Could a senior Latvian politician really be responsible for scamming hundreds of “mothers-of-two” in the UK? (Probably not, despite Graham’s theories…) And should we be getting worried about the AI wonder that is ChatGPT?
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Plus don’t miss our featured interview with DigiCert’s Brian “PKI” Trzupek.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Okay, so are you suggesting that just because he sent the picture of the Deputy Prime Minister of Latvia, that in fact is the Deputy Prime Minister of Latvia that's causing all this hullabaloo?
What other possible explanation could there be?
Oh, I don't know, just stole a picture off the web?
Well, well, well, oh, that sounds rather extreme to me. Anyway, Sharon, Sharon was— Smashing Security, Episode 307.
ChatGPT and the Minister for Foreign Affairs with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 307. My name's Graham Cluley.
ChatGPT and the Minister for Foreign Affairs with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 307. My name's Graham Cluley.
And I'm Carole Theriault.
Carole, this week we are joined by absolutely nobody again. We had a guest and then—
Illness.
Yeah, they got the lurgy.
Yep.
And so it's just you and me. Is that all right? Is that okay with you? Do you prefer doing a show with me or do you prefer having a guest?
I'm assuming that's a rhetorical question.
Okay.
Before we kick off, how about we thank this week's sponsors, Bitwarden, Sealit, and DigiCert. It's their support that helps us give you this show for free.
Now coming up in today's show, Graham, what do you got?
Now coming up in today's show, Graham, what do you got?
I'm going to be telling you a torrid tale of love over lockdown.
Okay. And I will be looking at OpenAI's GPT service and checking out some use cases. Plus, we have featured interview with DigiCert's Brian Trzupek.
He's a senior VP of products at DigiCert. And what a great interview. All this and much more coming up on this episode of Smashing Security.
He's a senior VP of products at DigiCert. And what a great interview. All this and much more coming up on this episode of Smashing Security.
Carole, I am going to show you the picture of a young man. Well, not that young. I'll put it up here. And you can also, if you're listening, you can check it out in the show notes.
Take a look at this guy. Let's describe this guy who we're looking at. He's quite a handsome fellow, wouldn't you say? He's probably in his 50s or 60s. What are you seeing, Carole?
What are you seeing?
Take a look at this guy. Let's describe this guy who we're looking at. He's quite a handsome fellow, wouldn't you say? He's probably in his 50s or 60s. What are you seeing, Carole?
What are you seeing?
Oh, I don't really like to judge. What am I seeing with my eyes?
Yeah.
Yes. No, what are you seeing with your feet? Yes, with your eyes. Yes, what do you see?
He looks very vanilla. You know, he's wearing a blue suit. Yeah. He's got silvery hair. He looks like a sales guy.
He looks like a silver fox, if you ask me. He looks lovely. He's got kind eyes. They're sort of a beautiful deep brown, the sort I'd love to sort of dive into. He looks trustworthy.
He looks kind of dreamy.
He looks kind of dreamy.
No, not to me at all. I'm sorry. I'm sorry.
Oh, okay. Well, to me, he just looks like a decent fella. This person you are looking at is Artis Pabriks.
He is three years older than me, so he clearly has a bit of maturity about him. And he's from Latvia.
He is three years older than me, so he clearly has a bit of maturity about him. And he's from Latvia.
Are you into this guy? Is this your new boyfriend?
No, not— no, not me. Oh, right. Not me.
Okay. No, no.
I'm going to give you a warning about him. Back in the day, he completed his mandatory two-year stint in the Soviet Army. Like I said, he's from Latvia.
Then he got a degree in history at the University of Latvia and later completed his PhD in political science. He is a doctor. Dr.
Artis Pabriks, I imagine he could call himself with that qualification. He used to be the Minister of Foreign Affairs.
Then he got a degree in history at the University of Latvia and later completed his PhD in political science. He is a doctor. Dr.
Artis Pabriks, I imagine he could call himself with that qualification. He used to be the Minister of Foreign Affairs.
For Latvia?
For Latvia. There is your first clue as to where this story is going. Minister for Foreign Affairs. And now he's the Minister for Defence and Deputy Prime Minister of Latvia.
And I have to tell you that he's been a very, very naughty boy indeed.
And I have to tell you that he's been a very, very naughty boy indeed.
Naughty boy? Okay. Yes.
Because you would think being Deputy Prime Minister and Minister of Defence of a country that is, well, frankly, teetering on the brink of World War III because of its proximity to Russia and all the hullabaloo that's going over in that part of the world at the moment, you would think that he'd be keeping his mind on the job and protecting his country and doing the right thing.
But oh no, oh no, no, no, no. And no, he is not, because I have discovered that he has been wooing, wooing vulnerable mothers of two in the UK.
But oh no, oh no, no, no, no. And no, he is not, because I have discovered that he has been wooing, wooing vulnerable mothers of two in the UK.
Mothers of two.
Yes.
Yes.
Mothers, mothers of two, of mothers who have given birth twice. Yes.
So he goes after people with two children.
I don't know. I don't know if he only woos mothers of two. He might also woo just ladies, spinsters, mothers of three. I don't know.
But the whole intent of this, this wooing which is occurring over the internet, is the intent to con these vulnerable people out of money. And let me give you an example.
But the whole intent of this, this wooing which is occurring over the internet, is the intent to con these vulnerable people out of money. And let me give you an example.
Poor mothers of two.
Okay, these mothers.
Yes, watch out there, girls.
Watch out there. And I know we've got a lot— I've checked our demographic. I know we have a lot of vulnerable mothers of two listening.
Now, mothers like Sharon Bulmer from Manchester. She is 51 years old, and she was on the internet. She was on social media.
She was on Facebook, and she got chatted up by someone who was 56 years old called Murphy Townsend. And Murphy said he was from Washington, D.C.
He said he was serving with the 37th Infantry Brigade combat team in Syria. So, you know, he was— you know, he's probably quite fit.
Now, mothers like Sharon Bulmer from Manchester. She is 51 years old, and she was on the internet. She was on social media.
She was on Facebook, and she got chatted up by someone who was 56 years old called Murphy Townsend. And Murphy said he was from Washington, D.C.
He said he was serving with the 37th Infantry Brigade combat team in Syria. So, you know, he was— you know, he's probably quite fit.
Right. So she's in Manchester chatting to some guy who says, "I'm from Washington, but right now in Syria." Exactly. Right?
Yes.
Right?
Yes. Already I'd be, "Too complicated." Well, maybe you would, but Sharon was in an unhappy relationship. She had been dating a fella for the last 29 years. Right.
She'd had two children with this guy up there in Manchester, and it wasn't going so well. Things, you know, things had got a little bit humdrum.
She'd had two children with this guy up there in Manchester, and it wasn't going so well. Things, you know, things had got a little bit humdrum.
Right. So spice it up by having some— An affair. Okay.
So she said she got these messages, and this guy who called himself Murphy Townsend said he was lonely. He was serving in Syria. His wife had passed away.
He just wanted someone to speak to, and he said he'd been watching her on Facebook.
He just wanted someone to speak to, and he said he'd been watching her on Facebook.
What? Okay.
Yeah. Yeah.
Now it's not only complicated, it's creepy.
Right. Okay. So yeah, I mean, what does that mean, watching you on Facebook?
I've no idea.
Yeah. You know, cover it with a Post-it note, for goodness' sake, or check out your privacy settings. But there was a few messages going back and forth between Sharon and Murphy.
And Murphy, if that was his real name, because it wasn't, because of course it was the Deputy Prime Minister of Latvia, which was proven when Murphy sent his photograph, but actually sent the picture of the Deputy Prime Minister of Latvia instead.
And Murphy, if that was his real name, because it wasn't, because of course it was the Deputy Prime Minister of Latvia, which was proven when Murphy sent his photograph, but actually sent the picture of the Deputy Prime Minister of Latvia instead.
Okay, so are you suggesting that just because he sent the picture of the Deputy Prime Minister of Latvia, that in fact is the Deputy Prime Minister of Latvia that's causing all this hullabaloo?
What other possible explanation could there be?
Oh, I don't know, just stole a picture off the web?
Well, well, oh, that sounds rather extreme to me. Anyway, Sharon, she didn't know how to do a reverse image search or anything like that.
So she doesn't know at the moment that she's actually speaking to the Latvian Deputy Prime Minister. She thinks she's speaking to Murphy Townsend.
