How did a saxophonist sneak sensitive information in and out of the Soviet Union? How might an Apple AirTag have led to murder? And isn’t the world of cryptocurrency and blockchain doing just great?
All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
I go home, I wait for them to come back, and I say, oh darling, you've been working so hard, haven't you? You've been working so hard. Have you been all right?
Have you been all right? Yes, I've been all right. Oh, that's so good. Did you have any fun at all? Were you able to— no, I had no fun at all. You had no fun at all with that redhead?
Smashing Security, Episode 279: Encrypted Notes and a Deadly Case of AirTag Spying with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security Episode 279. My name is Graham Cluley.
Have you been all right? Yes, I've been all right. Oh, that's so good. Did you have any fun at all? Were you able to— no, I had no fun at all. You had no fun at all with that redhead?
Smashing Security, Episode 279: Encrypted Notes and a Deadly Case of AirTag Spying with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security Episode 279. My name is Graham Cluley.
And I'm Carole Theriault.
And this week, Carole, we are joined by absolutely no one. And we nearly, we nearly didn't have you either, did we?
Well, yes. The reason we don't have anyone today is my fault because I'm actually on holiday today. Well, for this week.
I'm actually in beautiful Croatia, and I love our listeners so much that I've kicked everyone out of the house. And here I am on a travel mic.
So if I sound a little different, that's why, to do the show.
I'm actually in beautiful Croatia, and I love our listeners so much that I've kicked everyone out of the house. And here I am on a travel mic.
So if I sound a little different, that's why, to do the show.
Ah, well, you do love our listeners very, very much. And the other person who loves our listeners very, very much is last week's guest, Geoff White.
You will recall, folks, that Geoff ran a little competition for a signed copy of his new book, The Lazarus Heist, we asked people to write in for a chance to win a free signed copy of his book.
And I can announce that we now have a winner. So please stop writing in.
You will recall, folks, that Geoff ran a little competition for a signed copy of his new book, The Lazarus Heist, we asked people to write in for a chance to win a free signed copy of his book.
And I can announce that we now have a winner. So please stop writing in.
We've had so many people who want a free book. You know, Geoff would love if you bought the book, just saying.
Yeah.
For those of you that can afford it. I mean, I know it's always nice to get a freebie, but—
And it was also nice seeing the little begging emails from people where they were trying to win us over by saying, oh, we really love Smashing Security. And Geoff is amazing.
I think you're outrageous. I loved every single one of those emails. They were glorious.
Well, I'm not saying I didn't love them, but well done to Joss Kulunzyk of Queensland, Australia, who was pulled out of the hat and won the signed copy.
Thank you very much, Joss, for taking part and everybody else as well.
Thank you very much, Joss, for taking part and everybody else as well.
Shall we move this show along so I can get back to my friends and family?
Chop chop.
And thank this week's sponsors, Bitwarden, Drata, and Kolide. It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?
I'm going to be talking about sax and the Soviets.
Such a crazy title.
Thank you.
And I'm talking AirTags.
Ooh.
All this and much more coming up on this episode of Smashing Security.
Now, Chum Chum, have you ever been a member of an orchestra?
Nope.
A musical group.
I'm not very musically gifted.
Oh, come, come. I've heard you playing guitar.
I tried for 3 years. My music theory is quite up there, but I just did not have the je ne sais quoi to be the next guitarist.
Je ne sais quoi. That's French, isn't it?
Yes. Well done.
Yeah, right. Do you know what for?
Yes.
Right. Okay. I thought you'd say—
Do you want me to tell you?
I thought you were going to say, I know not what it is for. No.
I'm not as clever as you, honey.
Anyway, I was surprised to see a musician lined up to speak at the RSA conference. Not Bono. Why would you? Not Mary Hopkin.
No one that.
Well, no, because they do. They have had a series of crazy people speaking at the RSA conference in San Francisco in the past.
Really?
Oh, yeah, yeah, yeah. Oh my goodness. They're such publicity whores. They will hire anybody. They've had Sean Penn.
The well-known technologist.
Yeah. Shatner.
Well, William Shatner, I get. That's not crazy.
George Takei, Monica Lewinsky. The guys from MythBusters, Stephen Colbert.
Yeah.
The one who caught my eye this year was not a security expert speaking, but a saxophonist.
Now, I wasn't at the RSA conference this year, but it's always great to see the reports of what's going on there.
And there was a woman called Meryl Goldberg who was speaking, and she was talking about her experiences way back in 1985. As you know, I like to keep things topical.
Now, I wasn't at the RSA conference this year, but it's always great to see the reports of what's going on there.
And there was a woman called Meryl Goldberg who was speaking, and she was talking about her experiences way back in 1985. As you know, I like to keep things topical.
Yeah, you do a great job at it too, honey. Great.
1985. Wonderful things happened in 1985. Live Aid, of course.
Right.
Give us your beeping money.
Give us your money to save the people that are starving, though.
Yes, that's right. Yes, yes, of course. The Rainbow Warrior was sunk. The wreck of the Titanic was found.
Oh, is that right? I didn't know that.
Yes.
I mean, I knew it was found. I just didn't know it was found that year.
Yeah, yeah, yeah. The first .com domain was registered.
Shut up.
Do you know what it was?
No.
You'd expect it to be something like internet.com, wouldn't you?
I would've thought helloworld.com, but yeah.
It was actually symbolics.com.
What?
