Smashing Security podcast #312: Super grannies, bar trolls, and US Marshals

Imagine the effect of tears on a grandparent, their heartstrings being plucked.

You don't know my grandmother. I tell you what, she would kneecap that person with her umbrella. She'd be like, get out of here.

It is true, the Terriots are a dangerous lot. Smashing Security, Episode 312 Super Grannies, Bar Trolls and US Marshals With Carole Theriault and Graham Cluley. Hello, hello and welcome to Smashing Security, Episode 312. My name's Graham Cluley. And I'm Carole Theriault. And this week on the show, Carole, who are we joined by?

By the lovely Anna Brady. Hi, I'm back. Thank you for having me. Finally, I know.

We all used to not work together as well, as I remember. There were quite a few times.

No, there was no messing about Graham. Well, you can speak for yourself. I worked very, very hard. Exactly. Anna, what's new? It's been a while. I know. Well, what have I been doing? I am still doing what I was doing before. So I'm helping cybersecurity companies with their content. And actually, thank you for asking, Carole, I have a tiny space for another client, so can I use this as a little promo? Sure. We'll send you the invoice.

We'll add to the ad music underneath you talking. How about that? Perfect.

Well, just get me on LinkedIn or Twitter if you need help with your content or your social media. Thanks.

Okay, how about we get this show on the road before we kick off? Let's thank this week's sponsors, Bitwarden, Collide and Drata. It's their support that help us give you this show for free. Now coming up on today's show Graham, what do you got? All the older ladies.

Anna, what about you? I'm talking about an iPhone theft that ends up with you losing more than your device.

And aren't we going to be talking about ransomware everywhere? What are we going to do? Plus we have an interview with Collide's CEO, Jason Meller, where he unveils some exciting news around end user remediation. All this and much more coming up on this episode of Smashing Security. Now, chums, I don't think it will come as a surprise to either of you that I am well known for my love of the ladies. Yes, it's true, isn't it? It's true. I do. I especially older ladies. Diana Rigg, Ingrid Bergman.

Is that why you don't speak to me, Graham? When you say ripe, do you mean stinky?

Do you mean slightly squishy? Because I say that about, you know, if I'm near somebody and they're a little bit honky. Am I going to go to Anna and go bit ripe or bit ripe?

No, I just the more elderly lady, the more experienced lady, not because I'm going to romance scam them or anything that, not because I'm interested in the inheritance, because I feel more comfortable. I feel there's less testosterone swishing around. And they've got good stories, right? They're going to have some tales to tell me.

Hold on, isn't there more with an older lady? Yeah, and whose testosterone are we talking about? Basically, you're saying you're not turned on by them, so it's much better for you. You can hold a conversation.

You're just ridiculous. When I was in my 20s and we worked together, your testosterone was just flying about. Hard to avoid it.

I would say the older lady, she's salt of the earth. But if you're ever in trouble, you can always try to find an older lady to help you out. That's some piece of advice that I was given as a child. If you get lost, go and find an older lady who'll look after you. Go and find a mum or maybe a granny as well.

Actually, that is the advice I give. I give my son that.

Yeah, yeah. Don't go to the security guard. Go to an older lady. Go to a lady. The older bit didn't ever feature in my mind. That's a good point.

I still live by this. So if you're lost, you will go and find an older lady.

Absolutely. I definitely will. Which I suppose, as I get older, is going to become more and more difficult. And I may have to ask for ID.

Just call up Diana Rigg.

Anyway, so imagine, for instance, imagine you are out with your mate Dave, right? You're in his car, you're driving around in the evening, and you have a car accident. Crash, bang, wallop, right? Imagine, oh, crumbs. So there I am. I've had a car accident. The cops come along, and the cops say, okay, get out of the vehicle, they say. And you step out of the vehicle and they find some suspicious substances, not easy to say with your teeth in, in the glove compartment. And you get arrested because there are pills or some sort of narcotic possibly in there. You get arrested. You get put in a little cell for a while and you need bond money to get out. Right.

You're in jail. You're in jail and you need money. You're in jail. You're in jail and you need money.

You're in a sticky pickle. And as we know, when you find yourself in a sticky pickle, Carole and Anna. Yeah, a respectful nod. What do you do? What do you do? What do you do if you're stuck in a sticky pickle? We listen to a podcast, first of all. They could have taken your earphones off you in case you try and hang yourself from the ceiling. They probably haven't let you do that. You just go,

I have a phone call, lawyer.

Right? You could ring a lawyer.

Do I call an old lady?

I would call up grandma. That's what I would do. I would ring up my grandma. You definitely do not.

Is she still with us? I don't think I could call mine.