Now, they're not doing video calls because Murphy, in quotes, or let's call him Artis, he said he wasn't allowed to do that when he was in the field in Syria.
Right, he's not allowed to do it.
So she doesn't know at the moment that she's actually speaking to the Latvian Deputy Prime Minister. She thinks she's speaking to Murphy Townsend.
Now, they're not doing video calls because Murphy, in quotes, or let's call him Artis, he said he wasn't allowed to do that when he was in the field in Syria.
Right, he's not allowed to do it.
Yes.
The relationship is going on, you know, it's going wonderfully, everything, you know, albeit via text.
And Sharon decides that she's going to ditch her partner of 29 years, who she's had two kids with, instead to go off with this guy who she doesn't realise is the Latvian Deputy Prime Minister and thinks is just a soldier out in Syria instead.
And Sharon decides that she's going to ditch her partner of 29 years, who she's had two kids with, instead to go off with this guy who she doesn't realise is the Latvian Deputy Prime Minister and thinks is just a soldier out in Syria instead.
Okay, I'm following.
Here's the shocking thing. Artis Pabriks, the Deputy Prime Minister of Latvia, hadn't just sent photographs of himself to Sharon.
He'd also sent them to about 100 or so other women, trying to woo them as well.
I mean, if he'd been smart, you'd have thought he would have been with his education and so forth, could he not have found pictures of someone else online rather than choosing his own photograph?
I don't know.
He'd also sent them to about 100 or so other women, trying to woo them as well.
I mean, if he'd been smart, you'd have thought he would have been with his education and so forth, could he not have found pictures of someone else online rather than choosing his own photograph?
I don't know.
You better tell me it's not him. I'm waiting.
Well, you're jumping ahead now, Carole.
No, I know. I think all our listeners are with us here. I think everyone is in the know. We're all tapping our noses and just waiting.
All right. All right. Okay, so turns out one day, surprise, surprise.
One day, Murphy Townsend, if that is his real name, Murphy Townsend says, "Look, I want to come and visit you, Sharon, in Manchester." And she says, "Oh, that sounds lovely.
I'll pay for your flight, £1,400." And he says, "Could you pay in bitcoin? That would be easiest."
One day, Murphy Townsend, if that is his real name, Murphy Townsend says, "Look, I want to come and visit you, Sharon, in Manchester." And she says, "Oh, that sounds lovely.
I'll pay for your flight, £1,400." And he says, "Could you pay in bitcoin? That would be easiest."
And do you mind if I wear a balaclava?
Complicated.
It's complicated.
He says, "It's the safest to use bitcoin, then it doesn't get stolen on the way." And so she pays the £1,400. And she doesn't hear from him for a few days.
Oh!
Right? Mm-hmm. But get this. After a few days, you know, she's thinking, "What's happened?" She receives a message from a different email address, also claiming to be Murphy Townsend.
And that message says, "Oh, I need a bit more money for the plane ticket." How much more? £15,000.
And that message says, "Oh, I need a bit more money for the plane ticket." How much more? £15,000.
Oh, okay. Yeah, no problem. No problem. Wiring that to you now.
It's obviously a private jet.
Of course. Because everyone who is— Oh, Jesus.
So she's now spent about £16,400 on this plane ticket. And Murphy hasn't shown up. It's the end of the month. He's not shown up.
She receives a message from someone claiming to be a doctor. Who says that Murphy's been taken to hospital out in Syria.
She receives a message from someone claiming to be a doctor. Who says that Murphy's been taken to hospital out in Syria.
And they refuse to operate on him unless—
Well, funny you should say that, because yes, he's unconscious. He's all right. He's unconscious. Everything's going to plan. We're keeping him in hospital.
Do they let her hear him breathe? She can hear him breathe a bit.
But there's going to be some payment required. And now Sharon is no dingbat, right? She's suspicious. Oh, she is now.
She's thinking— And she thinks, hang on a minute, I'm being scammed by someone who's using a different email address, but pretending to be Murphy.
And when she gets to speak to Murphy, he says, "Oh yeah, I got shot in the side, you know, on my way to the airport. I'm going to be in hospital for 6 weeks.
But yeah, but—" and she thinks, oh, she said, "Do you know what's happened? I got this email from someone else." And she says, "You know what? That's probably scammers.
Did you give them any money?" She says, "Yeah, I did. I gave them £15,000."
She's thinking— And she thinks, hang on a minute, I'm being scammed by someone who's using a different email address, but pretending to be Murphy.
And when she gets to speak to Murphy, he says, "Oh yeah, I got shot in the side, you know, on my way to the airport. I'm going to be in hospital for 6 weeks.
But yeah, but—" and she thinks, oh, she said, "Do you know what's happened? I got this email from someone else." And she says, "You know what? That's probably scammers.
Did you give them any money?" She says, "Yeah, I did. I gave them £15,000."
Oh, right. Because then he goes, "Yeah, yeah, yeah, yeah."
And so he's like, "Oh, well, that's terrible. It's terrible. Don't do that again.
Make sure, you know, because we're all in this together." Anyway, turns out for the next 2.5 years, Sharon kept on sending money in the form of bitcoin to Murphy Townsend.
Nearly £80,000. £80,000.
Make sure, you know, because we're all in this together." Anyway, turns out for the next 2.5 years, Sharon kept on sending money in the form of bitcoin to Murphy Townsend.
Nearly £80,000. £80,000.
That's not that much money, is it, Graham?
It's quite a lot of money.
It's a lot of money. Okay. Does Sharon not have anyone in her life who has tried—
Who's Latvian.
Who has tried to say to her, "I really don't think you're currently with the Latvian Deputy Prime Minister, 'cause I've just done an image search on the picture." She has a 17-year-old daughter called Hela.
Yes!
She has two kids!
Yes. So they're not young kids. You know, they're not super young kids.
They know how to use the computer, presumably.
They use— I mean, no. And, but it appears that she wasn't really listening to anyone who was warning her of that. She's totally sold on this.
She's thinking, you know, yes, he's constantly hammering me for money, but, you know, love is just around the corner, you know. And she thinks it's all going to happen.
But yeah, £80,000. This poor woman who worked in some sort of COVID testing centre is given to this suave Latvian politician who's scamming people left, right, and centre.
She's thinking, you know, yes, he's constantly hammering me for money, but, you know, love is just around the corner, you know. And she thinks it's all going to happen.
But yeah, £80,000. This poor woman who worked in some sort of COVID testing centre is given to this suave Latvian politician who's scamming people left, right, and centre.
I sound like, how is this possible? Possible, but I think I know a person who is going through this right now with some guy that she's met. He lives in another city.
They've never met. They've been dating a year. They can never do video chats because he has some excuse.
He never comes and visits her, but plans all kinds of holidays that they put money down for, and then they don't go. And she won't hear of it. She will not hear of it.
She is completely smitten and loving telling everyone how smitten she is and how great it is. She has two pictures of this guy who looks similar to—
They've never met. They've been dating a year. They can never do video chats because he has some excuse.
He never comes and visits her, but plans all kinds of holidays that they put money down for, and then they don't go. And she won't hear of it. She will not hear of it.
She is completely smitten and loving telling everyone how smitten she is and how great it is. She has two pictures of this guy who looks similar to—
No.
Looks very similar to the Latvian—
It's the Deputy Prime Minister of Latvia.
Deputy Prime Minister.
Have you got the pictures, Carole? No. Have you tried reverse image search them?
To be honest, and here's my piece of advice for any scammers out there, stop stealing the pictures of suave politicians and— celebrities and things like that.
Why not just deepfake a picture and then you won't presumably have its double anywhere on the internet, right? It's weird.
To be honest, and here's my piece of advice for any scammers out there, stop stealing the pictures of suave politicians and— celebrities and things like that.
Why not just deepfake a picture and then you won't presumably have its double anywhere on the internet, right? It's weird.
Yeah, great advice. Great advice.
Well, good advice, but for bad people. That's what this podcast is all about.
No, it's not.
No. Okay, fair enough. Just to be clear, I don't believe it's the Deputy Prime Minister of Latvia, but it might be. It might be.
'Cause that would be the ultimate cover story, wouldn't it? To say, "Oh, someone's taken my photograph." But in fact, it is him. But it's not.