Symbolics was the— A company called Symbolics was the first one ever to register a domain. What do they do? Oh, I don't know. Something. Something technical.
Something that demanded way more research than we were willing to give the show. Right? Carry on. You're doing great.
It was also the year of Roger Moore's final James Bond. Where do you stand on Roger Moore as James Bond? Have you seen A View to a Kill with Christopher Walken?
Mm-hmm.
Appalling. It's an appalling load of old rubbish. Goodness, he was eventually replaced by the Welsh James Bond, Timothy Dalton.
Timothy Dalton.
Yes. Well, that was 1985. And Meryl Goldberg, this woman who was chatting at RSA, in 1985, she travelled to Soviet Russia because that's what it was then, wasn't it?
It was the Soviet Union. It wasn't really Russia then.
It was the Soviet Union. It wasn't really Russia then.
USSR.
That's right. She went to Moscow. With some fellow— I'm just trying to make you feel comfortable. Do I say Moscow in Canada or Moscow? Moscow. Oh really?
So you say Moscow north of the border and Moscow beneath. Okay. And she went there with some other musicians. And she had a great story to tell.
Now, unlike Timothy Dalton in The Living Daylights, she did not get entangled with some KGB agents and then escape down a snowy mountain on a cello case.
So you say Moscow north of the border and Moscow beneath. Okay. And she went there with some other musicians. And she had a great story to tell.
Now, unlike Timothy Dalton in The Living Daylights, she did not get entangled with some KGB agents and then escape down a snowy mountain on a cello case.
I don't think they would call that.
That would've been a good story though. Yeah.
It was.
It would have been. Why didn't they get Timothy Dalton to show up at RSA? I don't know. Is it because he's Welsh?
Is there a Welsh agenda keeping Welsh people out of the RSA conference? Well, no, she was a saxophonist and she was playing in a band called the Boston Klezmer Conservatory Band.
And they decided as some sort of cultural expedition that they would go to the Soviet Union and play with Soviet musicians.
And this was a thing which didn't happen that much at the time.
It was quite rare for the musicians to sort of get together and meet over there and play music together because generally the Soviet authorities thought that was perhaps not the thing to have some of that crazy saxophone music in the USSR.
You know, it may sort of corrupt the youth or something like that. But she wanted to meet up with a group called the Phantom Orchestra.
Is there a Welsh agenda keeping Welsh people out of the RSA conference? Well, no, she was a saxophonist and she was playing in a band called the Boston Klezmer Conservatory Band.
And they decided as some sort of cultural expedition that they would go to the Soviet Union and play with Soviet musicians.
And this was a thing which didn't happen that much at the time.
It was quite rare for the musicians to sort of get together and meet over there and play music together because generally the Soviet authorities thought that was perhaps not the thing to have some of that crazy saxophone music in the USSR.
You know, it may sort of corrupt the youth or something like that. But she wanted to meet up with a group called the Phantom Orchestra.
Okay.
The Phantom Orchestra was a dissident group.
It was a group of Jewish people in the Soviet Union who maybe weren't too happy with how the authorities were running the Soviet Union at the time.
So, Meryl Goldberg, her trip was backed up by a non-profit group that was helping Jews in the then Soviet Union emigrate to the United States and Israel.
And if you can throw your mind back that many years, you would know it wasn't—
It was a group of Jewish people in the Soviet Union who maybe weren't too happy with how the authorities were running the Soviet Union at the time.
So, Meryl Goldberg, her trip was backed up by a non-profit group that was helping Jews in the then Soviet Union emigrate to the United States and Israel.
And if you can throw your mind back that many years, you would know it wasn't—
I was very, very young.
Yes. Well, you weren't that young.
Oh, I think you're talking to our listeners. Okay, sorry.
But it wasn't that easy. It wasn't that easy to get out of the Soviet Union. They weren't very keen on people leaving.
Yeah, exactly. Right.
So you had to behave yourself, basically.
So this group of American musicians, including our hero Meryl, went out there, and she realized, "Oh boy, it'd be kind of handy if we could smuggle some information in and out of the USSR, including maybe details of who was looking to escape the Soviet Union," because there were people who were, you know, looking to relocate, as I said, to Israel and the United States.
And to get out. But it turns out that the Soviet authorities were onto this sort of thing.
And so if you tried to go into the Soviet Union, they would search all your belongings, right?
They would go through your cello case, they would go through your handbag, they would look between your toes, they would look everywhere imaginable to see if you had secreted some information or were trying to take in something.
So if you had documents which had, for instance, people's names and addresses of you are planning to meet, then that would be something which they'd say, maybe they wouldn't have an accent like that, but they'd say, what's all this about then?
What are you up to here? Why are you taking this information in and out?
So this group of American musicians, including our hero Meryl, went out there, and she realized, "Oh boy, it'd be kind of handy if we could smuggle some information in and out of the USSR, including maybe details of who was looking to escape the Soviet Union," because there were people who were, you know, looking to relocate, as I said, to Israel and the United States.
And to get out. But it turns out that the Soviet authorities were onto this sort of thing.
And so if you tried to go into the Soviet Union, they would search all your belongings, right?
They would go through your cello case, they would go through your handbag, they would look between your toes, they would look everywhere imaginable to see if you had secreted some information or were trying to take in something.
So if you had documents which had, for instance, people's names and addresses of you are planning to meet, then that would be something which they'd say, maybe they wouldn't have an accent like that, but they'd say, what's all this about then?
