Deepfake shenanigans strike users of troubled crypto firm FTX, the perils of charging your electric vehicle, and is Microsoft’s takeover of Activision good news for video game fanatics.
All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by John Hawes of AMTSO.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
If you were Sam Bankman-Fried, what? How do you?
That is taking double-barreled to quadruple-barreled now.
Quintuple.
That's excessive. Smashing Security, Episode 299. EV Charging Risks, FTX, and an Ancient Apocalypse. LastPass with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 299. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 299. My name's Graham Cluley.
And I'm Carole Theriault.
And this week, Carole, we've got a special guest with us. Who is joining us in the hot seat?
We do. We have AMTSO's John Hawes.
Hello, hello, hello. My seat is indeed very hot.
What's so hilarious about AMTSO, Carole?
It's the hardest word to say, I find.
I think you did it excellently.
A-M-T-S-O. I don't know how you'd say it, but it's more of a silent T.
For those in the know, it's the Anti-Malware Testing Standards Organization.
Correct.
That's right. What do you guys do? Test standards?
We set standards for testing. We make sure that the testing is done in a good way that helps everybody.
Well, it's great to have you on the show. And Carole, what's coming up?
Well, before we kick off, let's thank this week's sponsors, Bitwarden, Carole Theriault and Kool-Aid. It's their support that helps us give you this show for free.
Now coming up on today's show, Graham, what do you got?
Now coming up on today's show, Graham, what do you got?
I'm going to be going deep on FTX.
Okay. And what about you, Mr. John Hawes?
Well, as usual on this show, I'm going to be talking about the Internet of Things.
And I'm not going to be talking about the Twitter deal, but a much, much bigger deal. All this and much more coming up on this episode of Smashing Security.
Now, chums, over $150 billion in 3 days. That's how much the 15 largest cryptocurrencies lost in market value due to the collapse of one of the largest exchanges in the world, FTX.
$150 billion.
$150 billion.
Were they real dollars?
Well, yeah, I know.
Well, you know, who can say, but theoretical dollars, theoretical dollars. Exactly. Well, suddenly people will be slightly miffed.
Customers and investors have been left in the lurch with FTX owing its largest creditors around $3.1 billion.
Now, FTX, if you haven't heard of them, well, that really proves that advertising doesn't work because they've been—
Customers and investors have been left in the lurch with FTX owing its largest creditors around $3.1 billion.
Now, FTX, if you haven't heard of them, well, that really proves that advertising doesn't work because they've been—
And media, they've been everywhere.
They've been everywhere. They've been everywhere for the last few years. They have had an NBA stadium named after them. They have adverts running during the Super Bowl this year.
Oh, that's where the money went.
Well, probably. Larry David from Curb Your Enthusiasm, he was in their Super Bowl advert. And the company was founded and headed up by this young chap.
I think he's about 30 years old called Sam Bankman-Fried. And he was a little bit unusual.
As these tech bros can be, he would tweet pictures of himself sleeping on beanbags next to his desk in the office. He claimed he lived in a house with 9 other colleagues.
He was addicted to video games.
I think he's about 30 years old called Sam Bankman-Fried. And he was a little bit unusual.
As these tech bros can be, he would tweet pictures of himself sleeping on beanbags next to his desk in the office. He claimed he lived in a house with 9 other colleagues.
He was addicted to video games.
I think he did.
What, you think he did live in this house with 9 other colleagues?
Yeah, and they were people, they were all friends from Yale and Harvard or wherever he went to school. Really? Yes.
Maybe he was living in the office on a beanbag.
Yeah, maybe he just sloped off at 1 AM or something to go somewhere nicer. I don't know. I mean, I wasn't keeping track of him. But he was a star of the crypto scene.
He was compared to Warren Buffett and JP Morgan. He had an estimated net worth of more than $15 billion. So it's a lot of money, a lot of money swishing around here.
He was compared to Warren Buffett and JP Morgan. He had an estimated net worth of more than $15 billion. So it's a lot of money, a lot of money swishing around here.
Was this, again, was this real money?
Well, that was—
Money-ish.
Well, has anyone got any real money, Carole? If you can't actually find it under your bed, if you can't bang it against a window and smash something, is it real money?
No, no, but I know a lot of people that have, you know, cryptocurrency. I wouldn't say, unless they realise it, that is worth $0.
Would you say that you have real money if the money's in a bank?
Yes.
So that, even though you can't see it, is real money because you can go to the bank and you can get your money out.
Yes.
Which you can't do with FTX.
Well, you can't anymore because it's not allowing you to withdraw your money anymore. Yeah, that wouldn't happen.
Very often with the real bank.
But if everything's working smoothly, you should be able to go to your cryptocurrency banky thing and say, oh, you know, all that money I've got in there, I'd like to take that out, please.
You know what? I agree 100%. I don't think the crypto waters have ever been nice and quiet. And, you know, it's always been rough waters out there.
It's been troubled waters.
Troubled waters.
Yes.
Troubled waters.
Exactly.
Even though, of course, you know, this is someone who has fated as well, I don't know, something like a bit of an Elon Musk sort of figure, sort of real sort of titan of technology, someone who was young and heading up the scene.
There are pictures of him rubbing shoulders on stage with people like Tony Blair and Bill Clinton, Katy Perry, some guy from One Direction, Anthony Scaramucci.
Even though, of course, you know, this is someone who has fated as well, I don't know, something like a bit of an Elon Musk sort of figure, sort of real sort of titan of technology, someone who was young and heading up the scene.
There are pictures of him rubbing shoulders on stage with people like Tony Blair and Bill Clinton, Katy Perry, some guy from One Direction, Anthony Scaramucci.
Whoa.
Okay, now you've got my attention.
The Mooch.
Yep, the Mooch. The Mooch was up there as well. We should, you never hear about him anymore, do you?
No.
For about a week.
He was fascinating.
He was the most fascinating person in the world. Ah, those were the days. There's one photograph I found online of Sam Bankman-Fried with, is it Fried or Friend? I don't know.
No, Fried. It's Fried, is it? Sam Bankman-Fried. He's on stage.
No, Fried. It's Fried, is it? Sam Bankman-Fried. He's on stage.
I like Friend. Friend would be much nicer.
He's on stage in his shorts with Bill Clinton and Tony Blair. Who've obviously been paid a huge amount of money to turn up to his conference in the Bahamas.
Again, we know where the money went.
This is indoors in some kind of stadium or conference centre or something. And what they've done is they've created a fake beach, a fake beach indoors.
And the audience are lounging around on beanbags on this sand. Well, I guess it is a real beach. It's just not by the seaside.
And the audience are lounging around on beanbags on this sand. Well, I guess it is a real beach. It's just not by the seaside.
You know, it's indoors. Do you think they just dug— if they're in the Bahamas, do you think they just dug up the real beach outside and moved it inside?
Maybe they did. Maybe they just dug up the floor and there was sand underneath.
I don't know, but there've been lots of celebrity endorsements, not just Blair and Clinton and someone from One Direction. There's a supermodel, Gisele Bündchen.
I don't know, but there've been lots of celebrity endorsements, not just Blair and Clinton and someone from One Direction. There's a supermodel, Gisele Bündchen.
Okay, none of these people, as far as I know, are experts in crypto or in finance.
Hmm. Well, Gisele Bündchen, she was FTX's environmental advisor.
Is she an expert in the environment?
If you've got someone like Sam Bankman-Fried looking after— I wish I knew how to say it— looking after all your cryptocurrency millions. You don't need other experts.
What you need is someone to explain with you. You need a Larry David. You need an Orlando Bloom.
You need somebody like that instead to represent your company, to be there on stage reassuring you that it's all right to get involved. And that's what's been happening.
What you need is someone to explain with you. You need a Larry David. You need an Orlando Bloom.
You need somebody like that instead to represent your company, to be there on stage reassuring you that it's all right to get involved. And that's what's been happening.
Yes. And it's worked out really well, hasn't it?
Well, not that well.
Right.
Because even though people thought this, always they thought this chap, whatever his name is, he's a good fella. You know, he's into video games like you, Carole.
You know, he's, in fact, he enjoyed one video game called Storybook Brawl so much he bought the maker of the video game. He actually thought, well, I just buy them.
I won't just buy the game. I'll buy the entire company.
You know, he's, in fact, he enjoyed one video game called Storybook Brawl so much he bought the maker of the video game. He actually thought, well, I just buy them.
I won't just buy the game. I'll buy the entire company.
I bet that was real money.
Yeah.
He would boast about the hundreds of millions that he'd handed out to charities. It gave him the nickname crypto's white knight.