No. Okay. My grandma isn't still with me. I'll bring up someone else's grandma. Maybe. What you don't do is you don't ring up your parents. Because your parents. They're going to be furious with you. What are you doing out with Dave? You know Dave's a big drug head. Why are you doing that? You know what his car's like and his driving's like. You know if he's been sniffing something. Or if he's been drinking stuff. Because you don't want to earach. You don't call up your parents. You ring up your granny. and that is what happened to 74 year old Bonnie Bednarik she got a phone call out of the blue she's a granny and the person on the line said oh granny i'm in jail there's been a crash dave's car pills in the glove compartment i need some cash did you go who's this she did she said she said who's this oh and he said and he got really upset he said granny granny how can you not recognise me? How can you not recognise my voice? And so Bonnie Bednarik, she said, oh, is that Steve? Is that little Steve? Yes, yes, it's Steve here. And I'm in jail. I need you to get me out $9,300 Canadian dollars. Can you get me $9,300 Canadian dollars?

What'd you do there, Steve? Well,

what I did was I was just innocently in the car. Dave had a crash. He had some pills in the glove compartment. I haven't done anything wrong. I just need to get out. I just need you to pay the bond so I can get out. You know

what I'll come let me come to you. Let me come to you. You need a hug from Granny.

No no no Granny. Granny you stay there. You stay there Granny. I'll send my mates round I'll send my mates round and they'll go and pick up the money and they'll bring it to me. Just fuck off. Just fuck off. Now this was the third time in the last year that Bonnie had received such a call from one of her grandchildren having a crash in Dave's car. So the first couple... How does Granny not

recognise her grandkids' voice? First of all, does she even have grandkids? Well,

this is the thing, Carole. What? She did. The first two calls she received over the course of the year, she hung up. But this time she was feeling mad that they'd rung her again. She thought, I can tell that this is a fishy activity. And that's why... Okay, so she's on to them. She's on to them. So when the person on the other end of the line acted all upset that she didn't recognise her voice, she said and was saying, oh, come on, it's your grandson. She said a name that wasn't her grandson's. Oh. And so the guy pretended to be the grandson said, yeah, yeah, Stevie here, Stevie here. And so what she said then was, look, okay, look, what? $9,300. I'm going to have to call up the bank, she said. I'll call you back in 15 minutes, says Bonnie. So Bonnie picks up her phone. She hangs up on her so-called grandchild. And instead of ringing the bank, she calls the police. And the police, this is in Canada, by the way. Oh. Yes, now I thought, now you're... Picture interest. Right. It's a big country. Where, where, where? Now you're interested. So the fraud unit at the police got mobilised instantly. So they've constantly got a fraud department waiting. They're on a trigger. They're just waiting for the bat signal to go off. They will race out. And go where? To set up surveillance near Bonnie Bednarik's home. Oh. Really? Because the people are coming over to pick it up in person. Because Stevie in the jail, he can't come around to pick it up, can he? Because he's, quote, in jail. They're not going to let him out. Yeah, sure, you go out, go get some money. So he's using this ruse of I'll send a couple of my mates around to do this instead. Right. So the cops, they set everything up.

And they're dressed in plain clothes, right? So they've got fake mustaches.

Imagine how a normal Canadian looks, right? Yep, plaid shirt. Exactly. snowshoes. Canadians are

extremely fashionable and practical and I'll have nothing said about it.

Plaid shirts are, I am wearing one right now I look like Bryan Adams myself.

Canadians remove them now. It's suddenly changed

no longer on trend. So she kept him on the line but then she needed to keep him going for a little bit longer. Then she said, oh I have to ring my husband because I don't have the car in order to go out and get the cash from the bank. Because the cops said, waste his time. Exactly, waste his time because we're going to be putting our shirts on and getting all comfy and buying the doughnuts, you know, for the stakeout. But sure enough, after a while, these two goons showed up at Bonnie Bednarik's house asking for the $9,300 Canadian dollars and the fraud cops swooped. They collared them. And as a consequence, two men have been arrested. Apparently, the police say they've picked up a fairly large quantity of money. I don't know what that means. A fairly large. A few envelopes. From our

girl? From our grandkids? No, no,

Not from the granny. The granny never got the money, Carole. From the goons. It was from the goons. Because they've been doing this on lots of grannies and keeping the money in their wallets. Well, you know, or they went to their house. I don't know the exact details. No, I demand research. I tried quite hard.

It does seem like you have.

And I haven't found out where the money was held in an envelope. I don't know exactly where the envelope was, but they captured these two chaps. This is in Windsor, by the way. Windsor, which is, is that Ontario, Carole?

Yeah, Windsor, Ontario. I went to university very close to that. Ah, there you go. So, and they actually rolled out Bonnie Bednarik, the 74-year-old granny, at the press conference, where she gave a warning to—

I meant in a wheelchair.

