How could your inkjet printer finally help you make some money, why is it so hard to share our health data even if we want to, and what result do you want to see from the Elon Musk vs Twitter bunfight?
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Rory Cellan-Jones.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
But then why shouldn't they be cheap? Why should you have to pay £80 for some ink? RORY CELLAN-JONES. Because that's the business model.
Exactly. RORY CELLAN-JONES. You've got to make a margin somewhere.
Look, have you— RORY CELLAN-JONES. Go out and change the business model. Start your own printer company where they cost £5,000 and the ink is free.
Yes, stop whining.
Smashing Security, episode 289. Printer Peeves: Health Data Hangar. RORY CELLAN-JONES. Ransomware setups and Twitter tussles with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 289. My name's Graham Cluley.
And I'm Carole Theriault.
And this week, Carole, we're joined by a special guest who has returned to the hot seat this week.
Rory Cellan-Jones. Welcome to the show, Rory. RORY CELLAN-JONES. Great to be here. I just could not keep away.
You know what it's like.
You've just flown in from Berlin, I believe. RORY CELLAN-JONES.
Well, yeah, I have been home maybe 36 hours, but I'm still recovering from the experience because Berlin is one great city and I've got stuff to tell you about it later.
I don't think I've got your files, but I might have your files and all the secrets of your life will unfold before you.
Well, yeah, I have been home maybe 36 hours, but I'm still recovering from the experience because Berlin is one great city and I've got stuff to tell you about it later.
I don't think I've got your files, but I might have your files and all the secrets of your life will unfold before you.
Oh my God. Well, before we get to that, let's thank this week's sponsors, Bitwarden, Kolide, and the Cybersecurity Inside podcast.
It's their support that helps us give you this show for free. Now, coming up in today's show, Graham, what do you got?
It's their support that helps us give you this show for free. Now, coming up in today's show, Graham, what do you got?
Oh, I'm going to be talking about the worst thing ever. Yep, I've really worked it out. The worst thing ever in IT.
OK, I look forward to that. Rory, what about you? RORY CELLAN-JONES. I'm going to be talking about health data.
Why are we not allowed to share our health data for essential research without an awful lot of bureaucracy and time wasting?
Why are we not allowed to share our health data for essential research without an awful lot of bureaucracy and time wasting?
OK, sounds good. Fun. And I will bring us into the Twitter Musk mudge drama. All this and much more coming up on this episode of Smashing Security.
Now, chums, chums, I want to ask you a question. What, in your opinion, is the worst problem in IT? What is the worst thing about computers and technology, do you believe?
Isn't it the bum on the seat between the keyboard and the screen or something?
The problem? Oh, PEBKAC, the problem existing between keyboard and chair. RORY CELLAN-JONES. Right.
Human. Yeah, well, that can be a trendy thing to blame for all IT problems. Any other theories? Ransomware? Business email compromise? RORY CELLAN-JONES. That's all fine.
It is the automatic software update that is still stuck 16 hours after you first activated it.
It is the automatic software update that is still stuck 16 hours after you first activated it.
Yes. RORY CELLAN-JONES. I went to bed, I got up, it's still going on. It's having a nervous breakdown.
My son got a new laptop from— well, he's just started a new school and he's got a new laptop and it started installing some update and it just said, "Don't turn me off," it said.
And it said that for about 5 hours. I thought, "What is it doing? Is it even connected to the internet?" I'm not sure if it is or not.
But no, none of these are actually as big as the worst problem of all, the one that's been staring us in the face for the last 40+ years.
And it said that for about 5 hours. I thought, "What is it doing? Is it even connected to the internet?" I'm not sure if it is or not.
But no, none of these are actually as big as the worst problem of all, the one that's been staring us in the face for the last 40+ years.
Okay.
And it is that printers are shit. RORY CELLAN-JONES. Oh, no, that— yeah, yeah, you've got it. You have got it.
Yeah.
I don't know if I agree. Okay. Okay. You're going to have to convince me. Well, I think they're really useful.
Right? Well, yeah, they would be useful if they worked.
Okay.
But printers don't work. If you've ever worked on an IT help desk, chances are you spent more of your time trying to fix printer issues than anything else.
If you're not lucky enough to have an IT help desk inside your home, you've probably been struggling with the vendor's IT help desk instead.
Constant phone calls coming through asking why printers aren't working, why something has come out smudged. Why isn't printing on both sides of the paper?
How come it's printed out down in the accounts department?
If you're not lucky enough to have an IT help desk inside your home, you've probably been struggling with the vendor's IT help desk instead.
Constant phone calls coming through asking why printers aren't working, why something has come out smudged. Why isn't printing on both sides of the paper?
How come it's printed out down in the accounts department?
You just don't understand printers. I worked with printers. I used to have to print off these packets to basically spam mail to people. RORY CELLAN-JONES. So it was you?
It was me.
And I would print out— I was 25, I don't know. And I was printing out—
You were faxing people as well? Is that you doing the fax spam?
But the printer would always get stuck. And I learned how to always fix— I was the printer queen.
People would be, "Carole, the printer's not working." I would find the paper in that crazy place, the shred that was blocking everything from working.
It meant that we didn't have to call the technician.
People would be, "Carole, the printer's not working." I would find the paper in that crazy place, the shred that was blocking everything from working.
It meant that we didn't have to call the technician.
You could spend hours trying to get that tiny little piece of paper out between the cogs inside your—
Well, you might. Took me about 10 minutes. I'm very good at these things. Anyway, carry on, carry on.
I think computer technology in general has moved on leaps and bounds over the years, but printers are still stuck in the Stone Age.
They even look they were designed by the people who built Stonehenge.
I can imagine ancient Britons lugging stones from the hills of Wales at the behest of Neolithic druids, chipping away at them for 1,500 years, making them into heavy oblongs with a paper feed tray, putting them on rollers made of tree trunks to the car parks of Epsom and Canon.
They even look they were designed by the people who built Stonehenge.
I can imagine ancient Britons lugging stones from the hills of Wales at the behest of Neolithic druids, chipping away at them for 1,500 years, making them into heavy oblongs with a paper feed tray, putting them on rollers made of tree trunks to the car parks of Epsom and Canon.
Graham's opened up his thesaurus. RORY CELLAN-JONES. But the question is, why are you still printing, Graham? Well, well, I would— Don't print!
Well, I would— RORY CELLAN-JONES. What do you need to print? Are you one of those people who writes something and then prints out 400 pages?
No, no, I'm not. I try to print something probably every three months. RORY CELLAN-JONES. Oh, that's it. You're not in practice.
Exactly!
I don't do the necessary voodoo. I don't have a human sacrifice to make the printout work.
Do you have a little oil droplet machine to make sure it's all working perfectly?
Occasionally I go somewhere where they demand a printout of the ticket. Oh no, you can't bring a smartphone 'cause it could be a photograph of someone's— It's what?
How's this any different? But anyway, this seems to happen to me a lot. I hate printers. Ink costs too much.
Ink always needs to be replaced even though I only use them every three months. It's terrible connectivity. Doesn't work half the time.
And you feel forced to buy a new printer 'cause the old one's having so many problems.
Because you think, well, it'll actually be cheaper to buy a new printer which comes with three new ink cartridges than buy some ink cartridges separately.
And the old ink cartridges don't work with the new printer.
How's this any different? But anyway, this seems to happen to me a lot. I hate printers. Ink costs too much.
Ink always needs to be replaced even though I only use them every three months. It's terrible connectivity. Doesn't work half the time.
And you feel forced to buy a new printer 'cause the old one's having so many problems.
Because you think, well, it'll actually be cheaper to buy a new printer which comes with three new ink cartridges than buy some ink cartridges separately.
And the old ink cartridges don't work with the new printer.
Are you okay? Were you trying to print this morning that didn't go well and you decided to use this as your soapbox?
Yes, I was doing exactly that. That is what was happening to me. And it was a complete nightmare. RORY CELLAN-JONES. Well, I've got a confession.
We have two printers in our house, one in my wife's incredibly efficient office from which she runs the world, one in my cubbyhole.
And about 3 years ago, I got bored with the one in my cubbyhole with all those issues that you suggested. I ran out of ink. I couldn't be bothered to replace it.
It still sits there and I just wirelessly print off my wife's printer and it's her fault if things go wrong. Yeah, it's great.
We have two printers in our house, one in my wife's incredibly efficient office from which she runs the world, one in my cubbyhole.
And about 3 years ago, I got bored with the one in my cubbyhole with all those issues that you suggested. I ran out of ink. I couldn't be bothered to replace it.
It still sits there and I just wirelessly print off my wife's printer and it's her fault if things go wrong. Yeah, it's great.
You're a very lucky man because most printers, you know, they're temptingly cheap because they're sold at a loss and the manufacturers make their money back by selling those ruddy ink cartridges.
It's like razors being super cheap and the blades being the markup.
It's like razors being super cheap and the blades being the markup.