He even bailed out other cryptocurrencies that were failing.
But earlier this month, he was going around the same industry trying to raise money to save his company and customers because FTX collapsed amid reports of mishandled customer funds, US agency investigations.
This is the largest crypto-related bankruptcy ever filed. So it's a big deal. It's a big deal.
And other cryptocurrency companies are also suffering due to the demise of FTX, putting even more people's investments at risk.
He even bailed out other cryptocurrencies that were failing.
But earlier this month, he was going around the same industry trying to raise money to save his company and customers because FTX collapsed amid reports of mishandled customer funds, US agency investigations.
This is the largest crypto-related bankruptcy ever filed. So it's a big deal. It's a big deal.
And other cryptocurrency companies are also suffering due to the demise of FTX, putting even more people's investments at risk.
Well, yes, they all seem to invest in each other, which doesn't seem very wise.
Well, it appears that this chap's other company, which was supposed to be independent, were basically investing in each other and money from one was going to the other.
This sort of thing that—
This sort of thing that—
Yeah, but they were like teenagers that couldn't keep their hands off each other.
Yeah. Well, I suppose so. And it's not just the teenagers. His parents, they were somehow involved. His parents bought property in the Bahamas worth $121 million.
How can you spend that much money on property in the Bahamas? Surely that is all of the Bahamas, isn't it?
How can you spend that much money on property in the Bahamas? Surely that is all of the Bahamas, isn't it?
Well, I don't think it's very cheap to live there.
That's still quite a lot of money.
Correct.
It'd only be a small hotel.
Now, this chap has now stepped down. He's been replaced by a guy called John Ray as the CEO. John Ray.
That sounds like a made-up name.
Don't you think it's hilarious though? This guy has lost what you quoted as $150 billion, right? Destroying markets all over the place.
And he's like, well, okay, okay, I'll step down.
And he's like, well, okay, okay, I'll step down.
Like, it's just like, oh my God. He didn't directly lose $150 billion. That's what was wiped off the price of cryptocurrencies.
Of course.
Yeah. It's just a—
He was the CEO and the leader of the company that was doing it. And also the one behind the little shenanigans of where's the money actually going?
Why are both these companies offsetting each other? It's not good. It's not good.
Why are both these companies offsetting each other? It's not good. It's not good.
It's not good. It's not good. In fact, John Ray, the new CEO, he says that he's never seen such a complete failure of corporate controls.
I don't know where he's worked in the past, but he's comparing it and saying this one's a bad one.
I don't know where he's worked in the past, but he's comparing it and saying this one's a bad one.
Are we sure John Ray actually exists?
No, not at all.
He could be a hypothetical person.
He could be entirely faked. Now, I doubt the celebrities who've been associated with FTX are very happy. So Gisele Bundchen, Thom Brady, Stephen Curry.
I don't know who any of these are. Shaquille O'Neal. I think he's some kind of sportsman.
They are now all defendants alongside Bankman-Fried in a class action suit that claims they may have hyped up the FTX brand to their social media followers and not divulged that, oh yes, I was paid to say that this was brilliant, by the way.
I don't know who any of these are. Shaquille O'Neal. I think he's some kind of sportsman.
They are now all defendants alongside Bankman-Fried in a class action suit that claims they may have hyped up the FTX brand to their social media followers and not divulged that, oh yes, I was paid to say that this was brilliant, by the way.
Oh, what? So they're being accused of saying, this is great, you guys should get this without saying they actually gave me some money in order to do this.
Quite. Or they haven't revealed just how much money. So it's a bit like—
Well, no one reveals exactly how much money they've been paid for a gig. Right?
Well, no. John, would you reveal how much money you've been paid to come on the Smashing Security podcast today?
No, I keep that between myself and my accountant.
Well, now here comes the big link to Twitter, because for the last 3 weeks I've been talking about Twitter, and Carole has banned me from talking about Twitter.
Carole, even though I've been bad, can I say there have been people who've been asking me to carry on talking about it.
Carole, even though I've been bad, can I say there have been people who've been asking me to carry on talking about it.
I'm sure there have.
Sure.
And you may not have much time left to talk about Twitter.
Yeah, exactly. Exactly.
But there is a link to Twitter because on Friday last week, someone using a verified account with a little checkmark, the blue checkmark thingy, the label, they posed as FTX founder Sam Bankman-Fried and they posted a deepfake video pretending to be Sam Bankman-Fried offering FTX users compensation for their losses.
But there is a link to Twitter because on Friday last week, someone using a verified account with a little checkmark, the blue checkmark thingy, the label, they posed as FTX founder Sam Bankman-Fried and they posted a deepfake video pretending to be Sam Bankman-Fried offering FTX users compensation for their losses.
Okay. Can I ask a question?
Yes.
When did he step down as CEO? Was it before this went out?
Yes, it was.
But you know, if you're not following it that closely and if he is the face of the company, which I think most people would consider him to be, I think a lot of people would think, oh, this could possibly be legitimate.
I've got the audio. We can listen to it right now.
But you know, if you're not following it that closely and if he is the face of the company, which I think most people would consider him to be, I think a lot of people would think, oh, this could possibly be legitimate.
I've got the audio. We can listen to it right now.
Hello everyone. As you know, our FTX exchange is going bankrupt. But I hasten to inform all users that you should not panic.
As compensation for the loss, we have prepared a giveaway for you in which you can double your cryptocurrency. To do this, just go to the site FTX compensation.
As compensation for the loss, we have prepared a giveaway for you in which you can double your cryptocurrency. To do this, just go to the site FTX compensation.
So he's telling people to go to the—
I don't even know what he sounds like. I'd be like, I don't know.
I'm not even sure what he looks like other than having big curly hair.
Yeah.
Could have been anyone.
He looks a bit like Duck who comes on the show sometimes, I think. Duck has big curly hair. He does.
So in the video, this deepfaked SBF, he confirms FTX is going bankrupt, but he says, don't worry, you can double your money. Go to this website, ftxcompensation.com.
You know, and we all know what's gonna happen.
So in the video, this deepfaked SBF, he confirms FTX is going bankrupt, but he says, don't worry, you can double your money. Go to this website, ftxcompensation.com.
You know, and we all know what's gonna happen.
You know, how many people would fall for that? We're going bankrupt, but hey, you can double your money. How?
I guess you go ahead and go to ftxcompensation.com to find out and then get screwed.
I guess you go ahead and go to ftxcompensation.com to find out and then get screwed.
Exactly. And then you'll get screwed, of course. And cryptocurrency companies are screwing up left, right, and centre.
Just the other day, the CEO of one cryptocurrency company said that his company had accidentally sent $416 million worth of cryptocurrency to the wrong address instead of his cold wallet.
So, but they were able to ask for it back. They asked for it back and they got it back. Apparently.
Just the other day, the CEO of one cryptocurrency company said that his company had accidentally sent $416 million worth of cryptocurrency to the wrong address instead of his cold wallet.
So, but they were able to ask for it back. They asked for it back and they got it back. Apparently.
Well, that's nice.
I have a tip for everybody doing this. I really have a strong tip. So, you are about to transfer a ginormous amount of money.
Yes.
How about transferring $1 first just to make sure it arrives at the destination that you expect it to? And then you can do some little tweaks and it'll only cost you a buck.
Well, maybe that's what he was doing. Maybe $416 million was just a little test payment.
I did something like this once. I had to pay my income tax bill once to the Inland Revenue.
Only once?
Well, every year, okay. But on this particular occasion, they said, you know, you need to pay us this much and here's all the details.
So I wired the money over, but being a bit of a doofus, I entered the account number that I had to send it to. I transposed two of the digits.
And so I sent quite a large amount of money, not $416 million, but close. Yep, yep, a lot of money to me at least. And I sent it to the wrong account.
And then, you know, and I only realized about a month and a half later when the Inland Revenue got in touch and said, you still haven't paid us, you're going to be fined.
And I was like, whoa, whoa, whoa, whoa, whoa, whoa, whoa, whoa, whoa. What are you talking about? I managed to sort that out, thankfully, but quite scary when it happens.
And maybe easy to enter the wrong number or you know, if you don't have a, didn't do something sensible cut and paste, which maybe I should have done.
So I wired the money over, but being a bit of a doofus, I entered the account number that I had to send it to. I transposed two of the digits.
And so I sent quite a large amount of money, not $416 million, but close. Yep, yep, a lot of money to me at least. And I sent it to the wrong account.
And then, you know, and I only realized about a month and a half later when the Inland Revenue got in touch and said, you still haven't paid us, you're going to be fined.