No. They brought her out in front of the microphone. They invited her on stage. She strode out like a conquering hero and she advised all of the senior Canadians that they need to be vigilant and if you get a call like this never ever release your grandson and granddaughter's name. Make them say what it is and maybe perhaps have a better relationship with your grandchild that you actually recognise their voice. That could also be a good tip, perhaps. Yeah. And call your family, call the police, but don't obviously have people coming around and picking up tens of thousands of Canadian dollars.

I can't imagine many, you know, older people would be like, oh, yeah, send around some guys I've never met because I live on my own and that feels great.

The boy was crying, Carole. Imagine the effect of tears on a grandparent. Their heartstrings being plucked.

You don't know my grandmother. I tell you what, she would kneecap that person with her umbrella. She'd be like, I'll get out of here.

It's true. The Theraults are a dangerous lot. Anyway, I think so often you will hear people saying, oh, the elderly are getting scammed all the time. Well, sometimes the elderly are much, much smarter and much more on their toes. So good for Bonnie and good for you, Grandma. Well, thanks very much. If I am ever in Windsor, Ontario, I may look up Bonnie Bednarik and perhaps want to hang out with her.

I just meant you're getting older. It's not old now, maybe not. One day, too, you will be bright on these things.

Ah, fantastic. Anna, what have you got for us this week?

OK, so, Graham, I need you to do a bit of role play with me for this one.

OK, fine.

Okay. So can we just set the scene? So you're in a bar with your friend Carole.

Unlikely.

Yeah, carry on. Different tables. Well, whatever works. And you're dancing and a sexy lady comes up to you, okay?

Oh my God. Sexy older lady.

Whatever. Yeah, fine. Diana Rigg.

Oh, Diana Rigg. Like a weekend at Bernie's.

Oh, lovely. Someone wheels out Diana Rigg. Okay, so I'm going to be this sexy lady, okay? So I'm sorry about this. Hey, I noticed you across the bar. Do you come here often?

Only in the mating season.

Gosh. You didn't get a drink in your face at that point. I think I would have given up if I was this woman. But anyway. Oh, look at my phone case. Look how cracked it is. I'm so clumsy. Actually, I need a new one. Hey, I bet you've got a cool case. Can I have a look? Show me your phone. What's your case like?

With pleasure. With pleasure. Let me bring out my iPhone.

Oh, we have the same size iPhone. That's very handy. Oh, yes. And look at the case. That's so cool. Does it have Diamante on it?

It's a little blingy. Has a magnetic catch on it. Do you like that?

Oh, yes. I like that you've got a little holder so that you can take a photo. Ashley, is that your friend over there? Do you want me to take a photo of you? Yeah. Come on. Give me your phone. Oh, yeah. Let me take a photo of you. Oh, yeah. Me and Carole. Yeah.

Why not? Yeah. We could use that on the website. Great. Thanks.

Not too close. Not too close. Ready? Oh, it's great. I love it. I love it. Oh, sorry. I turned your phone off. I'm sorry. I said I was clumsy. Sorry about that. And cut.

Cut? What? What's happened? Can I have my phone back? Can I have my phone back?

You can have your phone back. Oh, okay. So you've had a great night. You've got your phone back. You've danced with your new sexy lady friend. And then you part ways because, you know, you don't put out on the first date. And as you're leaving the club, you step out of the door.

Yes.

And your phone is swiped from your hand.

What? Oh.

I know. However, disaster doesn't end there, Graham. It's not just your phone that's been stolen. Within seconds, your phone is gone and the thief has changed your Apple ID. They've taken money from you, they've stolen your contacts and your photos. Your whole digital life has gone.

How very quick of them. How have they done this so rapidly?

Well, Graham, thank you for asking. When your lady friend accidentally turned your phone off, when you turned it back on even if you've got Face ID or Touch ID enabled you have to put your passcode back in, and she was sneaky. She watched you put your passcode in.

So... Oh. Was she nuzzling his neck or something?

She was watching from afar. But, you know, she could have...

With her eagle eyes.

Exactly.

Okay. So, one, two, three, four, five, six. She saw me enter that or whatever my code is. Right. Yeah. Shh, don't telephone.

Oh, stop. And better change it. So all that someone needs in order to change your Apple ID on your phone is your passcode. So when the thief steals your phone, they can use your passcode to get into it and then they immediately change your password which is associated with your Apple ID. And then that gives them continuous access to your account because they can force a sign out for everywhere that you're logged in and also disable Find My iPhone. So they've got your entire phone and everything in the cloud. They can run charges to your Apple account, they can take anything that's in the cloud, they can change the Face ID and Touch ID obviously. And if you've stored passwords on your device, then the thief can access other accounts as well. So if your social media account is on there, they can get that too. If you're using...

Like Apple Touch or whatever, your fingerprint or biometrics.

