Smashing Security podcast #277: Bad bots, cheeky ransoms, and good deepfakes

So here's what I'm thinking. I think I would find it quite hard to round up five poor kids. So you would just dress up the rich kids as poor people? Because that's what you would do. This is what I'm wondering. If I was desperate to get my files back, would I think it's actually easier to go down the local amateur dramatics group and hire some people to pretend to be homeless? Would I be able to do that? Poor little Timmy. Tiny Tim, Tiny Tim on his crutches. That's right. Smashing Security, episode 277. Bad bots, cheeky ransoms and good deepfakes with Carole Theriault and Graham Cluley. Hello, hello and welcome to Smashing Security, episode 277. My name's Graham Cluley.

And I'm Carole Theriault. And this week, Carole, we are joined by a special guest, somebody who's been on the show before. It's our great pleasure. Drum roll, please, to announce the return of Ray Redacted. Hello, Ray.

Hello, hello. It is good to be back.

Welcome, Ray. The crowd goes wild.

How are you doing? Thank you. Thank you very much. It's good to be back. It's been too long. But I have been listening, so I am up to speed.

Good, because we would have tested you, obviously. Just to make sure. In what episode did Carole call Graham a dingbat?

261 through 269. That was an eight episode run.

Oh, yeah, it was, wasn't it? It was a bumper season that one.

We have a lot to cover today. Should we get the show on the road, boys?

Sure thing. Let's thank this week's sponsors, Bitwarden and Collide. It's their support that help us give you this show for free. Now, coming up on today's show, Graham, what do you got?

Oh, I'm going to be talking about ransom acts of kindness.

Okay, what about you, Ray?

I'm going to be talking about

And I'm going to be looking at some deepfake dramas all this and much more coming up on this episode of Smashing Security. Now chums, chums, ransomware, dun dun dun. I know it's in the news all the time, you can't stop talking about it, how many times we talked about this. There's been all kinds of weird ransomware, unusual things which ransomware has done. I remember a piece of ransomware called Popcorn Time. Sometimes I talk about it in presentations because it's quite unusual. It gives you an option. When it asks you to pay the money, it says, look, you can pay us the old-fashioned way. You can go and get yourself some Bitcoin and you can transfer the Bitcoin to us.

bad, bad bots, what you going to do?

So don't worry. Oh, my God. It's a pyramid scheme.

Yeah. You've become an affiliate. You now have a second job. You're working now as part of the ransomware gang.

And everyone now has a sullied reputation a little bit that they keep private. So that was a good one, Popcorn Time. There's also one called N-Ransom. What that did was it displayed pictures of Thomas the Tank Engine. Not a euphemism. And what it did was it demanded you send 10 nude pictures of yourself as payment. Or if you're particularly keen to get the decryption key maybe only send five nude pictures, they might prefer that, I don't know. But yeah, a rather unusual piece of ransomware that. And there was ransomware was one which actually came with an embedded video arcade game, an old style arcade game. You had to reach a certain high score inside the game to decrypt your files.

Goodwill ransomware. Yeah. Okay. Not goodwill hunting or something like that. Educate me.

Well, in many ways, it's pretty normal, right? It infects your Windows PCs. It encrypts your documents, your photographs, your videos, your databases, all of the data that you actually want. But rather than demanding thousands of dollars worth of cryptocurrency in exchange for the decryption key, the Goodwill ransomware wants you to do something else. It wants you to perform three acts of kindness.

Do they give me a list of what that is?

Yes, they do. They don't only ask for three acts of kindness. They also ask you to record them on video and share the proof online as well as with the ransomware organizers in order to get your decryption key.

Okay, I've done a few acts of kindness just today. Can I just name some and you tell me if they'd fit in?

Now, Carole, it's not the humble brag virus.

This is pretty low bar here, I've got to say. I emptied the dishwasher. It doesn't just benefit me.

Wow, that's actually very kind. That's kind of two. What kind of sandwich did you make?

Tuna and organic cucumber.

Oh, that sounds good, actually. Yeah. So that doesn't count. That counts as two, actually. I think we'll decrypt your files now. Well, no. Thanks. Hang on. Ray, what kind of criminal enterprise are you running? The sandwich is a very exceptional act of kindness.

It's not that big, really. Well, I'll remember that, Graham. I think you've basically decrypted one GIF file.