'Cause that would be the ultimate cover story, wouldn't it? To say, "Oh, someone's taken my photograph." But in fact, it is him. But it's not.
I'm leaving you hanging.
Carole, we haven't got a guest this week, so what's your story?
Well, we are going to chat ChatGPT because it has just been 3 months since November 2022 that this thing has launched.
And this wee service has certainly become the darling of the internet. Everyone and their dog wants to have a go.
And this wee service has certainly become the darling of the internet. Everyone and their dog wants to have a go.
Yeah, it's been huge, hasn't it? Everyone's talking about, I mean, this new version of ChatGPT, I think it's ChatGPT-3.
4 is on its way.
Oh, it's 4? Yeah, I mean, it's scary, isn't it? It's scary in all kinds of different ways.
We're gonna explore that here.
But first, for the one or two of you that live under a rock and have never heard of ChatGPT from OpenAI, okay, it's an online tool powered by AI and a ginormous dataset taken from the vast web in order to craft responses to our burning questions, right?
And it's pretty impressive at what it does. Like, it's not flawless, but wow. Anyone who's played with it has to say wow.
But first, for the one or two of you that live under a rock and have never heard of ChatGPT from OpenAI, okay, it's an online tool powered by AI and a ginormous dataset taken from the vast web in order to craft responses to our burning questions, right?
And it's pretty impressive at what it does. Like, it's not flawless, but wow. Anyone who's played with it has to say wow.
Yeah.
Soon after its launch, it had more than a million users from people trying to generate speeches, write school reports, computer code. And there is competition to this, right?
Other tech companies like Google and Meta have developed their own large language model tools, which use programs that respond to human prompts and devise sophisticated responses.
But OpenAI, in a revolutionary move, created a user interface that let the general public experiment with it directly. And that is apparently its little secret sauce.
Other tech companies like Google and Meta have developed their own large language model tools, which use programs that respond to human prompts and devise sophisticated responses.
But OpenAI, in a revolutionary move, created a user interface that let the general public experiment with it directly. And that is apparently its little secret sauce.
Yeah, it is very easy to use, isn't it? You can say anything.
You can say, you know, write me a story about Doctor Who arriving on a planet and being attacked by Cybermen, and it will come up with, you know, multiple paragraphs of a plot of a Doctor Who story.
Not just for Doctor Who. I've seen examples where you can give it a proper question you might be asked at a college or university, and it will go and write the essay for you.
Maybe not of A+ standard, but certainly good enough to get you probably a passing mark in many occasions.
You can say, you know, write me a story about Doctor Who arriving on a planet and being attacked by Cybermen, and it will come up with, you know, multiple paragraphs of a plot of a Doctor Who story.
Not just for Doctor Who. I've seen examples where you can give it a proper question you might be asked at a college or university, and it will go and write the essay for you.
Maybe not of A+ standard, but certainly good enough to get you probably a passing mark in many occasions.
Yeah, yeah. So far it's been free, but I'm hearing it's going to be a fee service soon, and I'm hearing the number $42 a month being bandied around.
Would you pay that for access to this?
Would you pay that for access to this?
No, I wouldn't. But $42, is that 42 because it's the meaning of life and deep thought and things like that? Yeah, that's what I'm guessing.
Okay, so we're going to skip through an eclectic list of use cases, okay, involving GPT. So one is making money. So people are trying to use it to get a raise.
Oh.
One person was asking for advice and asked, how do I phrase my pay request? And it put up an answer.
This was shared with experts on salary negotiation and was given a total thumbs up. Do you want to hear a bit of it?
This was shared with experts on salary negotiation and was given a total thumbs up. Do you want to hear a bit of it?
Yeah, yeah. I'm desperate to hear.
I've been working at the company for insert amount of time and have been consistently meeting and exceeding my performance goals.
I've also been taking on additional responsibilities and have been a key player in the success of several projects.
I believe that my contributions have added value to the company and have been vital in achieving our goals.
Research and data shows that the average salary for someone with my qualifications and experience in this industry is research data. So, you know, sounds pretty good, right?
I've also been taking on additional responsibilities and have been a key player in the success of several projects.
I believe that my contributions have added value to the company and have been vital in achieving our goals.
Research and data shows that the average salary for someone with my qualifications and experience in this industry is research data. So, you know, sounds pretty good, right?
It's a good framework. It's a good skeleton.
Absolutely. Yeah, it's like a template. And hey, we used to use those things in the early days of running my company.
I used to go to these, give me some legal document to help me make a contract with a company that I might be working with, right?
So we all have used templates to write CVs and all this, but allows it to be much more flexible. There's also real estate. What do you think real estate would use this for, ChatGPT?
I used to go to these, give me some legal document to help me make a contract with a company that I might be working with, right?
So we all have used templates to write CVs and all this, but allows it to be much more flexible. There's also real estate. What do you think real estate would use this for, ChatGPT?
Would you use it for negotiations? Negotiating the price of a house if you're buying one, or maybe for describing a house in florid terms.
Exactly.
If you come across a 4-bedroom, 3.5-bathroom home listed for sale recently in a quiet cul-de-sac near Cedar Rapids, Iowa, you might not think twice about the listing and who wrote it, because it will even include things like ideal for entertaining and ample space for relaxation.
Not written by a human. Takes all of 5 seconds to pull together for the agent though, and they're saying the time save is incredible.
If you come across a 4-bedroom, 3.5-bathroom home listed for sale recently in a quiet cul-de-sac near Cedar Rapids, Iowa, you might not think twice about the listing and who wrote it, because it will even include things like ideal for entertaining and ample space for relaxation.
Not written by a human. Takes all of 5 seconds to pull together for the agent though, and they're saying the time save is incredible.
Are estate agents really human though? I mean, you say not written by— were they human in the first place, I wonder?
The article also referenced a woman who had moved into a pre-construction home and couldn't open her windows. So she had attempted to contact the developer for months, no response.
Right.
A copy of her email was run through ChatGPT asking it to rewrite it with an emphasis on the liability implications.
And it worked like a charm because all of a sudden the developer showed up at the house to fix the issue.
And it worked like a charm because all of a sudden the developer showed up at the house to fix the issue.
Oh, I see. So she was describing all the ways in which they could be legally liable if they didn't come and fix all this.
She didn't say it. ChatGPT pulled it all together for her.
Right.
Gotcha.
Yeah. In health, mental health company Koko came under fire this month after its founder wrote about how the company used GPT-3 in an experiment to reply to users.
And the co-founder Rob Morris had to clarify on Twitter that users weren't speaking directly to a chatbot, that the AI was used to help craft responses.
This is all according to Business Insider. But that's a bit, I can see the temptation, right?
It's the same as an estate agent, but then you're dealing with people with mental health difficulties.
And the co-founder Rob Morris had to clarify on Twitter that users weren't speaking directly to a chatbot, that the AI was used to help craft responses.
This is all according to Business Insider. But that's a bit, I can see the temptation, right?
It's the same as an estate agent, but then you're dealing with people with mental health difficulties.
Yeah.
Yeah. You want this to be overseen by a sort of competent grown up really, don't you, rather than left to computers.
I think in all of these, you would always want oversight of them because even in the real estate market, it's like they didn't get everything right.
We had to go over it and just clean it up, but it saved me so much time. Copyright is interesting as well.
Gizmodo write that ChatGPT has been making the tech industry sweat and now Amazon is feeling the heat because according to internal communications from the company, an Amazon lawyer has urged employees not to share code with the AI chatbot.
And they have seen evidence, because it's so close to the real stuff, that people probably have been doing that in order to generate code more quickly.
We had to go over it and just clean it up, but it saved me so much time. Copyright is interesting as well.
Gizmodo write that ChatGPT has been making the tech industry sweat and now Amazon is feeling the heat because according to internal communications from the company, an Amazon lawyer has urged employees not to share code with the AI chatbot.
And they have seen evidence, because it's so close to the real stuff, that people probably have been doing that in order to generate code more quickly.
Oh, so they're working on code, they share it with ChatGPT saying, "Can you improve this code or fix a bug?"
"Can you find a mistake?" Yes.
And who are you giving your code to? What?
Exactly, right. So fascinating. And of course, as you mentioned, education and research, right?
So I don't know if you know, but I've heard this last week, professors at Wharton School of the University of Pennsylvania released a research paper.
And it's called "Would ChatGPT Get a Wharton MBA?" And they document how ChatGPT wrote and passed one of the final exams to pass their MBA.