And I was like, whoa, whoa, whoa, whoa, whoa, whoa, whoa, whoa, whoa. What are you talking about? I managed to sort that out, thankfully, but quite scary when it happens.
And maybe easy to enter the wrong number or you know, if you don't have a, didn't do something sensible cut and paste, which maybe I should have done.
If you were Sam Bankman-Fried freed friend, what, how do you—
That is taking double-barreled to quadruple-barreled now.
Quintupled.
That's excessive. That's excessive.
How would you feel you'd behave walking around?
You'd be wearing a hat, wouldn't you?
Would you, and a hoodie and a—
Big hat with his hair.
Yeah. Would you wear one of those noses with, you know, those glasses with the fake noses and tap dance?
The Groucho Marx glasses. Yeah, Groucho Marx glasses, yeah.
It could all be a bit of a—
Be a bit hot in the Bahamas, couldn't it? If you're doing that.
You wouldn't stay in the Bahamas, would you?
I don't know. Well, that's where Tony Blair is.
Yeah, there'd be a lot of people that would want to see you trip up, let's just say.
Yeah, I think you're right. Well, maybe, you know, follow Carole's advice and keep all your money under your bed.
I never said that, but okay.
And always use copy-paste when you're putting in account numbers.
Well, unless you've got a piece of malware which changes the clipboard en route.
Oh, yes.
Which could do that, couldn't it? It could change it.
Also, always look at what you filled in afterwards and check it matches what you meant to fill in.
Actually, it's a great idea.
If you had a bit of malware which looked for a cryptocurrency wallet address, if it thought that's a cryptocurrency wallet address, I will change it to one under my control.
If you had a bit of malware which looked for a cryptocurrency wallet address, if it thought that's a cryptocurrency wallet address, I will change it to one under my control.
What the fuck are you saying to people?
I'm fairly sure that's being done.
What is wrong with you?
John, what's your story for us this week?
Right. Well, I know I've been on the show a few times and I, looking back, I seem to have talked about IoT quite a lot.
Teledildonics a fair amount, as I remember as well.
Yes, that's what I was going to say. It is usually more niche areas.
Keep that IoT device out of my niche area, thank you. Yes.
Yeah, so there's things that apply to specific groups of people and most of us can just say, "Ah, maybe I'll just avoid that kind of tech." This week I wanted to talk about something a bit more mainstream.
Something that's actually becoming more mainstream very fast, which is probably a big part of the problem. So it's electric vehicle charging stations.
Something that's actually becoming more mainstream very fast, which is probably a big part of the problem. So it's electric vehicle charging stations.
Ooh, Graham has an electric car.
Yes. Yes.
Yes.
So when you're driving along in your electric car and your battery's getting a bit low, when you're looking around at the many options for charging stations in your area, do you think about how secure they might be before you choose one to plug into?
I don't. It depends how desperate I am for power.
Ah, you see.
I tend to think more, I look for particular brands, ones which I know are reliable because a lot of them are quite broken and ones which will charge me up quickly so I can get on with my journey.
So you're thinking about speed and reliability rather than necessarily security or anything like that.
Yeah, I must admit I am. Yes.
Yeah. Okay. So I was reading, there's a very interesting paper put out by Sandia Labs, which is one of the America's big three national laboratories.
Mm-hmm.
Based in the beautifully named Albuquerque.
So they've spent four years looking at EV charging, not doing their own research specifically, but looking at sort of meta-analysis of reports from all other places as well.
Other labs, academia, pentesters, security firms and kind of putting this all together with the stuff that they'd been working on themselves.
And basically the results were pretty much every single device they looked at had at least some kind of problem.
So they've spent four years looking at EV charging, not doing their own research specifically, but looking at sort of meta-analysis of reports from all other places as well.
Other labs, academia, pentesters, security firms and kind of putting this all together with the stuff that they'd been working on themselves.
And basically the results were pretty much every single device they looked at had at least some kind of problem.
But problems that we need to be worried about or problems like—
Well, pretty much, yeah. So they identify four main areas of these devices connecting to things. So obviously they connect to cars.
Mm-hmm.
With a cable to put the power in, but obviously they also have to have some ways of measuring whether that's working and when to stop and things like that.
The more sophisticated ones basically interface with the car so they can talk to it and maybe identify it so you can just be billed automatically or get all kinds of other useful information out of the car.
The more sophisticated ones basically interface with the car so they can talk to it and maybe identify it so you can just be billed automatically or get all kinds of other useful information out of the car.
Oh, yes.
Okay.
They obviously also interact with the user, the driver, who might want to pay with a card or using a phone app.
And apparently some of them even show targeted ads depending on who's using it at a given moment.
They also interact with the central control, whoever the operator of the charging station is so that they can make sure they keep working. Very important for Graham.
He needs them reliable.
And apparently some of them even show targeted ads depending on who's using it at a given moment.
They also interact with the central control, whoever the operator of the charging station is so that they can make sure they keep working. Very important for Graham.
He needs them reliable.
Yeah. Yeah. Yeah.
Who can go out and fix them if they break down and things like that.
Oh, it's a bloody nuisance. I'll tell you, if you're there at 2 o'clock in the morning and the thing isn't working properly.
I once had the situation where the thing was plugged into my car and I couldn't disconnect it from my car. I couldn't tell the EV charger to stop.
I once had the situation where the thing was plugged into my car and I couldn't disconnect it from my car. I couldn't tell the EV charger to stop.
I remember this.
So there's a button to say stop and it just carried on and it's like, "Well, no, I want to go now." And so I rang up this guy and he said, "Well, we can send round a repair crew tomorrow morning." It's like, what?
You say I have to stay here till tomorrow morning?
You say I have to stay here till tomorrow morning?
Sleep in your car.
But why do you do it in the middle of the night?
Because that—
People drive in the middle of the night sometimes.
Yes.
I don't think Cluley necessarily has reasons to have to put his charging in the middle of the night, or is there a reason?
On this particular occasion, I did.
You charge that night a lot. Come on.
Well, no, it was about— it was probably like midnight when I started. Outside working hours.
Yeah.
Yes, it was outside. Yes, I'm just saying, when I'm going— I'm a bit like—
Electricity doesn't have working hours.
Yes, I'm just saying that in order to expect people to come running to your aid, it might be better to do it in working hours.
I wasn't expecting anyone to run to my aid.
I was expecting the stop button to stop the bloody thing, or for them to not be upset if I put my car into reverse and just drove away with the cable still attached.
Because I thought, well, I want to go. And then of course, I have to be— I'm going to be charged because it's going to fill up the car all the way.
It's like, well, I don't want to pay all this. Wow.
I was expecting the stop button to stop the bloody thing, or for them to not be upset if I put my car into reverse and just drove away with the cable still attached.
Because I thought, well, I want to go. And then of course, I have to be— I'm going to be charged because it's going to fill up the car all the way.
It's like, well, I don't want to pay all this. Wow.
First world problems, eh?
Mm-hmm.
Yeah. Okay.
But yes, back to the story. Reliability is clearly quite important.
Yes.
And obviously the operators knowing if there are problems is a big thing. So pretty much all of these devices are online for that, mainly for that purpose.
But also obviously to do with the power grid, because these are things using quite a lot of power.
And as we get more and more of them, I think I saw 200,000 have been set up in the UK in the last 5 years. So that's obviously another way these things are connected.
And then the final one, they have maintenance connectivity. So some of them might have USB or even Ethernet sockets inside.
So all you have to do is prise the lid off and plug something in. They might have remote connections like Telnet or web interfaces.
But also obviously to do with the power grid, because these are things using quite a lot of power.
And as we get more and more of them, I think I saw 200,000 have been set up in the UK in the last 5 years. So that's obviously another way these things are connected.
And then the final one, they have maintenance connectivity. So some of them might have USB or even Ethernet sockets inside.
So all you have to do is prise the lid off and plug something in. They might have remote connections like Telnet or web interfaces.
Oh dear.
What have you done, Cluley?
Somebody found, I think it was Kaspersky, found that they could cause one to factory reset just by flashing the right set of lights at a little photosensitive thing on the device inside.
What, you just flash your car lights at it?
Well, no, I think you had to be a specific kind of light and a specific pattern of flashing. You couldn't just—
What?
How would they discover that? That must have been insider information.
Did a lot of flashing, I imagine.
So yeah, so there's all these different ways that these devices are connected, and there seem to be basically vulnerabilities in pretty much all of them in some form or another, in all different devices and all the different vectors, they found at least some examples of potential issues.