I think you're totally being over the top here. Really, really? Yeah, I don't have these problems at all. I've had the same printer for 5 years, no issues. No issues.
It's just, you know, I've got the problem. RORY CELLAN-JONES. No, you've got the obvious answer. Just send it round to Carole and she'll print it for you.
Now, now, Rory. Now, now, now, now.
So my printer, despite having only been used about 7 times in the last 18 months, has run out of ink.
I wonder what the problem is.
And woe betide me if I decide I don't want to spend £80 on some new ink cartridges and try and use these sort of generic ink cartridges because, you know, whoa, whoa, whoa, then it's not going to work.
Oh, did you do that? Did you do that? Did you try and save a few quid?
I admit I have done that sort of thing in the past, yes. But, you know, it just ends up a nightmare, doesn't it? It ends up horrendous.
Because the printer manufacturers, they say, "Well, only our ink cartridges properly protect your printer from," I don't know what, malicious spiked ink cartridges containing malware or bad printing or something like that.
So they've stuck these microchips and electric gubbins onto the ink cartridges themselves, which takes away room that could have been used for ink.
Because the printer manufacturers, they say, "Well, only our ink cartridges properly protect your printer from," I don't know what, malicious spiked ink cartridges containing malware or bad printing or something like that.
So they've stuck these microchips and electric gubbins onto the ink cartridges themselves, which takes away room that could have been used for ink.
Almost like a walled garden, right? Not letting different microchips coming in.
Well, of course it is. And they don't want you using other people's ink cartridges. Now, one of the manufacturers which does this is HP.
Mm-hmm.
And if you had an HP printer and you dared to use an ink cartridge that wasn't made by HP, maybe everything was going swimmingly.
Maybe everything had been going fine for the last couple of years. You're using these other people's ink cartridges, la-dee-da, everything's wonderful.
And then one day, eh-eh, you get an error message on your printer saying cartridge problem. One or more cartridges appears to be damaged. Remove them and replace with new cartridges.
And you're thinking, what's all this about? I just want to print. I was printing fine last night. Why can't I print anymore?
Maybe everything had been going fine for the last couple of years. You're using these other people's ink cartridges, la-dee-da, everything's wonderful.
And then one day, eh-eh, you get an error message on your printer saying cartridge problem. One or more cartridges appears to be damaged. Remove them and replace with new cartridges.
And you're thinking, what's all this about? I just want to print. I was printing fine last night. Why can't I print anymore?
With my cheap, cheap-ass ink cartridges I've bought.
Yeah. Why shouldn't they be cheap? Why should you have to pay £80 for some ink? RORY CELLAN-JONES. Because that's the business model.
Exactly. RORY CELLAN-JONES. You've got to make a margin somewhere.
Yes. RORY CELLAN-JONES. Go out and change the business model. Start your own printer company where they cost £5,000 and the ink is free.
Yes, stop whining.
In this particular case, HP had, unbeknownst to its users, updated its printer's firmware with something called Dynamic Security.
When was this? When was this?
This was a few years ago. They rolled this out to lots and lots of printers.
It did say in the small print, the purpose of Dynamic Security is to protect HP's innovations and intellectual property, maintaining the integrity of our printing systems, ensuring the best customer printing experience, and protect users from counterfeit and third-party ink cartridges.
I know they're third-party ink cartridges. I just want to print something a little bit cheaper.
It did say in the small print, the purpose of Dynamic Security is to protect HP's innovations and intellectual property, maintaining the integrity of our printing systems, ensuring the best customer printing experience, and protect users from counterfeit and third-party ink cartridges.
I know they're third-party ink cartridges. I just want to print something a little bit cheaper.
Don't you realise this is the same model applies to your car?
Do you go to the show, you know, the car manufacturer to do your servicing, or do you go to Bob down the street who can do it at half price?
Do you go to the show, you know, the car manufacturer to do your servicing, or do you go to Bob down the street who can do it at half price?
Or, Carole, imagine this. Imagine you've bought a car and the manufacturer says, well, you should only really use Ford petrol, you should only use Volkswagen petrol.
You try and fill it with someone else's petrol, it goes, "Blargh," and grinds to a halt.
Or if your car reports to you that it's run out of petrol when it actually hasn't run out of petrol, because that's what some of these ink cartridges do.
They tell you they've run out, and in fact they haven't. Or they say, "We haven't got very much cyan left." Are you dehydrated or something? My printer is. So people complained.
When HP pushed out this firmware update that they were no longer able to print.
You try and fill it with someone else's petrol, it goes, "Blargh," and grinds to a halt.
Or if your car reports to you that it's run out of petrol when it actually hasn't run out of petrol, because that's what some of these ink cartridges do.
They tell you they've run out, and in fact they haven't. Or they say, "We haven't got very much cyan left." Are you dehydrated or something? My printer is. So people complained.
When HP pushed out this firmware update that they were no longer able to print.
You, Napoleon, were leading the charge, no doubt.
So people were saying, look, legitimate HP cartridges cost more to buy than a brand new printer, albeit not a brand new HP printer.
But, you know, you could just go out and buy a brand new printer.
And HP just, you know, the problem is that you should, in a way, install these firmware security updates because in March, for instance, HP alerted its users about various security vulnerabilities.
Vulnerabilities in various of its printers.
There's so many millions of printer models out there, some of which were critical, some which could lead to remote code execution malware.
So you want to install those updates, but it will install dynamic security as well, which is really only protecting HP. It's not really protecting you as a user.
So it's a bit rubbish. And I think Rory is right. Of course, Rory's always right. That we need to change the business model here. We need to stop buying printers. RORY CELLAN-JONES.
No, no, not we.
But, you know, you could just go out and buy a brand new printer.
And HP just, you know, the problem is that you should, in a way, install these firmware security updates because in March, for instance, HP alerted its users about various security vulnerabilities.
Vulnerabilities in various of its printers.
There's so many millions of printer models out there, some of which were critical, some which could lead to remote code execution malware.
So you want to install those updates, but it will install dynamic security as well, which is really only protecting HP. It's not really protecting you as a user.
So it's a bit rubbish. And I think Rory is right. Of course, Rory's always right. That we need to change the business model here. We need to stop buying printers. RORY CELLAN-JONES.
No, no, not we.
He said you.
He said you. RORY CELLAN-JONES. You've got to fix it.
You're the one with the problem. Exactly.
We need to send round all of our printouts to Rory to pass on to his wife to print out for us. And she can fix— there, we've solved the problem. Now, why is this news right now?
This is news right now because some organization has taken a class action against HP. They've already succeeded in America. They've got $1.5 million from HP.
You can claim up to $150 per person if you had this issue of HP printers. It's now happened in Europe as well, at least Belgium, Italy, Spain, and Portugal.
Whether other European countries, and whether the UK can consider itself to be European or not, I don't know. We'll have to come up to that.
But there is now an opportunity to get some money back out of HP if you suffered inconvenience or if you weren't able to print out stuff.
And if you missed your visit to the cinema because you weren't able to print out your ticket in the appropriate way because HP pushed down an update to you without properly warning you that it would actually be degrading the performance of your printer.
This is news right now because some organization has taken a class action against HP. They've already succeeded in America. They've got $1.5 million from HP.
You can claim up to $150 per person if you had this issue of HP printers. It's now happened in Europe as well, at least Belgium, Italy, Spain, and Portugal.
Whether other European countries, and whether the UK can consider itself to be European or not, I don't know. We'll have to come up to that.
But there is now an opportunity to get some money back out of HP if you suffered inconvenience or if you weren't able to print out stuff.
And if you missed your visit to the cinema because you weren't able to print out your ticket in the appropriate way because HP pushed down an update to you without properly warning you that it would actually be degrading the performance of your printer.
What assholes, even to pay for their mistake that, right? What dicks? RORY CELLAN-JONES. Yeah, it is kind of sad, these class actions.
I know it's really tragic if you have a problem with your printer.
But the idea that you're going to spend years and hire lawyers and obsess over your $150, it's kind of "get a life or get a new printer" time, isn't it?
I know it's really tragic if you have a problem with your printer.
But the idea that you're going to spend years and hire lawyers and obsess over your $150, it's kind of "get a life or get a new printer" time, isn't it?
And the lawyers are doing it out of the goodness of their hearts, of course. They're not making any money out of this. RORY CELLAN-JONES. Absolutely not.
On either side.
Yeah, but they should pay, right? Don't you think, Graham? Well, that's your whole story.
I just think having bought probably about a dozen printers over the course of my professional life, I think maybe it's time for me to wake up and try and find some other way of— maybe I should just use dirt, dirt and blood.
I don't know, just some other way of transcribing things from my computer because I'm not happy with printers.
If anyone has a recommendation on a printer which doesn't have evil cartridges in it, I've seen these ones where you can pour in the ink yourself.
Has anyone ever tried one of those? Are they any good? Carole, have you tried one?