You can't because when your phone turns off, when you turn it back on, you have to re-enter the passcode. You do, yeah, that's right. So they will have seen Graham putting his passcode in.

So wouldn't it be good if Apple phones, when you switch them off and then switch them on again, rather than just asking for the passcode, if it actually said, "Okay, you've got the passcode, right? Now give me your fingerprint."

No, because people like me don't like to give our fingerprints to the phone. That's your choice, Carole.

But I'm just saying, for those people who've set up Touch ID or Face ID, why doesn't it ask you then to do that just in case someone has shoulder surfed you for your passcode on your phone.

Yeah, because Apple say it's rare that this is happening because it requires both the phone and the passcode. But police are saying it's much more common.

How do Apple know it's rare? What a load of old nonsense. Who's going to report it to Apple? Who's going to report that I had a woman nuzzle my neck while I entered my passcode? She seemed to like the cut of my jib, I found.

I mean, I don't know, maybe I just don't like people very much. I can't imagine it really happening in a bar, that type of thing, but I can totally see it happening on public transport or planes or Metro subways, all that.

Because when you're at an ATM or you're paying for something in the shop, everybody knows you cover your PIN, but you don't on your phone in the same way. Like you just... because it's rare for you to put your... have to put it... Do you know, my neighbors are... sorry, I digress, but my neighbors are identical twins. And they can open up each other's Face ID.

Can they? Have you identified which one of them is the evil one?

I can actually tell them apart. And they're both actually lovely. But I can tell them apart. But maybe that's because I have twin brothers. I don't know. But I don't find it hard. Weird.

Anyway, there you go. That's okay, that's fine. So just be careful when you're on a night out because if you've got to put your passcode into your phone, then cover it. And don't fall for the sexy ladies, Graham, even if they are over 80.

So aside from the theft, there's still nothing going on with the lady. Is that right? That's not going to go anywhere.

I'm sorry. That was the ruse.

Because now I'm imagining it's a sexy cat burglar lady, a sexy thief sort of thing.

Are you available or something? Like you're talking a lot about, you know.

Carole, what have you got for us?

Well, pop quiz to start. Do you know what the oldest federal law enforcement agency might be in the US?

Boston. Massachusetts. No. More federal. Federal. Oh, sorry. Federal agency. Yeah. The CIA. The FBI.

No, it's the U.S. Marshal Service.

Of course it's the U.S. Marshal Service.

Right? Because I remember, I watch cowboy movies where they'd be like, I'm the U.S. Marshal. Can you name some of the responsibilities of U.S. Marshals?

They marshal crowds if there is a lot of marshalling required. Yeah, they do marshalling. Do they pick up wrong-uns on the streets if there's someone doing something? I don't know. I'm not American.

Well yeah, Anna, maybe, you know. Do they patrol the streets late at night?

I'm really shocked, guys. I have no idea what they do.

So they nab federal fugitives. So if someone crosses state lines, for instance, the state cops don't have control over that. And they may not know what state. So they may then get the federal, the US Marshal Service involved to help them track down these fugitives.

That's why they have federal people who can sort of follow you across state, but you're not supposed to. I think cops aren't meant to follow you. Is that? Can we have someone American on this show who understands these things?

I'm just asking you. I know the answers. So don't worry about it.

Oh okay. You go ahead. I'm American. They also manage and sell seized assets acquired by criminals through illegal activities. So can you imagine the scene? You finally got some super duper rich dude who's gone across several states and he's finally arrested by the U.S. Marshal. Has this actually happened? Tickets to outer space being seized? The same thing happened to me when I read that.

I went into this crazy wormhole of what millionaires spend money on. Let me put a link in the show notes for you. Let's take a little break here from the serious stuff, shall we? Here you go. It's in my little section. Check that out. Just do a little quick search of that page and see if there's anything that blows your mind.

So Lady Gaga has spent $50,000 on an electromagnetic field meter to detect ghosts. Nicholas Cage, he's spent $150,000 on a pet octopus. It's just ridiculous, right?

Mike Tyson's got three tigers. $70,000 each. Jesus. And they must eat a lot of food, right? You really got to... Anywho, back to the marshals, back to the marshals. So the reason we're talking about it is because the US marshals have recently suffered a security breach where the attackers stole sensitive information. And it's being described as a major incident. So it's data on suspects. Yes, but the witness security program apparently has not been compromised. They claim the system was not connected to the broader network and was quickly shut down when the breach was discovered. But can you imagine that information getting in the wrong hands, witness protection? That would be just horrific.

Well, it works, doesn't it? It works for the criminals. They make money.

Yes, and they're getting better at it. So they warn that attackers are continuing to innovate, showing that the average time to complete a ransomware attack dropped from two months, so 60 days, down to less than four days.