And some of these could be, you know, I mean, for the user, I mean, there are fairly standard things like you could steal your personal info and skim your payment info or clone your cards or things like that.
Or they could even, you know, reprogram a machine so it tells you it's charging you I don't know what the prices are, 10p a gigawatt or something, and it's actually charging you a million pounds.
So yeah, so there's all these different ways that these devices are connected, and there seem to be basically vulnerabilities in pretty much all of them in some form or another, in all different devices and all the different vectors, they found at least some examples of potential issues.
And some of these could be, you know, I mean, for the user, I mean, there are fairly standard things like you could steal your personal info and skim your payment info or clone your cards or things like that.
Or they could even, you know, reprogram a machine so it tells you it's charging you I don't know what the prices are, 10p a gigawatt or something, and it's actually charging you a million pounds.
Or hold your car hostage so you can't disconnect the radio. Right.
Right.
It could have displayed a message saying, pay this amount cryptocurrency if you want to get home at 2 o'clock in the morning.
Right.
In the rain. Did I mention the rain, by the way? It was raining a lot.
Yes.
Did it occur to you, Graham, that possibly that machine that you were connected to had actually been specifically hacked to keep you there while someone broke into your house and installed cameras in the toilet?
Well, thanks for that thought, John.
Well, it could happen, right?
Right.
According to Sandia Labs.
Is that what Sandia Labs specifically said?
Yes, they said Graham should be worried about that stuff.
Check his toilet.
Yes. Yes.
Right.
I mean, the other, I mean, you could also, you could be shown the wrong adverts. That's another.
Oh, that'd be disastrous.
Yes. That would be a pretty, pretty horrific situation.
Or maybe no adverts at all. Imagine how horrible that would be.
How would you live? But then obviously there's the problems for the other end as well, for the charging station operators.
So if you've got these devices that are connected to your corporate network, is highly secure from the outside, and someone can just go and plug into one of these devices, they've got a little backdoor straight into your whole setup.
And probably the same for a home network as well. If it's attached to your home Wi-Fi, it could be a route into that.
And then finally, there's also for the electrical grid, you know, these things are now becoming a key part of our critical infrastructure. People need their cars to get around.
They need electricity for pretty much everything these days. And if you can hack enough of these machines and fiddle with the grid, you know, these things are very delicate.
They depend on the right frequencies and things like that. And if you can cause weird waves and things, you could potentially take down entire electrical grids.
So if you've got these devices that are connected to your corporate network, is highly secure from the outside, and someone can just go and plug into one of these devices, they've got a little backdoor straight into your whole setup.
And probably the same for a home network as well. If it's attached to your home Wi-Fi, it could be a route into that.
And then finally, there's also for the electrical grid, you know, these things are now becoming a key part of our critical infrastructure. People need their cars to get around.
They need electricity for pretty much everything these days. And if you can hack enough of these machines and fiddle with the grid, you know, these things are very delicate.
They depend on the right frequencies and things like that. And if you can cause weird waves and things, you could potentially take down entire electrical grids.
I'm imagining the grids are quite well defended.
Well, most things are, yes.
But there are lots of statistics in the paper about, you know, the amount of power that would be required to cause this level of outage on this sort of grid.
So they've looked at this in quite detail and they're like, there's quite a lot of potential dangers here.
But there are lots of statistics in the paper about, you know, the amount of power that would be required to cause this level of outage on this sort of grid.
So they've looked at this in quite detail and they're like, there's quite a lot of potential dangers here.
Well done, John. You're such a harbinger of, coat hanger of doom, I'd describe you as.
Well, no, there is some good news.
Oh, there's some good news.
Thank you.
Fine. Good.
The people behind the report and various others are working on standards and best practices, which obviously is always a good thing, in the US at least.
The UK actually adopted a set of legal requirements for cybersecurity and other features of electric charging points was adopted into law at the end of last year.
But it doesn't actually come into force until next year and will only apply to new kit.
So basically this huge rush to get caught up and have lots and lots and lots of charging stations is all taking place before the new requirements come in.
The UK actually adopted a set of legal requirements for cybersecurity and other features of electric charging points was adopted into law at the end of last year.
But it doesn't actually come into force until next year and will only apply to new kit.
So basically this huge rush to get caught up and have lots and lots and lots of charging stations is all taking place before the new requirements come in.
Ah, I see.
Can I ask, is there an FCAEDSO? Is there an electric vehicle charger testing standards organization that you are about to set up?
Not that I'm aware of. There probably should be.
Yeah, from the sound of you, that's what you want to set up, isn't it? Well, you want to make some cash out of this.
Well, actually, interesting, AMTSO recently put out a paper on testing of IoT security devices.
So not actually the specific devices themselves, but devices that claim to provide security for them and how you can prove those claims.
So possibly we could expand into this area and then make sure your car can disconnect itself now and again.
So not actually the specific devices themselves, but devices that claim to provide security for them and how you can prove those claims.
So possibly we could expand into this area and then make sure your car can disconnect itself now and again.
Please. That's what I'm like.
So basically every time Graham in the middle of the night goes to get his car charged and goes for a leak, he's actually probably also risking leaking information through the charger because he's paid no attention to which charger he's plugged in.
Very clever.
Very good. What you did there.
Little laboured. Come on, guys.
I do get up quite often in the middle of the night to take a leak, but I don't normally jump in the car and charge it at the same time because that could be dangerous, couldn't it?
That's right. Current, as it were. That's right. Carole, what have you got for us this week?
That's right. Current, as it were. That's right. Carole, what have you got for us this week?
Well, I was gonna say, for the last few weeks, Graham has been bombarding us with what Elon Musk is doing on Twitter. And I get it, it's car crash TV, isn't it? It really is.
And we know you care about Twitter, both for business and maybe splash of ego reasons. Maybe tiny splash, Graham. Too tight.
And we know you care about Twitter, both for business and maybe splash of ego reasons. Maybe tiny splash, Graham. Too tight.
Let's not bring my ego splash into things.
That's just your bromance with Elon. Your bromance with him.
I don't have a bromance with him. He's an asshole.
Well, we've been going on about their $40-something billion price tag for Twitter, but that is a drop in the pond when compared to the massive consumer deal of Microsoft's takeover deal of Activision Blizzard for a whopping $68 billion and change.
Now, this was announced at the beginning of this year. And I'm not a gamer. John, I know you're a bit of a gamer. Graham, you are too, or your son is at least.
So I actually had to look up what Activision Blizzard was. I really didn't know, right? And I know now it's Sony's— one of Sony's— Nintendo's biggest rivals.
And Activision say on its website that it continues to disrupt the world of entertainment with its extensive roster of epic blockbuster games like Pitfall, Tony Hawk, Guitar Hero, Crash Bandicoot, Skylanders.
Do you know any of these? Call of Duty.
Now, this was announced at the beginning of this year. And I'm not a gamer. John, I know you're a bit of a gamer. Graham, you are too, or your son is at least.
So I actually had to look up what Activision Blizzard was. I really didn't know, right? And I know now it's Sony's— one of Sony's— Nintendo's biggest rivals.
And Activision say on its website that it continues to disrupt the world of entertainment with its extensive roster of epic blockbuster games like Pitfall, Tony Hawk, Guitar Hero, Crash Bandicoot, Skylanders.
Do you know any of these? Call of Duty.
Wasn't Pitfall out in the '70s?
I mean, they've been around since '79. Yeah.
Yeah.
They've been sort of mopping up lots of other companies as well.
Yes, that's right. Yeah. A lot of gobbling going on.
They have a lot of users. Blizzard had apparently 31 million users on the platform last quarter. So that's pretty impressive.
Now, back in January, when Microsoft announced its plan to buy Activision Blizzard, they wrote in their press release with 3 billion people actively playing games today and fueled by a new generation steeped in the joys of interactive entertainment, gaming is now the largest and fastest growing form of entertainment.
And so Microsoft, actually, do you guys happen to know what its ranking is? So it's one of the top 10 biggest technology firms in the world.
Now, back in January, when Microsoft announced its plan to buy Activision Blizzard, they wrote in their press release with 3 billion people actively playing games today and fueled by a new generation steeped in the joys of interactive entertainment, gaming is now the largest and fastest growing form of entertainment.
And so Microsoft, actually, do you guys happen to know what its ranking is? So it's one of the top 10 biggest technology firms in the world.
Microsoft?
Yeah, Microsoft is.
On what measures? On number of people? Amount of money?
Okay, yeah, tell us first of all number of people, John, then tell us the amount of money. We want to hear this. Good.
And what makes it a tech company?
