not providing access to everyone everywhere, but do a use case or role-based access to whichever specific data and systems they need for their work, crucially, and lowering the potential of the business breach, if that makes sense.
Right, so what you're saying is, as well, zero trust means just do not trust that the network is safe. SPEAKER_02. That's right.
And do not trust the user unless they authenticate, unless they provide their identity, unless you provide sufficient rights to do whichever job they need to do necessarily, but not more than that.
We can layer the security into, I would say, network, application, data, and users.
So on the data side, definitely, we need to check changes, we need to log access to the data for post-compromise analysis.
We also need to check for malicious code, but then at the same time, when we don't have the pattern or the database of known codes which antiviruses and IDPS systems use, we check for anomalies in the traffic and strange patterns that may indicate a potential security breach or an attacker trying to...
And do not trust the user unless they authenticate, unless they provide their identity, unless you provide sufficient rights to do whichever job they need to do necessarily, but not more than that.
We can layer the security into, I would say, network, application, data, and users.
So on the data side, definitely, we need to check changes, we need to log access to the data for post-compromise analysis.
We also need to check for malicious code, but then at the same time, when we don't have the pattern or the database of known codes which antiviruses and IDPS systems use, we check for anomalies in the traffic and strange patterns that may indicate a potential security breach or an attacker trying to...
Right, okay. So maybe we can pivot here. So imagine I'm a small company, right, and I'm listening to you and I'm going, yeah, I'm sure I'm a bit exposed in the stuff I do.
What would be my next steps? How would I go about establishing that and making this work? Is it complicated? Do I need an IT guy? How does it work? SPEAKER_02.
So what I suggest to smaller companies is to focus on technologies who cover most of their use case in a single dashboard.
So instead of trying to deploy VPN for remote access and then working on firewall rules to restrict access and the network access control and then securing endpoints, what modern VPNs delivered from cloud as a service offer is that you sign in, create your team, you add users in there, they download client applications.
With their client applications, they can get access to whichever systems they need based on zero trust principles.
They're also protected from online threats, which means they carry their security, whichever device they use and wherever they connect from.
It shouldn't be that hard — if it is, it's probably not the tool for you.
What would be my next steps? How would I go about establishing that and making this work? Is it complicated? Do I need an IT guy? How does it work? SPEAKER_02.
So what I suggest to smaller companies is to focus on technologies who cover most of their use case in a single dashboard.
So instead of trying to deploy VPN for remote access and then working on firewall rules to restrict access and the network access control and then securing endpoints, what modern VPNs delivered from cloud as a service offer is that you sign in, create your team, you add users in there, they download client applications.
With their client applications, they can get access to whichever systems they need based on zero trust principles.
They're also protected from online threats, which means they carry their security, whichever device they use and wherever they connect from.
It shouldn't be that hard — if it is, it's probably not the tool for you.
Tell me, how is Good Access making an offer for helping people get started with VPN?
So we believe that, and our driving force of everything we do is believe that if businesses want to empower their users with secure and we call it anytime, anywhere access to their digital assets, they should be able to do it with no hassle.
And in line with that, we recently launched our free version, which is free for up to 100 users, no limitations in terms of bandwidth, speed. There are no ads in there.
It's really what we give away to the world for making us happy and making us part of it for the last 14 years.
So the easiest thing is to go and create an account, get your 100 users in there.
You get online threat protection wherever you browse and whichever sites you go to, and you get secured access to your company resources with that.
Of course, if you want to go higher and need to control identity-based zero-trust access, etc., we have paid plans.
So just make sure to check whichever features and use cases are for you.
And in line with that, we recently launched our free version, which is free for up to 100 users, no limitations in terms of bandwidth, speed. There are no ads in there.
It's really what we give away to the world for making us happy and making us part of it for the last 14 years.
So the easiest thing is to go and create an account, get your 100 users in there.
You get online threat protection wherever you browse and whichever sites you go to, and you get secured access to your company resources with that.
Of course, if you want to go higher and need to control identity-based zero-trust access, etc., we have paid plans.
So just make sure to check whichever features and use cases are for you.
So some people I've heard say, oh, people only use VPNs if they're up to bad stuff, like streaming stuff they shouldn't be streaming and all this. What do you say to that?
That they are right.
Most of the VPN market is consumer VPNs, and many of those consumers are bad actors who are trying to evade surveillance, who are trying to anonymize their service, who are trying to access applications or services that are otherwise not allowed or operating in their country.
And consumer VPNs, they create encrypted connections that conceal their identity, location, and information.
They provide this sort of anonymity to individual users, and they do use it to bypass content restrictions, etc. This is not the use case for business VPNs.
Business VPNs create private connections that complete data privacy and sort of conceal sensitive business data from online threats and unsecure public networks, etc.
So what we do is to check whether you are a company before we give you the free product. And then we also check for activities such as abuse.
So I do not recommend to use BitTorrent when connected to business VPN. It is a potential security threat to the company operating the VPN.
So we help them in the way that we report them such activities.
Most of the VPN market is consumer VPNs, and many of those consumers are bad actors who are trying to evade surveillance, who are trying to anonymize their service, who are trying to access applications or services that are otherwise not allowed or operating in their country.
And consumer VPNs, they create encrypted connections that conceal their identity, location, and information.
They provide this sort of anonymity to individual users, and they do use it to bypass content restrictions, etc. This is not the use case for business VPNs.
Business VPNs create private connections that complete data privacy and sort of conceal sensitive business data from online threats and unsecure public networks, etc.
So what we do is to check whether you are a company before we give you the free product. And then we also check for activities such as abuse.
So I do not recommend to use BitTorrent when connected to business VPN. It is a potential security threat to the company operating the VPN.