I don't know, just some other way of transcribing things from my computer because I'm not happy with printers.
If anyone has a recommendation on a printer which doesn't have evil cartridges in it, I've seen these ones where you can pour in the ink yourself.
Has anyone ever tried one of those? Are they any good? Carole, have you tried one?
No. No.
Okay, all right.
No.
Anyway, that's it. I just wanted to have a little rant. RORY CELLAN-JONES. You call that a little rant? That was Gone with the Wind, for God's sake.
He's the most arrogant person ever. Thank you very much for sharing, Graham. Thank you.
Rory, what have you got for us this week? RORY CELLAN-JONES. Well, I wasn't going to have a rant. I was going to talk about health data, which is one of my obsessions.
So over the last few years, there's been innumerable attempts to get Britain's health data into a form that can be used for researchers. That's the positive view of it anyway.
Have big centralized collections of GP records in particular, and that will help in the search for cures for this, that, and the other.
And as someone with a couple of long-term health conditions, I'm all in favour of this. But obviously there are big issues.
There are huge controversies around the collection of this data and a lot of worries, justifiable worries, because there's nothing probably more valuable, more secret, more confidential than your health data, that this will be put at risk.
But in my view, the whole debate has become unbalanced to the extent that any attempt to collect any data is viewed as Big Brother coming down on you and wanting to flog your data to Big Pharma or whatever for evil means.
So over the last few years, there's been innumerable attempts to get Britain's health data into a form that can be used for researchers. That's the positive view of it anyway.
Have big centralized collections of GP records in particular, and that will help in the search for cures for this, that, and the other.
And as someone with a couple of long-term health conditions, I'm all in favour of this. But obviously there are big issues.
There are huge controversies around the collection of this data and a lot of worries, justifiable worries, because there's nothing probably more valuable, more secret, more confidential than your health data, that this will be put at risk.
But in my view, the whole debate has become unbalanced to the extent that any attempt to collect any data is viewed as Big Brother coming down on you and wanting to flog your data to Big Pharma or whatever for evil means.
Yeah. RORY CELLAN-JONES.
So I mean, we had a big thing called Care.data in this country about 10 years ago, which all went belly up because there was such a scandal over that about whether people had been informed about whether their data would be collected.
We had another go at it a couple of years ago where something called GPDPR — I think it's not the same as the European Data Law — anyway, a scheme to collect GP records.
When that came out, again, there was a huge hullabaloo and everybody was advised to opt out of it.
I was frantically telling my friends to opt in because it's important that there should be...
Here's what happens if a lot of people opt out of this kind of data collection: what you get is skewed results from any research.
If certain sections of the population decide that they don't want their data to be used in research, then they're underrepresented in any sort of clinical examination of that data.
So I mean, we had a big thing called Care.data in this country about 10 years ago, which all went belly up because there was such a scandal over that about whether people had been informed about whether their data would be collected.
We had another go at it a couple of years ago where something called GPDPR — I think it's not the same as the European Data Law — anyway, a scheme to collect GP records.
When that came out, again, there was a huge hullabaloo and everybody was advised to opt out of it.
I was frantically telling my friends to opt in because it's important that there should be...
Here's what happens if a lot of people opt out of this kind of data collection: what you get is skewed results from any research.
If certain sections of the population decide that they don't want their data to be used in research, then they're underrepresented in any sort of clinical examination of that data.
So it is quite important because privacy nerds and conspiracy wonks will opt out, right?
Yeah, yeah, people like me. RORY CELLAN-JONES. Yeah, I mean, obviously, if you're going to have good results, the more data the better.
Now, you can kind of understand these massive centralized data collection exercises being controversial.
Well, what was weird to me was when I came across an organization called the UK Biobank, which had signed up millions of people many years ago to voluntarily hand over their GP data because they wanted to be part of this exercise.
But guess what?
In many cases it didn't happen because their GPs had separately had to sign something, had to go through a process, and most of them frankly didn't get around to do that despite— They didn't bother.
Yeah, only about a quarter of them, all of this happened. Then came the pandemic.
Now, you can kind of understand these massive centralized data collection exercises being controversial.
Well, what was weird to me was when I came across an organization called the UK Biobank, which had signed up millions of people many years ago to voluntarily hand over their GP data because they wanted to be part of this exercise.
But guess what?
In many cases it didn't happen because their GPs had separately had to sign something, had to go through a process, and most of them frankly didn't get around to do that despite— They didn't bother.
Yeah, only about a quarter of them, all of this happened. Then came the pandemic.
Yeah. RORY CELLAN-JONES. And suddenly all the rules changed. We knew about this. Where they'd been running around for years going, have we got permission? Should we do this?
Let's have a review.
Suddenly, at a stroke, somebody said, right, the Health Secretary said, yeah, all that data can be used because there's an urgency with the attempt to find a vaccine.
So that all happened.
Now the pandemic is over, there's a question mark over whether that will continue to be the case because it was a sort special, almost wartime order, that that should happen.
And there's a row about that. And don't forget, these are people who are not doing this unknowingly, people who've signed up. And then there was an even better case a few weeks ago.
So when the vaccine task force was set up, along with it was set up an amazing database of around half a million people who signed up to take part in COVID research, right?
Many of them agreeing to do something that seemed quite risky back then— take the risk of being injected with the virus to help in the hunt for a vaccine before there was a vaccine, effectively taking that risk.
And yes, those people knew what they were doing, and most had also said that they were prepared to take part in research into other conditions.
So it was hoped that this thing had been collected, this incredibly valuable resource, half a million people, lots of details about their particular health situation and their backgrounds and so on.
And the thought was, great, this is going to be a valuable resource for years to come. But what happened?
The National Institute for Health Research, which was in charge of this great database, said a few weeks ago they're effectively closing it down in order to restart it, but that means going through the whole process of getting permission from all those half a million people all over again.
Let's have a review.
Suddenly, at a stroke, somebody said, right, the Health Secretary said, yeah, all that data can be used because there's an urgency with the attempt to find a vaccine.
So that all happened.
Now the pandemic is over, there's a question mark over whether that will continue to be the case because it was a sort special, almost wartime order, that that should happen.
And there's a row about that. And don't forget, these are people who are not doing this unknowingly, people who've signed up. And then there was an even better case a few weeks ago.
So when the vaccine task force was set up, along with it was set up an amazing database of around half a million people who signed up to take part in COVID research, right?
Many of them agreeing to do something that seemed quite risky back then— take the risk of being injected with the virus to help in the hunt for a vaccine before there was a vaccine, effectively taking that risk.
And yes, those people knew what they were doing, and most had also said that they were prepared to take part in research into other conditions.
So it was hoped that this thing had been collected, this incredibly valuable resource, half a million people, lots of details about their particular health situation and their backgrounds and so on.
And the thought was, great, this is going to be a valuable resource for years to come. But what happened?
The National Institute for Health Research, which was in charge of this great database, said a few weeks ago they're effectively closing it down in order to restart it, but that means going through the whole process of getting permission from all those half a million people all over again.
So Rory, why are they doing that? RORY CELLAN-JONES. What was their reasoning? Well, I'm hearing a lot of this happening.
I've got friends in the health service, for instance, who said there were all sorts of ridiculous rules that, for instance, stopped patients using hospital Wi-Fi to do calls with relatives, stupid things.
And that was immediately swept away. There is a justifiable paranoia, in fact, about data security in hospitals, and it's always easier to say no than to say yes.
And that appears to be the case.
I mean, what the National Institute for Health Research said was that they were going to create a new and better registry to help people with all conditions.
And they say they haven't actually set a date for the closure of the existing registry, but it would in time be superseded by a new and improved service.
All those words— new, better, improved— it all sounds fine.
I've got friends in the health service, for instance, who said there were all sorts of ridiculous rules that, for instance, stopped patients using hospital Wi-Fi to do calls with relatives, stupid things.
And that was immediately swept away. There is a justifiable paranoia, in fact, about data security in hospitals, and it's always easier to say no than to say yes.
And that appears to be the case.
I mean, what the National Institute for Health Research said was that they were going to create a new and better registry to help people with all conditions.
And they say they haven't actually set a date for the closure of the existing registry, but it would in time be superseded by a new and improved service.
All those words— new, better, improved— it all sounds fine.
We've never heard them before. RORY CELLAN-JONES.
Yeah, but people who've gone through all those complex checks to sign up in the first place, being asked to go through them all over again, you've got to feel it's likely many will feel, well, it's just not worth the bother.
And what was really impressive about the reaction to this decision was the words of Dame Kate Bingham. Now, do you remember her?
She was the woman put in charge of the vaccine task force by the government, one of the very few people who came through the whole pandemic situation with their reputation—
Yeah, but people who've gone through all those complex checks to sign up in the first place, being asked to go through them all over again, you've got to feel it's likely many will feel, well, it's just not worth the bother.
And what was really impressive about the reaction to this decision was the words of Dame Kate Bingham. Now, do you remember her?