What are you up to here? Why are you taking this information in and out?
Yeah, it would be pretty scary.
What would you do, Carole? Would you stuff it up your saxophone?
No, I would probably. I find that all very frightening.
I am very glad that I haven't had to deal with that instance of having to try and be subversive against, you know, the country that I was based in or get other people to do it.
It's very complicated, hard stuff. Yeah.
I am very glad that I haven't had to deal with that instance of having to try and be subversive against, you know, the country that I was based in or get other people to do it.
It's very complicated, hard stuff. Yeah.
Oh my goodness. Imagine being questioned. You're in a foreign country, you're questioned, you're being searched. I was once questioned about a murder case, right?
I wasn't expecting the police to come round and interview me about it. By the way, I didn't do the murder. I didn't know the victim.
I didn't know the murderer, but I was interviewed about a murder case.
And I thought, oh my goodness, you know, oh my God, you think everything you're going to say is going to incriminate yourself.
I wasn't expecting the police to come round and interview me about it. By the way, I didn't do the murder. I didn't know the victim.
I didn't know the murderer, but I was interviewed about a murder case.
And I thought, oh my goodness, you know, oh my God, you think everything you're going to say is going to incriminate yourself.
Yeah, and they weren't even Russian, right?
No, I don't think so. No, they were from London, these cops. They'd come up all that way. And I said to them, I said, look, if you told me you were on your way, I'd have tidied up.
Because my place at the time was a bit untidy. It looked like I could have been a murderer. And they said, oh, we don't normally ring ahead to warn you that we're coming.
Okay, fair enough. Anyway. It's fine. I'm just a podcaster now. It's acceptable. But anyway, I can imagine the stress. I can imagine that.
So the group, Meryl and her pals, her, you know, performing pals, they had been told to expect to be under surveillance, treated with suspicion, etc.
And they had found that everything was being— even apparently their Tampax was unwrapped. And everything that they were— yeah, exactly.
Because they're just looking for anything, right? They know that you might buy things.
Because my place at the time was a bit untidy. It looked like I could have been a murderer. And they said, oh, we don't normally ring ahead to warn you that we're coming.
Okay, fair enough. Anyway. It's fine. I'm just a podcaster now. It's acceptable. But anyway, I can imagine the stress. I can imagine that.
So the group, Meryl and her pals, her, you know, performing pals, they had been told to expect to be under surveillance, treated with suspicion, etc.
And they had found that everything was being— even apparently their Tampax was unwrapped. And everything that they were— yeah, exactly.
Because they're just looking for anything, right? They know that you might buy things.
You can't reuse a Tampax once it's open. That's a, you know—
Well, I suppose it depends on what you're trying to use it for. Maybe for its usual purpose, no, you can't. But—
If you have a nosebleed. I did see a guy once in a car next to me when I was driving back from work.
What?
No, I'm not kidding. I'm driving back from work at the place we used to work at together.
And I look over and this guy has two tampon strings sticking out of his nose at the driving wheel of the car next to me.
And I look over and this guy has two tampon strings sticking out of his nose at the driving wheel of the car next to me.
So I guess he must have had a horrific nosebleed and thought, "I know!" You don't think he'd just accidentally inhaled a couple of mice or something, and there were tails hanging down from his nostrils?
Anyway, so Meryl Goldberg, she thought, "Well, how can I sneak information through?" And what she did was she devised a way of coding information into the musical notation.
And so she handwrote out musical scores And of course, the music, as you may not know, Carole, only goes from A to G, right?
You get flats and you get sharps, and maybe you can go into other— what are they called?
Anyway, so Meryl Goldberg, she thought, "Well, how can I sneak information through?" And what she did was she devised a way of coding information into the musical notation.
And so she handwrote out musical scores And of course, the music, as you may not know, Carole, only goes from A to G, right?
You get flats and you get sharps, and maybe you can go into other— what are they called?
Complicated chords?
Octaves.
Other octaves. Yes, yes.
Other octaves, or you know, you can have a treble clef or something.
Anyway, so she managed to encode all this information into this music, and what it turned out that was the KGB agents who were spying upon them.
They just thought, oh, this is just bloody music, you know, I'm not interested in this.
They didn't go and try and play it because if they tried to play it, it would probably sound like modern acid jazz or something really horrendous, or Stockhausen, you know.
It would just sound like, oh my goodness, what on earth is this? Someone described it as sounding like a cat walking across piano. You can imagine that kind of music.
Anyway, so she managed to encode all this information into this music, and what it turned out that was the KGB agents who were spying upon them.
They just thought, oh, this is just bloody music, you know, I'm not interested in this.
They didn't go and try and play it because if they tried to play it, it would probably sound like modern acid jazz or something really horrendous, or Stockhausen, you know.
It would just sound like, oh my goodness, what on earth is this? Someone described it as sounding like a cat walking across piano. You can imagine that kind of music.
No, but God, you'd be shitting yourself, wouldn't you? Because if just one of them could read music—
That would be a way to distract the agents, of course, as if they are getting a little bit warm on what they're looking through. If you actually defecated. Lovely.
And then I suppose they'd have to sift through that, looking for— yeah. God, gross. Anyway, they were tailed constantly. They did manage to meet up with these dissidents.
They eventually had their passports seized, they were expelled, but they managed to get information both in and out of the country.
And some of apparently the people they met up with, some of the Soviet activists, did face consequences for the visit. In the reports I've read, that's sort of been glossed over.
