Just how much do porn websites know about your sexual peccadillos? How are Barbie dolls involved in identity scams? And would you trust a completely free telly?
Oh, and Graham has some opinions to share about “Indiana Jones and the Dial of Destiny”.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Matt Davey from the “Random but Memorable” podcast.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Smashing Security, Episode 329: Pornhub, Barbie Dolls, and Can You Trust a Free TV? With Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security, Episode 329. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security, Episode 329. My name's Graham Cluley.
And I'm Carole Theriault.
And this week on the show, Carole, we are joined by Matt Davey from 1Password's Random But Memorable podcast. Hi, Matt.
Hello. Welcome back. It's been a minute.
It has. It's been a little while.
Pleasure to have you back. Lots of exciting things happening in the world of passwords and your podcast.
Oh, absolutely. Yeah. Passkeys are pretty big at the moment.
So tell me, what are passkeys for anyone who hasn't heard about passkeys?
So passkeys are basically a direct replacement for passwords built on FIDO standards. So they are essentially tokenized passwords that you can use on a bunch of websites.
Passkeys.directory will let you find out which ones. And they're all based on open standards and you can use them inside 1Password.
And it essentially replaces the need for two-factor and all of that stuff added on top, which is great.
Passkeys.directory will let you find out which ones. And they're all based on open standards and you can use them inside 1Password.
And it essentially replaces the need for two-factor and all of that stuff added on top, which is great.
Very interesting. Now, the only thing I have slight concern about passkeys is, is based upon this FIDO standard, and I was told you should never name your passwords after your dog.
Oh my God. I'm sorry for the dad jokes.
Kryll, save us.
Yes, I'm going to. Let's kick the show off. But first, let's thank this week's wonderful sponsors, Kolide and NordLayer. It's their support that help us give you this show for free.
Now, coming up in today's show, Graham, what do you got?
Now, coming up in today's show, Graham, what do you got?
I'm gonna be talking all about how to protect your sexual preferences.
Preferences.
Okay, Matt, what about you?
I'm talking about is freemium hardware the future?
Ooh.
And I'm afraid we are gonna revisit those dark days of the 'rona, but it'll be interesting. All this and much more coming up on this episode of Smashing Security.
Now, chums, let me take you on a trip around the internet to one of the most popular, most visited websites in the world, Pornhub. Are you familiar with Pornhub, Matt Davey?
I thought you were going to say Wikipedia or something.
Is it really one of the most visited websites in the world?
It is. More people visit Pornhub than Amazon or Reddit.
What?
Yes, it is.
Shut the front door. I don't believe it.
Cruel. I've done research on the internet. Always do your internet research. And I've discovered it's the 12th most visited website right now.
The top is Google and YouTube and Facebook.
A typical visitor, and there are about 2 billion people who visit Pornhub each month, they spend on average 7 minutes 40 seconds on the site, which I think is quite impressive really.
The top is Google and YouTube and Facebook.
A typical visitor, and there are about 2 billion people who visit Pornhub each month, they spend on average 7 minutes 40 seconds on the site, which I think is quite impressive really.
They have to find what they want to look at.
Oh, I see.
There's a lot of searching, 7 minutes of searching, and then... The internal metrics that they must have as a company must be very confusing.
Because a lot of commercial websites have, right, okay, we want to make users stay on the website longer.
Because a lot of commercial websites have, right, okay, we want to make users stay on the website longer.
You want sticky users, don't you?
Get off literally and then leave.
Success perhaps is actually getting rid of people quite quickly.
Putting ads at really perfect moments just to keep them holding on.
One stat I saw was about their bounce rate. Now, mind boggles what that measures. 23.68%. I mean, I don't know. Snickers, Snickers, Snickers. There'll be a lot of that, Carole.
So a lot of people are spending an awful lot of internet time gawking at, of course, adult videos, which does mean that there's potentially a huge amount of data which could be being gathered by Pornhub about people's behaviors and their peccadillos, or maybe not their peccadillos, but at least their interests and their fetishes.
So a lot of people are spending an awful lot of internet time gawking at, of course, adult videos, which does mean that there's potentially a huge amount of data which could be being gathered by Pornhub about people's behaviors and their peccadillos, or maybe not their peccadillos, but at least their interests and their fetishes.
I'm glad I'm not an online perv now. Okay.
Right. Well, there is a bunch of Italian researchers and activists, they found some things which are concerning to them, and they have filed a complaint against Pornhub.
They say that Pornhub is behaving illegally in the way that it handles the data of millions of people.
And I thought, well, look, if this really is the 12th biggest website in the world, we should be talking about this because there is a chance that one or two of our listeners may go to the Pornhub website.
They say that Pornhub is behaving illegally in the way that it handles the data of millions of people.
And I thought, well, look, if this really is the 12th biggest website in the world, we should be talking about this because there is a chance that one or two of our listeners may go to the Pornhub website.
