Smashing Security podcast #287: Lost in translation, spiders, and slapping tortillas

This is Mikko. I'm an Infosec rockstar. And I listen to Smashing Security podcast every time I go to a sauna. And I go to a sauna a lot. Smashing Security episode 287 Lost in Translation Spiders and Slapping

Tortillas with Carole Theriault and Graham Cluley. Hello hello and welcome to Smashing Security episode 287 my name's Graham Cluley.

Hi and I'm Carole Theriault.

Welcome back Carole we've had our little summer holiday. And we're back, folks, and we're joined by a special guest, Carole, who we got in the hot

seat this week. We have a cybersecurity czar, Mikko Hyppönen, who's just written a new book called If It's Smart, It's Vulnerable. And we're going to chat all about that during your section, aren't we, today, Mikko? Yes, we are. And

thanks for having me, both of you, Graham and Carole.

We love having you here, especially on our first show after the holidays, which is going to be probably a car crash. So we're glad someone like you's here to witness it.

We've forgotten how to make podcasts, haven't we? Exactly. Four weeks off.

Exactly. But should we kick off, Graham? Should we try this? Go for it. All right. Well, now, before we kick off, let's just thank this week's sponsors, Bitwarden, Collide and Gigamon. It's their support that helped us give you this show for free. Coming up on today's show, Graham, what do you got?

Oh, I'm going to be completely lost in translation. Ooh. Mikko, what about you? Well, I'm just here to plug my new book.

That's good. And I will be entering the world of creepy crawlies. All this and much more coming up on this episode of Smashing Security.

I'm speaking to you today by Google Translate because Mikko Hyppönen is in the room. Did he make any sense? This is painful. Please make an end. I'm trying to make you feel comfortable. I'm using Google Translate to, well, use some of those phrases you may be familiar with. I've done some research online. I found that Finns, they aren't ever in a very bad mood. They're kuin perseeseen ammuttu karhu. It's a bear shot in the ass. Is that right? Does he sound a native Mikko? Yes. No,

he doesn't. No, no. It's actually, it said kuin perseeseen ammuttu karhu. That's how you would say it. Yeah, well, more or less. It's kind of sexy the way he says it.

People aren't crazy. They have one of the mills has left the valley or something, is the phrase. It's having a coupon short of a toast rack. All of these wonderful... Finns don't apparently get big-headed. They have piss coming up their head. Is that right? Nouskus-kusi-päähän. Nouskus-kusi-päähän, indeed. Yes, yes. Can

you describe that? Can you explain piss coming up to their head?

Yes, yes. Basically, you know, I suppose the idea is that if you never take a leak, eventually the piss will reach your brains.

And not taking a leak as big-headed?

I don't know. It's an unwise thing maybe in Finland. Although you'd think of all that cold, it'd actually be sensible not to have a wee sometimes. But Mikko, I've never failed to be impressed by people who speak another language fluently. You're at all impressed with me? I'm very impressed. Yes, this is amazing.

Well, I have to add to one of the phrases we use here, maybe the most Finnish of them all. When we tell someone to get the hell out of here. We simply tell them to ski to a c\\t.

And that beep you heard was for the benefit of our sponsors this week. And our American listeners. But the truth is, it's not very easy for some of us to take on a foreign language. And that's why many of us will use a translation tool Google Translate. Google Translate is amazing. It's been around since 2006. We probably will take it for granted by now. It's been around over 15 years. Hundreds of millions of people are using it all of the time. It's not perfect, of course. Sometimes it struggles with some language combinations. I see that it's still not handling Klingon, for instance. That's outrageous. Well, Carole, I'm not surprised you're outraged because, of course, you managed to convince the developers at Sophos to translate Sophos antivirus into Klingon. Not so many years ago. Well, I say not so many years ago. in the before times that's what antivirus companies were busy doing rather than stopping malware translating their software into Klingon way back then and just Google you know people were suspicious of Google because they give you all these free tools but of course they're really data mining you and finding out what you're up to and learning all about you

well both are true I don't think those are mutually exclusive things well no

but I mean with the Klingon antivirus we were also using that in an underhand way to find information about our customers What? Yes, yes. Shut up. You may have forgotten, Carole, that we did a press release naming the capital cities for Klingon speakers around the world. Because we analyzed the data for where the Klingon antivirus was being downloaded. Yes, where the

next Klingon empire might show up on Earth. We were ready.

And the number one city in the world, Helsinki. And who do we have here?

explain that either. And I don't

speak Klingon myself. Strange, isn't it? So why am I talking about Google Translate? Well, the boffins at Checkpoint have just released some research about some malware they've discovered just recently called NitroCod. You

obviously have something to say about the name. What do you think about that name?

NitroCod? Bit fishy. I could say that, maybe.