So we help them in the way that we report them such activities.
Right. Okay. So this is definitely not for the home market.
This is definitely for small and medium-sized businesses and as well as enterprise businesses, depending on what requirements they have.
This is definitely for small and medium-sized businesses and as well as enterprise businesses, depending on what requirements they have.
That is very much correct, Carole.
And if you're an enterprise and you're not into paying for a system integrator to do all your IT for you and you want to do it yourselves, you want to spend more time in strategic activities rather than operating standard technologies like VPN or access control.
Good Access is definitely the right product for you.
And if you're an enterprise and you're not into paying for a system integrator to do all your IT for you and you want to do it yourselves, you want to spend more time in strategic activities rather than operating standard technologies like VPN or access control.
Good Access is definitely the right product for you.
Fantastic. Is there anything else that you want to touch upon?
I just want to say that I do really appreciate everything you do here in Smashing Security.
I think you're absolutely the greatest in, you know, spreading the word about what security really means, not trying to necessarily scare everyone with the number of ransomware and breaches, etc., but giving them practical information in their day-to-day operations.
So if there's something to leave with, I'm not going to push any more of Good Access and just want to appreciate what you do.
I think you're absolutely the greatest in, you know, spreading the word about what security really means, not trying to necessarily scare everyone with the number of ransomware and breaches, etc., but giving them practical information in their day-to-day operations.
So if there's something to leave with, I'm not going to push any more of Good Access and just want to appreciate what you do.
Wow, that's very kind. Now, listeners, as Artur has told us, he does have this fab giveaway if you are a small business. So please visit smashingsecurity.com/goodaccess.
That's smashingsecurity.com/goodaccess. Smashingsecurity.com/goodaccess and try the Good Access VPN for free for up to 100 users. No limitations, no ads, no tracking.
Artur Kane, thank you so much for coming on Smashing Security. It's been a pleasure.
That's smashingsecurity.com/goodaccess. Smashingsecurity.com/goodaccess and try the Good Access VPN for free for up to 100 users. No limitations, no ads, no tracking.
Artur Kane, thank you so much for coming on Smashing Security. It's been a pleasure.
Thank you so much for having me. Likewise, and hopefully we'll talk soon.
Fantastic.
Oh, that was really interesting. Well done, Carole, and thank you, Artur, for coming on the show as well, and it just about wraps up the show for this week.
You can follow us on Twitter @SmashingSecurity, no G, Twitter won't allow us to have a G. And we also have a Smashing Security subreddit.
And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Google Podcasts.
You can follow us on Twitter @SmashingSecurity, no G, Twitter won't allow us to have a G. And we also have a Smashing Security subreddit.
And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Google Podcasts.
And massive shout out to this episode's sponsors, Kolide, GoodAccess, and Rumble, and of course to our wonderful Patreon community. It's thanks to them all this show's free.
For episode show notes, sponsorship information, guest list, and the entire back catalog of more than 273 episodes, check out smashingsecurity.com.
For episode show notes, sponsorship information, guest list, and the entire back catalog of more than 273 episodes, check out smashingsecurity.com.
Until next time, cheerio, bye-bye. Bye.
Do you want to redo the beginning of my pick of the week?
Why? What did I say?
Because you had no idea. Were you— did you really not know what I was talking about?
No, I hadn't clicked on it. I couldn't understand. So, with the ball dome, you actually put your balls—
You shove your testes into that hole.
And that then goes into your sexual partner as well as your penis.
Well, whatever order— No, not your penis.
What?
Not your penis. Your penis is just lying around.
What?
Yes.
What, off the dining room table? Where have you left your penis? Have you ever had sex? You can't detach your penis. We're not octopuses or something. Or seahorses.
Who— What's the animal which— I don't— Actually, I'm not sure any animal detaches its penis.
Who— What's the animal which— I don't— Actually, I'm not sure any animal detaches its penis.
No, there is one. There is one.
Is there?
Yeah.
Does it have its own little outboard motor or something for getting around? It breaks off.
It just breaks it off and goes, "I'm bored now. Bye. You can keep it. Keep the change. Keep the tip." Oh my goodness.
Let's just stop recording.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Show notes:
- Carl Sagan – Cosmos – Space Travel — YouTube.
- Wormhole.com
- 'Tired' Carl Sagan Fan Sells Wormhole.com to Crypto Giant Jump for $50K After Lawsuit — Decrypt.
- ACLU vs Clearview AI — American Civil Liberties Union.
- Clearview AI Offered Free Trials To Police Around The World — Buzzfeed News.
- US State Privacy Legislation Tracker — IAPP.
- The Secretive Company That Might End Privacy as We Know It — The New York Times.
- In Big Win, Settlement Ensures Clearview AI Complies With Groundbreaking Illinois Biometric Privacy Law — American Civil Liberties Union
- OwlKitty — YouTube.
- Review: The Balldo Made Me Rethink Sex in the Most Absurd Way Possible — Wired.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: Kolide
At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.
Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.
Try Kolide Free for 14 Days; no credit card required.
Sponsor: GoodAccess
GoodAccess – Free Business Cloud VPN for up to 100 Users.
Get a cloud VPN with strong network encryption and unprecedented online threat protection. No hardware. 100% free. Just create your team and enjoy GoodAccess forever.
Check it out now at smashingsecurity.com/goodaccess.
Sponsor: Rumble
Rumble, made by the creator of Metasploit, finds many devices connected to your network that other solutions miss, including orphaned machines running outdated operating systems.
It can even tell you which machines are missing endpoint protection, from your local network to the cloud.
Sign up for a free trial and build your asset inventory in minutes. Get your trial at www.rumble.run
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