Oh, there were consequences for some of the people they met up with.
And then I suppose they'd have to sift through that, looking for— yeah. God, gross. Anyway, they were tailed constantly. They did manage to meet up with these dissidents.
They eventually had their passports seized, they were expelled, but they managed to get information both in and out of the country.
And some of apparently the people they met up with, some of the Soviet activists, did face consequences for the visit. In the reports I've read, that's sort of been glossed over.
Oh, there were consequences for some of the people they met up with.
Yeah, they were jailed for 20 years in a hard-working camp. No problem, don't worry about it.
But others were eventually able to permanently leave the USSR. But I thought it was a great story from a bygone pre-internet age of a way of not really encrypting information.
Meryl Goldberg does admit that, you know, if someone actually analyzed it, it was more obfuscation perhaps than encryption, but it was still enough to serve its purpose.
And as a consequence, the groups obviously achieved their ambitions.
Meryl Goldberg does admit that, you know, if someone actually analyzed it, it was more obfuscation perhaps than encryption, but it was still enough to serve its purpose.
And as a consequence, the groups obviously achieved their ambitions.
Can I tell you something?
Yes.
Symbolics.com still exists.
Oh, does it? Yeah.
Download our free mini book, Internet History in the Making.
Ah. Oh, didn't some chap buy the domain from the Symbolics company? Because he wanted to own the very first domain. Who knows why?
Yeah, he says here, our museum is like any other with various wings to explore and unique historical items to visit. Yeah.
100% free, and we aim to continually update it with relevant exhibits and information.
100% free, and we aim to continually update it with relevant exhibits and information.
Fantastic.
Yeah. And very interesting.
There you go. Very good. I'm glad that's the bit of my story which you enjoyed, right?
That was my favourite bit. Yeah.
Yeah.
Hey, I'm on holiday. I'm on holiday. I'm not taking anything too seriously today.
Carole, what have you got for us this week?
Well, Graham, I'm gonna set a scene for you, okay? You are dating a lady friend.
I am.
Let's say that this lady friend, this fictitious lady friend, has been acting a little bit weird recently.
She has.
Weird in a way that makes you think that perhaps she is interested in sniff testing someone else's nether regions, if you get my drift.
I'm sorry, sniffing someone's neck? You mean she's interested in—
You think maybe she's stepping out on you.
Oh, I see. Nothing to do with farts or anything, bottoms and things. Okay. She's maybe interested in somebody else. Okay.
Yeah. Okay. And you know, it's kind of eating at you, right? You just want to know if she's cheating.
And the problem is you don't have any proof and you want proof to help you decide whether you're a paranoid freako or a bona fide Columbo?
And the problem is you don't have any proof and you want proof to help you decide whether you're a paranoid freako or a bona fide Columbo?
Right. I don't think anyone would ever cheat on Columbo.
I mean, it's hard to ignore when you're in these situations.
It's hard to ignore the extra-long poop breaks, phone in hand, of course, or late nights out without you, obviously, you know, or the faint smell of new love in the air.
You know, maybe she's always humming suddenly, or things this. And basically, you just want to know what the eff is up. So I want to know what steps you would take at this stage.
It's hard to ignore the extra-long poop breaks, phone in hand, of course, or late nights out without you, obviously, you know, or the faint smell of new love in the air.
You know, maybe she's always humming suddenly, or things this. And basically, you just want to know what the eff is up. So I want to know what steps you would take at this stage.
Oh, what? I might say to her, hey, you seen anyone other than me at the moment? You could try the direct approach.
Yes, yes. You could just ask her. Yep.
Yes. You could— Ooh. You could notice if she's suddenly calling you by somebody else's name.
If she starts calling me Geoff or something, then I might think, oh, I wonder who this Geoff guy is.
If she starts calling me Geoff or something, then I might think, oh, I wonder who this Geoff guy is.
But what if she covered her tracks and said, oh, but you look a Geoff. I just love the name Geoff. You look exactly a Geoff.
You might fall for that.
I'm okay. Okay, call me Jack.
Okay. I mean, it's not uncommon to look at somebody else's phone, is it? I mean, it's not really a very attractive attribute to do it.
Yeah, but sometimes people lock their phones, right?
Ah, right. Yes, true. Maybe they've changed their wallpaper on their phone to the picture of their new loved one. You might be able to see that even if you don't unlock the phone.
That would be telling.
That would be telling.
But Graham, these are amazing suggestions. Very amazing. But no cigar. What if I told you that there may be an Apple AirTag involved?
Ah, yes. Now we've talked about this possibility before, I think, haven't we? So these AirTags have a sort of lost mode.
So if you lose your AirTag, you can sort of get where it is, can't you? You can get some sort of location information.
So if you lose your AirTag, you can sort of get where it is, can't you? You can get some sort of location information.
Well, the whole point is to lose your AirTags in a way. That's the point of them is if you, for example, you slap it in your luggage, you've lost your luggage.
It's basically a Bluetooth, private Bluetooth device that pings out and finds any Apple device in the vicinity and uses that device to inform Apple to inform you that here is where your device is.
So it activates the GPS in the device that it, you know, the iPhone, for example, that it can connect to.
It's basically a Bluetooth, private Bluetooth device that pings out and finds any Apple device in the vicinity and uses that device to inform Apple to inform you that here is where your device is.