That's crazy. What do you mean by complete? Do you mean complete as in they get their money?

Often it'll probably involve chatting up, getting the details, phishing someone for their account details, getting in. Being able to load up your stuff so that you can then, apparently they often put in vulnerabilities at this time before they start exfiltrating data.

Right, yeah, because then they can come back again, yeah.

Yeah, because they also lock up your data and then they use the data as part of the ransom and then if you don't pay up, they'll then post it on forums.

Now with the US Marshals, it isn't clear whether or not they're going to pay the ransom or if they're being threatened by the data being put online.

Hang on, I've had a thought. If the US Marshals are impounding all of this criminal stuff like exotic pets and fast cars and large amounts of Bitcoin, couldn't they use some of that to pay the ransom with? I think it's quite unethical. Could they say to the criminals, we'll give you a leopard?

Isn't it in some cases it's illegal anyway, I think, to pay? I think they can't. I don't think they can pay that ransom, can they?

Yeah, I don't think a federal authority will be allowed to even pay. But interesting, maybe that's what they're wanting to know. Where's my tiger? Right. Don't lose that. So I'm reading all this and I'm thinking, isn't it time for the powers to roll up their sleeves and get some real muscle, put some real muscle into the ransomware problem? Because otherwise, the situation's looking pretty bleak, right? We're seeing more and more of it. But maybe the time has finally come, guys. Maybe we're there because last week, the U.S. released its new national cybersecurity strategy. And there's one interesting tidbit that I thought I would share here, which is ransomware is now officially declared a national security threat. And it says it'll be unlocking military intelligence-level cyber tools. These are things that are typically used for state-backed attacks, stuff that we might say Chinese spies or Russian code, and they're going to be using against the ransomware gangs. Sounds things are heating up. Interesting. Yeah, don't mess with the US Marshals, right? So they're just getting heavier on them. Yeah, it's they had these tools all the time. They're oh, okay, fine, we'll dust them off and put them into action here.

Yeah. Is it going to stop them, though? I feel they're always in step ahead.

The problem, though, of course, is that we're trying to find out, well, what kind of stuff? Tell us about these tools. Tell us about this cyber offensive. And they're well, some of these operations are classified. So it's all very vague at the moment on that front. But I'm thinking if all goes as planned, we should expect to hear about many more ransomware takedowns and arrests, right? As this intelligence community gets more involved in the fight. And hey, that's good for us because we get to report some good news on this show for a change. Right. That'd be nice. Yes.

Hooray. Ah, they're doing it all for us.

That would be nice. We thank you. Any company can say they're trustworthy, but with this week's sponsor, Drata, you can prove it. With over 14 frameworks including SOC2, GDPR, HIPAA and ISO 27001, Drata gets you audit ready for crucial security standards needed to scale your business.

Our sponsor Collide has some big news. If you're an Okta user, then you can get your entire fleet to 100% compliance. How? If a device isn't compliant, the user can't log into your cloud apps until they fix the problem. It's that simple. Collide patches one of the major holes in zero trust architecture, device compliance. Without Collide, IT struggles to solve basic problems keeping everyone's OS and browser up to date. Insecure devices are logging into your company's apps, but there's nothing there to stop them. Collide is the only device trust solution that enforces compliance as part of authentication, and it's built to work seamlessly with Okta. The moment Collide's agents detect a problem, it alerts the user and gives them instructions to fix it. If they don't fix the problem within a set time, they're blocked. Collide's method means fewer support tickets, less frustration, and most importantly, 100% fleet compliance. Want to learn more? Of course, you do visit collide.com slash smashing. That's collide.com slash smashing. And thanks to Collide for sponsoring the show.

Our friends at Bitwarden have been busy this month adding some fab new features to their open source password management solution. Now, did you know that you can log into Bitwarden using a secondary device instead of your master password? Well, now you do. Logging in with a device is a passwordless approach to authentication. It removes the need to enter your master password by sending authentication requests to other devices you're currently logged into for approval. With login for device, it can be initiated on the WebVault, browser extension, desktop app, mobile app, and you can approve access on your mobile and desktop app version of Bitwarden. Very, very cool. And the Bitwarden team has hardened the security of its vaults, protecting new vaults with 600,000 iterations by default. And of course, existing accounts can also update themselves to the same level. These and many other great security features are incorporated all the time into Bitwarden, keeping your password secure from hackers. Learn more. Try Bitwarden for yourself at bitwarden.com slash smashing. That's bitwarden.com slash smashing. And welcome back. And you join us at our favourite part of the show. The part of the show that we to call Pick of the Week. Pick of the Week. Pick of the Week. Pick of the Week is the part of the show where everyone chooses something. It could be a funny story, a book that they read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related necessarily. Better not be. Well, as I mentioned earlier on, I older things. And what I don't to do is I don't...