I'm shocked.
I like the way that you're positioning this is that everybody wants this data. I personally do not want anything to do with this data.
I couldn't want to be further enough away from looking at analytics about this. I feel like—
I couldn't want to be further enough away from looking at analytics about this. I feel like—
Can you imagine the categories?
You wouldn't want to touch it with your bargepole, would you? No, you'd—
I'm sure this is very valuable data. But my goodness.
Well, these researchers, they are crying foul, saying that Pornhub is not obeying GDPR rules.
Oh, there you go, my little sweetheart, GDPR.
You see what I did there, Carole? See, I started talking about pervy stuff on the internet, and then I—
Yeah, you hooked me in.
I've taken a U-turn. So I got you interested, and now I've gone down the very niche crevice of GDPR.
To the real fetish of GDPR.
This is my Achilles heel of interest.
Come on, rule whatever it is. Is it Rule 34 on the internet?
Mm-hmm.
There probably is GDPR porn. There probably—
Oh god.
I mean, you get—
You just can't sully GDPR.
You get washing machine repair porn. You get—
Do you?
Real estate agent porn.
Do you?
Of course you do, Carole.
This is an education.
Right?
Why is it me educating you on this? Yes, I believe, I believe.
Oh, suddenly now the words are coming in. I've heard, a good friend of mine said.
I've heard rumour that the typical scenario is someone comes around with a spanner to fix your washing machine and there'll be owner of the house, they'll say, oh, I like the way you're doing that.
Typically my husband, big hairy guy.
Right, you know, and anyway, so I'm thinking there probably is sort of porn involving GDPR auditors who come around to your company and say, Oh, there's some pretty hot data here or something which we need to—
Listen, feel free to send it in should you find it. Graham is very interested.
Send it to . Make sure she gets it, not me. Anyway, the issue is this. Apparently Pornhub doesn't make it easy to opt out of being tracked by cookies.
Great.
And apparently it isn't clear about what data it's sharing with third parties.
So there is this chap, this researcher in Italy who set up this group, which he's calling Stop Data Porn. His name is—
So there is this chap, this researcher in Italy who set up this group, which he's calling Stop Data Porn. His name is—
That noise was just me opening up my personal laptop in order to follow the links that you've sent, because I'm not going to open that on my work computer.
His name is Alessandro Polidoro. And Alessandro Polidoro is a digital rights activist, and he's leading this legal action against Pornhub.
He says that the site has an algorithm which assigns you a sexual preference based upon the type of porn you watch.
He says that the site has an algorithm which assigns you a sexual preference based upon the type of porn you watch.
You know, you just want to wank in private, really, don't you? Like, this is—
Hopefully, yes.
Yes, but right now, this information— okay, so they now know your sexual preference basically.
So if you are only interested in porn videos involving quantity surveyors, for instance, right, they will be able to say, okay, I will now serve that person up more quantity surveying porn.
Or if you're into, I don't know, porn which is reenactments of 1980s drama comedy Lovejoy involving a roguish Iain McShane with his mallet way back then.
Then you'll only get— well, I'm just giving examples, Carole. I'm trying to imagine what kind of porn there is. It isn't all washing machine related porn anyway.
So it's collecting all of this information and it's gathering this in order to show you the kind of porn you want. And it does this even if you don't log into the site.
Now, this was a surprise to me. It turns out you can actually log into pornography websites.
I don't know why you would log into pornography websites, but even if you don't log into pornography websites, it's still collecting this information.
Because apparently it is actually using cookies and collecting data, which is then saved in your browser's local storage.
So it's like your history or it's like the other information your browser is storing. And it's all being kept there. And you may not be aware that it's being kept there.
All these ID numbers of the things about you and what you like to watch on Pornhub is actually being collected according to these Italian researchers.
Or if you're into, I don't know, porn which is reenactments of 1980s drama comedy Lovejoy involving a roguish Iain McShane with his mallet way back then.
Then you'll only get— well, I'm just giving examples, Carole. I'm trying to imagine what kind of porn there is. It isn't all washing machine related porn anyway.
So it's collecting all of this information and it's gathering this in order to show you the kind of porn you want. And it does this even if you don't log into the site.
Now, this was a surprise to me. It turns out you can actually log into pornography websites.
I don't know why you would log into pornography websites, but even if you don't log into pornography websites, it's still collecting this information.
Because apparently it is actually using cookies and collecting data, which is then saved in your browser's local storage.
So it's like your history or it's like the other information your browser is storing. And it's all being kept there. And you may not be aware that it's being kept there.
All these ID numbers of the things about you and what you like to watch on Pornhub is actually being collected according to these Italian researchers.
Okay. Sorry. So I don't know a lot about this, but say I, you know, you go and visit your whatever, your porn, your GDPR porn.
