Smashing Security podcast #293: Massive crypto bungle, and the slave scammers

So they park it on your drive with the keys. Is that then your car? No! You don't think you can just take it? No, I don't. But it's alright for you to take 10 million dollars? No, I don't... You're saying there's nothing to compel you? There's no legal requirement?

Ladies and gentlemen, this is gaslighting. Exactly what's going on right now. Chris Chris Chris Chris Chris Chris Chris Chris Chris Chris Chris Chris Chris Chris Chris Chris Chris Chris Chris it should be the same way both ways.

Smashing Security, episode 293, a massive crypto bungle and the slave scammers with Carole Theriault and Graham Cluley. Hello, hello and welcome to Smashing Security, episode 293. My name's Graham Cluley. And I'm Carole Theriault. Carole, you're back. Thank goodness. We've all been worried about you after your husband got COVID. Tell us what happened. I got COVID.

You got COVID. I tried really hard not to get COVID. But I suspect it's quite hard to do in a house with just one loo, right?

Oh, you didn't make him go out in the garden?

No, I kind of... Or you go out in the garden. Yeah, that's what I should have done. Yeah. I'm not as ill as him, of course, right?

Yeah, yeah. Of course. You sound all right at the moment, I'll be honest with you, but you were quite rough at the end of last week.

Yeah, I know. I know. Well, we'll see how we go.

And you pulled out of the Smashing Security live event at NISC.

No, I chose very responsibly not to go over on the day that I tested very positive for COVID.

But it was okay. It sucked. We had a puppet. We had a deepfake of you, which acted as though it were you. And people couldn't tell the difference, really. Everyone seemed very happy.

Well, how about we get this show on the road? Before we kick off, let's thank this week's sponsors, Bitwarden and Collide. It's their support that helped us give you this show for free. Now, coming up on today's show, Graham, what do you got?

I'm going to be talking about how cryptocurrency bungles have really excelled themselves.

Okay, and I'm going to ask you whether you would hire an ex-scammer. No. All this and much more coming up on this episode of Smashing Security.

Now, Chum Chum, do you consider yourself a lucky person? Yes, I do think I'm fairly lucky, yeah. Yeah? Really? Yeah. Why? I've got a pretty good life. Other than having COVID at the moment, life's pretty sweet.

I definitely think that. I definitely don't think it can be anything to do with intelligence, charm or wit. Fortune favours the brave goes the old adage doesn't it but it also favours the jammy the lucky the fluky whether you're lucky enough to be born into European royalty which I wasn't I don't know if that's lucky I think you don't

Well no do you I think it'd be quite good to be a second cousin so you wouldn't have very many duties but you'd have rich relatives to bail you out or give you a palace or something to live in. I think that'd be quite handy.

Okay, I didn't know that was something you were looking for, a palace. I'll keep my eyes peeled for you.

And also, if the FBI or someone wanted to question you about some serious offence, you'd be able to turn a blind eye to it.

They wouldn't know what door to use on your palace.

Maybe. Maybe that's the thing stopping them. Who knows? But I think there's all kinds of ways you can be lucky. You could be the first person ever hired by Amazon. Not one of their delivery guys, but the guy who was sort of helping Geoff Bezos sellotape up the parcels. They've probably made a fortune, haven't they?

I think if you think luck is just wealth, then you're right on all these fronts.

Oh, okay. Well, sometimes good fortune can also fall into your lap from the strangest places. Go on. So, for instance, last year, there was a bug in a cryptocurrency service called Compound. And what Compound managed to do was, by accident, by mistake, they gave away $90 million worth of crypto to their users. They accidentally sent it to them. And then…

Like to all of them? A little share?

Well, you know, lots of people got something, yes, of different amounts. And then their founder, their CEO, went on to Twitter.

Guys, can you give it back, please? Seriously.

Yes, exactly. He begged them. Well, you would. You would. You would. He said, would you mind awfully giving it back? He said, it would really be. And he said, if you do, I will give you a 10% bug bounty. If you do the honest thing and return most of it to us.

Right. So you got 10 grand. Okay. Give me back. Give me back 90 or give me back nine and I'll give you one type thing. Well, it's very quick maths for somebody who's still got COVID. You're not that foggy headed, but yeah, perhaps. My amazing constitution. But he went on to say, look, otherwise, if you don't pay it back, it's going to be reported as income to the IRS. And most of you are doxxed because I know all of your names and addresses. Okay. I think he didn't realise that free money minus taxes is still better than no free money. So I don't think people would worry particularly that they had to pay taxes if they've been given a large sum of money.