She was the woman put in charge of the vaccine task force by the government, one of the very few people who came through the whole pandemic situation with their reputation—
She never got a party invite, is that what you're saying? RORY CELLAN-JONES. Yeah, exactly. Her reputation was massively enhanced. That's why she became a Dame.
She felt moved to use an unusual word for a Dame, the word bollocks.
In an interview with The Observer, she said that any talk of the UK becoming a science superpower after she'd heard of the demise of the COVID vaccine research registry, that was bollocks.
And it may have been an emotional reaction, but I kind of sympathise with her.
I mean, she said it in more sober way in a tweet, a massive lost opportunity, minimal cost to maintain the registry, industry would pay for access to recruit UK patients into new clinical trials to test life-saving drugs, all contacts and data lost, we'd hope to expand the registry to help all UK patients with untreated diseases.
So she felt there was a lost opportunity. Now I'm sure the National Institute for Health Research will say, hold on a minute, it's not anything as bad as she paints it.
But it does speak to me of what happens when bureaucrats get given back their powers to stop things.
And as I say, I have got some sympathy with them because a lot of the fault is down to people like me, the media, who are much keener on stories of your health data going amiss, yes, being at risk, than stories about successful medical trials down to the fact that this data was available.
She felt moved to use an unusual word for a Dame, the word bollocks.
In an interview with The Observer, she said that any talk of the UK becoming a science superpower after she'd heard of the demise of the COVID vaccine research registry, that was bollocks.
And it may have been an emotional reaction, but I kind of sympathise with her.
I mean, she said it in more sober way in a tweet, a massive lost opportunity, minimal cost to maintain the registry, industry would pay for access to recruit UK patients into new clinical trials to test life-saving drugs, all contacts and data lost, we'd hope to expand the registry to help all UK patients with untreated diseases.
So she felt there was a lost opportunity. Now I'm sure the National Institute for Health Research will say, hold on a minute, it's not anything as bad as she paints it.
But it does speak to me of what happens when bureaucrats get given back their powers to stop things.
And as I say, I have got some sympathy with them because a lot of the fault is down to people like me, the media, who are much keener on stories of your health data going amiss, yes, being at risk, than stories about successful medical trials down to the fact that this data was available.
Normally on our podcast, we are telling stories about things which have gone wrong, about data breaches, about— It's your fault. Yes, who haven't properly secured the information.
And I wondered whether, 'cause they're saying, we're gonna build this new, better, snazzier database. And I thought, well, in what way would it be better?
Could it be, okay, so putting my hat on for a second, could it be that they've identified that maybe the database system was initially created in such a fashion that it might contain vulnerabilities or may not be as secure as maybe it should have been?
And they need to rebuild it now, yes, that's very frustrating. There should be a way to easily move people from one database to the other, surely.
If you just ask them, can you reconfirm you want to be put on the new database rather than having to go through the enrolment process again? RORY CELLAN-JONES.
Well, one would think so, wouldn't one? Yeah.
All I wonder is whether it goes back to a system of volunteering from the doctors, from the GPs, who are very busy, you know, keeping those records up to date, keeping that detail supplied into the database.
And I wondered whether, 'cause they're saying, we're gonna build this new, better, snazzier database. And I thought, well, in what way would it be better?
Could it be, okay, so putting my hat on for a second, could it be that they've identified that maybe the database system was initially created in such a fashion that it might contain vulnerabilities or may not be as secure as maybe it should have been?
And they need to rebuild it now, yes, that's very frustrating. There should be a way to easily move people from one database to the other, surely.
If you just ask them, can you reconfirm you want to be put on the new database rather than having to go through the enrolment process again? RORY CELLAN-JONES.
Well, one would think so, wouldn't one? Yeah.
All I wonder is whether it goes back to a system of volunteering from the doctors, from the GPs, who are very busy, you know, keeping those records up to date, keeping that detail supplied into the database.
My issue though, from my experiences with the NHS, so doctors, GP offices, emergency rooms, all that, I've not been gobsmacked by the amazing technology they have available to them.
Old systems, right? Old systems, USBs in the back of machines just sitting there, still happens.
And that has made me be one of those people that you don't that is, let me just give you as little as I can. RORY CELLAN-JONES.
My personal experience has persuaded me in the opposite direction, which is that I deal with three branches of the health service: my GP, my family doctor that I've been with for 30-odd years, Moorfields Eye Hospital where I had a very serious eye condition which is still monitored, and a consultant for my Parkinson's.
I've been seeing about three years. None of them bloody talk to each other, none of them share data. I've got all this data and it's all in separate pools.
Here is a fantastic example.
My eye problem, which was a melanoma behind my left eye, was spotted by a very good high street optometrist with very good machines, and they were the ones who originally sent me to this specialist hospital, one of the best hospitals in the world, Moorfields, to have that sorted.
That was all fine.
Some years later, the same optometrist spotted another problem that wasn't anything as serious, but she thought that the consultants and my GP should be alerted to.
But she said, she showed me on her fantastic screen, you know, live video effectively of this membrane over my eye, which is a common thing.
And she said, listen, I cannot send this image to your GP or your consultant because I don't have clearance to do it. I could fax it to them, but...
Old systems, right? Old systems, USBs in the back of machines just sitting there, still happens.
And that has made me be one of those people that you don't that is, let me just give you as little as I can. RORY CELLAN-JONES.
My personal experience has persuaded me in the opposite direction, which is that I deal with three branches of the health service: my GP, my family doctor that I've been with for 30-odd years, Moorfields Eye Hospital where I had a very serious eye condition which is still monitored, and a consultant for my Parkinson's.
I've been seeing about three years. None of them bloody talk to each other, none of them share data. I've got all this data and it's all in separate pools.
Here is a fantastic example.
My eye problem, which was a melanoma behind my left eye, was spotted by a very good high street optometrist with very good machines, and they were the ones who originally sent me to this specialist hospital, one of the best hospitals in the world, Moorfields, to have that sorted.
That was all fine.
Some years later, the same optometrist spotted another problem that wasn't anything as serious, but she thought that the consultants and my GP should be alerted to.
But she said, she showed me on her fantastic screen, you know, live video effectively of this membrane over my eye, which is a common thing.
And she said, listen, I cannot send this image to your GP or your consultant because I don't have clearance to do it. I could fax it to them, but...
But I can't work out how to print it out. RORY CELLAN-JONES. That's the problem. But seriously, it was due to restrictions on the sharing of data across the NHS.
So what she suggested I do, which is what I did, was that I took a picture on my iPhone of this and then took it with me to the doctor.
So what she suggested I do, which is what I did, was that I took a picture on my iPhone of this and then took it with me to the doctor.
Then it's your fault if you lose it. Liability. RORY CELLAN-JONES. I mean, that has been sorted out now. But it's not so much antiquated technology.
There is a problem with antiquated technology, but excessive caution about the sharing of data, which is valuable data, which patients, many patients in my case, would like to see shared.
Why should my consultant or my GP or my optometrist not share data with each other? I mean, here's another example.
It turns out there is some obscure connection between Parkinson's and ocular melanoma one way or the other.
I found this out by Googling, and I had to tell my Parkinson's consultant about this because he didn't know that I got an ocular melanoma.
And, you know, I had to supply that data because that data was not available to him.
There is a problem with antiquated technology, but excessive caution about the sharing of data, which is valuable data, which patients, many patients in my case, would like to see shared.
Why should my consultant or my GP or my optometrist not share data with each other? I mean, here's another example.
It turns out there is some obscure connection between Parkinson's and ocular melanoma one way or the other.
I found this out by Googling, and I had to tell my Parkinson's consultant about this because he didn't know that I got an ocular melanoma.
And, you know, I had to supply that data because that data was not available to him.
Right. No, no, no, I think that's a very fair point. I'm going to think a lot about this. You've made a very interesting point that I've never considered before.
I've never thought of it from that point of view before.
I've never thought of it from that point of view before.
Well, and so as Rory says, certainly if you want to share your health data, what a shame that the powers that be are actually undermining that and preventing your ability to do it.
Or they're very aware the systems need to be reviewed. RORY CELLAN-JONES. Yeah. Yeah. I mean, part of it is down to the law.
For instance, I wrote another story on my popular health tech Substack, Always On, about—
For instance, I wrote another story on my popular health tech Substack, Always On, about—
Links in the show notes. RORY CELLAN-JONES. A registry that they're trying to create of equipment put inside people during operations. Because sometimes those things go wrong.
And there was a big scandal about something called vaginal mesh, which caused a lot of lawsuits and a lot of unnecessary pain to a lot of people.
And they then realized that they didn't have proper lists of everybody who had this put inside them or had a pacemaker put inside them or an artificial hip that might be the wrong brand.
And so when they had to do the equivalent of car part recall, it was very difficult.