And one of the profs said it did an amazing job.
So I don't know if you know, but I've heard this last week, professors at Wharton School of the University of Pennsylvania released a research paper.
And it's called "Would ChatGPT Get a Wharton MBA?" And they document how ChatGPT wrote and passed one of the final exams to pass their MBA.
And one of the profs said it did an amazing job.
So here's my question to this, right? I'm just asking the questions here. Does that really matter? Because isn't it a bit like using a calculator?
So you might use a calculator to do the complicated multiplication by 17 equations or whatever, in which case you can't do it in your head and maybe you can't even do it on paper.
But as long as you've always got a calculator, you're fine.
Similarly, should you have to go through the whole process of proving you are capable of getting an MBA or whatever the thing is, you know, whatever the qualification is, if you're going to have access to something like ChatGPT or that kind of AI technology to help you whenever you find yourself in a predicament?
So you might use a calculator to do the complicated multiplication by 17 equations or whatever, in which case you can't do it in your head and maybe you can't even do it on paper.
But as long as you've always got a calculator, you're fine.
Similarly, should you have to go through the whole process of proving you are capable of getting an MBA or whatever the thing is, you know, whatever the qualification is, if you're going to have access to something like ChatGPT or that kind of AI technology to help you whenever you find yourself in a predicament?
Yes, I think you're right, but I think we're not there yet and we won't be there for years. I mean, think about it, it's totally changed how we can cheat.
In schools, for example, plagiarism has become a huge, huge problem. Public schools in New York and Seattle have decided to block ChatGPT from their devices and Wi-Fi networks.
Give me a break, that's going to work.
In schools, for example, plagiarism has become a huge, huge problem. Public schools in New York and Seattle have decided to block ChatGPT from their devices and Wi-Fi networks.
Give me a break, that's going to work.
Yes, exactly.
Yeah, but to your point, I agree, right? In France, the prestigious Sciences Po University in Paris has also just announced a strict ban on its use.
So we need to find a way to work with it, right? In fact, there was an article in The New York Times about this really recently.
We have to, but right now, people are just slamming the brakes on. There's no legislations, there's no oversight, it's kind of Wild Westy, right?
Market is going nuts as well, 'cause there's rumors that investors are tripping over themselves to get into the action, right?
Microsoft this month reportedly invested $10 billion into ChatGPT's parent company OpenAI.
And with the rise of OpenAI's language tool, Wall Street traders are increasingly betting on chipmakers like NVIDIA. And they have climbed more than 34% this month alone.
So NVIDIA's co-founder, Jensen Huang, has seen his wealth grow by $5 billion so far this year, according to Bloomberg.
And they say he's had the largest percentage gain to his net worth among US billionaires so far this year.
So we need to find a way to work with it, right? In fact, there was an article in The New York Times about this really recently.
We have to, but right now, people are just slamming the brakes on. There's no legislations, there's no oversight, it's kind of Wild Westy, right?
Market is going nuts as well, 'cause there's rumors that investors are tripping over themselves to get into the action, right?
Microsoft this month reportedly invested $10 billion into ChatGPT's parent company OpenAI.
And with the rise of OpenAI's language tool, Wall Street traders are increasingly betting on chipmakers like NVIDIA. And they have climbed more than 34% this month alone.
So NVIDIA's co-founder, Jensen Huang, has seen his wealth grow by $5 billion so far this year, according to Bloomberg.
And they say he's had the largest percentage gain to his net worth among US billionaires so far this year.
Because his chips are going to be powering systems running ChatGPT.
Yes.
Well, ChatGPT, so its way of making money, it sounds like, is it's going to be some kind of subscription service.
So you'll pay so much per month to access it, what they're going to do, are they?
So you'll pay so much per month to access it, what they're going to do, are they?
Well, for the initial pay hump, yeah.
Right, I guess they could also probably build some kind of API and they could license people access to it if they want to build it into their own systems.
Or maybe they could integrate advertising into ChatGPT so it subtly starts talking about particular products like Coca-Cola in the middle of your essay about Thomas Hardy and Tess of the d'Urbervilles.
Or maybe they could integrate advertising into ChatGPT so it subtly starts talking about particular products like Coca-Cola in the middle of your essay about Thomas Hardy and Tess of the d'Urbervilles.
It's scary, isn't it? It's like it can do anything. But apparently, do you want to hear something it can't do very well?
What's that?
This is according to a journalist for Business Insider. She used it to craft responses to matches on Hinge.
That's the dating app, right?
Yep, that's the dating app. So she writes, one person said their most irrational fear was flying. So I asked the chatbot to come up with a funny reply. It said, quote, no problem.
I'm more than happy to hold your hand and provide moral support during turbulence. If the plane goes down, at least we'll go together in a romantic blaze of glory.
I'm more than happy to hold your hand and provide moral support during turbulence. If the plane goes down, at least we'll go together in a romantic blaze of glory.
No.
So she said she sent it, never heard back. Okay. There was this other one on Reddit someone pointed out. So apparently it said, how much is 2 + 5, right, to ChatGPT?
And it said 2 + 5 is equal to 7. And the guy replies, my wife says it's 8. And the reply from ChatGPT, I apologize, I must have made an error.
My training data only goes up to 2021 and I may not have the most current information. If your wife says it's 8, then it must be 8. Goodbye, to rate.
And it said 2 + 5 is equal to 7. And the guy replies, my wife says it's 8. And the reply from ChatGPT, I apologize, I must have made an error.
My training data only goes up to 2021 and I may not have the most current information. If your wife says it's 8, then it must be 8. Goodbye, to rate.
We all know that data is the most important asset of any business, and the value and usage of information makes data very tempting to thieves.
With Sealit, however, you can protect, share, and monitor confidential emails and files without passwords, and it's all integrated with Gmail, Outlook, and file systems.
Deploy Sealit across your organization within minutes and achieve peace of mind. Thanks to its end-to-end encryption that relies on the Zero Trust security model.
Get the right tool to own your data and gain great Sealit benefits. Plus, Sealit is offering a very special deal for all Smashing Security listeners.
Anyone who signs up for the professional plan can grab 30% off Sealit for a year. And if you sign up to Sealit, listeners can also grab a free Sealit Signature No Trust t-shirt.
Woo-hoo! Check out more about Sealit and take advantage of these offers at smashingsecurity.com/sealit. That's smashingsecurity.com/s-e-a-l-i-t.
And thanks to Sealit for supporting the show.
With Sealit, however, you can protect, share, and monitor confidential emails and files without passwords, and it's all integrated with Gmail, Outlook, and file systems.
Deploy Sealit across your organization within minutes and achieve peace of mind. Thanks to its end-to-end encryption that relies on the Zero Trust security model.
Get the right tool to own your data and gain great Sealit benefits. Plus, Sealit is offering a very special deal for all Smashing Security listeners.
Anyone who signs up for the professional plan can grab 30% off Sealit for a year. And if you sign up to Sealit, listeners can also grab a free Sealit Signature No Trust t-shirt.
Woo-hoo! Check out more about Sealit and take advantage of these offers at smashingsecurity.com/sealit. That's smashingsecurity.com/s-e-a-l-i-t.
And thanks to Sealit for supporting the show.
You've probably heard that organizations are experiencing increased pressure to manage digital trust at scale across multiple functions in IT.
The problem is many have a lack of centralized visibility and control, and this is why companies are looking for a unified digital trust strategy.
Enter DigiCert Trust Lifecycle Manager. The Trust Lifecycle Manager from DigiCert sets a new bar for unified management of digital trust.
DigiCert Trust Lifecycle Manager is a full-stack solution that unifies CA-agnostic certificate management, private PKI services, and public trust issuance for seamless digital trust infrastructure.
Find out how you can implement a full-stack solution in a single pane of glass that offers superior performance, handling, and automation with a single vendor accountability.
All you gotta do is visit smashingsecurity.com/digicert. That's smashingsecurity.com/digicert. And thanks to DigiCert for sponsoring the show.
The problem is many have a lack of centralized visibility and control, and this is why companies are looking for a unified digital trust strategy.
Enter DigiCert Trust Lifecycle Manager. The Trust Lifecycle Manager from DigiCert sets a new bar for unified management of digital trust.