As an artist, that probably would matter. I don't think that's very good. Now, the Goodwill ransomware displays a message. In fact, it displays a multi-page message in its manifesto when it infects you. It says, "We're not hungry for money or wealth, but kindness. We want to make every person on the planet to be kind and want to give them a hard lesson to always help poor and needy people." So, Carole, I'm afraid your co-worker or emptying the dishwasher isn't good enough for them. They want you to take a deep breath, look around for all of those who need help. No, but it's not helping the planet much by just buying stuff. I just think a lot of people have a lot of stuff that's in pretty good nick that they don't use.

Well, maybe if you washed it beforehand. Of course. Another act of kindness, by the way, on the scoreboard. Thank you, Carole, for demonstrating human cleanliness and for washing before we're recording this podcast. And reducing waste, right? They want you to post the evidence of this on Facebook, Instagram, and WhatsApp to encourage others.

Yeah, spread the word. Spread the word of goodness.

Spread the word. So that's the first thing. Ray, what clothes would you donate?

There are other people living in this house. I made my co-worker a sandwich for lunch.

Well, I was actually going to go buy new clothes.

Let's move on to act number two. So once you've done that and you've shared it online with the appropriate hashtags and shared it with the criminal masterminds as well, we need to go on to the second act. And what this involves is finding five poor children under the age of 13 and taking them to Domino's, Pizza Hut or Kentucky Fried Chicken and allow them to order any food that they wish. What do we think of that?

I wonder how the parents are going to feel about that. Where's little Ricky? Where's little Ricky? Where does he go? So they're all down on the Mickey D's.

Kidnap five children and take them to the restaurant. It's a bit odd, isn't it? Random children. The brand placement seems a little bit conspicuous. They actually have mentioned the actual specific brands there.

Yes. I bet there's PR meetings going on right now going, "Can we make sure we are not involved in this in any way? Why were we named?"

So you think maybe Domino's Pizza are a thing. Could someone in marketing be behind this ransomware? Are we doing this to drive sales?

Well, you know, it's really funny that you would say that because when the invasion in Ukraine happened and all those Conti ransomware group files leaked. First of all, it turned out that their inner workings was like a bad corporation. I mean, they had layers of hierarchy of management and they were using tools like EDR. But a lot of the employees thought they were working for a marketing company, an ad company. That's what they were told. So maybe it was for Pepsi, KFC, or Domino's.

Thank goodness I'm no longer working for Disney. I'm working for the Conti ransomware gang. I can sleep soundly at night now.

So I've kidnapped five kids. Kidnapped five kids. I've gone shopping for people in the city that need it. And they want you to take selfies of you and the kids full of smiles, happy faces, build a beautiful Instagram story with these pictures, screenshot the bill, send an email to us, they say, with the link to get your files back. I'll take on the $300,000 hit. I'll take this on you.

Again, take lots of selfies of them full of smiles and happy faces. Record audio while the whole conversation between you and them takes place and send it to the ransomware gang. You see, I've got two issues here, I think.

good Samaritan if you have a gun pointed at your head? Right. Right? And what are they good Samaritans by pointing the gun? with the money. But Carole, I guarantee you that's probably an option.

I didn't even want in the first place. Yeah. It is peculiar, isn't it? So here's what I'm thinking. Why? Could you live in a rich neighborhood? many people who live near me, right? I would have the proud. On his crutches. That's right. Why isn't one of the things there, can you give to one of these five recognized charities? Right. But maybe that's too easy. also say online that you've done it. You know? it's a bit of a humble brag, Ray was saying earlier, isn't it? Oh, you're not saying I'm generous. You're saying I was forced by a ransomware gang. Normally, I would never donate the money. But in this exceptional circumstance, I am prepared to.

Well, you'll know if you watch LinkedIn, because LinkedIn would become overrun with all these pictures and everyone would have five kids in their photo. Exactly five. Well, that's possible. But I'm also imagining some future Michael Douglas movie where there he is in the office.

You know, he is alive. He seems alive. 77. Anyway, so Michael Douglas, I can imagine him in a movie getting requested to do various. thought of this when you were having a poop or something, right? Tie Piers Morgan's shoelaces together. Something that. Okay, well, good. You're perfectly sane. The world of cybersecurity is not sane, Carole. I'm just, here I am predicting the future. But why KFC? It just seems such a random list of, you know, it's not Chuck E. Cheese or, you know, something that's friendly for kids. is Chuck E. Cheese? Oh, Graham, Chuck E. Cheese is this child horror show with animatronic puppets that sing to the children and they play arcade games. that sounds certainly more attractive than Kroll's Chicken with a Chubby. Well, Graham Carole, when you were children, were you taught that there were good bugs and bad bugs?