And most people, I'm guessing, if they don't want to get caught doing that afterwards, wipe their— what do they wipe on their computer? They'd wipe—
And most people, I'm guessing, if they don't want to get caught doing that afterwards, wipe their— what do they wipe on their computer? They'd wipe—
You might wipe your browser history. You might wipe your browser history, but you probably need to wipe other bits of data from your browser as well, your cookies.
Make sure any information that's stored about the website has been zapped as well.
Make sure any information that's stored about the website has been zapped as well.
And if I'd done all those things, would I still, would this information still be being collected?
Well, no, if you've properly wiped your browser, you know, if you've wiped it clean after you've done your business, then you should be fine.
So, essential sort of browser hygiene rules would help you.
So, essential sort of browser hygiene rules would help you.
I didn't know you knew so much about porn.
Well, no, it's more about general internet privacy, about how to clean up after yourself.
So, according to the Stop Data Porn Collective, they're a collective, they're an initiative, I don't know if they're a congress as well, according to the Stop Data Porn organization, this group of people, there's a lot of information which has been collected, and Pornhub is not being transparent about what it's collecting.
It's not giving you the option to opt out. And according to some researchers, it's probably unlikely the average user even reads Pornhub's privacy policy.
Now, I don't know about you guys, but I find that very, very unlikely. There's nothing more likely to get me in the mood.
I know this works for you as well, Carole, than reading a good privacy policy.
So, according to the Stop Data Porn Collective, they're a collective, they're an initiative, I don't know if they're a congress as well, according to the Stop Data Porn organization, this group of people, there's a lot of information which has been collected, and Pornhub is not being transparent about what it's collecting.
It's not giving you the option to opt out. And according to some researchers, it's probably unlikely the average user even reads Pornhub's privacy policy.
Now, I don't know about you guys, but I find that very, very unlikely. There's nothing more likely to get me in the mood.
I know this works for you as well, Carole, than reading a good privacy policy.
I love it.
Right, Matt? Are you keen to look at the terms and conditions?
I mean, I'm currently skimming the research paper and I think it's probably about as, you know, similar wording, similar level of detail. Similar level of interest.
Right. So in Cyprus, which is where I think Pornhub's European headquarters is in Cyprus. Pornhub is owned by a company called MindGeek, which is based in Canada.
Carole, there you are.
Carole, there you are.
Mm-hmm.
Their data protection regulator, the one in Cyprus, they are currently doing a full audit of Pornhub. Now, I don't know what that involves.
It's taken them a while, perhaps understandable reasons.
It's taken them a while, perhaps understandable reasons.
God, it's going to be a lot of sites. A lot of sites.
It's a lot of content up there. You know, so maybe they'll have to— who knows if they're getting distracted anyway.
Word is they're having a go and it's going to take them a couple of years to get through it all. But this does seem to be a problem on porn sites.
And that is my advice for gentle listeners of this podcast, is if you are visiting adult websites, beware, because in 2019, researchers analyzed 22,484 pornographic websites and found that 93% of them leak data to third parties.
Word is they're having a go and it's going to take them a couple of years to get through it all. But this does seem to be a problem on porn sites.
And that is my advice for gentle listeners of this podcast, is if you are visiting adult websites, beware, because in 2019, researchers analyzed 22,484 pornographic websites and found that 93% of them leak data to third parties.
Jesus Christ.
And round about half will suggest a gender or sexual identity that they believe can be linked to you.
So they are making assumptions, they are learning about you, and they are collecting information.
So they are making assumptions, they are learning about you, and they are collecting information.
So I guess one of the ways you get around this is just use— share your account, share your Pornhub account or your computer with lots of users, right?
Oh, so if you're in a work environment, you mean?
Correct. If you're in the office, why not let the whole team use them?
Let everyone just chip in. Okay, we're gonna have a 10-minute break here, company-wide. Next 7 minutes 40 seconds, off you go. And then we'll get on with work afterwards.
Matt, you're being suspiciously quiet.
Matt, you're being suspiciously quiet.
Yes, on purpose. No, I'm just fascinated that the Monopolies Commission isn't more involved in this.
This MindGeek thing, I've Googled it again, and it seems they own half the internet. I mean, the shady side of the internet, but it seems they own half the internet.
This MindGeek thing, I've Googled it again, and it seems they own half the internet. I mean, the shady side of the internet, but it seems they own half the internet.
Yeah, Pornhub is the biggest adult website they own, but I think they own a number of other sort of top adult websites as well.
So I was just looking from the number of the traffic and the, you know, all that kind of stuff.
Facebook is in the news every other day about this kind of stuff that they're tracking and, you know, not respecting countries' guidelines and all this kind of stuff.
But I bet this is worse, but we just kind of don't talk about it.
Facebook is in the news every other day about this kind of stuff that they're tracking and, you know, not respecting countries' guidelines and all this kind of stuff.