So it activates the GPS in the device that it, you know, the iPhone, for example, that it can connect to.
It's very clever. I've never owned one of these AirTags. No, me neither. I've never played with one.
Yeah.
But I know people who have, and it sounds like they're jolly clever.
Well, they are clever when they're used for good, but sometimes they are not, especially if it's used by someone who wants to know what their partner is up to.
So this is where Miss Gaylynn Morris apparently did to her partner, Andre Smith. Both these people are 26, and earlier this month, Miss Morris was convinced that Mr.
Smith was cheating on her because basically he wasn't coming home at night. So that was kind of a tip-off, right?
So this is where Miss Gaylynn Morris apparently did to her partner, Andre Smith. Both these people are 26, and earlier this month, Miss Morris was convinced that Mr.
Smith was cheating on her because basically he wasn't coming home at night. So that was kind of a tip-off, right?
That's a clue. Yeah, it's a clue.
Well, he could be working hard. Who knows?
Yeah, right. 3 in the morning.
Yeah. Now, so she decides to use an AirTag because both she and Mr. Smith were iPhone users. Right?
Okay.
So my guess is, this is how I'm playing it out in my head, right? Mr. Smith decides to piss off for an evening with what Miss Morris thinks is a flimsy excuse.
And she probably gave him no heat and said, "Have fun, honey bunch." But really, she was probably waiting for him to go so she could follow him and find out where he is.
And she probably gave him no heat and said, "Have fun, honey bunch." But really, she was probably waiting for him to go so she could follow him and find out where he is.
Mm-hmm.
Because she hid an AirTag in the cup holder of his car.
Right.
And it turns out she was successful eventually tracking him to a place called Tilly's Bar in Indianapolis.
Okay, do we know what this chap Andre actually does for a job?
No.
Because maybe he's a bar—
Tender.
Health— Yeah, but yes, a bartender, or a sort of health and safety person for bars. Or maybe he's an electrician or something. Or a patron.
Or a patron.
Or yes, a professional drinker, maybe. He could be any one of these things.
So, Miss Morris arrives in the parking lot. And she sees some people loitering.
Oh, she follows? She goes there while he's there?
Yes, she goes there, right? She wants to catch him.
Oh my goodness.
And there's a few people loitering around. And she goes up to them and she goes, "Hey, have you seen a guy that looks like this?" So she describes Mr.
Smith's appearance to the other patrons lurking outside and says, "Look, he's my boyfriend. I think he's cheating on me, and I want to know if he's in the bar."
Smith's appearance to the other patrons lurking outside and says, "Look, he's my boyfriend. I think he's cheating on me, and I want to know if he's in the bar."
Okay, I wouldn't personally say to complete strangers, "I think he's cheating on me," at this stage. That feels a little—
Oh, I don't know. You're pretty close. No, but you're being honest. You're just being straight up. You're like, "I think he's cheating on me.
I want to catch him out." So it turns out Miss Morris seems to enter Tilly's bar, and she quickly spots her man, Mr. Morris. And guess what? He is not alone. She was right.
He's obviously playing the Judas, and by having a drink with a lady who is not Miss Morris.
I want to catch him out." So it turns out Miss Morris seems to enter Tilly's bar, and she quickly spots her man, Mr. Morris. And guess what? He is not alone. She was right.
He's obviously playing the Judas, and by having a drink with a lady who is not Miss Morris.
Is it his mum?
No, it is not her mum. Although I don't know who this is. This woman has remained anonymous in this whole—
All right. Okay.
So we don't know who she was. Okay. So you get there. Let's go back to you, right? So you've done all this. You arrive at the bar.
You see your girlfriend with some hot hunk of love that you're not comfortable with. What do you do now?
Do you just go, okay, now I know, and I'm leaving, and I'll let her know when she comes home, or what?
You see your girlfriend with some hot hunk of love that you're not comfortable with. What do you do now?
Do you just go, okay, now I know, and I'm leaving, and I'll let her know when she comes home, or what?
Oh yeah, so I would go home. I wouldn't let him see me.
Would you wear a mustache when you went in or something just to—
Yeah, yeah, I'd be wearing a big raincoat. I'd probably be standing on someone else's shoulders as well so it looked like I was taller than I really was.
Yeah, that wouldn't attract any attention. No one would see you then. You're right.
With a long red coat. Anyway, or maybe I've dressed up as a pantomime horse. Something like that, not to draw attention to myself, right, to disguise my true identity. I go home.
I wait for them to come back. And I say, oh darling, you've been working so hard, haven't you? You've been working so hard. Have you been all right? Have you been all right?
Yes, I've been all right. Oh, that's so good. Did you have any fun at all? Were you able to? No, I had no fun at all. You had no fun at all? No fun at all with that redhead?
I wait for them to come back. And I say, oh darling, you've been working so hard, haven't you? You've been working so hard. Have you been all right? Have you been all right?
Yes, I've been all right. Oh, that's so good. Did you have any fun at all? Were you able to? No, I had no fun at all. You had no fun at all? No fun at all with that redhead?
So you would have the WTF conversation or WTF chitchat at home is what you would do?
Well, I think rather than in public, yes.
Well, Miss Morris, slightly different from you.
Okay.
Miss Morris goes up to the table and has a serious WTF chitchat. And according to witnesses, Miss Morris seizes an empty bottle and swings at Smith's companion.
A what?
Yes.
No way. Yes.