I'm afraid, Carole. Only they liked him back is the problem. I don't like to be... This is a niche website that I'd like to recommend. I don't like to be too trendy.

All right, Anna. No danger. When everyone's raving about the same thing, I think, oh, I don't really want to check that out because, you know. You're subversive. I am. So I'd like to wait a few years. So I waited. You know that TV series Line of Duty. Everyone was talking about Line of Duty for years and years. As you did. Well, no, I didn't for years and years because I didn't watch it for years and years. I got on board on the very final series. And then I started watching number one. I am cool. I am cool. Is that cool? No. I'm a late adopter. Right, yeah. I have lately adopted a series called Happy Valley. Now, I've heard about Happy Valley in the past. Jesus Christ. Right. And Happy Valley, I thought it was going to be some sort of gentle kind of northern drama. Why, because there's

a nice older lady running the show? No, because it's called... That's why he likes it.

The title, Happy Valley, makes you think it's going to be a bit like All Creatures Great and Small or something. And I thought, well, that's not going to appeal to me. That's not going to be like slipping into a warm bath, I thought. Just, you know, very nice if you like that kind of thing, but not really my cup of tea. Anyway, people kept on talking about it. I thought, oh, really, is it such a big deal? So I thought, well, I'll just check out episode one of the first series. So I turned on Happy Valley and it has this actress, Sarah Lancashire. Used to be Raquel. She used, yes, Coronation Street, I believe, which is the top British soap, I think. I was going to say

EastEnders, can you believe how bad?

They're all the same. She was in a Doctor Who episode as well. So I just thought, oh yeah, I can imagine this all being cosy. No, it's not cosy. It's not cosy at all. Oh my giddy aunt. And it starts off a little bit funny before the title sequence comes in, but then it gets really quite dark quite quickly. And I was like, oh my giddy aunt. Anyway, I've watched the first series and it's a police procedural. There are wrong-uns. There are wrong-uns on the street and they're doing naughty things and the police are after them, headed up by an older lady who is a grandmother in the show, Sarah Lancashire. And that is why my pick of the week is Happy Valley, which I'm quite enjoying.

So good. Oh, I'll pretend to be Graham here. Anna, Carole, have you seen it?

Graham, thanks for asking. Yes, I have. Oh, that's interesting. It's very good. She is very good. He is very good. The sister, it's all brilliant.

The sister, the relationship between the sisters. Yes. What are their names and the characters' names? I can't remember now.

Catherine. Catherine. Yeah, and I can't remember what the other one begins with. The dialogue is very good. I watch it obviously with subtitles because I'm of that sort of age, and the dialogue is really quite witty, written by Sally Wainwright. It's not for the kids, I'd say that. There's some rather dark stuff going on. I don't know what the next two series are going to be like, but the first series was quite dark.

Yeah, yeah. Obviously, you're ahead of the trend here, Graham, but the boy in it, who's a tiny boy when you're watching the first series? It's the same boy. And he's in the last series, I think he's about 17 or something. So it's good to see the progression. That's interesting because he was very good in the first series. And I've only seen the first episode of series two. And they had a couple of scenes where he's notably not in shot. And they're sort of saying, stop kicking that ball against the wall. And you don't see him. And I thought maybe the actor's got too old or he's not available. So he is going to come back, is he? He was very good, I thought, in the first series. Right. That's interesting. Yeah, he's very good. Okay. Well, Carole, Graham, do you long for the simplicity of your childhood? Yes. Yes. Do you? Some aspects, yes. Let's not go there. Maybe, do you look back fondly at the TV shows you used to watch after school? What were your favorite ones?

She was some doll, some singer, pop singing cartoon something. It was ridiculous. Absolutely ridiculous. But I loved it.

I liked The Magic Roundabout, John Craven's Newsround. Rent a Ghost was quite good. Scooby-Doo.

Newsround was the most boring programme you could watch. And actually my son started watching CBBC and Newsround came on. He was like, this is the most boring show ever. And I said, I know how you feel. I felt like that too. So but, you know, we all have different interests. I preferred the kid dramas anyway. You've got to have a look at my80stv.com.

Ah, that would be why I've got a problem then, because I'd probably be after my70stv. Oh.

Sorry, I mean, I was looking at my90stv, but I made it my80stv. Sorry, I was unaware of the gap.

I like the user interface on this website. It's like an old style television with knobs.

Yes, and it says welcome back to the 1980s. Click on the power button to begin the journey. Okay, push. Oh, cool.