DigiCert Trust Lifecycle Manager is a full-stack solution that unifies CA-agnostic certificate management, private PKI services, and public trust issuance for seamless digital trust infrastructure.
Find out how you can implement a full-stack solution in a single pane of glass that offers superior performance, handling, and automation with a single vendor accountability.
All you gotta do is visit smashingsecurity.com/digicert. That's smashingsecurity.com/digicert. And thanks to DigiCert for sponsoring the show.
So there's probably a lot of Smashing Security listeners out there who might be concerned after hearing about the data breach which recently occurred at LastPass.
Now, that allowed hackers to steal customers' password vaults, and unfortunately there were parts of those password vaults which were astonishingly unencrypted.
There's no doubt a lot of questions users are going to ask LastPass about how that could have happened and why some of that data was left in that insecure state.
But one password manager that isn't making that mistake is our sponsor Bitwarden.
Customers of Bitwarden know that their vaults are entirely end-to-end encrypted with zero-knowledge encryption, including, unlike LastPass, the URLs for the websites which you have saved passwords for.
You can learn more about that in the Bitwarden Help Center and at bitwarden.com/privacy.
And if you happen to be looking to switch password managers right now, well, Bitwarden makes it easy.
They support importing from lots of other solutions, and there's even a LastPass migration guide available. Learn more at bitwarden.com/migrate. That's bitwarden.com/migrate.
Smashingsecurity.com/migrate and stay safe. And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Now, that allowed hackers to steal customers' password vaults, and unfortunately there were parts of those password vaults which were astonishingly unencrypted.
There's no doubt a lot of questions users are going to ask LastPass about how that could have happened and why some of that data was left in that insecure state.
But one password manager that isn't making that mistake is our sponsor Bitwarden.
Customers of Bitwarden know that their vaults are entirely end-to-end encrypted with zero-knowledge encryption, including, unlike LastPass, the URLs for the websites which you have saved passwords for.
You can learn more about that in the Bitwarden Help Center and at bitwarden.com/privacy.
And if you happen to be looking to switch password managers right now, well, Bitwarden makes it easy.
They support importing from lots of other solutions, and there's even a LastPass migration guide available. Learn more at bitwarden.com/migrate. That's bitwarden.com/migrate.
Smashingsecurity.com/migrate and stay safe. And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish.
It doesn't have to be security-related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish.
It doesn't have to be security-related necessarily.
Better not be.
Well, the other day I was plowing through the internet, you know, looking at this, looking at that, and I stumbled across a message on Mastodon sent by somebody I follow, which included a very short link to a clip from the BBC 1980s sci-fi show Blake's Seven, which I'm quite a fan of.
Sort of camp, sort of Dirty Dozen in space thing.
It's just a little clip of Avon, I think it was, who was the sort of the anti-hero of the show, saying something sardonic as he always did, wonderful Paul Darrow. What about you?
What about me? Why don't you go?
Sort of camp, sort of Dirty Dozen in space thing.
It's just a little clip of Avon, I think it was, who was the sort of the anti-hero of the show, saying something sardonic as he always did, wonderful Paul Darrow. What about you?
What about me? Why don't you go?
You are expendable. And you're not? No, I'm not.
I am not expendable. I'm not stupid and I'm not going. And I thought, oh, that's wonderful. And it turned out that this was a Blake bot.
And what it does is it tweets regular little clips from Blake's Seven, and you can link through to them.
You can search for particular parts of the script, and it will show you that little clip of Blake's Seven. I thought, what a great idea.
And then I looked a little bit more deeply, and I found out that there are websites which do this not just for Blake's Seven, but do this for all manner of—
And what it does is it tweets regular little clips from Blake's Seven, and you can link through to them.
You can search for particular parts of the script, and it will show you that little clip of Blake's Seven. I thought, what a great idea.
And then I looked a little bit more deeply, and I found out that there are websites which do this not just for Blake's Seven, but do this for all manner of—
Geoff Goldblum?
Well, probably, yes. All manner of TV shows, movies, etc. So I'm going to introduce to you a website called GetYarn. It hangs out at getyarn.io.
Okay.
And if you go to this website, you can search for a phrase.
So imagine you are in some sort of social media conversation with somebody and you want to say, "Whatever," or, you know, come back with some witty riposte, a bit like ChatGPT would.
But you need a clip or a meme or a GIF of someone saying a particular word. You search for it at getyarn.io.
And it comes back with all these suggestions from different TV shows of just the little snippet of one of the characters saying this word or phrase, which you can then turn into a GIF or a video or whatever.
And then you can put it in your presentations, social media shitposts, however you want to use it.
And I thought that's probably copyright breaching in all kinds of ways, but I was quite impressed with it. And that is why my pick of the week is getyarn.io.
So imagine you are in some sort of social media conversation with somebody and you want to say, "Whatever," or, you know, come back with some witty riposte, a bit like ChatGPT would.
But you need a clip or a meme or a GIF of someone saying a particular word. You search for it at getyarn.io.
And it comes back with all these suggestions from different TV shows of just the little snippet of one of the characters saying this word or phrase, which you can then turn into a GIF or a video or whatever.
And then you can put it in your presentations, social media shitposts, however you want to use it.
And I thought that's probably copyright breaching in all kinds of ways, but I was quite impressed with it. And that is why my pick of the week is getyarn.io.
Is this brand new?
Oh, I don't know that it is. It's new to me. It doesn't look new. The website design doesn't look very new.
No, it doesn't. I was just thinking, yeah, I'm sure kids have been using this for a decade.
Maybe they have, but I've only just discovered it.
Yep. I didn't know about it either. So, you know, no shame.
No shame. So it might be fun to some people, particularly if you're posting memes all the time.
Memes.
You know, things that. Anyway, Carole, what's your pick of the week?
I'm showcasing a brilliant podcast for my pick of the week.
Oh, a podcast.
Yes, 6 out of 5 stars.
Oh.
And you're gonna love it too. You're gonna love it too. It's called—
Yeah, will I?
Seriously, it's called The New Gurus. It's a podcast from the BBC hosted by the wonderful Helen Lewis.
She's a British journalist who works for The Atlantic magazine, and she also hosts The Spark on BBC Radio 4.
And in December, she published this podcast, The New Gurus, and it's a series which gives us a shrewd look at some of the most well-known self-appointed internet gurus we have jostling for position out there.
She's a British journalist who works for The Atlantic magazine, and she also hosts The Spark on BBC Radio 4.
And in December, she published this podcast, The New Gurus, and it's a series which gives us a shrewd look at some of the most well-known self-appointed internet gurus we have jostling for position out there.
Who? What sort of people are you talking about?
Well, Jordan Peterson or Joe Rogan or Russell Brand or those kinds of people.
I think I'd have vomited at a few of those, not just Russell Brand, but yes, okay.
Yeah, yeah, yeah, yeah, yeah, totally. He's just the worst. Worst for me. We also have a few crypto bros, some wellness influencers, some productivity hackers, dating coaches.
But don't we hear enough about these people already? Do we really want to listen to them more on this podcast?
You're not listening to them. We're having an analytical look at how did these people get to become gurus?
And more importantly, what is it doing to us, the people that fall in and get snagged in?
And more importantly, what is it doing to us, the people that fall in and get snagged in?
Oh, right. Yes.
So each show takes on a particular form of guru-ness or guru-ship, right? So they analyze from a specific angle or industry.
And I was listening, I was "oh yeah, I was pretty deep into that for a bit." So I find it quite interesting because often we think, oh, it's the other people that fall for this stuff.
But I think it does a good job of making you feel get off your high horse, you're not immune. It's wonderful.
And actually, Graham, the name of this podcast episode gives away the clip that I want you to hear. Okay.
And I was listening, I was "oh yeah, I was pretty deep into that for a bit." So I find it quite interesting because often we think, oh, it's the other people that fall for this stuff.
But I think it does a good job of making you feel get off your high horse, you're not immune. It's wonderful.
And actually, Graham, the name of this podcast episode gives away the clip that I want you to hear. Okay.
Right.
But I want you not to look at it. So I'm going to send you a link right now. I'll put it in the document.
I'm covering my eyes.
Okay. If you want to bring it into 1 minute 10, something that. Okay. Without looking at the name.
Okay. 1 minute 10. Yeah. I'm covering up the title with my hand. Oh, how do I move the— Oh, I have to press play.
Yeah.
Play. 1 minute 10. All right. I haven't seen what it's called.