Okay, and Microsoft— the upshot here, the upshot is that when this transaction closes, Microsoft is said to, from its own press release, says it will then become the world's third largest gaming company by revenue, behind Tencent and Sony.
And the planned acquisition includes all the iconic franchises from Activision Blizzard, right? So all the things we talked about. You guys played Candy Crush, didn't you?
That's part of the empire, Candy Crush.
And the planned acquisition includes all the iconic franchises from Activision Blizzard, right? So all the things we talked about. You guys played Candy Crush, didn't you?
That's part of the empire, Candy Crush.
No, I've never played.
Yes, you did.
No, I've not ever played Candy Crush.
Really?
Yes.
You have a lot of views on it.
I refuse to.
You didn't have to pay any money. You could just play and not pay money.
Well, no, I think from what I've heard, Candy Crush is crack cocaine. I deliberately avoided it because I thought that—
Oh, very, very sensible.
Yes. I am very sensible.
John, you played it for quite a while.
Yeah, I dabbled for a while. Yes.
How long? Three years?
I don't remember now. It was one of those things that you just kind of pick up for 10 minutes and—
Yeah, crystal meth.
Well, because it has a built-in, oh, you've run out of time, give us some more money or go away.
Exactly, exactly. It's evil.
Well, it's not if you just put it down and go, oh, I've run out. I'll look in again in 12 hours or whatever it tells us.
You're very strong-willed, John. You're famously strong-willed and many of us aren't, you know, are not.
Famously.
Don't have the discipline which you have.
Well, Microsoft is going to have Candy Crush, the, what do you call it? What did you call it? Fentanyl? Is that what you think it is?
All of these things, yeah.
But the company will also get the 10,000 employees that currently work at Activision.
And for Activision, this deal, apparently the timing could not have been better because according to Time magazine, the company run by CEO Bobby Kotick—
And for Activision, this deal, apparently the timing could not have been better because according to Time magazine, the company run by CEO Bobby Kotick—
Bobby, Bobby Kotick.
That's another made-up person.
Kotick is K-O-T-I-C-K. Kotick.
Okay, all right.
Kotick. Coochie coochie.
It's possible. It's possible. Little Bobby Tables.
Yeah, yeah, Bobby Kotick, I'll call him Bobby Kotick.
Since 1991, it has been in distress with a falling share price, a result of public scrutiny and lawsuits based on numerous allegations of discrimination, sexual harassment, and toxic workplace culture.
Right, so okay, so we have two kind of tech giants here who want to make a deal and announce it, you know, and announce this back in January. Yeah, so, so how's it going?
Because there's been a few little neglects, shall we say.
Since 1991, it has been in distress with a falling share price, a result of public scrutiny and lawsuits based on numerous allegations of discrimination, sexual harassment, and toxic workplace culture.
Right, so okay, so we have two kind of tech giants here who want to make a deal and announce it, you know, and announce this back in January. Yeah, so, so how's it going?
Because there's been a few little neglects, shall we say.
I haven't heard anything about this. What's been going wrong?
Okay. So one is just a spat amongst the gaming giants or the competition. So obviously Sony is not going to love that this deal is going through.
Remember, Activision Blizzard has lots of games that play on different platforms. That's part of its magic.
But Microsoft and Sony— Sony, who's the king of the gaming world, and Microsoft, who wants to notch up a few rankings, will have to honor deals that Activision have already done with Sony.
And Sony's going, well, no, we don't want your money. We don't want to have a license with you, Microsoft. So they're all sparring about each other, between each other.
Remember, Activision Blizzard has lots of games that play on different platforms. That's part of its magic.
But Microsoft and Sony— Sony, who's the king of the gaming world, and Microsoft, who wants to notch up a few rankings, will have to honor deals that Activision have already done with Sony.
And Sony's going, well, no, we don't want your money. We don't want to have a license with you, Microsoft. So they're all sparring about each other, between each other.
Couldn't they resolve this by doing an online beat 'em up or something rather than giving lots of money to lawyers? They could just—
Well, yeah, it seems to be all about Call of Duty, actually. So Microsoft say that they will not rip Call of Duty from the PlayStation.
And they reportedly offered a 10-year deal to Sony to keep Call of Duty on the PlayStation, but Sony have been told, said that they've declined so far.
And they reportedly offered a 10-year deal to Sony to keep Call of Duty on the PlayStation, but Sony have been told, said that they've declined so far.
Oh, I understand. So the problem is that Microsoft has its own gaming console, just like Sony does.
And so there are deals between Activision—I get it now—Activision and Blizzard, there may be exclusives which are exclusive to the PlayStation and Microsoft's thinking, well, we want that on the Xbox.
And so there are deals between Activision—I get it now—Activision and Blizzard, there may be exclusives which are exclusive to the PlayStation and Microsoft's thinking, well, we want that on the Xbox.
Well, according to Microsoft are saying, look, we'll honor all that deal. Sony are saying, will you? Are you? You could pull it anytime.
So there's all this sparring going on, but bigger than that is the feud with regulators.
So for this deal, there are 16 governments that must bless the purchase, and this is putting Microsoft under the most regulatory pressure it's faced since the antitrust battles of the '90s, according to the New York Times.
So of these 16 governments reviewing this Activision deal, just Saudi Arabia and Brazil have approved it so far.
Microsoft says it's expecting Serbia to approve it any day now, but it seems that some governments are putting the brakes on the deal in order to review it seriously in terms of how it will impact the balance of power and whether a deal of this size will freeze out competition.
So there's all this sparring going on, but bigger than that is the feud with regulators.
So for this deal, there are 16 governments that must bless the purchase, and this is putting Microsoft under the most regulatory pressure it's faced since the antitrust battles of the '90s, according to the New York Times.
So of these 16 governments reviewing this Activision deal, just Saudi Arabia and Brazil have approved it so far.
Microsoft says it's expecting Serbia to approve it any day now, but it seems that some governments are putting the brakes on the deal in order to review it seriously in terms of how it will impact the balance of power and whether a deal of this size will freeze out competition.
Why is Serbia one of these deciding countries?
Okay, so I spent some time, and if any listener out there knows about this, I'm fascinated to understand how are the governments selected?
So who decides how many countries have to be involved in this to say, yes, go ahead or don't go ahead? The company's just chosen that out of a hat. It's fascinating. I couldn't—
So who decides how many countries have to be involved in this to say, yes, go ahead or don't go ahead? The company's just chosen that out of a hat. It's fascinating. I couldn't—
That seems unlikely. Presumably it's something to do with where the companies are based or operational that have people.
Yeah. Workforces. Yeah. Could this not all have been sorted out if Microsoft has said, look, Sony, we know you're a little bit upset about this.
We're going to give you a game which you can keep. You can have Minesweeper. We don't need it anymore. We'll throw in Windows for Workgroups.
We're going to give you a game which you can keep. You can have Minesweeper. We don't need it anymore. We'll throw in Windows for Workgroups.
You can get the paperclip.
You can have a site license. Exactly.
Come on. So, okay. So we have, there's 3 key places where regulators have begun deep reviews and they're basically putting the brakes. One is the UK.
So the CMA or Competition and Markets Authority announced it was investigating the anticipated acquisition, and now they've decided to open another investigation, expanding their investigation into multiple threats to do with competition, competitive issues.
So, okay, so that's the UK. So they put the brakes on.
In October, the European Commission announced its plans to launch an in-depth investigation into Microsoft Activision Blizzard deal.
According to Politico, this is after the US tech giant Microsoft opted not to file remedies to the EU's antitrust enforcers.
The FTC in the US is expected to rule this month, and they are said to have significant concerns. So this is a big deal because, A, gaming is huge.
I know in our countries we don't have it nearly as much as it is in Asia. It's where the market really is. 50% of the market seems to be over in Asia.
Microsoft is selling the message right now of gaming is for everyone everywhere. But of course, should regulators be paying attention to this?
And I of course say yes, because it feels like this is the first time that regulators are ahead of the game and aren't, you know, they're not dealing with something after everything has been signed, sealed, and delivered.
Maybe it's the end of the tech wild west. That's why we should care.
Maybe they're finally paying attention to what the big boys are doing and how it might impact, you know, and disadvantage the rest of us, us users.
So the CMA or Competition and Markets Authority announced it was investigating the anticipated acquisition, and now they've decided to open another investigation, expanding their investigation into multiple threats to do with competition, competitive issues.
So, okay, so that's the UK. So they put the brakes on.
In October, the European Commission announced its plans to launch an in-depth investigation into Microsoft Activision Blizzard deal.
According to Politico, this is after the US tech giant Microsoft opted not to file remedies to the EU's antitrust enforcers.