Well, you can pay taxes on illegal earnings or, you know. Is it illegal? You just have to declare it. You just have to declare it and say, look, I have this money. I'm not going to tell you how, but here's the taxes and the tax man's happy. Well, you could just say it's been given to me by Crypto.com. Exactly. As a gift. I presume so. A loyalty payment of some kind. I'd be all right with that compared to others. What, you think Australia's better? Yes. Where do you want to be?

Have you not seen Cell Block H? Have you not seen... You'd rather

be in a Chinese prison.

Well, no, I haven't been in a Chinese prison. Would you like to be there? But I've seen enough soaps to know what being in an Australian women's prison can be like. Right, good, yes. Anyway, it doesn't matter. That's not relevant right now. Now, you're wondering, you're wondering what they're doing in that prison. Well, they allegedly stole money from a cryptocurrency company called Crypto.com, a big cryptocurrency company. How did they allegedly steal the money, you ask? I'll tell you, Carole. Okay. They didn't hack in. This is great. You don't have to ask questions anymore. No, it's good. Because you've got COVID, you can take it easy. Exactly. They didn't hack in. They didn't burgle their HQ. Instead, they were given the money. Okay. So let me explain what happened. Jatinder Singh is a cryptocurrency trader. Check. He's been doing it for a while. He's amassed something $49,000 worth of cryptocurrency on the Crypto.com trading site using his debit card.

Okay. Okay, so that's money from his hard-earned cash.

Yeah, he's doing all right. Yeah, not doing anything wrong there. Sounds everything's going well. But then he wants to conduct some more trades. And for some reason or another, he uses his partner, Manavelt's, debit card. Creates another account.

Well, maybe she has a bigger balance. Who knows? Right. Who knows? Maybe he sees a great opportunity, needs a different debit card. Oh, good old. It's always Excel's fault. It's always Excel's fault.

And rather than pasting $100 into the appropriate cell, right, they accidentally pasted in not $1,000 or $10,000. No, what they did was they pasted in the account number, the Crypto.com account number of the previous job that worker had been working on. So everyone who's on Crypto.com has an ID number. And so they pasted in the number, which was the user number, into the field of how much money they were going to refund.

So the little dollar sign wasn't a giveaway? So. Right. And it came to $10,474,143. then press, without double checking, press the send now. Yes. Transfer. Right. Exactly. Bet they're in a bit of a pickle.

It strikes me that Crypto.com have just leaked one of their users' account numbers as well. Right. Which is 10,474,000.

Guys, maybe take that one offline if you haven't already. Yeah, exactly. Just in case. Right, okay. Honestly, I would call them up and go, they've obviously made a crazy ass error. They're going to be freaking out. Wouldn't you? Well, apparently the court has heard. Right. Is that Jatinder, her partner, said to her, oh, well, that's what happened was the other day on the Crypto.com app, I received a notification saying that they were running a competition to give away $10 million. being honest or is he full of poo-poo? Well, that's for the court to decide, Carole. That's for the court to decide.

sounds like he's part of this now. Why would he say that? I don't understand.

Well, this is the argument that is being given to court. They say there was a notification in the app saying there was a competition. Someone's going to win 10 million. And then suddenly 10 million turns up in their account from Crypto.com. Now, Crypto.com says, we don't actually run competitions like that.

Can you prove that? Where did you see that? Exactly.

And we didn't send out a notification. So that's the first mistake that's happened, is Crypto.com has moved $10.5 million into someone's bank account rather than $100. The second mistake they made is that it then took them a full seven months until they noticed that they'd made that blunder, that they'd moved the money. They didn't spot the $10.5 million had disappeared.

Seven months. This is ridiculous.

So they didn't notice until December 23rd last year, just before Christmas. And of course, someone else is having a great Christmas. Can you imagine? It's alleged that Manivel transferred large amounts of this life-changing windfall into different accounts, transferred it to her friends, gave away some to her family, used it to buy a $1.2 million luxury home with a cinema, home gym, four bathrooms, made a down payment on another home.

Would you do that? Would you have done that? I mean, seven months, though, and they haven't come knocking for it. You just assume at one point they are going to.

Don't you kind of think finders keepers, maybe if they haven't noticed by now?

I don't know. My partner has told me

I've won a competition. He said we've won a competition. Don't worry about

it, honey. Don't worry about it, Manny. We got this.