Okay, good. Listen, and then we'll listen to your reaction.
Okay.
Listen, there's certain wellness practices that people are doing online that are— that they're really rigorously promoting, such as extreme veganism, or on the other side of the coin, extreme carnivorism.
And I kind of go, can't we have a balance? How can I find a way that makes me feel the most juicy and excited to be alive?
And for me, it's drinking my piss once a day makes me feel good.
And I kind of go, can't we have a balance? How can I find a way that makes me feel the most juicy and excited to be alive?
And for me, it's drinking my piss once a day makes me feel good.
I'm so sorry if you were having breakfast. I wasn't— I've just seen the title of the episode as well. Yes. Oh dear.
Wonderful. So that was one of the episodes, right? One of these weird health gurus. So it's just really interesting and very varied.
And I loved it and I love her and I think it's great. And so check it out. This is my pick of the week, The New Gurus. You can find it on BBC Sounds or wherever you get your podcasts.
And I loved it and I love her and I think it's great. And so check it out. This is my pick of the week, The New Gurus. You can find it on BBC Sounds or wherever you get your podcasts.
Thanks very much, Carole. Now, you've been chatting to the folks at DigiCert this week, haven't you?
Yes, I have a lively interview with DigiCert's Brian PKI Trzupek. We ponder how organizations can know what they don't know, and Brian's got the answer, so listen up.
So listeners, today I have the pleasure of introducing Brian Trzupek. He is the Senior Vice President of Products at DigiCert. Welcome to the show, Brian.
I am totally thrilled to speak with you.
So listeners, today I have the pleasure of introducing Brian Trzupek. He is the Senior Vice President of Products at DigiCert. Welcome to the show, Brian.
I am totally thrilled to speak with you.
Oh, thank you for having me. I'm excited to talk about this too, Carole.
I'm glad because this is not my forte, the world of PKI and certificates. So I hope you don't mind that you're going to be educating me as we chat.
No, no problem. It's a weird world I've been a part of for too many years. I think it's been about 20 years at this point.
So, you know, I'm definitely used to helping people understand this crazy thing called PKI.
So, you know, I'm definitely used to helping people understand this crazy thing called PKI.
Okay, fantastic.
Well, you do seem to be the guy to chat to because I see in your bio that it says you're a crypto and security tech by day and night and that you worked on the Internet of Things before it was cool.
And that PKI is your middle name.
Well, you do seem to be the guy to chat to because I see in your bio that it says you're a crypto and security tech by day and night and that you worked on the Internet of Things before it was cool.
And that PKI is your middle name.
You know, you got to put things on LinkedIn people remember.
So, well, there you go.
And they're true though, too.
So maybe you could expand on this a little. How did you end up as Senior Vice President of Products at DigiCert?
Oh, man. Gosh, how long is this podcast? The short version is, you know, I've been just inquisitive my whole life. I have been taking things apart, building things.
I'm a software engineer by nature. I still code every single day, right? On all kinds of stuff.
But that kind of exploration that got me into the security— breaking things is fun, fixing them and trying to prevent other people from breaking them is even better.
And my paths led to PKI, you know, quite a while ago. And, you know, then I kind of just sunk into this space and, you know, worked with DigiCert.
Now this is my second time with DigiCert. So I'm a boomerang. I left and came back.
And, you know, this coming back into it this time is kind of after we bought Symantec and pulled that and rolled that into the business.
And I kind of helped grow the unified business moving forward and picked up a number of roles.
And for the last, probably the last 5, 6 years I've been on the product side and, you know, kind of helping lead the strategy and vision and the product teams to execute against what we're trying to do to help make PKI easy for people because it is esoteric and kind of a weird thing, but it's at the heart of everything.
And so that makes it really important. So, you know, we try and help make that easy for people.
I'm a software engineer by nature. I still code every single day, right? On all kinds of stuff.
But that kind of exploration that got me into the security— breaking things is fun, fixing them and trying to prevent other people from breaking them is even better.
And my paths led to PKI, you know, quite a while ago. And, you know, then I kind of just sunk into this space and, you know, worked with DigiCert.
Now this is my second time with DigiCert. So I'm a boomerang. I left and came back.
And, you know, this coming back into it this time is kind of after we bought Symantec and pulled that and rolled that into the business.
And I kind of helped grow the unified business moving forward and picked up a number of roles.
And for the last, probably the last 5, 6 years I've been on the product side and, you know, kind of helping lead the strategy and vision and the product teams to execute against what we're trying to do to help make PKI easy for people because it is esoteric and kind of a weird thing, but it's at the heart of everything.
And so that makes it really important. So, you know, we try and help make that easy for people.
It's atoms, you know, they're there, you know, you're completely dependent upon them, but you don't actually think about them very much.
That's right. I talk to people all the time at parties. They're like, you do what? I'm like, it's on everything in your pockets, your phone.
You know, you have it, you just don't even know.
You know, you have it, you just don't even know.
Yeah, exactly. Now, you must have been busy with your new job because times, they are a-changing. There's been a lot of flux in the ecosystem in the last few years.
Apparently, we've seen 3 times increase in remote workers, and that means companies have to move to the cloud.
And I mean, this must be jarring, to say the least, for a lot of companies out there. And it must expose pain points. What have you seen?
Apparently, we've seen 3 times increase in remote workers, and that means companies have to move to the cloud.
And I mean, this must be jarring, to say the least, for a lot of companies out there. And it must expose pain points. What have you seen?
Yeah, no, you're right. I mean, it's one of the big things we saw, right, as all the pandemic stuff shifted in and people working from home.
You don't think of it right as a worker, you know, somebody who's employed somewhere and trying to get a job done.
But there was other people at those companies who had to make that work, right?
And so that meant bandwidth, that meant compute, that meant systems, that meant security so you could access things remotely that you once weren't accessing remotely.
There's this domino effect of all of these things that needed to happen to get those people working remote.
Those happen very, very quickly, Carole, because the companies needed to do this on a dime.
And so as they were moving forward and doing these things, you know, I'm not going to say every company out there made bad security decisions, but certainly we have seen people cut corners and went very quickly to support what was a very dynamic change at the time.
And now we're seeing on the tail end of that, right? Companies are returning to the office and things are happening.
And there's all these systems now that they're looking at and the infrastructure that came with it. And they're saying, man, oh, okay, is this secured the way we want it to be?
And is this operating in the way that it should? Are we meeting the corporate policy and risk profiles of how we deploy these systems, manage these systems?
And so there's this renewed look at that infrastructure that grew unbounded very quickly from a security perspective. And so, yeah, we definitely see that growing.
You don't think of it right as a worker, you know, somebody who's employed somewhere and trying to get a job done.
But there was other people at those companies who had to make that work, right?
And so that meant bandwidth, that meant compute, that meant systems, that meant security so you could access things remotely that you once weren't accessing remotely.
There's this domino effect of all of these things that needed to happen to get those people working remote.
Those happen very, very quickly, Carole, because the companies needed to do this on a dime.
And so as they were moving forward and doing these things, you know, I'm not going to say every company out there made bad security decisions, but certainly we have seen people cut corners and went very quickly to support what was a very dynamic change at the time.
And now we're seeing on the tail end of that, right? Companies are returning to the office and things are happening.
And there's all these systems now that they're looking at and the infrastructure that came with it. And they're saying, man, oh, okay, is this secured the way we want it to be?
And is this operating in the way that it should? Are we meeting the corporate policy and risk profiles of how we deploy these systems, manage these systems?
And so there's this renewed look at that infrastructure that grew unbounded very quickly from a security perspective. And so, yeah, we definitely see that growing.
I mean, it makes sense. Even if someone said to me, here, plug this TV and this whole sound system together really quickly, I'd make a mess of it. It would probably work.
Right, the right speaker works, but the left one doesn't.
Right, but it would be a bit of a mess because when we have to work really quickly, we can't sit there and pay attention to every single thing.
Okay, so you've got this environment where people are now back in the office and they want to fix things. Are they aware that they have a lack of visibility?
Is that something that most companies admit to?
Okay, so you've got this environment where people are now back in the office and they want to fix things. Are they aware that they have a lack of visibility?
Is that something that most companies admit to?
It is. It's maybe one of the most surprising things, right? We see— we sit down with customers.