And then it turned out that all the individual hospitals were keeping a registry of what was put inside each patient, but they were the data controllers, and they thought that they would get into trouble if they shared that data with other hospitals.
So if you moved, were under the care of another hospital, they wouldn't know.
And there was a big scandal about something called vaginal mesh, which caused a lot of lawsuits and a lot of unnecessary pain to a lot of people.
And they then realized that they didn't have proper lists of everybody who had this put inside them or had a pacemaker put inside them or an artificial hip that might be the wrong brand.
And so when they had to do the equivalent of car part recall, it was very difficult.
And then it turned out that all the individual hospitals were keeping a registry of what was put inside each patient, but they were the data controllers, and they thought that they would get into trouble if they shared that data with other hospitals.
So if you moved, were under the care of another hospital, they wouldn't know.
Fascinating. RORY CELLAN-JONES. Unintended consequences of quite, you know, justifiable data protection policies.
I want to think about this long and hard.
Carole, what have you got for us this week?
Okay, well, put on your hazmat suits, gentlemen, because we're going to enter les eaux de Twitter toilette with the key players Elon Musk. No intro needed.
Yes.
Twitter itself. And finally, the black belt sporting Peter the Mudge Zatko, the Twitter whistleblower. So quick background for those out there with a life.
Elon, the richest person in the world, perhaps bored for a few weeks last spring, agreed to purchase Twitter for the chump change of $44 billion.
Were you guys surprised when that happened, or were you thinking, oh, typical Elon?
Elon, the richest person in the world, perhaps bored for a few weeks last spring, agreed to purchase Twitter for the chump change of $44 billion.
Were you guys surprised when that happened, or were you thinking, oh, typical Elon?
I just think he does these sort of things for shits and giggles, really, doesn't he? RORY CELLAN-JONES. Oh God, yeah.
That's an expensive shits and giggle though. That's an expensive one.
Just likes the attention. RORY CELLAN-JONES. For the world's most brilliant man, he's pretty reactive, instinctive, careless about what he gets up to.
I'd agree. Because, you know, soon after, acting like he was changing his mind about purchasing a particular hoodie, he backtracks, right?
Saying he wants out because he thinks there're too many bot profiles on Twitter, more than Twitter admitting to.
Twitter responded saying there were less than 5% of its users which they thought were bots. That's exceptionally low. That's my opinion, but whatever.
Elon basically is scrambling to back out of the deal, and that was the reason he gave. Now, this is really weird.
Twitter gets mad and sues Elon in July, basically trying to force him to go through with the purchase.
Now, I get that from an investor perspective, but as an employee who works there, that's got to suck, right?
You're forcing someone to take ownership of a company that they desperately do not want to own. Right?
You do really want, a person at the helm to be disgruntled, pissed off, angry owner? RORY CELLAN-JONES.
Well, the alternative, he having gone in and put a floor under the price of Twitter, was that, yeah, the stock price would plummet and more people would be sacked, I suppose.
Saying he wants out because he thinks there're too many bot profiles on Twitter, more than Twitter admitting to.
Twitter responded saying there were less than 5% of its users which they thought were bots. That's exceptionally low. That's my opinion, but whatever.
Elon basically is scrambling to back out of the deal, and that was the reason he gave. Now, this is really weird.
Twitter gets mad and sues Elon in July, basically trying to force him to go through with the purchase.
Now, I get that from an investor perspective, but as an employee who works there, that's got to suck, right?
You're forcing someone to take ownership of a company that they desperately do not want to own. Right?
You do really want, a person at the helm to be disgruntled, pissed off, angry owner? RORY CELLAN-JONES.
Well, the alternative, he having gone in and put a floor under the price of Twitter, was that, yeah, the stock price would plummet and more people would be sacked, I suppose.
So they sued Elon. Elon soon countersues, saying Twitter misrepresented itself, dragged its feet in discovery, yada yada yada.
Now meanwhile, enter Pieter 'Mudge' Zatko, who was Twitter's head of security from 2020 until he was fired earlier this year.
Now, he ended up filing a complaint to the FTC in July— this was after he was fired— alleging that Twitter doesn't delete users' data after they deactivate their accounts and had cybersecurity policies that exposed it to hacking and disinformation by state aggressors.
You obviously read all about this.
Now meanwhile, enter Pieter 'Mudge' Zatko, who was Twitter's head of security from 2020 until he was fired earlier this year.
Now, he ended up filing a complaint to the FTC in July— this was after he was fired— alleging that Twitter doesn't delete users' data after they deactivate their accounts and had cybersecurity policies that exposed it to hacking and disinformation by state aggressors.
You obviously read all about this.
Yeah, almost as though Twitter had sort of been started up as a very small operation and suddenly become extremely huge.
And they sort of bolted on things over time and held it together with sellotape and string.
And they sort of bolted on things over time and held it together with sellotape and string.
Like HP.
Yeah. Well, not quite like HP.
I don't think they're charging us every year if we want to do another 30 tweets or something, they're not asking us to insert some cartridge into our brain.
But not really a surprise. And Mudge is a respected security researcher. He's one of those sort of rock stars of the—
I don't think they're charging us every year if we want to do another 30 tweets or something, they're not asking us to insert some cartridge into our brain.
But not really a surprise. And Mudge is a respected security researcher. He's one of those sort of rock stars of the—
Exactly. He has cyber clout, doesn't he?
He does. He has cyber clout.
Yeah.
Because to quote The Guardian here, quote, he was the highest profile member of a famous hacker think tank, The Loft, and a member of the well-known cooperative Cult of the Dead Cow.
And in that sense, he was a pioneer of hacktivism who spent much of his life trying to educate the world on cybersecurity and has a long list of discovered vulnerabilities to his credit.
Have you guys met him?
Because to quote The Guardian here, quote, he was the highest profile member of a famous hacker think tank, The Loft, and a member of the well-known cooperative Cult of the Dead Cow.
And in that sense, he was a pioneer of hacktivism who spent much of his life trying to educate the world on cybersecurity and has a long list of discovered vulnerabilities to his credit.
Have you guys met him?
I haven't met him. Have you met him, Ben? RORY CELLAN-JONES. No, no, I haven't. And he sounds like the kind of hire that could either be great or could be a nightmare.
Absolutely. Absolutely.
Just like you and me, Graham.
That's why no one hires us. You know how we sometimes work with developers who are pathologically honest and that's not necessarily a good thing?
It's like, well, yes, 'That is technically 100% true, but can we just do this thing?'
It's like, well, yes, 'That is technically 100% true, but can we just do this thing?'
So, yeah, so Peter puts this out, and of course, it somehow got into the hands of the Washington Post.
And then, like an unfortunate bout of tummy trouble, it exploded all over the place.
And then, like an unfortunate bout of tummy trouble, it exploded all over the place.
Lovely.
Obviously, the CEO, Parag— I don't know how you say his name. How do you say it? Agrawal? RORY CELLAN-JONES. Agrawal, I think. Yeah.
Agrawal. Yep. He responded to Mudge's charges in an email sent to employees, which of course was subsequently posted to Twitter by CNN.
And in it, he claimed that Mudge was calling attention to tasks that he was actually accountable for during his tenure.
And in the blog post, he uses terms like false narrative riddled with inconsistencies and inaccuracies. Basically not a happy CEO.
And, you know, can we blame him, given that his buyer's trying to back out, and at the same time, a high-profile employee of some repute is ringing the cyber alarm bells for everyone to hear?
RORY CELLAN-JONES. And he, again, is in a weird position, isn't he? Because he, as you put it, is fighting to get a new boss who will definitely sack him.
And in it, he claimed that Mudge was calling attention to tasks that he was actually accountable for during his tenure.
And in the blog post, he uses terms like false narrative riddled with inconsistencies and inaccuracies. Basically not a happy CEO.
And, you know, can we blame him, given that his buyer's trying to back out, and at the same time, a high-profile employee of some repute is ringing the cyber alarm bells for everyone to hear?
RORY CELLAN-JONES. And he, again, is in a weird position, isn't he? Because he, as you put it, is fighting to get a new boss who will definitely sack him.
Yeah, and give him a huge payout. RORY CELLAN-JONES. Well, that is true, yes. Ah, now the plot thickens, as you say.
Well, it does because Elon, right, when he hears about Mudge's complaints, frothing at the bit. RORY CELLAN-JONES. Rubbing his hands.
Right? Ends up asking the judge, pleading with the judge, if he could amend his countersuit of Twitter to include Twitter's lack of security testimony.
Right.
And just last week, Elon's wish was granted. So what do you think about that? So it's kind of— that was never a concern of his.
But now he feels there's new evidence to support his pulling out of the Twitter purchase, and presumably he wants Mudge to show up in court.
Yes, which I think he is. RORY CELLAN-JONES. Right.
And to say all these things. RORY CELLAN-JONES. And his case was pretty weak until this came along, wasn't it? He basically bought it.
Did he do any due diligence before he offered whatever he offered for it? Doesn't sound like it.