Another $4 million was transferred to a Malaysian bank account. That's where Manivel comes from and her sister's based out there. Hundreds of thousands of dollars allegedly given to each of her daughters, another friend has his 1.2 million dollar mortgage

Yeah, so they spread the wealth and get them furniture Luxury cars, all sorts like a gangster. And now Crypto.com, now they're hot on the case now, right. Now they've noticed this seven months later. Just hold on a second. I think something here is a little awry.

What's going on here? Right. And so they are contacting the lawyers of Manivel and Jatinder Singh. And they're saying, could we have our money back, please? And nobody's replying. No one's acknowledging receipt. So funny that, isn't it. Put your head in the sand, hopefully they'll go away, hopefully they'll lose interest.

Because 10 million is not enough for them to keep their So they also had not very much success contacting Manivel's sister in Malaysia so she's not responding either. They just had a single one line just saying thank you received or something like that, just an email, but they never went into any conversation. seven months weirdly, but

Manivel tried to leave the country. She was arrested at Melbourne airport in March. They say she was trying to flee to Malaysia on a one-way ticket and she had a large amount of money on her.

I do kind of think I agree with you. If in the crypto world, if I accidentally gave you 10 million quid, right, or 10 million Bitcoin, or not you, some stranger. They're not going to give it back. And no one's going to help me source that and get it back. They're going to say, well, it's gone. You made it. You fucked up.

But isn't there some responsibility on the recipient to say, did you mean?

Ethically, yeah. But I don't know about legally.

If someone, Carole, left outside your house, I don't know, an Aston Martin car with the keys in it. What if they parked it on your drive? Because it's very convenient for your neighbourhood. So they park it on your drive with the keys. Is that then your car?

No.

You don't think you can just take it?

No, I don't.

But it's all right for you to take $10 million?

No, I don't. You're saying there's nothing to compel you. There's no legal requirement, you reckon.

Ladies and gentlemen, this is gaslighting, exactly what's going on right now. This is called twisting one's words. All I'm saying is, it should be the same way both ways. If someone makes a mistake and pays someone 100 million or 10 million or five quid, can they go to the bank or to the Bitcoin exchange or whatever exchange and say, oh, can we just, you know, let's go back in time, you know, rewind, rewind.

But in this case, they have to ask. You can't just undo it at the bank level, because the money's been moved from place to place.

Exactly. You know, I get it. I get it. So what's happened? Nothing? We don't know?

Well, Crypto.com are asking for the house to be sold, all proceeds to be returned to them. They want all the money back. And this couple, if they're found guilty of this theft and subterfuge, they could face up to 20 years in an Australian prison.

Says who, though? Says just, I don't know where the law, where's the precedent on this one? Well, because it's theft, Carole, allegedly. It's not theft, though. You're not giving back something that belongs to someone else. I mean, even if it was a goof.

It was a goofy gift. I've received lots of those in my life, Graham.

Oh, now you're admitting it. Now you're admitting it. Interesting. Carole, what's your story for us this week? Okay, so question is, would you hire a person who boasted about having scammed people in the past to the tunes of thousands and thousands and thousands? Oh no, I'm a coward. I wouldn't necessarily confront them. But they're your employee. I might. Well, I might fire them for another reason, body odor or something. I might find some other excuse to get rid of them. I don't know if I'd want to say you're a scammer.

Right, right, right. Right, because you'd be afraid for your life then, because scammers are killers.

Well, they might be. You don't know. You don't know what their links go to.

Okay, well, I want to see if this story changes your mind on this, Annie. Okay? All right. So we're going to the other side of the world, over to Thailand. And you are perusing Facebook, as you do, right? And you see an ad for an admin job that's right up your street. You're like, that's a very nice weekly pay packet. Okay. And it all looks good. And the job happens to be in Cambodia, which is a different country, of course. But it's just an hour flight away, capital to capital. So it's not really a big deal. Yeah. And plus, you've got money. All the money you'll be making, you'll be able to travel back and forth.

So this is an in-person job. You actually will have to go over to that.

Exactly, right. And everything's looking tickety-boo. And when you get there, things take an absolutely wild turn. Because there is no admin job. There is only a scammy, scammy, scam job. So in short, you are told, okay, something along the lines of, you need to target the pig, fatten the pig before butchering the pig.

Sorry, who's the pig in this story?