You know, I was just in Australia and Malaysia and kind of did a tour out there a couple months ago talking a bunch of customers and that, you know, just the recurring theme from everybody is we don't know where all the stuff is, right?
They're trying to, you know, they have this infrastructure that they're trying to manage and the perimeter of that infrastructure has changed because maybe they had everything kind of in-house or in their data centers or a cloud or something, however they had it configured.
And now they've got all this other stuff, right? And it continues to grow. And then maybe not even related to, you know, pandemic stuff, but just natural growth of the business.
They got multi-cloud environments. They've got, you know, different things that are happening. How do they view security across that whole thing?
And, you know, there's somebody who's a CISO or there's somebody that is thinking across the organization about security and how it rolls into all these different things and functionalities that are rolling out in systems and things inside of a company.
But then you kinda have the challenge we hear and see from the customer perspective is, there's always these pockets, right?
It's kind of almost an internal, political problem at the companies because, you know, team A and team B, they don't have the same reporting structure, and they maybe view that this is their area and for team A, and this is their area for team B.
And they choose different technologies, or they deploy things with different risk profiles, and nobody's kind of coordinating that.
You know, when something happens or a review or an audit or something, you know, something occurs to look at the system, inevitably, you said with your stereo, they find that somebody didn't plug the right speaker in, and you're always supposed to plug the right speaker in per corporate policy first.
Right? And so these are the things that they see happen.
And so then they're, man, we just don't have the visibility across all those kind of different silos of operation as to what is happening from our digital trust footprint with the assets in our environment.
And it's— we hear it everywhere. It's the starting point of the conversation with the customers.
You know, I was just in Australia and Malaysia and kind of did a tour out there a couple months ago talking a bunch of customers and that, you know, just the recurring theme from everybody is we don't know where all the stuff is, right?
They're trying to, you know, they have this infrastructure that they're trying to manage and the perimeter of that infrastructure has changed because maybe they had everything kind of in-house or in their data centers or a cloud or something, however they had it configured.
And now they've got all this other stuff, right? And it continues to grow. And then maybe not even related to, you know, pandemic stuff, but just natural growth of the business.
They got multi-cloud environments. They've got, you know, different things that are happening. How do they view security across that whole thing?
And, you know, there's somebody who's a CISO or there's somebody that is thinking across the organization about security and how it rolls into all these different things and functionalities that are rolling out in systems and things inside of a company.
But then you kinda have the challenge we hear and see from the customer perspective is, there's always these pockets, right?
It's kind of almost an internal, political problem at the companies because, you know, team A and team B, they don't have the same reporting structure, and they maybe view that this is their area and for team A, and this is their area for team B.
And they choose different technologies, or they deploy things with different risk profiles, and nobody's kind of coordinating that.
You know, when something happens or a review or an audit or something, you know, something occurs to look at the system, inevitably, you said with your stereo, they find that somebody didn't plug the right speaker in, and you're always supposed to plug the right speaker in per corporate policy first.
Right? And so these are the things that they see happen.
And so then they're, man, we just don't have the visibility across all those kind of different silos of operation as to what is happening from our digital trust footprint with the assets in our environment.
And it's— we hear it everywhere. It's the starting point of the conversation with the customers.
Right. And it makes sense because, you know, you don't know what you don't know, right?
Exactly. And you're right, because they will tell us, hey, look, this is— we know about these things over here.
We got these things under control, but we know we don't know what is over there. And that scares us.
We got these things under control, but we know we don't know what is over there. And that scares us.
Yeah.
Because we don't know what it is, so we don't know how to fix it. So we don't know. So help us.
Okay.
So they come to you and they go, DigiCert, help us. Brian, help us. Right? And you go, well, I have this brand new DigiCert Trust Lifecycle Manager available.
So this is a brand new service you guys are offering.
So this is a brand new service you guys are offering.
Yeah.
Congratulations. That must have been a lot of work.
Thank you. Yeah, you're talking years of work here. So we're very happy.
Okay, break it down for us. What can you tell us about it?
Yeah, so I think that the thing that's interesting, so this is a new service that we're offering, new product, but it's built kind of on the shoulders of giants, right?
We have all of this technology that goes back literally 18, 20 years in some cases to some of the Symantec and Verisign things that we've acquired through the years, right?
There's all this best of breed. Remember I mentioned PKI is just this nuance. It's kind of this difficult thing to understand.
So there's all this tooling that's developed over the years to make it easy to use.
And so we as kind of the leaders in digital trust and PKI, we have just this wealth of these tools and I kind of refer to them as Lego bricks.
And so what we've done is taken all those Lego bricks that make it very easy to manage things related to PKI for users or for their devices or for the servers in a company.
We've taken all those Lego bricks, put them together under a single pane of glass for that visibility you were talking about to allow customers to have that central management and control plane across that digital trust, those digital trust assets so that they centrally control.
And there's kind of this, the way that we approach what the customers are doing kind of tells it best because the customers first want to inventory everything.
They want to find everything. And there's a variety of ways to do that. That's a whole other podcast, but there's all kinds of stuff that they want to do to build that inventory.
And then they get to the stage of saying, okay, now we know where all the things are. Tell me what I care about.
And I don't because there's some things I'm never going to care about. Don't ever talk to me about them again. But then there's the things I really do care about.
Keep me notified and updated and get that information to the right people at the right time so they can make the right decisions on those things.
And then because PKI is so complex, don't allow those people to make silly decisions on their own. Automate it for them, right?
Automate how all of that stuff works when you replace it, when you rotate it, when you put a new one, when you fix an old one, just automate that so it follows a central policy.
People aren't deviating from it. It behaves the same way across all the systems in the enterprise.
And then that's kind of the last lane is this technology with all those Lego bricks is able to connect to all sorts of technology in that enterprise, which is critical because again, PKI is used everywhere in everything.
And so us having that ability to interconnect and talk to all of those things, it's kind of the table stakes to make the whole system work.
And we just skin that all on top of it with, again, that single pane of glass so customers can control all of that from one central place.
And then they can deploy that how they choose.
They can use that as a service from us, completely managed and do what they're going to do with the assets that they're managing, or they can deploy it in their cloud side by side with their assets that they're managing there.
Or if they have an on-premise need, third party, country where they need data residency, PKI key sovereignty, etc., they can do that too.
And so it's just that flexibility and that whole use case that we're covering and really allowing customers to have that full stack completely integrated top to bottom to solve their problem and reduce outages and mitigate risk.
We have all of this technology that goes back literally 18, 20 years in some cases to some of the Symantec and Verisign things that we've acquired through the years, right?
There's all this best of breed. Remember I mentioned PKI is just this nuance. It's kind of this difficult thing to understand.
So there's all this tooling that's developed over the years to make it easy to use.
And so we as kind of the leaders in digital trust and PKI, we have just this wealth of these tools and I kind of refer to them as Lego bricks.
And so what we've done is taken all those Lego bricks that make it very easy to manage things related to PKI for users or for their devices or for the servers in a company.
We've taken all those Lego bricks, put them together under a single pane of glass for that visibility you were talking about to allow customers to have that central management and control plane across that digital trust, those digital trust assets so that they centrally control.
And there's kind of this, the way that we approach what the customers are doing kind of tells it best because the customers first want to inventory everything.
They want to find everything. And there's a variety of ways to do that. That's a whole other podcast, but there's all kinds of stuff that they want to do to build that inventory.
And then they get to the stage of saying, okay, now we know where all the things are. Tell me what I care about.
And I don't because there's some things I'm never going to care about. Don't ever talk to me about them again. But then there's the things I really do care about.
Keep me notified and updated and get that information to the right people at the right time so they can make the right decisions on those things.
And then because PKI is so complex, don't allow those people to make silly decisions on their own. Automate it for them, right?
Automate how all of that stuff works when you replace it, when you rotate it, when you put a new one, when you fix an old one, just automate that so it follows a central policy.
People aren't deviating from it. It behaves the same way across all the systems in the enterprise.
And then that's kind of the last lane is this technology with all those Lego bricks is able to connect to all sorts of technology in that enterprise, which is critical because again, PKI is used everywhere in everything.
And so us having that ability to interconnect and talk to all of those things, it's kind of the table stakes to make the whole system work.
And we just skin that all on top of it with, again, that single pane of glass so customers can control all of that from one central place.
And then they can deploy that how they choose.