Buyer beware, but now if he was intentionally misled, as he'll claim, then all bets are off.
Did he do any due diligence before he offered whatever he offered for it? Doesn't sound like it.
Buyer beware, but now if he was intentionally misled, as he'll claim, then all bets are off.
Yeah. Now Elon wanted something else from the judge too. He wanted to delay the court date, obviously to build his case even further, but he didn't manage to do that.
The trial of Twitter versus Musk is set for October 17th, next month. RORY CELLAN-JONES. Book your tickets now.
The trial of Twitter versus Musk is set for October 17th, next month. RORY CELLAN-JONES. Book your tickets now.
Funny you should say that, because Slate yesterday published an article all about what the peanut gallery— so those of us without shares in Tesla or Twitter, which outcome should we root for?
And I want to present you with the options, and you guys can each pick one or come up with an alternative if you can think of an alternative.
All right, so option 1: root for a settlement that costs Musk a ton of money but doesn't make him buy Twitter. So a negotiated resolution.
So Musk could pay Twitter a chunk of cash for every share in the company, but something less than $54.20 that he agreed in April.
And Twitter stock price would go down as Musk got out of the deal, but it wouldn't go to zero. RORY CELLAN-JONES. Okay, yeah, this is sounding quite attractive so far.
And I want to present you with the options, and you guys can each pick one or come up with an alternative if you can think of an alternative.
All right, so option 1: root for a settlement that costs Musk a ton of money but doesn't make him buy Twitter. So a negotiated resolution.
So Musk could pay Twitter a chunk of cash for every share in the company, but something less than $54.20 that he agreed in April.
And Twitter stock price would go down as Musk got out of the deal, but it wouldn't go to zero. RORY CELLAN-JONES. Okay, yeah, this is sounding quite attractive so far.
Yep.
Okay, option 2: root for Musk because it'd be bad if he owned Twitter.
Yes.
And the ship has already sailed on people like him being subject to the same laws as the rest of us.
So when Musk actually wanted to buy Twitter, he talked about it in terms of making it a maximalist free speech operation.
Which in practice would mean rolling back content moderation, allowing maybe the worst people in our society to use Twitter to spew all kinds of stuff out. RORY CELLAN-JONES.
So what am I rooting for there? I'm rooting for Musk to ruin Twitter?
So when Musk actually wanted to buy Twitter, he talked about it in terms of making it a maximalist free speech operation.
Which in practice would mean rolling back content moderation, allowing maybe the worst people in our society to use Twitter to spew all kinds of stuff out. RORY CELLAN-JONES.
So what am I rooting for there? I'm rooting for Musk to ruin Twitter?
No, not to ruin. If he wins, he doesn't buy it.
Oh, he doesn't buy it still? Oh, okay. All right.
If he wins it, he gets out of the whole—
Oh, I see.
You know, buying Twitter deal. RORY CELLAN-JONES. But this is already marginally worse than option 1, because option 1, he doesn't get Twitter and it does cost him some money.
Yes, which is, I think, going to be our preference all the way through, isn't it? Is anything which costs Elon Musk some money.
I don't know. Option 3, root for Twitter. You know, you want Musk to pay up for a company he doesn't want, and you're willing to accept what his ownership of the company might mean.
Oh no, we don't want Musk in charge of Twitter. That'd be horrible. RORY CELLAN-JONES. You see, you've put it the wrong way around. You've given us the most attractive option first.
Well, option 4, last one. Root for carnage. Perhaps Twitter wins but Musk refuses to pay. Or Tesla investors, worried about Musk being too distracted, tank the share price.
Or Musk wins but continues to fuck with Twitter out of spite. RORY CELLAN-JONES. No, we're not— we're not that— we're not bad people, are we, Graham?
Or Musk wins but continues to fuck with Twitter out of spite. RORY CELLAN-JONES. No, we're not— we're not that— we're not bad people, are we, Graham?
Well, sorry, let me check. No, yes, that's right. RORY CELLAN-JONES. Yes.
Yes, we're going for option one. RORY CELLAN-JONES. We're definitely going for option one.
Yes, absolutely.
The final security-focused thing I have for you that I think is fascinating on this is that this whole corporate tap dance is going to force Twitter's hand to review and harden its security policies.
I can't see how they can get out of it. If they have to go to court, they have to say, well, you know, these things have been addressed.
And maybe the big winners are us, the users of Twitter. Thoughts? RORY CELLAN-JONES. Well, I'm that rare thing, a quite satisfied user of Twitter.
Maybe it's because I'm a conservative with a small c. I joined it pretty early on in 2007. I like it the way it is. It's annoying from time to time.
I don't want an edit button because people will misuse it. I don't want to pay for it.
I want things to carry just as they are, as long as, you know, I'm allowed to block people who annoy me.
I can't see how they can get out of it. If they have to go to court, they have to say, well, you know, these things have been addressed.
And maybe the big winners are us, the users of Twitter. Thoughts? RORY CELLAN-JONES. Well, I'm that rare thing, a quite satisfied user of Twitter.
Maybe it's because I'm a conservative with a small c. I joined it pretty early on in 2007. I like it the way it is. It's annoying from time to time.
I don't want an edit button because people will misuse it. I don't want to pay for it.
I want things to carry just as they are, as long as, you know, I'm allowed to block people who annoy me.
Ah, Graham?
I quite like Twitter, I have to say. I don't like any of the other social networks, but I like Twitter. I would like to pay for it. I feel good about paying for services.
I don't like services which have—
I don't like services which have—
You don't like paying HP.
That's true, that's true. But I only use my HP printer once every 3 months for 1 page. We're shitty!
The Cybersecurity Insight podcast is a fantastic resource to stay up to date on the latest news and trends.
Whether you're a security expert or just want to know more about cybersecurity, you should check it out.
Thom Garrison and Camille Morhardt host industry leaders to help us learn more about the world of cybersecurity, make it easy to understand today's most important security and technology topics.
Recent episodes of Cybersecurity Insight have covered the ethics of AI and machine consciousness, ransomware, darknet, LastPass, where we're headed with the cloud, how small businesses get access to cybersecurity resources, and so much more.
You're going to walk away smarter about cybersecurity and have fun while you're at it. Check out cybersecurityinside.com/smashing to listen to the latest episode.
That's cybersecurityinside.com/smashing, or search for Cybersecurity Inside wherever you listen to podcasts.
The Cybersecurity Insight podcast is a fantastic resource to stay up to date on the latest news and trends.
Whether you're a security expert or just want to know more about cybersecurity, you should check it out.
Thom Garrison and Camille Morhardt host industry leaders to help us learn more about the world of cybersecurity, make it easy to understand today's most important security and technology topics.
Recent episodes of Cybersecurity Insight have covered the ethics of AI and machine consciousness, ransomware, darknet, LastPass, where we're headed with the cloud, how small businesses get access to cybersecurity resources, and so much more.
You're going to walk away smarter about cybersecurity and have fun while you're at it. Check out cybersecurityinside.com/smashing to listen to the latest episode.
That's cybersecurityinside.com/smashing, or search for Cybersecurity Inside wherever you listen to podcasts.
Smashing Security listeners, did you know that Bitwarden is the only open-source, cross-platform password manager that can be used at home, on the go, or at work?
Bitwarden's password manager securely stores credentials spanning across personal and business worlds.
And every Bitwarden account begins with the creation of a personal vault, which allows you to store all your personal credentials.
These are unique and secure passwords for every single account you access, and it's easy to set up. It's easy to use. I honestly love Bitwarden.
I use it at home, use it at work, use it on the go.
Get started with a free trial of a Teams or Enterprise plan at bitwarden.com/smashing, or you can even try it for free across devices as an individual user.
Check it out at bitwarden.com/smashing. And thanks to Bitwarden for sponsoring the show.
Bitwarden's password manager securely stores credentials spanning across personal and business worlds.
And every Bitwarden account begins with the creation of a personal vault, which allows you to store all your personal credentials.
These are unique and secure passwords for every single account you access, and it's easy to set up. It's easy to use. I honestly love Bitwarden.
I use it at home, use it at work, use it on the go.
Get started with a free trial of a Teams or Enterprise plan at bitwarden.com/smashing, or you can even try it for free across devices as an individual user.
Check it out at bitwarden.com/smashing. And thanks to Bitwarden for sponsoring the show.
Kolide sends employees important, timely, and relevant security recommendations for Linux, Mac, and Windows devices right inside Slack.
Kolide is perfect for organizations that care deeply about compliance and security but don't want to get there by locking down devices to the point where they become unusable.
So instead of frustrating your employees, Kolide educates them about security and device management while directing them to fix important problems.
Sign up today by visiting smashingsecurity.com/kolide. That's smashingsecurity.com/kolide.
Enter your email when prompted, and you will receive a free Kolide goodie bag after your trial activates.
You can try Kolide with all of its features on an unlimited number of devices for free, no credit card required. Try it out at smashingsecurity.com/kolide.