The FTC in the US is expected to rule this month, and they are said to have significant concerns. So this is a big deal because, A, gaming is huge.
I know in our countries we don't have it nearly as much as it is in Asia. It's where the market really is. 50% of the market seems to be over in Asia.
Microsoft is selling the message right now of gaming is for everyone everywhere. But of course, should regulators be paying attention to this?
And I of course say yes, because it feels like this is the first time that regulators are ahead of the game and aren't, you know, they're not dealing with something after everything has been signed, sealed, and delivered.
Maybe it's the end of the tech wild west. That's why we should care.
Maybe they're finally paying attention to what the big boys are doing and how it might impact, you know, and disadvantage the rest of us, us users.
Yes. And it all comes down to that, the people owning both the hardware and the software, right?
Do you think we'd all be happier with just a hoop and a wooden stick and just playing with one of them in the back garden? Wouldn't that be better? Maybe, you know.
Is that a euphemism?
No, no. I don't know.
Hoop and sticks. I don't know.
One of them's longer than it is wide.
So yeah, so you don't care because Elon Musk is not the head of this. That's the problem.
No, no, I'm just wondering what the impact is going to be on us.
Well, if the deal doesn't go through.
Yeah.
Right. If the deal doesn't go through, that's going to be fascinating because they've already announced it. Right. And they expect it to close June 2023.
Yeah.
It seems as though the regulators getting involved would slow that deal down. Because you have 16, okay, well, 13 now that haven't yet signed and said, okay, go ahead.
And there's a lot of gamers there that are waiting to know what happens. You know, what platform should I buy for my kid? Are they going to be available on them?
Should I actually buy the Microsoft one because they might have all the games?
And there's a lot of gamers there that are waiting to know what happens. You know, what platform should I buy for my kid? Are they going to be available on them?
Should I actually buy the Microsoft one because they might have all the games?
Yeah. Deary me.
Speculative shopping, risky.
There is always that RegEx game, which I pointed people to last week if people want to have a good bit of fun.
Yes. Yeah, John, you should check that out. I think it's right up your street. You'd love that.
Regular expressions, John, are you into those?
Oh, I'm all over them.
Mm-hmm.
But aren't basically all games moving to phones anyway? People still going to have these consoles?
Well, yes, John, all these franchises, which Microsoft will now own, having gobbled up Activision, will obviously only be available on your Microsoft phone rather than, you know, on everything else.
Is there still a Microsoft phone?
Well, maybe there will become a gaming phone, who knows, or a mobile gaming, a gaming device from Microsoft, the Xbox Mobile, who knows?
Sign me up.
Couple of years' time, basically your phone is going to be as powerful as the Xbox could ever possibly want to be.
Will it ever have a huge fan on it as well to cool it down?
No, no, no, I won't need any of that. It'll just be a phone and it'll, you know, it'll transmit the game to your massive screen that's projected onto your wall or whatever.
You won't need a special device.
You won't need a special device.
You heard it here first, the crystal ball of John Hawes.
The challenge with endpoint security has always been that it's difficult to scale, and when remote work took over, that challenge got exponentially harder.
You need visibility into your fleet of devices in order to meet security goals and reduce service desk tickets.
But how do you get that visibility when different parts of your company run on Mac, Windows and Linux? Well, you get Kolide.
Kolide is an endpoint security solution that gives IT teams a single dashboard for all devices, regardless of operating system.
Kolide gives you real-time access to your fleet's data and can do things that traditional MDMs can't.
And instead of installing intrusive agents or locking down devices, Kolide takes a user-focused approach that communicates security recommendations to your workers directly on Slack.
You can answer every question you have about your fleet without intruding on your workforce. Visit kolide.com/smashing to find out how.
If you follow that link, they'll hook you up with a goodie bag just for activating a free trial. That's k-o-l-i-d-e dot com slash smashing.
And thanks to Kolide for supporting the show.
You need visibility into your fleet of devices in order to meet security goals and reduce service desk tickets.
But how do you get that visibility when different parts of your company run on Mac, Windows and Linux? Well, you get Kolide.
Kolide is an endpoint security solution that gives IT teams a single dashboard for all devices, regardless of operating system.
Kolide gives you real-time access to your fleet's data and can do things that traditional MDMs can't.
And instead of installing intrusive agents or locking down devices, Kolide takes a user-focused approach that communicates security recommendations to your workers directly on Slack.
You can answer every question you have about your fleet without intruding on your workforce. Visit kolide.com/smashing to find out how.
If you follow that link, they'll hook you up with a goodie bag just for activating a free trial. That's k-o-l-i-d-e dot com slash smashing.
And thanks to Kolide for supporting the show.
Smashing Security listeners, did you know that Bitwarden is the only open-source, cross-platform password manager that can be used at home, on the go, or at work?
Bitwarden's password manager securely stores credentials spanning across personal and business worlds.
And every Bitwarden account begins with the creation of a personal vault, which allows you to store for all your personal credentials.
These are unique and secure passwords for every single account you access. And it's easy to set up. It's easy to use. I honestly love Bitwarden.
I use it at home, use it at work, use it on the go. Get started with a free trial of a Teams or Enterprise plan at bitwarden.com/smashingsecurity.
Or you can even try it for free across devices as an individual user. Check it out at bitwarden.com/smashing. And thanks to Bitwarden for sponsoring the show.
Bitwarden's password manager securely stores credentials spanning across personal and business worlds.
And every Bitwarden account begins with the creation of a personal vault, which allows you to store for all your personal credentials.
These are unique and secure passwords for every single account you access. And it's easy to set up. It's easy to use. I honestly love Bitwarden.
I use it at home, use it at work, use it on the go. Get started with a free trial of a Teams or Enterprise plan at bitwarden.com/smashingsecurity.
Or you can even try it for free across devices as an individual user. Check it out at bitwarden.com/smashing. And thanks to Bitwarden for sponsoring the show.
Show sponsor Penterra is taking a whole new approach to penetration testing, allowing every organization to continuously test the integrity of all cybersecurity layers.
Including against ransomware and leveraging leaked credentials by emulating real-world attacks at scale all day, every day.
This approach helps security teams across the globe to cope with one of today's top security challenges: the growing digital footprint of the enterprise.
To help out, Penterra security experts are sharing with us a few tips on how to identify your exploitable attack surface.
So here is tip number 1: Penterra recommends always taking the adversarial perspective. The best way to find exploitable vulnerabilities is to, well, exploit them.
From here, security teams can hand over remediation requests to IT that are based on true business impact. Find out more by going to smashingsecurity.com/penterra.
That's smashingsecurity.com/p-e-n-t-e-r-r-a. And thanks to Penterra for sponsoring the show. And welcome back. Can you join us for our favorite part of the show?
The part of the show that we like to call Pick of the Week.
Including against ransomware and leveraging leaked credentials by emulating real-world attacks at scale all day, every day.
This approach helps security teams across the globe to cope with one of today's top security challenges: the growing digital footprint of the enterprise.
To help out, Penterra security experts are sharing with us a few tips on how to identify your exploitable attack surface.
So here is tip number 1: Penterra recommends always taking the adversarial perspective. The best way to find exploitable vulnerabilities is to, well, exploit them.
From here, security teams can hand over remediation requests to IT that are based on true business impact. Find out more by going to smashingsecurity.com/penterra.
That's smashingsecurity.com/p-e-n-t-e-r-r-a. And thanks to Penterra for sponsoring the show. And welcome back. Can you join us for our favorite part of the show?
The part of the show that we like to call Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security related necessarily.
Better not be.
Well, my pick of the week this week is not security related.
Following the success of my regular expression game that I pointed people to last week, I thought maybe I needed something which was going to appeal to a wider audience.
And I stumbled across a YouTube channel run by someone called Nas, N-A-S-S.
And what Nas does is he takes old vintage video from, you know, films from the '30s and the '40s from San Francisco, New York, London, Vancouver, New Jersey.
Following the success of my regular expression game that I pointed people to last week, I thought maybe I needed something which was going to appeal to a wider audience.
And I stumbled across a YouTube channel run by someone called Nas, N-A-S-S.
And what Nas does is he takes old vintage video from, you know, films from the '30s and the '40s from San Francisco, New York, London, Vancouver, New Jersey.
Film rather than video, presumably.
Yes. Yeah. Very well spotted, John. He takes these— oh, okay. Betamax. He takes Betamax tapes. He upscales and restores them. He uses neural networks, modern tools.
He removes the noise and the scratches and the dust. He adds sound. He uses AI to add colour. To my mind, the colour adding isn't very good.