They can use that as a service from us, completely managed and do what they're going to do with the assets that they're managing, or they can deploy it in their cloud side by side with their assets that they're managing there.
Or if they have an on-premise need, third party, country where they need data residency, PKI key sovereignty, etc., they can do that too.
And so it's just that flexibility and that whole use case that we're covering and really allowing customers to have that full stack completely integrated top to bottom to solve their problem and reduce outages and mitigate risk.
It's like you're the superstore of certificates, just a one-stop shop.
That's right. Yeah, we're keeping everything running for them and trying to just reduce that risk footprint for them.
But that is, it's not just a risk footprint that it reduces. It's also a time footprint, right?
If you have one point of contact where you can go, hey, I need some help, or hey, can you explain this to me?
If you have one point of contact where you can go, hey, I need some help, or hey, can you explain this to me?
It is. Yeah, you're right.
And it's probably, you know, obviously these organizations have a ton of servers, you know, depending like an enterprise, average enterprise has something like 50,000 certificates that they manage.
That's let alone on me or servers, just servers.
When you look at the user side of the house, Carole, it's insane because you look at a Fortune 500, they have on average about 50,000 employees.
If each of those employees has an iPad, an iPhone, and a laptop, they probably have 3 to 5 certificates that company has issued to make all that infrastructure work.
So their VPN works, their Wi-Fi works, all these things are happening.
And how do you get all that stuff onto those devices without that user calling support and saying my thing didn't work, right?
Yeah, that's what our technology solves is making sure that all that works transparently.
So you wake up in the morning on Monday, all of your devices are secure, they're working, they're configured, and you as a user never even knew the better.
And you certainly didn't have to call anybody to go ask for help and suffer downtime and incur costs to help try and fix that stuff.
And it's probably, you know, obviously these organizations have a ton of servers, you know, depending like an enterprise, average enterprise has something like 50,000 certificates that they manage.
That's let alone on me or servers, just servers.
When you look at the user side of the house, Carole, it's insane because you look at a Fortune 500, they have on average about 50,000 employees.
If each of those employees has an iPad, an iPhone, and a laptop, they probably have 3 to 5 certificates that company has issued to make all that infrastructure work.
So their VPN works, their Wi-Fi works, all these things are happening.
And how do you get all that stuff onto those devices without that user calling support and saying my thing didn't work, right?
Yeah, that's what our technology solves is making sure that all that works transparently.
So you wake up in the morning on Monday, all of your devices are secure, they're working, they're configured, and you as a user never even knew the better.
And you certainly didn't have to call anybody to go ask for help and suffer downtime and incur costs to help try and fix that stuff.
Well, when I was a warrior bunny that had to— road warrior, that's what we used to call it— and had to travel and had to use— I worked for a security company and I couldn't ever get my computer to work when I was in a hotel.
You know the pain.
I know the pain. I know the pain. This sounds all amazing and you've summed it up so well. Is there anything that you would like to add?
Yeah, I mean, I think the one thing that's interesting just from a differentiator indicator for how we're doing this that is super valuable and it's driven by customers, right?
I'd like to say we're geniuses and we figured everything out, but our customers really are just wise and tell us what to do, right?
And what they have said was, and they've been asking us for years to deliver this product in a way that it is fully integrated top to bottom, right?
So we're doing this technology in a way that our DigiCert certificate authority that issues publicly trusted and our private authority that issues, you know, enterprise trusted certificates can all be managed under the single pane of glass and it's fully integrated.
So there's no points of breakage for a customer. Everything just works top to bottom.
But with that same infrastructure, we've also extended that coming in Q1 here and then moving through the year, they'll be able to use any other certificate authority that they want, both public and private, and manage their certificates as well from the full lifecycle perspective through the same product.
And so that's one of the key things that we built this whole infrastructure, this whole platform architecture to be very extensible to support things like that.
And now we'll get those rewards as the year goes forward because customers will be able to make a lot of decisions.
No customer has an environment where they're using just one thing. We're going to allow them to manage all the things in those environments.
I'd like to say we're geniuses and we figured everything out, but our customers really are just wise and tell us what to do, right?
And what they have said was, and they've been asking us for years to deliver this product in a way that it is fully integrated top to bottom, right?
So we're doing this technology in a way that our DigiCert certificate authority that issues publicly trusted and our private authority that issues, you know, enterprise trusted certificates can all be managed under the single pane of glass and it's fully integrated.
So there's no points of breakage for a customer. Everything just works top to bottom.
But with that same infrastructure, we've also extended that coming in Q1 here and then moving through the year, they'll be able to use any other certificate authority that they want, both public and private, and manage their certificates as well from the full lifecycle perspective through the same product.
And so that's one of the key things that we built this whole infrastructure, this whole platform architecture to be very extensible to support things like that.
And now we'll get those rewards as the year goes forward because customers will be able to make a lot of decisions.
No customer has an environment where they're using just one thing. We're going to allow them to manage all the things in those environments.
Wow.
Brian Trzupek, Senior Vice President of products at DigiCert. A huge thank you for taking the time to chat to us and educate me. I'm practically an expert.
Yeah, you are welcome. I'm glad to be here. Thanks for having me.
Listeners, you can learn oodles more about DigiCert and their brand new lifecycle management service at smashingsecurity.com/digicert. That's smashingsecurity.com/digicert. DigiCert.
And thank you so much to DigiCert for sponsoring the show.
And thank you so much to DigiCert for sponsoring the show.
Very interesting. Well done. Excellent. Well, that just about wraps up the show for this week. You can follow us on Twitter @SmashingSecurity. No, Twitter allows to have a G.
We're also on Mastodon. You can find our Mastodon account if you go to smashingsecurity.com/mastodon and look up the Smashing Security subreddit on Reddit.
And don't forget to ensure you never miss another episode. Why would you want to miss another episode?
Follow Smashing Security in your favorite podcast apps, such as Overcast, Apple Podcasts, and Spotify.
We're also on Mastodon. You can find our Mastodon account if you go to smashingsecurity.com/mastodon and look up the Smashing Security subreddit on Reddit.
And don't forget to ensure you never miss another episode. Why would you want to miss another episode?
Follow Smashing Security in your favorite podcast apps, such as Overcast, Apple Podcasts, and Spotify.
Huge high fives to the episode sponsors, Bitwarden, DigiCert, and Seelet, and to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 306 episodes, check out smashingsecurity.com.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 306 episodes, check out smashingsecurity.com.
Until next time, cheerio. Bye-bye.
Bye.
La di di.
Yeah, you'll really the podcast, man. It's great. New Gurus.
All right. Yeah, I will subscribe to it.
Yeah, yeah, it's great. And she's got a great voice.
Tremendous.
Mhm.
Well, she's BBC talent.
Mhm.
You expect that.
She's just good.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Episode links:
- Artis Pabriks.
- ‘I left my partner and lost £80,000 to a fake Facebook romance’: Manchester mum’s warning over catfishing scam – Manchester World.
- ‘I know I have been a fool but these are the things we do for love’, says mum duped out of £80k by Facebook lover – Manchester Evening News.
- Amazon Warns Employees to Beware of ChatGPT – Gizmodo.
- ChatGPT’s soaring popularity has added $5 billion to the wealth of Nvidia’s founder as Wall Street bets on AI boom for the chipmaker – Business Insider.
- ChatGPT raises red flags by acing MBA exam.
- ChatGPT passes exams from law and business schools – CNN.
- I asked ChatGPT how to negotiate a raise. Career coaches said I’d probably get one by following the AI chatbot’s steps and script – Business Insider.
- Real estate agents say they can’t imagine working without ChatGPT now – CNN.
- Science journals ban listing of ChatGPT as co-author on papers – The Guardian.
- Blakes 7 Bot – an automated bot that posts lines of dialogue from Blakes 7.
- Yarn – Find video clips by quotes.
- The New Gurus Podcast – BBC Sounds.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Bitwarden – Bitwarden vaults are end-to-end encrypted with zero-knowledge encryption, including, the URLs for the websites you have accounts for. Migrate to Bitwarden for a more secure password manager.
- DigiCert – DigiCert’s Trust Lifecycle Manager sets a new bar for unified management of digital trust.
- Sealit – Zero Trust Data Protection: protect, share, and monitor confidential emails and files – without passwords. Integrated with Gmail, Outlook, and file systems. Learn more and take advantage of Sealit’s special offer to “Smashing Security” listeners.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