And Smith, however, gets in between them and says, "Hey, hey, calm down. Calm down, Miss Morris." The bar owner sees all this and asks all three of them to leave.
But the companion says, "Actually, I'm waiting for food that I've paid for, so I'm gonna stay right here." Who ordered the calamari? Yes.
But the companion says, "Actually, I'm waiting for food that I've paid for, so I'm gonna stay right here." Who ordered the calamari? Yes.
Someone— I'm having calamari.
If someone just tried to deck me with a— crack my head open or whatever with a bottle, I don't think I'd be worrying about my French fries or tacos, right? I don't know. Anyway.
Okay, so if I was going to stay in the bar to do the confrontation, I would do it differently. First of all, I wouldn't swing at someone with a bottle.
I wouldn't do the WTF, girlfriend, who do you think you are with my man kind of thing.
First of all, she should be, surely if she's upset with anyone, she should be upset with her guy, not with the woman.
But anyway, regardless of that, because the woman may not know that he's in a relationship. But wouldn't it be cooler just to sit down at the table and just go, hi?
I wouldn't do the WTF, girlfriend, who do you think you are with my man kind of thing.
First of all, she should be, surely if she's upset with anyone, she should be upset with her guy, not with the woman.
But anyway, regardless of that, because the woman may not know that he's in a relationship. But wouldn't it be cooler just to sit down at the table and just go, hi?
Yeah, you know, I think that's great, but I think sometimes when people are in these situations, they don't have the clear reasoning available to them.
They're kind of in this fog of what? WTF? Jealousy, crazy.
They're kind of in this fog of what? WTF? Jealousy, crazy.
Yeah, I guess they're seeing red.
However, I've never been so enraged that I wanted to crack someone's head open with a bottle.
So, you know, good.
However, now, it doesn't stop there, okay? This gets a little bit more disturbing. I'm warning you all out there as well.
Miss Morris does decide to get the heck out of Dodge, gets into her car and drives off. And Mr. Smith also leaves, right? And he steps out onto the sidewalk.
Miss Morris zooms back, mounts the sidewalk with her car, and literally runs him over. Like, literally.
Miss Morris does decide to get the heck out of Dodge, gets into her car and drives off. And Mr. Smith also leaves, right? And he steps out onto the sidewalk.
Miss Morris zooms back, mounts the sidewalk with her car, and literally runs him over. Like, literally.
Oh my God.
Now I get that cheating sucks, but I'm not sure that running someone over for this misdeed is a fair response. Do you have any thoughts on that?
Do you? I tend to agree. Is it possible she's exhibited some crazy behaviour in the past, which maybe has driven Mr. Smith elsewhere? Possibly.
Maybe he's been seeking some assistance from outside of his relationship.
Maybe he's been seeking some assistance from outside of his relationship.
This all becomes clear in a second because this is not the end of the story. Because she decides that running him over, that running over trick, was not quite enough. So she then—
Puts the car in reverse.
Yep. And backs over the boyfriend.
Oh, okay.
And there's a report that witnesses are there, right? There's people there watching all this.
They saw the bottle incident inside the, you know, probably people came outside to see what was going on.
And there are reports that this guy witnessing all this tries to step in front of the car to protect Mr.
Smith, but Morris, alas, drives around him, hitting him in the left hip with her car mirror before running over Mr. Smith for a third time.
They saw the bottle incident inside the, you know, probably people came outside to see what was going on.
And there are reports that this guy witnessing all this tries to step in front of the car to protect Mr.
Smith, but Morris, alas, drives around him, hitting him in the left hip with her car mirror before running over Mr. Smith for a third time.
Well, this is a—
A registered nurse is on the scene, and she tries to help Mr. Smith, right? But he's completely under the car. His head is under one front wheel, and his feet are under another.
The passenger side front wheel, and she can't get to him. And when the cops arrived, are you surprised that Mr. Smith is dead after being run over 3 times?
The passenger side front wheel, and she can't get to him. And when the cops arrived, are you surprised that Mr. Smith is dead after being run over 3 times?
Well, no, I'm not surprised. I'm just surprised at you. Why do you tell us this story? Are you going to blame all this on Apple or something for their—
I cannot believe this because I just have here written in my notes, I have a question for you at this point. Who's at fault, Miss Morris or Apple?
Now you all know that we are big fans of password managers at Smashing Security because it's an important tool for generating and saving secure credentials for every online account.
Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments.
Bitwarden is transparent and secure using end-to-end and zero-knowledge encryption with source code that can be scrutinized.
Now you can go to bitwarden.com/smashing and try it for free across devices as an individual user, or you can start a free trial of a Teams Enterprise plan.
And the thing I like about this, a good password manager is robust and cost-effective.
As it can radically improve your chances of staying safe online, all without requiring super high-tech expertise. Go to bitwarden.com/smashing.
Start your free password manager trial today.
Now you all know that we are big fans of password managers at Smashing Security because it's an important tool for generating and saving secure credentials for every online account.
Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments.
Bitwarden is transparent and secure using end-to-end and zero-knowledge encryption with source code that can be scrutinized.
Now you can go to bitwarden.com/smashing and try it for free across devices as an individual user, or you can start a free trial of a Teams Enterprise plan.
And the thing I like about this, a good password manager is robust and cost-effective.
As it can radically improve your chances of staying safe online, all without requiring super high-tech expertise. Go to bitwarden.com/smashing.
Start your free password manager trial today.