fine. Oh, no, I think, yeah, some bugs were pretty mean, yeah, pretty evil. So here, deep in the heart of Texas, we were taught that certain bugs were good bugs and certain bugs were bad bugs. You didn't kill certain spiders because they would eat mosquitoes and you wouldn't kill certain snakes because they would do this or that. But everything was classified as either a good bug or a bad bug. And then it was only much later in life that you kind of realized that in an ecosystem, there's not really necessarily good and bad. It's just that everything is kind of in a reliance. And this is the case even though there's been a marked increase in the number of people playing Wordle and things like that. Absolutely, for sure. Well, there may be bots playing that. There may be bots playing that at this point. Oh, goodness. So this is why we always have to deal with all those captchas that say, you know, identify which shoe is a clown shoe or whatever that is. And they show you a bunch of pictures of feet or whatever. I don't know. Maybe I'm on different websites than you are. Ray, you're going to have to backtrack a little bit because you're getting very technical for me. Kanye West does a shoe drop. Correct. And that's largely a bot. Did you mean it's largely a boot? No. What does all this mean? When items are extremely scarce, people have written programs to try to defeat the limitations of that thing. So ticket scalping was the first killer app, right? They would set up these bots so that when the tickets went on sale at 9:01 a.m., the bots would grab up all the best seats, and they would pretend to be humans, and then basically the scalpers would resell those. Well, they do that with shoes now, too, because Kanye will drop a shoe that's MSRP is maybe $169, and they'll go for thousands. So people can actually rent bots to try to get shoes, to try to get tickets, or they can just simply outsource that.

Right. So basically, one in two times you're on the internet, you're talking to a bot probably.

Well, in certain social and dating websites, it would be much, I was following the instructions to the letter. much higher than that. Right. Like if we think back to I did not realize I got to bend the rules. But certainly jackets, socks, I believe, are very popular or very in-demand socks. Ashley Madison, Ashley Madison was almost all bots. And certainly clean new underwear, I think. It was almost 100% users that were there to try to I would think there would be a demand for that as well. get more money from you. Not the teabag thongs that you're envisioning with the jewelry.

Fembots. Yes, all the women were actually robots, weren't they? They were cracking a look at. My goodness.

Yeah, but what do you think can be done? Do you think that we need to be more attentive, being aware that there's bots out there? Does it change our behavior in any way, do you think?

Well, I think that the folks from Imperva really talk about the level of severity of types of things. So obviously things that are data scraping or stealing credentials, that's a very serious issue that needs to not only be monitored, but also mitigated. And they make recommendations for certain types of mitigation around proxies and things like that. But also they just think that awareness will drive a lot more. Awareness is sort of the very first step for that side, and especially with regards to account takeovers. And you know, we talk a lot about multi-factor authentication circumvention. And a lot of these bots are now being designed specifically to look like they are the telecommunications company asking for those tokens. And so just always remember, never give out your MFA token unsolicited. No company will ever ask you that without you requesting it first, right? And then they also talk about the fact that when it comes to account takeovers, just like dwell time is extremely important in cyber breaches, detection of account takeovers is extremely important so you can shut it down.

So we'd really be looking for websites and services to do a better job at determining inauthentic behavior, I think. I mean, the simplest way to do that is with things like CAPTCHAs. Does the pole count as the traffic light? I've always wondered that. Is it the actual light or is it the pole too?

Well, I always worry that am I feeding all this information? Am I making it easier for some evil artificial intelligence inside Google to identify the difference between a yacht or a zebra crossing or a traffic light, such that they will then ultimately be able to invade our cities.

That's a really good point. I think you should start acting like some kind of animal or something. There's a guy actually in Japan who's paid, what?

Oh, the collie dog man. Yes. He decided he didn't want to be part of humanity anymore and he's now got himself a lifelike dog outfit. I think we should put it in the show notes.

It's probably been used actually to run hordes and hordes of bots, isn't it? This is probably exactly how it's all happening. Interesting, interesting, because Colab has a not allowed here list, okay? And it includes things like using a remote desktop or SSH, connecting to remote proxies, mining crypto, running DDoS or DoS attacks, password cracking, and using multiple accounts to work around access resource usage restrictions, okay? And they've added to that creating deepfakes.

Well, we saw this actually a few weeks ago when I had a pick of the week, which was that Gerry Anderson documentary. And Gerry Anderson, of course, has been dead for a few years. And his family, they had an audio recording of him being interviewed.