You, I missed you. Yeah, yeah, they picked

the name because the domain was available. Yes, probably. Nitro cod, it sounds like a fish superhero really, doesn't it? Something from the Marvel universe.

Google would never say that. Their lawyers wouldn't let them, probably. No, exactly. We guarantee you nothing. We'll obliterate your drive. Who knows what.

Mikko! Beating Manchester. I can't

Yeah, why would you do that? I mean, if you have a computer, you could just go to the web. Yeah, that's what I do. You would if you have an internet connection.

Do you have a baguette? Not at the moment. No, correct. It's not that sort of podcast. Well, I don't download enough apps, I guess. Can you give us examples? Well, there are things like, for instance, there may be Gmail, right? People use Gmail and people want the Gmail user experience, but they'd like it in an app for their particular flavor of computer. So what you're saying is they make it actually work for a long time and everyone's comfortable with how it works. And then they start crypto mining.

Exactly. Well, not data mining. Crypto mining. Which I'm surprised. I didn't know anyone was still doing it. I thought crypto mining was sort of a bit 2018.

It is a bit passé.

Well, it depends on what they're mining for. Obviously not for Bitcoin or Ethereum. It's going to be something more niche. But if there's money to be made, someone's going to try to make it like this.

Yeah, yeah. So it's an attempt to avoid detection in sandboxes. And it's also looking for known virtual machine processes to see if someone's trying to analyze what it does inside of sort of secure bubble. It's quite clever, actually. I mean, not just from the point of view of security companies, but also from the point of view of the victims. I mean, of course, they might notice that, you know, my fan is going crazy on my laptop and my machine is really hot. But they don't really realize what's going on and which app it might be because they didn't install anything recently. They saw something a month ago. They're going to forget all about it. Did yeah, actually this book project started after I did my TED talk in 2011 because I was back then contacted by multiple publishers and they were all telling me that you should write a book, write a book, we'll publish it for you. All TED speakers publish a book, you should do a book Mikko. And I tried for all this time, I tried, but with the travel rate I've been sustaining for the last 10 years it wasn't going anywhere so it did really take a pandemic for me to finish this project. Yeah. And the upsides are so obvious. The last time I was here as your guest, we spoke about cybercrime unicorns and about how much money these biggest gangs are making. So they're heroes. Like these guys are driving around in Rolls Royces and Lambos. Yeah, it's The Mirror and the Daily Mail that's what you have to blame for.

Anyone who's listened to Smashing Security over the years will know that we believe that everyone, whether you're a single end user or a business, should use a password manager. And the password manager we're recommending is Bitwarden. Millions of users around the world, including many of the world's largest organizations, trust Bitwarden to protect their online information using a transparent open source approach to password management.

back to me whether I should bother doing it. Or maybe someone should invite Graham to a party.

You can effortlessly manage all your passwords and logins backed by end-to-end 256-bit encryption. And for the enterprises out there, Bitwarden recently added SCIM support making it even easier to provision and manage users. For password security you can trust, get started today with Bitwarden. Learn more at bitwarden.com slash smashing. Take security of your passwords and logins more seriously by visiting bitwarden.com slash smashing. And thanks to Bitwarden, they're great folks for supporting the show. Gigamon is the leading deep observability company. It offers a deep observability pipeline that harnesses actionable network level intelligence to amplify the power of observability tools, enabling companies to conquer blind spots and overcome the threat of today's sophisticated ransomware attacks. Gigamon's latest report into the state of ransomware reveals how insider threats are evolving, what impact cyber insurance and blame culture are having on the cybersecurity industry, and why deep observability is the new frontier for tackling the ransomware crisis. So, what are you waiting for? Download the report today at www.gigamon.com slash smashing. That's www.gigamon.com slash smashing. And thanks to Gigamon for supporting the show. Collide sends employees important, timely, and relevant security recommendations to their Linux, Mac, and Windows devices right inside Slack. Collide is perfect for organisations that care deeply about compliance and security, but don't want to get there by locking down devices to the point where they become unusable. So instead of frustrating your employees, Collide educates them about security and device management while directing them to fix important problems. Sign up today by visiting smashingsecurity.com slash collide. That's SmashingSecurity.com slash K-O-L-I-D-E. Enter your email when prompted, and you will receive a free Collide goodie bag after your trial activates. You can try Collide with all of its features on an unlimited number of devices for free, no credit card required. Try it out at SmashingSecurity.com slash Collide. That's SmashingSecurity.com slash K-O-L-I-D-E. And thanks to Collide for supporting the show. And welcome back. Can you join us at our favourite part of the show? The part of the show that we like to call Pick Of The Week. Pick Of The Week. Pick Of The Week. Pick Of The Week is the part of the show where everyone chooses something that it could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website or an app, whatever they wish. It doesn't have to be security related necessarily. It better not be. Well, my Pick Of The Week this week is not security related. It's also not a book that I've read, a funny story, a TV show, a movie, a record, a podcast, a website, or an app. What it is, is I was out. I popped around to a friend's house the other evening, and I was chatting to some other people that I hadn't met before, and they were telling me about a party game that they had played. I haven't actually played this party game yet, but they described it to me. They'd been at a party, and it sounded like it was a bit of fun. And I thought maybe some of our listeners, me, are intrigued. They might want to try it next time they have a party, or maybe some listeners have already tried this. And they can report to us what happened. They can report