Collide Security sends employees important, timely, and relevant security recommendations for their Linux, Mac, and Windows devices right inside Slack.
Collide is perfect for organizations that care deeply about compliance and security but don't want to get there by locking down devices to the point where they become unusable.
So instead of frustrating your employees, Collide educates them about security and device management while directing them to fix important problems.
Sign up today by visiting smashingsecurity.com/collide. That's smashingsecurity.com/collide.
Collide is perfect for organizations that care deeply about compliance and security but don't want to get there by locking down devices to the point where they become unusable.
So instead of frustrating your employees, Collide educates them about security and device management while directing them to fix important problems.
Sign up today by visiting smashingsecurity.com/collide. That's smashingsecurity.com/collide.
K-O-L-I-D-E.
Enter your email when prompted, and you will receive a free KOLIDE goodie bag after your trial activates.
You can try KOLIDE with all of its features on an unlimited number of devices for free, no credit card required. Try it out at smashingsecurity.com/kolide.
That's smashingsecurity.com/kolide. And thanks to KOLIDE for supporting the show.
You can try KOLIDE with all of its features on an unlimited number of devices for free, no credit card required. Try it out at smashingsecurity.com/kolide.
That's smashingsecurity.com/kolide. And thanks to KOLIDE for supporting the show.
Is your organization finding it difficult to achieve compliance and scale its security posture?
At G2's highest-rated cloud compliance software, Drata streamlines your SOC 2, your ISO 27001, your PCI DSS, your GDPR, and your HIPAA compliance.
Plus, it provides 24-hour continuous control monitoring so you can focus on scaling securely. Drata is the only compliance automation platform with a private tenant database.
They say it's having your cake and securing it too.
Countless security professionals from companies including Notion, FullStory, and BambooHR have shared how crucial it is to have Drata as a trusted partner in their compliance process.
Listeners, you can get 10% off Drata and waived implementation fees by visiting smashingsecurity.com/drata. That's D-R-A-T-A. And thanks to Drata for sponsoring the show.
At G2's highest-rated cloud compliance software, Drata streamlines your SOC 2, your ISO 27001, your PCI DSS, your GDPR, and your HIPAA compliance.
Plus, it provides 24-hour continuous control monitoring so you can focus on scaling securely. Drata is the only compliance automation platform with a private tenant database.
They say it's having your cake and securing it too.
Countless security professionals from companies including Notion, FullStory, and BambooHR have shared how crucial it is to have Drata as a trusted partner in their compliance process.
Listeners, you can get 10% off Drata and waived implementation fees by visiting smashingsecurity.com/drata. That's D-R-A-T-A. And thanks to Drata for sponsoring the show.
And welcome back. Can you join us for our favorite part of the show? The part of the show that we call Pick of the Week. Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish.
It doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish.
It doesn't have to be security related necessarily.
Better not be.
Well, my pick of the week this week is a little bit security related.
I'm on holiday. It's just unfair. But anyway, go on. Let's see if it's worth it.
I found a website called web3isgoinggreat.com.
Sounds riveting.
And web3isgoinggreat.com was created by a software engineer called Molly White. This is how it describes itself.
It says Web3 is going just great and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.
It says Web3 is going just great and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.
You know, I'm thinking of Mark Stockley right now who was on this show complaining very intensely about Web3, so I hope he's listening to this.
I think he'd like this website. It is a project to track some examples of how blockchain, crypto, Web3 stuff isn't actually going as well as its fans might you to believe.
Mm-hmm.
And so it is a timeline of cryptocurrency and blockchain-based cock-ups dating back the last couple of years.
And so it's basically stories of hacks, of scams, of money being lost, of everything.
And so it's basically stories of hacks, of scams, of money being lost, of everything.
The shit show. The shit show that is Web3.
Yes.
Mm-hmm.
That's right. And I found it quite entertaining.
The site even includes what he calls its grift counter, which is a running total of the amount of money lost so far to Web3 grifts and scams and crypto nonsense increments as you scroll through the page.
Currently it's at about $9 billion, they reckon.
The site even includes what he calls its grift counter, which is a running total of the amount of money lost so far to Web3 grifts and scams and crypto nonsense increments as you scroll through the page.
Currently it's at about $9 billion, they reckon.
Oh, chump change. Fantastic.
Yeah, exactly. Exactly. So I found it quite amusing. I think many of our cynical and skeptical listeners might enjoy it as well.
And so that is why web3isgoinggreat.com is my pick of the week.
And so that is why web3isgoinggreat.com is my pick of the week.
You don't mind if I don't look at it until I'm finished my holidays, right?
That's fine. That's fine.
Okay.
What's your pick of the week?
I've got a good one. My pick of the week is an app called Audem, A-U-D-E-M. Now, I quite like long-form journalism, right? And I used to love reading all this, right?
I'd read it online all the time, but honestly, I'm just in front of the screen just too much for me.
I'd read it online all the time, but honestly, I'm just in front of the screen just too much for me.
I can guess what it does. Yeah.
They narrate them. So I prefer to listen to these stories.
And now I can with Audem because Audem is an app that curates the best long articles from about a dozen pretty high-caliber publishers like The Atlantic, The New York Times, the wonderful New Yorker, Rolling Stone, and others.
And now I can with Audem because Audem is an app that curates the best long articles from about a dozen pretty high-caliber publishers like The Atlantic, The New York Times, the wonderful New Yorker, Rolling Stone, and others.