Yeah. Think of Forrest Gump where he meets JFK and other historical figures. The creation of that scenario cost millions of dollars, right?

But for the purposes of the movie, they wanted Gerry Anderson talking and they did a remarkable job through deepfake technology. And you were watching this thing and you completely forgot that it was synthetic media. I mean, that's a good point.

Whereas deepfake could democratize the cost of this VFX tech. And to make it a fraction of cost, which means that people can do cute deepfake videos. I saw one, which was adorable, called Home Stallone, right?

Better than animating him in the old Thunderbirds way with bits of string and sort of Weekend at Bernie's style.

So it's they've somehow superimposed Stallone's face into Home Alone's video in the show notes. But, you know, and it's labeled as a deepfake and it's there for kind of a contribution to the arts, which I say would be actually, I think, quite valuable.

That use case kind of reminds me of when BitTorrent took off and there was a group of people that screamed and yelled that it was really just being used for Linux distributions. I'm sure that there is a few people that would use deepfakes for that. But my concern is the percentage of positive use is probably a little bit outweighed by the percentage of negative and malicious.

I'm feeling sorry for Sylvester Stallone's career, actually. I mean, there was a perfectly good job that he could have been hired to do. And instead, they deepfaked it. Carole, that's another interesting question I had is when they say we can't use these resources for these things, and these are GPUs, right? These are big farms of GPUs.

Maybe that's quite bad news for actors. Maybe not for just Stallone, but other actors as well. And Google's the one who's making the most money out of it, right?

That is an excellent question and I have attached the FAQ for Google's Colab and explaining why it has restrictions and how it works and maybe the answer will be in there.

They probably can't tell but if they find out later that's a good reason for kicking you out. Maybe if someone reports you or something.

What about helping the bereaved? Say if I died, Graham, right? Wouldn't you to have me?

Carole, we already have a mop and it has your name on it and your photo. And now all we need is recordings to go with the mop because the mop is a great dancing partner. And what about solving police investigations? So last week, actually, Dutch police created a deepfake video to appeal for info over a 2003 murder of a teenage boy.

That's not very good at dinner, but that's our virtual Carole. We just need the voiceovers for you.

Prosecuting crimes on synthetic evidence sounds a lawyer's nightmare for me because they're actually making things up that aren't real and showing that video and saying, is this what happened, right?

I mean, this podcast, Graham, we could have synthesized media be able to translate us into different languages to make us more accessible internationally.

I'd love to translate some of the sessions into English. That'd be helpful.

So, like most things, it's complicated, right? Because as you say, Ray, deepfakes are maybe not inherently bad as a tech, but I agree that right now we seem to have a lot more yucky examples than good examples out there. I mean, we know this tech has been used for revenge, for political gain, for disruption, to induce shame, obedience, and even the EU put out a report to authorities advising them to get on the deepfake bus because it is ripe to become a staple tool in organized crime. So how do you control this stuff? Well, it's the same as really all things tech — legislation, regulation, corporate policies saying you can't do this, and voluntary action from people on reporting it or making people aware of it, education, training like what we do. We can call this "oh god we're doomed" then, and probably the most important is anti-deepfake tech, right? Which includes deepfake detection, content authentication, deepfake prevention, except now without Google's Colab, anti-deepfake tech might take a hit. So, I don't know. It also says something to me, the Google kind of stepping out of this little mess. Like, does it smell something that we don't smell? Why is it pulled out of this completely? Because surely this isn't a really exciting, innovative time. And I understand it's very controversial, but we need to have anti-deepfake tech as well, don't we? So if they're pulling out, I think maybe we're in for a rocky, deepfake ride. That sounds a bit dirty, actually.

Now, do you think that Matt Damon, when he made that Crypto.com Super Bowl commercial, do you think he could go back now and say, nope, that wasn't me, that was a deepfake and try to get plausible deniability around that?

Yeah, I wonder if actors are going to have to sign contracts saying, oh, and if you die during the making of this film, you let us use deepfake to continue the script. Exciting time. Collide sends employees important, timely and relevant security recommendations for their Linux, Mac and Windows devices right inside Slack. Collide is perfect for organizations that care deeply about compliance and security but don't want to get there by locking down devices to the point where they become unusable.

Now, you all know that we are big fans of password managers at Smashing Security because it's an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Bitwarden is transparent and secure using end-to-end and zero-knowledge encryption with source code that can be scrutinized. Now you can go to bitwarden.com slash smashing and try it for free across devices as an individual user, or you can start a free trial of a teams enterprise plan. And the thing I like about this, a good password manager is robust and cost-effective, as it can radically improve your chances of staying safe online, all without requiring super high-tech expertise. Go to bitwarden.com slash smashing. Start your free password manager trial today.