But anyway, I'm sure it's very clever, whatever he's doing. But the end result is rather marvellous. So I have included in the show notes a link to one of the videos.
There are others from the 1930s where you can see the goings-on in London around Trafalgar Square and Piccadilly Circus.
He removes the noise and the scratches and the dust. He adds sound. He uses AI to add colour. To my mind, the colour adding isn't very good.
But anyway, I'm sure it's very clever, whatever he's doing. But the end result is rather marvellous. So I have included in the show notes a link to one of the videos.
There are others from the 1930s where you can see the goings-on in London around Trafalgar Square and Piccadilly Circus.
I saw this as well. Was this the Miss Media Media this weekend or something? Oh, I don't know. Yeah. It's really amazing.
It is amazing because it comes to life because a lot of old video is played at the wrong speed or people are sort of walking at a strange rate. But this really makes it come alive.
And it's fascinating because, you know, you can sort of identify these people who are all smart and slim like me, but wearing hats. I don't wear a hat. Everyone used to wear hats.
And it's fascinating because, you know, you can sort of identify these people who are all smart and slim like me, but wearing hats. I don't wear a hat. Everyone used to wear hats.
You know what? It's kind of cool though. I'm just looking here. I'm looking at what the video that you had in the show notes and I can see an ad for Bovril, which still exists.
Schweppes, which still exists. Ginger ale, which still exists, was Schweppes ginger ale. You also have Gordon's gin.
Schweppes, which still exists. Ginger ale, which still exists, was Schweppes ginger ale. You also have Gordon's gin.
And Instagram as well. Instagram is in there too. Yeah. So, maybe he just went out onto the street and just took a video today. I don't know. And told people to wear a few hats.
I'm not sure. But anyway, I thought it was rather impressive, and I looked at some of the other ones as well. I think I certainly have seen better colourisation than we've got here.
I'm not sure. But anyway, I thought it was rather impressive, and I looked at some of the other ones as well. I think I certainly have seen better colourisation than we've got here.
Yeah, I agree with you. I think there's some detail. Yeah, there's some detail that seems to be overlaid in a strange way. Like, just some of the lines seem—
Colouring in always seems to be very difficult.
Yeah.
I've tried that before and it's never quite worked.
Yeah, try being an artist.
I've seen some extraordinary clips from Doctor Who, the old black and white ones, where people have painstakingly over months and months added colour by hand. And that is very good.
But what they've done here, I think, is he's put it through a mungier. He's put it through some tool.
But what they've done here, I think, is he's put it through a mungier. He's put it through some tool.
You want him to add colour by hand for every frame?
Well, I'm just saying it can be done better. Oh, for goodness' sake. Anyway, just look, he should be pleased anyway, because it is my pick of the week.
Yeah, I'm sure he's really pleased it's your pick of the week. I'm sure he's thrilled. He's loving it. He's loving it.
John, what's your pick of the week?
Well, it's a bit of a problematic pick of the week, really. And it's not necessarily a recommendation. I hope that's acceptable within the rules of the show.
Okay, interesting.
So put on my Netflix the other day and it has this, you know, up front and center, the big heavily recommended thing you should watch this next, was a thing called Ancient Apocalypse, which I looked at and was like, okay, this sounds right up my street.
It's a documentary series about building of pyramids and invention of agriculture and ice ages and stuff like that.
It's a documentary series about building of pyramids and invention of agriculture and ice ages and stuff like that.
That.
It's like, sounds great. Love it. And I had a look and it's got a big budget. It's got high production values. They go to some stunning places.
They have some excellent CGI reconstructions of what things used to look like before they were abandoned for 1,000 years or whatever.
But it's all about the way it's presented really, which is really quite strange.
You know, I was expecting the usual Netflix documentary is, you know, the similar kind of, you know, huge budgets, lots of beautiful CGI, But it's usually, you know, I don't know, Morgan Freeman or Geoff Goldblum or someone, you know, just droning away fairly blandly.
And it's mainly about the visuals or occasionally maybe you'd have a scientist or something coming in.
They have some excellent CGI reconstructions of what things used to look like before they were abandoned for 1,000 years or whatever.
But it's all about the way it's presented really, which is really quite strange.
You know, I was expecting the usual Netflix documentary is, you know, the similar kind of, you know, huge budgets, lots of beautiful CGI, But it's usually, you know, I don't know, Morgan Freeman or Geoff Goldblum or someone, you know, just droning away fairly blandly.
And it's mainly about the visuals or occasionally maybe you'd have a scientist or something coming in.
Brian Cox.
Brian Cox. Exactly. This one, it's all about the presenter, who's this guy, Graham Hancock, who's best known for a book he wrote in the '90s called Fingerprints of the Gods.
And if you look him up, you'll find he's almost always referred to as pushing pseudoscientific theories or just generally being a bit of a crackpot.
And if you look him up, you'll find he's almost always referred to as pushing pseudoscientific theories or just generally being a bit of a crackpot.
And this is his show.
He's got himself a, you know, a big, big budget show on Netflix.
Yeah.
But the interesting thing for me is that he doesn't really hide his whole crackpot reputation. He kind of makes it the main feature of the show.
He starts off with clips of him wrangling with Jeremy Paxman and other TV people.
And he leads in pretty much every scene saying, basically anybody with any kind of expertise or training will tell you that this is nonsense, but, and he brings, uses the phrase mainstream archaeology a lot as if it's some kind of conspiracy to cover up all the secrets that he's uncovered.
But he never mentions any specific archaeologist or historian or anything. He doesn't try and debate with anybody.
He does have sort of, you know, talking heads on the show that he interviews about the various stuff that he's talking about, but they don't, there's no actual historians or archaeologists.
They tend to be, you know, writer or researcher.
He starts off with clips of him wrangling with Jeremy Paxman and other TV people.
And he leads in pretty much every scene saying, basically anybody with any kind of expertise or training will tell you that this is nonsense, but, and he brings, uses the phrase mainstream archaeology a lot as if it's some kind of conspiracy to cover up all the secrets that he's uncovered.
But he never mentions any specific archaeologist or historian or anything. He doesn't try and debate with anybody.
He does have sort of, you know, talking heads on the show that he interviews about the various stuff that he's talking about, but they don't, there's no actual historians or archaeologists.
They tend to be, you know, writer or researcher.
Well, I've watched a couple of episodes of this, John. And yeah, I think it was in episode 2 when Joe Rogan popped up.
Yes.
Yes. Saying that, well, what great quality Graham Hancock was, you know, in terms of his research and all the rest of it. And I thought, yeah, another crackpot.
And I thought, okay, I was undecided, but now I definitely am decided.
And I thought, okay, I was undecided, but now I definitely am decided.
Yeah. That's just what I think now. So I found it fascinating mainly.
I mean, obviously the, some of the stuff on the show is quite interesting and is his, his whole argument about, I don't know, Atlantis people traveling the world and telling everyone how to build pyramids.
Not very convincing.
But what was really fascinating was just the fact that he seemed to think that telling everybody that most people think this is bullshit would make it more convincing somehow.
And certainly for me, and presumably a lot of people, you immediately think, okay, well, this is all clearly nonsense.
But presumably that style of presentation, that way of kind of leading into something and saying, no one else believes this. That must be effective.
There must be a sizable group of people who think, I'm convinced now, if everybody else says it's rubbish, must be true.
I mean, obviously the, some of the stuff on the show is quite interesting and is his, his whole argument about, I don't know, Atlantis people traveling the world and telling everyone how to build pyramids.
Not very convincing.
But what was really fascinating was just the fact that he seemed to think that telling everybody that most people think this is bullshit would make it more convincing somehow.
And certainly for me, and presumably a lot of people, you immediately think, okay, well, this is all clearly nonsense.
But presumably that style of presentation, that way of kind of leading into something and saying, no one else believes this. That must be effective.
There must be a sizable group of people who think, I'm convinced now, if everybody else says it's rubbish, must be true.
Well, there is an awful lot of that in the world, isn't there? A lot of people love to attach themselves to something which the experts think is nonsense. Yeah.
Yeah.
There's a more important point maybe, you know, you have things like Ofcom, you know, that help regulate what's shown on TV in the UK and kind of people say, oh, we won't, don't have that.
That doesn't seem to be having an ounce of truth there and, you know, could cause some problems.
But maybe Netflix doesn't have that same issue, or did they say you can make your show as long as you just say at the beginning of every fucking scene, no one fucking agrees with you for liability purposes?
Crazy.