Which I've managed to translate to finding a target to woo, to scam, right? Right. And then woo the crap out of them until they're brimming with trust and then start hitting them up for moolah. These are their terms. This is according to The Guardian. Links in the show notes.

Oh, like a romance scam. When you say woo. Well, there is investment scams, any type of scam. Romance scams, investment scams. But you're basically gaining the trust of someone in order to trick them out of money by some method. And that's your job.

This is your job, right? And you're told your role is to scour the internet for victims you could trick into investing in an online scam.

So they're quite upfront about this and they're advertising these jobs on Facebook.

Well, not as this, right?

Ah, they're just saying it's an admin job. Right.

So you may at this point kind of go, hey, I think there's been some kind of mix up. I'm not a scammer. I just want to do a bit of paperwork, right? Yeah. And apparently this attitude of yours does not go down so well. This is according to Lai Thi Lan. Okay, she's a woman who found herself in exactly this situation. And she explained in The Guardian that if she refused to do the work, she would be told that she'd be taken to the eighth floor of the building compound to be beaten or electrocuted.

What the? What? What?

Yes. Yes.

Okay. Eighth floor. Weird. Okay.

Okay, Lan was then told later by other workers that she had been sold to this criminal gang that was running this enterprise and that she was now owned by the company.

You're kidding me.

Nope. Lan says she would work between 14 and 16 hours a day with only short toilet breaks. If you spent more than 10 minutes in the bathroom, your pay would be docked. Lunch and dinner were brought at the table where staff worked. and she'd been promised a salary of something like $800 to $900 US, and the first month she received $200 only, and the second and third month she received nothing.

Sorry, I'm still upset about the 10-minute toilet break.

Right? Because sometimes... Things can take a while for some people, right?

They can. Especially if she's stressed out, which she would be. If I've got a copy, you know, if I've got the newspaper and things, with a cricket on, it's going to take longer than that. Okay, so that's nasty.

She was told she had to earn 300 million dong or 12,000 US dollars for the company each month.

That's a lot of dong.

We had a lot of dong. Every five days, she had to attract two new customers to be tricked into sending money. If she didn't meet her targets, her pay would be deducted and the bosses would threaten her with violence.

And there's, yeah, there's a constant threat of being taken up to this mythical eighth floor where they have the electrodes.

Yeah, for electrocution. Exactly. Now, you kind of think, oh, you know, this must be a one in a million story. And in fact, there's been a recent crackdown in Cambodia that there was more than 1,400 foreign nationals that were rescued and returned home to their neighboring countries, including Vietnam and Thailand. And many think there are thousands and thousands more waiting a rescue.

Well, it sounds like slavery, doesn't it really?

Yes. Doesn't it just? Lan's colleague, if I can use that term, colleague, he was forced to work on romance scams. So Twan was stuck in the same compound and the romance style scams centered around a fake online shop. And he said, "We called it selling emotions." And he would troll Facebook dating for targets. I didn't even know Facebook had a dating thing.

Oh, they do. It's the most horrendous. See? No, I haven't been on it, obviously. Sure, of course not. No, I think we talked about it way back when is the whole horror of Facebook introducing a dating component. But apparently it does. Yeah, you're ringing a bell. COVID fog.

And he'd say, I'd pretend to be a woman to flirt with guys. And after flirting back and forth to create trust in them, I'd lure them in into buying stuff like a pyramid scheme. The deeper they got sucked in, the worse it'd be for them.

Look, these guys have got the wrong idea. Which guys? The people who've been tricked into working at the scam company. Because rather than saying, oh, hi, I'm a woman, I'm really interested in you, or I've got a great investment for you. Why don't they say, hey, I'm stuck working for a scam operation where they're threatening to electrocute me.

Yeah, they're probably not checking any of the logs. You won't even go to a scammer that you know is a scammer and say you're a scammer.

But it's a great story. That's the one they should be using to pull on the heartstrings and saying, can you say there's an airfare to get out of here?

Can I just say my story isn't done yet? My story is not done because these two, how do we know about their stories? Because they got out. You want to know how they got out. They dug a tunnel. Crazier than that, I would argue.

Let's hear it.