That's smashingsecurity.com/kolide. Www.kolide.com/k-o-l-i-d-e. And thanks to Kolide for supporting the show. And welcome back. Can you join us at our favourite part of the show?
The part of the show that we like to call Pick of the Week.
Kolide is perfect for organizations that care deeply about compliance and security but don't want to get there by locking down devices to the point where they become unusable.
So instead of frustrating your employees, Kolide educates them about security and device management while directing them to fix important problems.
Sign up today by visiting smashingsecurity.com/kolide. That's smashingsecurity.com/kolide.
Enter your email when prompted, and you will receive a free Kolide goodie bag after your trial activates.
You can try Kolide with all of its features on an unlimited number of devices for free, no credit card required. Try it out at smashingsecurity.com/kolide.
That's smashingsecurity.com/kolide. Www.kolide.com/k-o-l-i-d-e. And thanks to Kolide for supporting the show. And welcome back. Can you join us at our favourite part of the show?
The part of the show that we like to call Pick of the Week.
Pick of the Week. RORY CELLAN-JONES. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish.
It doesn't have to be security-related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish.
It doesn't have to be security-related necessarily.
It better not be.
Well, my pick of the week this week is slightly security-related.
Oh, tsk, tsk.
Now, we are big fans of password managers here on the Smashing Security podcast. We recommend that you use one because then you don't have to remember your password.
Something else is securely storing them and it is generating random unique passwords for every website you have to access. But there is a problem.
There is a problem, which is even if you do have different passwords to different websites, as we'd recommend, and your passwords are suitably gibberish and gobbledygook, you might occasionally come across a web form where it doesn't allow you to copy and paste a password into the form.
Maybe you are registering for a website and the HTML on the website is preventing you from actually doing a paste of the password you've already entered into the field to confirm.
Yes. Yeah, it's bloody irritating. And it's a—
Something else is securely storing them and it is generating random unique passwords for every website you have to access. But there is a problem.
There is a problem, which is even if you do have different passwords to different websites, as we'd recommend, and your passwords are suitably gibberish and gobbledygook, you might occasionally come across a web form where it doesn't allow you to copy and paste a password into the form.
Maybe you are registering for a website and the HTML on the website is preventing you from actually doing a paste of the password you've already entered into the field to confirm.
Yes. Yeah, it's bloody irritating. And it's a—
Especially when you have 20-character passwords. Tell me about it.
You're on the British Gas website, for instance, chosen at random. Not that this has ever been a problem for me.
And you find out that it won't let you bloody well enter the password with a copy and paste. And they say, oh, it's for your security. No, it's not for your security.
You don't know what you're talking about. So this regularly comes up on Twitter. People complaining about this sort of thing with different websites.
And so I have found the solution, ladies and gentlemen. There is an add-on for your browser. I found versions of it for Firefox and for Chrome, and it's called Don't Fuck With Paste.
Carole, you'll bleep that appropriately, I presume.
So this add-on stops websites from blocking copy and paste actions on password fields and other input fields where you may have completely legitimate, reasonable requirements to paste something in.
Question. Yes, Carole.
And you find out that it won't let you bloody well enter the password with a copy and paste. And they say, oh, it's for your security. No, it's not for your security.
You don't know what you're talking about. So this regularly comes up on Twitter. People complaining about this sort of thing with different websites.
And so I have found the solution, ladies and gentlemen. There is an add-on for your browser. I found versions of it for Firefox and for Chrome, and it's called Don't Fuck With Paste.
Carole, you'll bleep that appropriately, I presume.
So this add-on stops websites from blocking copy and paste actions on password fields and other input fields where you may have completely legitimate, reasonable requirements to paste something in.
Question. Yes, Carole.
God, you are so complainy today. RORY CELLAN-JONES. He's moany, isn't he?
Yes, so moany. Question. How often does this occur? For me, in my life, this would occur maybe once a month, if.
That's enough. Because if you have a password which is 34 characters long, including weird symbols and numbers, and it's complete gobbledygook.
And it's also masked on the website as well. So you've just seen asterisks. It can be rather difficult to type it all in by hand.
And you just think, why can't I just paste this into the field and get on with this?
And it's also masked on the website as well. So you've just seen asterisks. It can be rather difficult to type it all in by hand.
And you just think, why can't I just paste this into the field and get on with this?
Interesting.
I think our listeners will agree with me, and that's why I recommend—
Well, I look forward to see what they think about this.
Install Don't Fuck With Paste, the browser add-on, which will help you with those irritating websites. And that is my pick of the week. Rory, what's your pick of the week?
RORY CELLAN-JONES. Well, I'm terribly sorry, but mine is to do with security in a roundabout way.
RORY CELLAN-JONES. Well, I'm terribly sorry, but mine is to do with security in a roundabout way.
Excellent.
It is allowed. It is allowed.
No, it is not. RORY CELLAN-JONES. It's otherwise entitled, 'What I Did on My Holiday.' Because I'm just back from a 3-day city break in Berlin.
I love Berlin. RORY CELLAN-JONES. There is a background to this in that in 1977, I lived in West Berlin at the height of the Cold War for 6 months before I went to university.
I was going to study German. And it was tremendously exciting to have the wall around you, to feel that you were on the front line. And we used to visit the East from time to time.
And at the weekend, I visited the old East to go to what I consider probably the best museum in the world.
It is the Stasi Museum, the Staatssicherheit The State Security Apparatus Museum.
The Führerstaatspolizei, the East German secret police, who employed a huge number of people to watch over their citizens' every move.
Just getting there is almost part of the experience.
You go on the S-Bahn, then you get off, you walk past some rather grim East German-type housing blocks, and then you arrive at what was the Stasi headquarters, and it's all perfectly preserved.
In particular, the apartments of the boss Heinrich Mielke are perfectly preserved on a certain floor, and it's all kind of sub-1970s Stasi-style furniture.
I can see it becoming a big thing at IKEA one year, sort of a retro thing, with secret tape recorders inside sort of cabinets, because he liked to record everything.
And instructions for his secretary.
There's a little kitchen where his breakfast was laid out each morning, and an actual plan done by one secretary for the other one of where Herr Mielke likes his boiled egg to be put on the tray.
So that is the funny side of it. The chilling side of it is this complete documentation of all their techniques.
The buttonhole cameras, the surveillance system, surveillance photographs of a postbox where they watched and waited for somebody they were suspicious of to come and post their letters so they could go down and open the postbox and steam it open.
The surveillance photos taken during raids on people's houses where they'd have got a friend of theirs who happened to be working for the Stasi, did they but know it, to tell them, oh, come around to my place.
Meanwhile, the Stasi would ransack their flat. The sheer scale of the operation is absolutely breathtaking.
And what it makes you think is, what would they have done these days with social media? It would have been so much easier for them to get access to all of this information.
I was going to study German. And it was tremendously exciting to have the wall around you, to feel that you were on the front line. And we used to visit the East from time to time.
And at the weekend, I visited the old East to go to what I consider probably the best museum in the world.
It is the Stasi Museum, the Staatssicherheit The State Security Apparatus Museum.
The Führerstaatspolizei, the East German secret police, who employed a huge number of people to watch over their citizens' every move.
Just getting there is almost part of the experience.
You go on the S-Bahn, then you get off, you walk past some rather grim East German-type housing blocks, and then you arrive at what was the Stasi headquarters, and it's all perfectly preserved.
In particular, the apartments of the boss Heinrich Mielke are perfectly preserved on a certain floor, and it's all kind of sub-1970s Stasi-style furniture.
I can see it becoming a big thing at IKEA one year, sort of a retro thing, with secret tape recorders inside sort of cabinets, because he liked to record everything.
And instructions for his secretary.
There's a little kitchen where his breakfast was laid out each morning, and an actual plan done by one secretary for the other one of where Herr Mielke likes his boiled egg to be put on the tray.
So that is the funny side of it. The chilling side of it is this complete documentation of all their techniques.
The buttonhole cameras, the surveillance system, surveillance photographs of a postbox where they watched and waited for somebody they were suspicious of to come and post their letters so they could go down and open the postbox and steam it open.
The surveillance photos taken during raids on people's houses where they'd have got a friend of theirs who happened to be working for the Stasi, did they but know it, to tell them, oh, come around to my place.
Meanwhile, the Stasi would ransack their flat. The sheer scale of the operation is absolutely breathtaking.
And what it makes you think is, what would they have done these days with social media? It would have been so much easier for them to get access to all of this information.
Or maybe with your health data. RORY CELLAN-JONES. Yeah, exactly, exactly, exactly right.
Yeah, on site, on the same site, they have got all— they've got a registry of all of the files that were kept, and you can actually go there.
And I've been wanting to do this for some time. I think it's very unlikely that I have a Stasi file, but it's just possible.