Is this the Father's Day episode by any chance?

He has started playing Minecraft with some rather special friends of his from school. And he wants to chat to them at the same time. And he was saying to me, Dad, Dad, can you set up Discord for me? Discord's cool. I've heard about Discord. I've watched YouTube videos about Discord. Does he talk like that? Yes, he does a bit. And I said, well, I could, but then I'd have to get the other kids to set up Discord, and speaking to their parents is a nightmare because I'm not that nerdy and they're even less nerdy. And rather than setting up Discord or coordinating mobile phones with the parents and making a call, oh, it's just sort of a big pain in the neck. I thought there has to be a simpler way for these kids to talk to each other, which ideally doesn't cost me any money and is zero effort.

And does not invade their privacy. Ridiculously, probably. That would be helpful as well. That was a smaller consideration, but yes, that would be good as well. So I found a service called talky.io, talk with a Y on the end, .io, and it's free. Cool. I've just read the privacy policy and it looks good.

that they're doing it because there's some sort of web development team. And they're doing this basically as an advert for their services. worked very well. It's always a good question whenever you come across a domain name that ends in .io and has a kind of catchy name and declares that they don't advertise or keep any logs.

So if you wanted to have maybe a corporate chat video thing, they would be able to roll you out one and all the rest of it. So I think that's the reason why they've done this. But it

They also say that they welcome anyone reporting any bugs and you will receive a detailed response within 48 hours, which is quite refreshing to see that in a privacy policy. Anyway, so far, no problems with it. And the kids are able to chat to each other while they're giving each other cornflowers or messing around with redstone or whatever it is that they do in Minecraft.

Well, my pick of the week, Graham. Yes. Well, let me just ask you this question. Well, I don't drink wine, so I think it's even less likely I'd have a piloerection if I was drinking wine. So I'm not used to alcohol and things.

So, piloerection is actually a physiological and physical response that you probably know more by the term of goosebumps. And humans often experience this as part of something that scientists call frisson, which is derived from the French term of a sudden feeling or sensation of excitement, emotion, or thrill.

Oh, so this is a playlist which doesn't include Michael Buble, for instance.

That sounds great. No, I don't know that we need to take a cheap shot at Michael Buble at this point in time, but certainly we'll publish the list.

I think we do.

No, we do.

I think we do. I think we do. We do.

But what these scientists were interested in is they were interested in what's the difference between two songs that are back-to-back on the same album, and one of them, you know, gives you this frisson or this chills. And it's almost universal, by the way. These are not highly individualized. Really? No. These have a very common set. So they looked at a little bit less than a thousand songs. And they identified 715 that are likely to give you chills. And they published it to Spotify. So it's a Spotify playlist that actually has these songs on them.

Okay. So now we have to worry about freaking drivers listening to this playlist whilst driving along and going, oh, oh, all the time.

Well, it is actually called a skin orgasm. That is actually called a skin orgasm. But I left that part out because I felt like it was a little bit too racy for this.

Yeah, good job.

Good job. Good that you didn't mention the skin orgasm.

Well done on the whole dimension. But it also includes parts of movies. If you think about speeches.

Are they trying to figure out the sonograph or the wavelength that does it? Is it, you know, are they able to isolate it to certain beats or something?

They do look at tempo and they do look at cadence and they do look at... But one of the most interesting explanations is something that musicologist David Huron calls contrastive valence theory, in which when your feelings are suddenly contrasted. So you start off feeling really bad and then you feel really good and then you get stronger and stronger and stronger. And then there's really no peak to that. There's a lot of that in Broadway show tunes, right? When they reach that type of these piece. So your brain can either be...

Of course, life is shit.

Of course, life is shit. Of course, life is shit.

Of course, life is shit. Of course, life is shit. Of course, life is shit.

That kind of thing. Is that your auto-tune plug-in there or no?

Did you get any chills at that moment?

Yeah, yeah. I did not. I'm having pilo erectile dysfunction over here. But anyway, so yeah, so they had this very fascinating scientific article. It has a lot of observations about anger and emotions. It has this playlist of 715 songs that you can drop into your MP3 player and listen to. Now, it is very heavy on classical music, but even the pop songs from the 50s and 60s, you'll recognize most of them and be able to identify why they were songs of frisson.