So most would have remained captive until the authorities had enough to raid the compounds. And the only way, of course, to leave the compound was by paying a huge ransom fee, which neither, you know, Twan or Lan could afford. But they do manage to get out, and they get out by literally breaking free with a dozen other colleagues. According to The Guardian, some male staff fired Molotov cocktails to startle the work compound security officers, then dozens raced from the building. Men in dark uniforms chasing frantically after them, waving sticks. Lan Antoine and others jump into the water along Cambodia-Vietnam border and swam for their lives. There's even a video of this that's been shared widely online. Is this true? Is all of this true? How do I know? It's according to The Guardian. I wasn't there. Personally, I was not there.

You were not there. I have it on very good, reliable sources. Links in the show notes.

One 16-year-old boy drowned during this escape.

Oh, my God. Would you hire them then? Oh, would I hire one of these people who's escaped? I'm still slightly dubious about this story, to be honest, Carole. I'm not sure I believe it all, because it's extraordinary.

Well, it's kind of complicated because Thailand, who's actually raised the alarm on this, saying this is definitely happening, and estimate that there's 3,000 more Thai workers trapped in these conditions. And the issue became so acute that in August, the U.S. downgraded Cambodia to the worst level possible in its trafficking in persons annual report. And a U.N. special rapporteur likened the conditions in these compounds to a living hell. So put that in your pipe and smoke it. But when you get back home, you think your problems might be over. You know, mom and dad going, oh, God, thank God you're back. We were worried about you. We didn't hear from you and everyone hugging and kissing. But in fact, no, the majority of people that have returned from such compounds, about 70%, have been prosecuted, according to the Royal Thai Police.

Because they scammed people in Thailand.

Because they may have scammed people in Thailand, and there are some bonafide scammers out there. But there are also people who get sucked into this scammy world. And it's a bit of a hornet's nest because if you get it wrong, you either let a scammer go free or you make a victim pay double time for being a victim.

So if I was a scammer in Cambodia, and I did that for a couple of years and made myself enough million dong, I could then pop over to Thailand and say, oh, I've had a terrible time. Oh, my goodness, I had to jump in a river. Molotov cocktails, electrodes, etc. in order to try and get some sympathy rather than be prosecuted. Is that what you're saying? Some people might be pretending.

Or presumably people also fall for it. And there would be a record, right? There would be evidence that she clicked on the link of the ad. You know, there would be an ad. There'd be a paper trail somewhere. There'd be the emails back and forth. There'd be the buying the plane ticket.

Facebook would definitely have tracked everything. Let's be honest. Facebook would have started. I could call them. They will explain everything. Why are Facebook allowing these ads from dodgy people to occur?

Right? Does Facebook even exist anymore? I don't even know.

They've rebranded. Is it Facebook by Meta or is it Meta? Meta's the parent company. Facebook, the website, exists. Yes, I'm afraid so.

And on top of all that, on top of that. Have you got more?

No, I was just going to say on top of all this. You won't hire them. So. Oh, yeah, because that's the biggest of their problems.

The icing on the cake. The straw that breaks the camel's back.

Graham clearly won't hire me. Oh, my goodness. My life is ruined. Yes. I see

More clearly now in this COVID

Fog. If you're considering a third party audit like SOC 2 or ISO 27001, then you should be prepared to answer some tough questions about endpoint security. Auditors want to know that you have a system in place to monitor and maintain compliance across your fleet, which means showing that your staff are using things like disk encryption, screen locks, password managers. If you're not quite sure how you'd go about proving all that, then you need Collide. Collide's an endpoint security tool for Mac, Windows and Linux devices that gives you the visibility you need to meet your third party and internal compliance goals. Best of all, Collide doesn't resort to spying on workers or locking down devices. Instead, it works with end users to resolve issues and relies on their cooperation and informed consent. You can meet your security goals and pass your audit without compromising on privacy. Visit collide.com slash smashing to find out how. If you follow that link, they'll also give you a goodie bag just for activating a free trial. That's K-O-L-I-D-E dot com slash smashing.

Smashing Security listeners, did you know that Bitwarden is the only open source cross-platform password manager that can be used at home, on the go or at work? Bitwarden's password manager securely stores credentials spanning across personal and business worlds. And every Bitwarden account begins with the creation of a personal vault, which allows you to store all your personal credentials. These are unique and secure passwords for every single account you access. And it's easy to set up. It's easy to use. I honestly love Bitwarden. I use it at home, use it at work, use it on the go. Get started with a free trial of a Teams or enterprise plan at bitwarden.com forward slash smashing. Or you can even try it for free across devices as an individual user. Check it out at bitwarden.com forward slash smashing. And thanks to Bitwarden for sponsoring the show.