Oh, wonderful. That sounds great. Yeah.
And they have about 3,000 articles available so far, and you can download and listen away. You can even jump to any paragraph in a story by tapping on it.
So you have also the written version in the app. You could choose your narration speed. So if you need it to be really slow, really fast, you can do that.
And what's cool about it is rather than paying every single publisher their fee to have access to their content, you can pay the price of Audible to get access to many great stories from many different publishers, which I like.
So you have also the written version in the app. You could choose your narration speed. So if you need it to be really slow, really fast, you can do that.
And what's cool about it is rather than paying every single publisher their fee to have access to their content, you can pay the price of Audible to get access to many great stories from many different publishers, which I like.
How much does Audible cost?
Well, you can try it for free for 3 days, or you can even go to the daily because I do listen to the daily. This is the New York Times podcast.
And occasionally on Sundays, they play an Audem version of a long-form New York Times article. And after that you're charged $9 a month, which is pretty reasonable.
Because you could hoover up a lot of content in that time.
And occasionally on Sundays, they play an Audem version of a long-form New York Times article. And after that you're charged $9 a month, which is pretty reasonable.
Because you could hoover up a lot of content in that time.
Yeah, I guess so. Yeah. Well, I'm really pleased to hear that things like The Atlantic and The New Yorker are in there because they have tremendous articles, don't they?
Yeah, I really think it's great. And the app is pretty slick. And I think it's great.
So I think if any of you out there rather listen than read sometimes, this is definitely worth checking out.
So I think if any of you out there rather listen than read sometimes, this is definitely worth checking out.
And does it sound okay? Or does it sound like this?
No, no, they have very good readers. Now I'm always on the hunt to see if they're automating it, and I'm sure one day they will. I mean, why wouldn't they, right? That makes sense.
But at the moment, I think there may be some automation because, you know, sort of pauses are the same length, that kind of thing.
But at the moment, I think there may be some automation because, you know, sort of pauses are the same length, that kind of thing.
Right.
But I find it pretty easy listening. I don't find it too automated that it puts me off. So it's called Audem, A-U-D-M. You can find it in any of your app stores.
And I hope you enjoy it. That's my pick of the week.
And I hope you enjoy it. That's my pick of the week.
That sounds fantastic. And that just about wraps up the show for this week. Carole, I hope you enjoy the rest of your holiday out there in Croatia.
I will.
Are you gonna come back to the UK? No. Oh.
It's super sunny here and beautiful. I've got dogs to play with, a husband that snoozes constantly. It's great.
Well, you can follow us on Twitter @SmashInSecurity, no G. Twitter allows to have a G, and we also have a Smashing Security subreddit.
And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast apps such as Overcast, Spotify, and Apple Podcasts.
And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast apps such as Overcast, Spotify, and Apple Podcasts.
And a massive shout out to this episode's sponsors, Bitwarden, Drata, and Kolide. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free.
And as always, for episode show notes, sponsorship info, guest list, and the entire back catalog of more than 277 episodes, check out smashingsecurity.com.
And as always, for episode show notes, sponsorship info, guest list, and the entire back catalog of more than 277 episodes, check out smashingsecurity.com.
Until next time, cheerio, bye-bye.
Bye. I should have probably made Croatia my pick of the week. Can you make a country a pick of the week?
Of course you can.
Yeah?
As long as it's not security-related, necessarily.
Yeah, well, you have trouble following that.
True.
Talk to you next week. Maybe.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Show notes:
- Welsh James Bond Timothy Dalton's cello escape in "The Living Daylights" — YouTube.
- How a Saxophonist Tricked the KGB by Encrypting Secrets in Music — Wired.
- Woman accused of killing boyfriend using AirTag tracking — The Register.
- Andre Smith fatally struck by car outside Tilly's Pub, woman charged — Indy Star.
- Indianapolis woman Gaylyn Morris accused of tracking boyfriend with Apple AirTag, killing him with car, police say — The Washington Post.
- An update on AirTag and unwanted tracking — Apple.
- Apple Updates iPhone with 'Safety Check' for Domestic Victims — Gizmodo.
- Web3 is going just great.
- Audm – Listen to feature stories from The Atlantic, WIRED, and more.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
- Support us on Patreon!
Sponsor: Bitwarden
A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.
Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.
Sponsor: Kolide
At Kolide, we believe the supposedly Average Person is the key to unlocking a new class of security detection, compliance, and threat remediation. So do the hundreds of organizations that send important security notifications to employees from Kolide’s Slack app.
Collectively, we know that organizations can dramatically lower the actual risks they will likely face with a structured, message-based approach. More importantly, they’ll be able to engage end-users to fix nuanced problems that can’t be automated.
Try Kolide Free for 14 Days; no credit card required.
Sponsor: Drata
Is your organization finding it difficult to achieve compliance and scale its security posture? As G2’s highest rated cloud compliance software, Drata streamlines your SOC 2, ISO 27001, PCI DSS, GDPR & HIPAA compliance and provides 24-hour continuous control monitoring so you focus on scaling securely. Drata is also the only compliance automation platform with a private tenant database. That’s like having your cake and securing it too
Countless security professionals from companies including Notion, FullStory, & BambooHR have shared how crucial it has been to have Drata as a trusted partner in the compliance process.
Listeners of Smashing Security can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata
Follow the show:
Follow the show on Bluesky at @smashingsecurity.com, on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