There's a more important point maybe, you know, you have things like Ofcom, you know, that help regulate what's shown on TV in the UK and kind of people say, oh, we won't, don't have that.
That doesn't seem to be having an ounce of truth there and, you know, could cause some problems.
But maybe Netflix doesn't have that same issue, or did they say you can make your show as long as you just say at the beginning of every fucking scene, no one fucking agrees with you for liability purposes?
Crazy.
In case the people from Atlantis complain and say, oh no, we never— if the pyramids fall down, it's not our responsibility.
So they need standards and best practices, that's what you're saying?
Oh, I knew it. I knew it.
Regulation.
Yes. Anyway, that's kind of my pick of the week.
Your nitpick of the week.
But watch it with caution, please. Yes.
Carole, what's your pick of the week?
Before I get to my pick of the week, if I asked either of you to get a piece of paper and a pencil and to draw a pterodactyl, do you think it would look like one?
Oh, well, I think you're fine. Pterodactyls don't actually exist. I think you're referring to the pterodactyl.
And you know, and you may want to have better skills, you may find that difficult, right?
You may find it hard to do that without having an image in front of you to know what one looked like.
And maybe even if I gave you a picture of one and said, okay, draw this, but 3 times as big, you might find that its eyes are bulging out of its head, or its wings are tiny, or something, right?
Because it's difficult to do that proportions are difficult to do.
You may find it hard to do that without having an image in front of you to know what one looked like.
And maybe even if I gave you a picture of one and said, okay, draw this, but 3 times as big, you might find that its eyes are bulging out of its head, or its wings are tiny, or something, right?
Because it's difficult to do that proportions are difficult to do.
I think pterodactyls are easy. They're just a bit like clothes pegs you put on the washing line with a couple of wings, aren't they? That's how I draw one.
Right. Okay. Well, my pick of the week this week was sent to us by a listener, D Barker, and it was a while ago. Apologies, Mr. D Barker.
But he writes, I found an app that makes up for my failings at drawing, but allows me to feel part of the process by using the sketch So basically he's using this app called Da Vinci Eye app.
And what it does is it allows you to use your iPhone or your iPad as a type of projector.
So you might take a clear glass and put it over a piece of paper, and then you'd put a picture on your phone and it would allow you to draw at exact proportion, kind of tracing it out as you were using a projector in the old days.
You see what I mean?
But he writes, I found an app that makes up for my failings at drawing, but allows me to feel part of the process by using the sketch So basically he's using this app called Da Vinci Eye app.
And what it does is it allows you to use your iPhone or your iPad as a type of projector.
So you might take a clear glass and put it over a piece of paper, and then you'd put a picture on your phone and it would allow you to draw at exact proportion, kind of tracing it out as you were using a projector in the old days.
You see what I mean?
Like a camera obscura.
Like a camera obscura. Yeah. And it not only does let you do that, but it lets you also know, tells you where you need shading and helps you with your tones.
So it helps you make your pics more realistic looking or more 3D. And there's guides and tips and drawing prompts to help you along.
So this app retails for £8.99 in the UK, about $10 in the US. And it seems quite lovely. And plus, the support team seems to be really on point, very friendly, accessible.
They make a big deal about that. And there's also quite a few videos on YouTube where you can see the app in action, decide whether it's worth the $10.
But as D Barker writes, I bought it thinking if I didn't like it, I could return it to the App Store and get a refund. So there you go.
Called Da Vinci Eye AR Art Projector, and you can find it just for Apple products, I'm afraid. Apple iPhone and iPad, and you can find it on the App Store.
And that is my pick of the week. Thank you, Mr. D Barker.
So it helps you make your pics more realistic looking or more 3D. And there's guides and tips and drawing prompts to help you along.
So this app retails for £8.99 in the UK, about $10 in the US. And it seems quite lovely. And plus, the support team seems to be really on point, very friendly, accessible.
They make a big deal about that. And there's also quite a few videos on YouTube where you can see the app in action, decide whether it's worth the $10.
But as D Barker writes, I bought it thinking if I didn't like it, I could return it to the App Store and get a refund. So there you go.
Called Da Vinci Eye AR Art Projector, and you can find it just for Apple products, I'm afraid. Apple iPhone and iPad, and you can find it on the App Store.
And that is my pick of the week. Thank you, Mr. D Barker.
Thank you, D Barker. And that just about wraps up the show for this week. John, I'm sure lots of our listeners would love to follow you online.
Unfortunately, you have no social media presence whatsoever, do you?
Unfortunately, you have no social media presence whatsoever, do you?
No, I keep it very quiet. See, that's why I like But you know, you can go to the AMTSO website, amtso.org, and find everything I do is there mostly.
Fantastic. So if you're interested in testing standards for anti-malware organizations, that's the place to go.
And exactly which you should be.
And you can follow us on Twitter while Twitter still exists at Smashing Security, no G, Twitter allows to have a G. We also have a Mastodon account.
Easiest way to get there is to go to smashingsecurity.com/mastodon. You'll be redirected. And then also you can look up the Smashing Security subreddit.
And don't forget, to ensure you never miss another episode, follow Smashing Security in your favorite podcast app, such as Overcast, Spotify, and Apple Podcasts.
Easiest way to get there is to go to smashingsecurity.com/mastodon. You'll be redirected. And then also you can look up the Smashing Security subreddit.
And don't forget, to ensure you never miss another episode, follow Smashing Security in your favorite podcast app, such as Overcast, Spotify, and Apple Podcasts.
And massive shout out to these episode sponsors: Kolide, Bitwarden, and Pantera. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest list, and the entire back catalog, blog of more than 298 episodes, check out smashingsecurity.com.
For episode show notes, sponsorship info, guest list, and the entire back catalog, blog of more than 298 episodes, check out smashingsecurity.com.
Until next time, cheerio, bye-bye. Bye-bye.
299. Did you mention that in the show?
Right at the beginning.
Yeah.
Oh yeah.
Right at the beginning. We didn't really go into much next week, John.
Yeah.
Lots of excitement. Yeah.
You better show up, guys. We've got a treat.
Well, I'll be there.
I'll be nearby.
Yeah. And we have a treat.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
John Hawes
Episode links:
- Larry David promotes FTX in Superbowl ad – YouTube.
- Crypto giant FTX collapses into bankruptcy – BBC News.
- FTX’s new CEO: “Never in my career have I seen such a complete failure” – CBS News.
- Tom Brady, Giselle Bündchen, Larry David & Steph Curry Caught In FTX Crypto Fallout With Class Action Suit – Deadline.
- Bankman-Fried’s FTX, senior staff, parents bought Bahamas property worth $300 milion – Reuters.
- Tweet showing Sam Bankman-Fried deepfake scam – Twitter.
- FTX Founder Deepfake Offers Refund to Victims in Verified Twitter Account Scam – Vice.
- Crypto.com CEO admits company accidentally sent 320,000 ETH ($416 million) to another crypto exchange a few weeks prior – Web3 is going great.
- Sandia studies vulnerabilities of electric vehicle charging infrastructure – Sandia Labs.
- Review of Electric Vehicle Charger Cybersecurity Vulnerabilities, Potential Impacts, and Defenses – MDPI.
- Shocker: EV charging infrastructure is seriously insecure – The Register.
- Microsoft to acquire Activision Blizzard to bring the joy and community of gaming to everyone, across every device – Microsoft.
- Gaming for everyone, everywhere: our view on the Activision Blizzard acquisition – Microsoft.
- Video gaming market leaders – Statistics & Facts – Statista.
- Microsoft says UK influenced by Sony in probing Activision Blizzard deal – Reuters.
- Can Big Tech Get Bigger? Microsoft Presses Governments to Say Yes -New York Times.
- Microsoft Reveals Sony’s Activision Deal Is Blocking ‘Call Of Duty’ From Game Pass – Forbes.
- EU to launch advanced Microsoft-Activision probe – Politico.
- Microsoft / Activision Blizzard merger inquiry – Gov.uk.
- Microsoft Buying Activision Blizzard Might Be Good For Gamers, But Bad for Developers – Time.
- A Day in London 1930s in colour – YouTube.
- Ancient Apocalypse – Netflix.
- Ancient Apocalypse is the most dangerous show on Netflix – The Guardian.
- How to Draw Large Pictures with Da Vinci Eye -Youtube.
- Da Vinci Eye: AR Art Projector – Apple app store.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Pentera – Pentera’s Automated Security Validation Platform is designed to help teams increase their security posture against modern day threats across the entire attack surface. Evaluate your security readiness with continuous and consistent autonomous testing with granular visibility into every execution along the way.
- Kolide – the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Bitwarden – Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