And welcome back and he joins at our favourite part of the show, the part of the show that we like to call Pick Of The Week Pick Of The Week Pick Of The Week Pick Of The Week is the part of the show where everyone chooses something they like. It could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website or an app, whatever they wish. It doesn't have to be security related necessarily, better not be. Well my Pick Of The Week this week is not security related. My pick of the week is a board game, a board game which doesn't have a board, a board game that I have been playing called Zertz.

Oh okay. I thought it would be the tortilla water full mouth slapping. I have not played that yet. Play tortilla slap. I'm actually going to a 50th birthday party at the end of the month so I will set it up for that place. Yes.

Well Zertz, Z E R T Z, is an abstract two-player strategy game played with marbles, white, gray and black, very nice feeling marbles by the way. All the pieces in this game really feel nice. It's just like, oh I like to touch these. Oh yes, thank you very much. It's a bit like a bakelite telephone, you know how nice. Yeah, I like those. Yeah, exactly, that's what we're talking about. So you get these lovely marbles and you start off, you build a hexagon made out of marble holders which come in the pack. And each go, you put a marble down and you take one of the holders away from the hexagon, one of the ones which isn't occupied. So over time, the area of play gets smaller and the number of marbles increases. And the marbles can jump over each other, a bit like in drafts or checkers.

Is it a parcheesi or something like that? I don't know. Anyway, you can jump over, in fact you have to take if you can take, and slowly the board gets smaller. And after a few plays you begin to understand the strategy is much deeper than you initially imagined because you can lay traps for people, you can force them to take your pieces in order to get the colours that you want in order to win the game, and it's really fun. Yes, of course I do.

Such as?

I play Quirkle.

No, it's not that intelligent. It's pretty intelligent. No, it's not really. It's just dominoes, isn't it? Quirkle.

I play Scrabble.

Yeah, I like Scrabble.

Yeah. I play Wordle.

Okay. Yeah. What's your pick of the week?

Okay. Maybe blame COVID, but mine is slightly security related. Oh. And I know. I know.

Well, you know, be gentle. Amusing, isn't it?

My pick of the week is The Capture, a BBC show that just released its second series. And many folk tweeted and emailed us asking us to cover this one. And now I am. Graham, I can't remember if you watched it or not. I remember

Telling you about it. I've seen the first series. I believe there's now a second series out as well.

Yes, there's a second series. I'll give a quick description for listeners. But basically, you have an inspector, Rachel Carey, played by Holiday Granger. She's drafted in to investigate a case, but quickly learns that disentangling misinformation from the truth is not going to be easy. Is it plausible? Do you think they stretch it too much or do you think it's rooted in reality?

I pass. No, I didn't think it was rooted in reality. But then I don't think any medical show is either. So, you know. But

Maybe it's not reality now, but it might be in 10 years time. If deep fakes continue the way they are going, for instance.

Oh, sure. Sure. But not on CCTV cameras, I don't think. I thought that was a bit... I don't know. Anyway, whatever. I don't know. What do I know? I don't know. Take it up with me in 10 years. But you liked it. You liked the show. Yes. Yes. But I mean, I don't have a lot of energy at the moment. I'm watching a lot of crap. Right? So this one...

Why have you not got any energy? Oh, stop

It. So my pick of the week is The Capture. It's produced by Peacock available currently on the BBC iPlayer links in the show notes enjoy.

Well that just about wraps up the show for this week you can follow us on Twitter at smashinsecurity no G Twitter allows to have a G and we also have a smashinsecurity subreddit and don't forget to ensure you never miss another episode follow smashinsecurity in your favourite podcast app while you're at it maybe you want to give us a review give us a five star review say something nice about us I don't know if it changes the algorithm. It sure makes us feel a whole lot better if you could do something like that. What the fuck was that? Just give us a review if you like to. Don't worry about that. Huge thank you to this episode's sponsors, Bitwarden and Collide, and to our wonderful Patreon community. Thanks to them all that this show is free. For episode show notes, sponsorship information, guest lists, and the entire back catalogue of more than 292 episodes, check out smashingsecurity.com. Until next time, cheerio, bye bye. Bye. We didn't this week. Carole, we didn't have a guest this week.

We didn't have a guest this week. Did you notice? I didn't notice.

We did have a guest this week until about half an hour before we started recording.

Yes. Don't worry, guys. This will not be a normal thing. It won't just be the two of us. We wouldn't be able to stand it either. Yeah. All right. Pause. It didn't stop.