Yeah, that would be nice. And meanwhile, Graham will attest that it's fantastic and give it a huge amount of advertising. Let's go, Graham. My pick of the week this week is not a game you can buy. It's a game you can just play.

I'm picturing it right now. It looks beautiful. You and the other person have got their mouths full of water, right? Almost bursting.

So you're holding a tortilla in one hand, you're holding water in your mouth.

Water in your mouth, yes.

Yeah, and with the other hand, you're playing rock, paper, scissors.

Rock, paper, scissors.

You know how to party. My freaking God.

Right. And one of you is going to win the game of rock, paper, scissors. Okay. At which point you slap the other person around the face with the tortilla wrap.

Okay, now it's gotten more fun.

Their job is not to laugh or spew out the water. And indeed, you mustn't laugh at their reaction of being slapped with the tortilla wrap. And that, ladies and gentlemen, is what the middle classes are playing in England today. And I thought I would share that with the world.

Don't you think that three weeks off was fantastic for you? Look.

It's a lot better than some of my past picks of the week. What's really

sad is you didn't even freaking play this. You had three weeks off. You're just reporting.

I'm going to. Next time I'm at a party and have some tortilla wraps, I'm going to say, oh, I know what we should do now. I'll come around to yours, Carole. Have you got tortilla wraps at your place?

Mikko, would you play this? No, no, I would not. Why? Because the hair?

Dignity? I'm sure we can come up with much better party games, I'm sure.

I look forward to you coming on the show again and telling us what your new party game is. It's going to be my pick of the week next time. Fantastic.

Sounds like a really good watch. Thank you for that, Mikko. I'm kind of regretting my pick of the week now. Because it's me.

I did. I came to the exhibition. excited. I was so excited.

Well, alongside these other childish scribblings by other artists.

Oh, come on. There's so much great stuff.

To be honest, everything was, well, no, there was a couple of rubbish things. But most of it was really good.

Thanks, buddy. Well, Carole, I'm browsing through your website right now. Actually, you are good.

And I was very, very impressed by the selection of art which are up there and very proud as well to see one of your paintings there. It was tremendous.

Mikko, I'm blushing.

Now, what makes the story even cuter is the painting was inspired by a snap that my mom took of her neighborhood in Ottawa, Canada over the summer. And even better is the first time in four years my parents are visiting me in the UK and they're going to get to see the painting of her photo in the show and she doesn't know yet.

Yeah, absolutely. We will with an autograph and dedication. Absolutely.

Exactly. All right. This is now becoming a goodie bag.

But the poem thingy, because nobody can come up with a word which rhymes with Mikko unless there's some kind of a weird sicko.

Make it rhyme with Hyppönen instead. That'd be so much easier.

Anyway, that's my pick of the week, me and the Oxford Art Society, which has been a brilliant experience.

Okay so get your poems about the podcast about Mikko or about Carole's art or whatever to studio at smashingsecurity.com by the end of Monday the 5th to be in with a chance. Terrific. Well that just about wraps up the podcast this week. Mikko, I'm sure lots of our listeners would love to follow you online, find out more about your book. What's the best way for folks to do that? That's mikko.com m-i-k-k-o.com. Fantastic. And you can follow us on Twitter at smashingsecurity, no G. Twitter wouldn't allow us to have a G and we've also got a smashingsecurity subreddit as well so find us up there. And don't forget to ensure that you never miss another episode, follow smashingsecurity in your favourite podcast app such as Apple Podcasts, Spotify and Google Podcasts.

And massive massive thank you this episode sponsors Bitwarden, Collide and Gigamon and of course to our wonderful Patreon communities thanks to them all this show is free. If you want to see episode show notes, sponsorship information, guest list and the entire back catalog of more than 286 episodes, check out smashingsecurity.com.

No it was fine that was great. You were great. We talked a load about your book. We had a cute angle right? I think the angle's cute there, the angle for this episode.

Is self-promotion. I think you'll find my pick of the week was the best this week. I can say that. Slap a tortilla.

I'm going to try that with my parents tonight. Okay, bye. Thank you.

Thank you so much, Mikko. I really appreciate it.

Yeah, you're a god. Thank you. Cheers. Bye-bye. Cheers.