Because when I lived in West Berlin, our trip there was organized by something called the Deutsch-Britische Jugendaustausch, the German-British Youth Exchange, which East Germany would have thought of as an evil spying operation.
And we went across to the East from time to time and saw vaguely dissident people and took them some coffee. And I've always wondered whether, you know, whether I've got a file.
It's unlikely, but I went and filled in a form and they said they'd come back to me in 3 months.
Yeah, on site, on the same site, they have got all— they've got a registry of all of the files that were kept, and you can actually go there.
And I've been wanting to do this for some time. I think it's very unlikely that I have a Stasi file, but it's just possible.
Because when I lived in West Berlin, our trip there was organized by something called the Deutsch-Britische Jugendaustausch, the German-British Youth Exchange, which East Germany would have thought of as an evil spying operation.
And we went across to the East from time to time and saw vaguely dissident people and took them some coffee. And I've always wondered whether, you know, whether I've got a file.
It's unlikely, but I went and filled in a form and they said they'd come back to me in 3 months.
It's like, this would be an explosive blog post or even an essay. RORY CELLAN-JONES.
Well, no, there was a guy called Timothy Garton Ash who lived there much longer and lived totally in the East.
He did go back after 1989 and got his file and found out that all of his friends that he'd made in East Germany were spying on him. The Stasi. Yeah.
So it's— anyway, it's a fascinating museum, which I've got to recommend. The most absorbing place you can visit.
Well, no, there was a guy called Timothy Garton Ash who lived there much longer and lived totally in the East.
He did go back after 1989 and got his file and found out that all of his friends that he'd made in East Germany were spying on him. The Stasi. Yeah.
So it's— anyway, it's a fascinating museum, which I've got to recommend. The most absorbing place you can visit.
Wow. Sounds brilliant. Very interesting.
Yeah. I feel guilty that I find most of their furniture and interior design mouth-wateringly gorgeous, and that is very disturbing to me. So yeah, I'm gonna deal with that.
Have you told your husband where you like your boiled egg? How you like your eggs in the morning?
Boiled egg? Yes, yes. RORY CELLAN-JONES. Draw him a little chart. Egg here, toast here, coffee there.
Carole, what's your pick of the week?
I have a wonderful pick of the week, although I think it's rivaled by Rory's this week. And this is not hot off the press. No, neither was Rory's.
Mine's been around since 2020, but I don't have HBO, so I never saw it. And that is a wacky and utterly fresh docu-comedy series called How To with John Wilson.
Have either of you seen it?
Mine's been around since 2020, but I don't have HBO, so I never saw it. And that is a wacky and utterly fresh docu-comedy series called How To with John Wilson.
Have either of you seen it?
No. Oh. RORY CELLAN-JONES. I haven't, but I heard mention of it the other day.
Well, this hopefully will get you off your seat. RORY CELLAN-JONES. I'm excited now. Good.
Yeah, so it's available on the BBC now. And I would say don't waste a moment longer, even stop listening to me, although Rory, Graham, you stay put. Okay, go watch it now.
I was about to say, I'm off.
No. So this is a series centered around an explanatory narrative, an essay, where all the jokes are sort of visually punctuated by this collage of New York City footage.
But that kind of wacky, crazy stuff you see all the time in New York, but no one ever films. Just all that insane, crazy stuff.
And so the essays would be something like, "How to make small talk," or "How to split the check," or "How to appreciate wine," or "How to be spontaneous." And John Wilson will do some musings on that and have this imagery of the background of just life of New York happening.
But it somehow works with the poetry of the narrative. It's just glorious. And it's human, and it's tender, and it's funny. And it's laugh out loud. I don't normally do that.
RORY CELLAN-JONES. How To, How To with John Wilson. Is that what it's called?
But that kind of wacky, crazy stuff you see all the time in New York, but no one ever films. Just all that insane, crazy stuff.
And so the essays would be something like, "How to make small talk," or "How to split the check," or "How to appreciate wine," or "How to be spontaneous." And John Wilson will do some musings on that and have this imagery of the background of just life of New York happening.
But it somehow works with the poetry of the narrative. It's just glorious. And it's human, and it's tender, and it's funny. And it's laugh out loud. I don't normally do that.
RORY CELLAN-JONES. How To, How To with John Wilson. Is that what it's called?
Yep. Yep. How To with John Wilson. RORY CELLAN-JONES. I've got to check it out.
It would make a killer podcast, just the essays on their own. But it just makes it glorious because you have these New York City moments that underpin what he says.
Anyway, it's 10 out of 10. John Wilson, thank you for this treasure. There are two seasons available on the BBC at the moment, and you can also find it on HBO. I love it.
I'm sure you will too. How To with John Wilson. Links in the show notes.
Anyway, it's 10 out of 10. John Wilson, thank you for this treasure. There are two seasons available on the BBC at the moment, and you can also find it on HBO. I love it.
I'm sure you will too. How To with John Wilson. Links in the show notes.
I'll check it out. Well, that just about wraps up the show for this week.
Rory, I'm sure lots of our listeners would love to follow you online and maybe check out your writings as well. What's the best way for folks to do that? RORY CELLAN-JONES.
Well, my Twitter feed is full of inane nonsense, but is also quite compelling. Ruskin147 is my Twitter handle. Substack, just search for Substack Rory Cellan-Jones.
It's called Always On because that's the name of the book I wrote last year, but it's actually about health and technology. You can get it for free or you can pay me some money.
You don't get much for the money, to be honest. You don't really get anything for the money. But, you know, it would be a nice gesture, a warm feeling.
Rory, I'm sure lots of our listeners would love to follow you online and maybe check out your writings as well. What's the best way for folks to do that? RORY CELLAN-JONES.
Well, my Twitter feed is full of inane nonsense, but is also quite compelling. Ruskin147 is my Twitter handle. Substack, just search for Substack Rory Cellan-Jones.
It's called Always On because that's the name of the book I wrote last year, but it's actually about health and technology. You can get it for free or you can pay me some money.
You don't get much for the money, to be honest. You don't really get anything for the money. But, you know, it would be a nice gesture, a warm feeling.
That's what they'll get at the very least. And you can follow us on Twitter @SmashingSecurity. No G, Twitter won't allow us to have a G.
And we've also got a Smashing Security subreddit. And don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast apps, such as Apple Podcasts, Spotify, and Google Podcasts.
And we've also got a Smashing Security subreddit. And don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast apps, such as Apple Podcasts, Spotify, and Google Podcasts.
And huge shout out to this episode's sponsors, Bitwarden, Collide, and the Cybersecurity Inside podcast. And of course, to all our wonderful Patreon community.
Thanks to them all, this show is free.
For episode show notes, sponsorship information, guest list, and the entire back catalog of more than 287 episodes, check out smashingsecurity.com.
Thanks to them all, this show is free.
For episode show notes, sponsorship information, guest list, and the entire back catalog of more than 287 episodes, check out smashingsecurity.com.
Until next time, cheerio. Bye-bye.
Bye. RORY CELLAN-JONES. Bye.
Graham, do you think you're losing your voice because you're grumbling too much? Look, even Rory sees it. Even Rory. And you like Rory, you trust him. What do you think about that?
It might be true. It might be true, maybe. Yes.
Trust me, it is. And then what career do you have? RORY CELLAN-JONES. It's over. It's all so over.
I could be a Marvin impressionist. I could sing, I was born under a lucky star.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Rory Cellan-Jones – @ruskin147
Episode links:
- Dynamic Cartridge Security – disable please – Angry customers complain on HP support forum.
- Update now! Many HP printers affected by three critical security vulnerabilities – MalwareBytes.
- HP will pay customers for blocking non-HP ink cartridges in EU – Bleeping Computer.
- HP and Euroconsumers settle on Dynamic Security – Euroconsumers.
- Why printer ink is so expensive – Insider.
- Ink cartridges are a scam – YouTube.
- Trying to print something – YouTube.
- UK Biobank – why won’t GPs share data? – Rory’s Always On Newsletter.
- Another data sharing fiasco – Rory’s Always On Newsletter.
- Tweet by Kate Bingham – Twitter.
- The Twitter Whistleblower Needs You to Trust Him – Time.
- Twitter denies whistleblower payout violates Musk’s takeover deal – MSN.
- Elon Musk earns a split decision in Delaware court – The New York Times.
- Twitter’s whistleblower has pitched up at a very inconvenient moment – The Guardian.
- Damning claims about Twitter’s bots and security lapses are ‘a false narrative,’ says CEO – The Verge.
- The Spectator’s Guide to the Elon Musk–Twitter Fight
- – Slate.
- Don’t F*** with Paste – Firefox browser addon
- Don’t F*** with Paste – Chrome browser extension.
- Stasi Museum, Berlin.
- How to With John Wilson – BBC.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
- The Cyber Security Inside podcast – Relevant cybersecurity topics in clear, easy-to-understand language. With every episode, you’ll walk away smarter about cybersecurity, and have fun while you’re at it!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