We should have a frisson off with our listeners to see whoever listens to it, how many frissons. They've said write down how many frissons they get for a session of 10 songs and see who can win.

You can't have too many frissons in a day. I think you'll be exhausted. I think you have to be careful what we advise our listeners to do. Maybe, yeah. Ration yourself, folks. Carole, what's your pick of the week?

We're ready for a trifecta of great picks of the week this week because I have a fab one. It's new to me, totally love it. Graham, I did send it to you to watch. Have you watched a bit of it?

I have, yes.

Okay, so it's a short series called Zen Motoring and it stars this PE teacher, Ogmias, who also is a battle rap champ. And I have links in the show notes for you to check out. And a battle rap is basically a rap roast where you tear a new one out of your opponent with spicy rhymes and stuff like that. Yeah, yeah. It's cool. It's cool. Yeah. And Ogmias here started doing a YouTube effort labeled Zen Motoring. And it makes this crazy cocktail. It's like a cocktail of what? ASMR whisperings. There's definitely that. And it's against this, I don't know, driving around London as viewed from the dash cam. And you might think, oh, wow, he's zooming through the town really fast. But no, no, no. It's all chill. It's zen. It's ASMR.

Wow. It is. It's very chilled out. It's wonderful, actually, to watch. So it's dash cam footage. But rather than being, oh, get out of my way. None of that. It's oh, watch out for that cyclist there. Oh, maybe the blue van in front of me could have moved, but maybe I'll give him a little friendly beep.

Yeah. Every pause is narrated, right? Every single pause. Because in London, if you don't know, there is a lot of traffic. We have a ton of traffic here. So every sight is absorbed, appreciated. I think he stops in a cul-de-sac to watch an Amazon robot struggle with the high curb. You slow to allow a pigeon cross the road. You congratulate yourself for noticing a pedestrian about to cross from behind a parked van. And we celebrate this thing that actually has changed now my life. Which is when he's driving with his dash cam, he's letting pedestrians walk across and they wave. And he gets a kind of free saw for double or even the triple wave, which he says is the mecca. Because if you go to four waves, it starts looking a little sarcastic. So three is the most you can get as an honest, authentic wave from someone passing a road. So I've been trying it because I've been on foot a lot in Oxford. So I've been trying to do the triple wave. It's not easy to do. It's not easy to do. But it's making me, and people seem to like it. So, you know, just adding a bit of Zen to the roads in England would not be a bad thing. So I loved it. You loved it, Graham?

I loved it as well. And I love that he, yeah, he does compliment people when they do a double wave or you said, even a triple wave. And I think that is a random act of kindness that we should encourage on this podcast.

Absolutely. Exactly.

It might fulfill one of your ransomware objectives there too as well, right?

Yeah, I was just gonna say he doesn't need ransomware to do it. We could just do it on our own because we're good, lovely people.

So Carole, is this a TV show as well?

Yes, it's on YouTube. It started on YouTube and there's a TV show on BBC and the episodes are, I don't think they're identical. I think just from looking on the YouTube ones, and I was kind of going through them quickly because I've already watched them on the BBC, there were certain things that were missing that were on the BBC one. So I think the fuller experience, I'd watch both. I'm going to watch the YouTube ones. I want to see, right? So I would say check it out. It is a really fun wonderful experience and it's comedy at a really fresh form. Zen motoring. You can find it on YouTube and on BBC. We have the links in the show notes and that is my pick of the week.

Now Carole, do you think that if this was extremely successful there might be an American version where we just drive all over the place, cut people off and give them the finger? Totally.

Marvelous. Well, that just about wraps it up for this week. Oh, they can follow me at rayredacted.com. That's R-A-Y-R-E-D-A-C-T-E-D dot com.

Super duper. And you can follow us on Twitter at Smash Insecurity. No G. Twitter would not have a G. And there's also a Smash Insecurity subreddit. Don't forget to ensure you never miss another episode. You know how to do that. You follow Smashing Security in your favorite podcast apps, such as Apple Podcasts, Spotify, and Overcast.

And huge thank you to this episode's sponsors, Bitwarden and Collide, and to our wonderful Patreon community. It's thanks to them all that this show is free. For episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 276 episodes, check out smashingsecurity.com.

Until next time, cheerio. Bye-bye. Bye.

I'm Ray you may want to say bye bye bye there we go perfect oh we're gonna have a rainbow it's raining and sunny.

Woohoo! Double rainbow all the way.

Yeah, that gives me frisson. What can it mean?