So you can it will shuffle through a load of old videos and you can toggle on which ones you want so you can say you want comedy and you want cartoons you can watch all of them there's fun it's

So nice and you can add picture noise to it I think if you press n so you can see it you can fuzz it up or less fuzz it. It's great I

Love how every time I change the channel goes yeah it's gorgeous really good pick of the week

Yes ah thank you it's perfect for procrastination

Very good very good my80s tv.com Carole what's your pick of the week

Well mine is also a visual thing so it's a movie one that is up for many awards right now like it's 11 oscar nominations so it's being kind of called the film to beat this year and it's called everything everywhere all at once have you guys heard of it or seen it

Ah well it's tipped for the oscars isn't it I think I've seen the trailer it does seem a bit bonkers were you distracted there for Is that good? I think he was. Oh, sorry. No, no, it's fine. It's fine. Did you say it was? We'll keep that in. We'll just show that. I was still watching the TV thing. I was, right. Yes, I've seen the trailer, Carole. It's bonkers. It's surreal. It's mad. Michelle Yeoh. Yeah, and how would you

Describe it? It's sci-fi. It's a comedy. It's martial arty. It's action-y. It's thriller-y. And there's also this whole surreal business happening around that. Yeah. And yeah, it's Michelle

Yeoh. She's the star of Graham. Wasn't she in Hidden Tiger Crouching Panda or something? One of those. Yeah, Crouching

Tiger Hidden Dragon. That's the thing. Yeah. Now, she plays Ling, who is the owner of a kind of rundown laundrette. But she discovers this ability to connect with parallel universes in order to fight evil. Yeah, we've all been there. Oh. Yeah. And Ling does this by teaming up with her other parallel selves to combat a formidable threat, right? One that's kind of closer to her than she realizes. So we have these upteen different lives that Ling is a part of, you know, when you go through all her different, in some she's glamorous, some are rather scary, some are humdrum, some are ridiculous. In one parallel world, we have raccoon, how do I say this? Racacuni, okay, instead of Ratatouille. And so it's a raccoon, you know. Ratatouille isn't

Made out of rats, just so you know. No, I know. But Racacuni is made out of raccoons, is it?

No, it's the same story, the same premise as Ratatouille, where a rat is helping you. Oh, at the

Film, not the food. Oh,

I see. The movie. I'm sorry. I didn't even think that.

Yes. So it's Davy Crockett with a raccoon on his head. And he's directing him as a how to cook in Racacuni.

Yes, but no. In another weird world, there's people with sausage fingers. It's just so crazy. Another one, we have googly eyes showing up randomly. It's kind of glorious, but it's nuts. If you, I haven't seen the trailer. I just watched it last night, but it's completely utterly nuts and so fast. It's a cheese dream. Yes. And it's so crazy though. It's I had to keep pausing it every five minutes to kind of catch my brain, catch my breath and calm my brain. Catch my brain. Yeah. Come back. Calm your breath. It's an assault, though, on the viewer. It's really, it's a big, long roller coaster, much longer than you expect to be on it at that kind of pace.

Were you throwing up? Were you feeling sick at the end of this? I think

I paused it because it was too much, yeah. Yeah, does it all come together? That sounds really mad. I don't. I hate it when all this is going on and then it doesn't sort of, I need it to sort of have a nice ending for it to feel like it's worth it.

I'm not going to be able to answer that without giving anything away. I'm sorry. But I can say there's a good cast. Jamie Lee Curtis plays an incredible, horrible IRS agent. And Kehui Kwan, he was from the Goonies. You remember that? He plays Ling's husband, Waymond, with a W. Waymond. You know, if someone said, did you like it? I'd be, I think so. But I'm really impressed by it. And I recommend it just to get a glimpse of the insanity of it all, because now you can stream it, right? Oh, can you? Yeah, it's on Amazon at the moment. That's where I found it. But you will be blown away by the amount of work that went into creating it. But will you like it? I don't know. So my pick of the week is the movie Everything Everywhere All at Once, which the movie does represent in its style. It lives up to its name. Find it on Amazon streaming services. Do

They wake up at the end and it was all a dream? That's how I'd finish a movie like that. I'm sure that would go down well.

Yeah, I'm sure everyone would line up. You'd be getting all the awards as well. All the awards. Now, Carole,

You've been chatting to the people at Collide this week. Yes. Well, I caught up with Collide CEO Jason Meller. What a passionate guy. He shared some big news with us. So listen up, folks.

Oh, thank you so much for having me.

We chatted actually last year. Our interview is featured on episode 265, if listeners want to check that out. But yes, it's great to have you back.

Wow, it's been a year already. Feels like that was three weeks ago.

Time flies when you're busy. That's right. So just to kick things off, am I right in saying that Collide champions a zero trust model when it comes to security? Yeah, absolutely. So this is something that you're going to hear us starting to talk about more and more. Okay, you beat me to the punch because I was going to give you, I was going to hand the floor over to you. So tell us about this news. This is all about device trust integration, isn't it? Yes, yes. So let's take a step back and talk about what we were doing before we announced this integration. Okay. So I'm trying to get into GitHub, right? Okay. Yep. So you put in your going to GitHub, you click into your organization. And then if you have Okta, you get prompted for your Okta username and for most people, their password. So you're typing in your Okta username, you put in your password, and then that's where Kollide starts to come in. So we effectively are one of many potential two-factor authentication options in your organization. And you can sequence them, right? You're bringing back nightmares for me, really vivid nightmares. And it's 2023. This is still the state of the art of how to do it, right? And maybe the nudge screen has gotten a little bit more annoying and maybe the sound effects are a little bit more obvious to hear. But at the end of the day, it's really still the same stuff. So let's go back to a zero trust access model. Zero trust access and the blocking methodology I talked about a second ago, that provides us with a new methodology for being able to solve the same problem. And the way that you do it is you just go into something like Kollide. You create a check that says, hey, this device is failing. If it doesn't have this specific update applied, we're going to give folks a day to do it. And then when people start logging in, they'll see that message, hey, you really need to get this update applied. And if you don't buy tomorrow, you're going to be blocked from all your SaaS apps. They're significantly more encouraged to get it done. It's like compliance is kind of key. And if you want to control the environment, and you're doing that in a way that is involving everyone. And it's very cool.

It's been really exciting for me personally. One of the things that I found at Kolide to do was to really get end users to be a part of the security solution. I've always felt deep in my heart that because human beings are the ones that are really using the computer, and they're the ones that are using it to further their career, to do something really exciting, they needed to be part of whatever the security story was. These computers that we use every day, they started out, what were they called? They were called PCs, personal computers. They were never meant to really be managed centrally in the way that we try to manage them centrally at organizations. They're meant to be used by a single person sitting in front of them, driving them. That is really how they've been designed from the ground up, especially Macs, which they've really bucked the trend of becoming an enterprise-friendly operating system since its inception. And only very recently, in the last five to 10 years, have tried to embrace this idea of centralized management. But it doesn't work very well. And if you've been an IT administrator in the last 10 years, you know that. And so how can we get the end users involved? That's always been something I wanted to do. And what we finally stumbled upon is a way to do that, that works at scale, even with the most stubborn end users who really aren't going to do it out of the goodness of their heart. And that's why this is so exciting. Because even if I meet the most cynical IT person in the world, I can show them that regardless of what you think about the end user and their capability. This is what the numbers show us. This is what the efficacy of this new way of doing it is. And it is just objectively better. That's sort of the pitch. And that's why it's so exciting to me personally, is we found a way to not just make the end users part of it, but to make it better than the status quo.

Yeah. And you get rid of all the politics, all the office politics of begging a department to do stuff. It's brilliant. I'm sure our listeners think so too. And they can see it in action if they go to kolide.com/smashing. That's kolide.com/smashing. It's Kolide with one L K-O-L-I-D-E. And Kolide CEO Jason Meller. Thank you so much for chatting to us and sharing this news. Go to the website. This is a show, not a tell product. You'll actually be able to watch videos of what it looks like when folks are signing in. So there's a lot of information on there. I highly encourage you. There you go. Awesome. Thanks so much, Jason. Thank you.

Terrific stuff. And that just about wraps up the show for this week. Anna, I'm sure lots of our listeners would love to follow you online and find out what you're up to. What is the best way for folks to do that?

I am at Anna Braiding on Twitter. and if you want to give me some work, LinkedIn. Not desperate or anything.

Hashtag desperate. Oh, actually not, but I just...

And you can follow us on Twitter at Smashing Security, no G, Twitter, no last ever G. We also have a Mastodon account. You can find that at smashingsecurity.com/mastodon. That'll take you there. And look up the Smashing Security subreddit on Reddit. And don't forget, to ensure you never miss another episode, follow Smashing Security in your favourite podcast apps, such as Apple Podcasts and Spotify.

And huge huge thank you to this episode sponsors Kolide, Bitwarden and Drata and of course to our wonderful Patreon community thanks to them all this show is free for episode show notes sponsorship information guests listen the entire back catalog of more than 311 episodes check out smashingsecurity.com until next time cheerio bye bye Anna, thank you so much

For coming on the show. Thank you for having me. My question is, are you doing something with Apple podcasts? Because I went to the Smashing Security podcast, like your stream, and it asks me if I want to pay more.

Well, no, no, no. So that you can now, rather than just go to Patreon, you can also pay via Apple Podcasts and get the episodes early and get them without ads. Oh, okay. No, but we haven't really publicised this yet. Well, you should. I agree we should. We'll work out the best way to do it.

Anna, you're a rock star. Thank you. Good story. Very cute. Lovely, lovely. Oh, it's fun. Thank you.