But I bet this is worse, but we just kind of don't talk about it.
Maybe that's it.
Yeah.
Can you imagine that the policy guy who's going to bring this, you know, to the House of Commons or whatever and say, look, I really want to add protection for all those people out there wanting to—
Can you imagine that the policy guy who's going to bring this, you know, to the House of Commons or whatever and say, look, I really want to add protection for all those people out there wanting to—
You know, the sad thing is I absolutely can. I think that is a damaging statement to our government, but unfortunately I had to say it.
Matt, what do you have for us this week?
Well, my first one is, Neil.fun has made a password game and it is one of the most infuriating things if you've not played it. I highly recommend it.
That's the fun thing that I want to bring.
That's the fun thing that I want to bring.
But we'll put a link in the show notes. It's a great little online game, isn't it?
About choosing a password because normally you're on a page and it's telling you to choose a password for your account and it says use an alphanumeric or use an uppercase letter or you have to have— and it just gets crazier and crazier as you go along.
But it's good fun trying to satisfy all the criteria.
About choosing a password because normally you're on a page and it's telling you to choose a password for your account and it says use an alphanumeric or use an uppercase letter or you have to have— and it just gets crazier and crazier as you go along.
But it's good fun trying to satisfy all the criteria.
The requirements are quite awful, yeah.
There was one point where it said put in an emoji of the current phase of the moon in your password.
So I found myself investigating what it was and trying to find the bloody emoji for it. Anyway, it's great fun.
So I found myself investigating what it was and trying to find the bloody emoji for it. Anyway, it's great fun.
I think the owner of this website has even said that they haven't managed to actually complete this. I got as far as add the Wordle of the day into your password somehow.
And I was just like, I'm not going to another website, going to get the Wordle and then coming back and somehow working it into my password that already has to have a maximum number of characters.
So I'm going to have to delete it. And one of them was like, make the Roman numerals add up to a certain amount.
So I had to do that, and then there was already an I in one of the previous terms that I had to add in. So then I had to remove that I for a Roman numeral, and it was terrible.
And I was just like, I'm not going to another website, going to get the Wordle and then coming back and somehow working it into my password that already has to have a maximum number of characters.
So I'm going to have to delete it. And one of them was like, make the Roman numerals add up to a certain amount.
So I had to do that, and then there was already an I in one of the previous terms that I had to add in. So then I had to remove that I for a Roman numeral, and it was terrible.
Listeners, if you want to have a play right now, you can go see it. It's at neil.fun/password-game.
Good fun. Anyway, that wasn't the main thing.
It wasn't. The slightly more depressing article that I wanted to talk about was there is a free TV, in the kind of dodgy sense of the word, TV that is available.
It looks pretty cool.
It actually has a secondary bar along the bottom that can, if you're wanting to watch a TV and watch it with someone remotely, you can actually have their image down on the bottom of this almost second TV bar at the bottom.
It looks pretty cool.
It actually has a secondary bar along the bottom that can, if you're wanting to watch a TV and watch it with someone remotely, you can actually have their image down on the bottom of this almost second TV bar at the bottom.
Oh.
But the real usage of this, and it looks really good for a free TV. Completely free.
Yeah.
Apart from not completely. And the bottom bar of it does have adverts in.
Okay.
So they're permanently visible while you're watching TV, I guess.
Yes.
And also, you can't hang anything over that bottom bit or hide the bottom bit or disable it in any way or try and change the hardware for it.
How would they know if I put, I don't know, electrical tape across it?
Because they've got light sensors built into it so that if you hang anything over it, they disable the other TV as well.
Maybe you could put— Maybe if you're sat on your sofa and you have a coffee table in between you, if you angle it right—
Oh yeah, yeah.
You could put something on the coffee table so it just blocks it out from your vision.
Graham's lying on his shoulders.
But also, the things that you need, the settings for the TV, the volume change, the channel change, and the guide and all that kind of stuff, it all lives in that bottom display.
Oh, so that's clever.
So they've kind of made it useful.
Damn them.
But it is a scrolling ad bar as well. So it's constantly moving.
It doesn't talk at you, does it? It doesn't say, "You really want to buy this cleaning detergent." I mean, who knows where this is going?
The manufacturers say if you try to degrade the TV experience, I think that means hack it, basically.
Right.
Degrade is a loose term of the word there. We have the ability to deactivate the television. So that kind of intrigued me as well.
Because you have no rights, I guess, because it's free.
Yeah, you are attaching this to your Wi-Fi. You are signing into it with all of your things. It's essentially a laptop these days, a television, right? It's essentially a computer.
So the amount of stuff that you're kind of handing over to this company on the basis of saving yourself, you know, a couple of hundred quid. I don't say that lightly.
TVs are getting really expensive these days. But how much is it actually worth?
And the interesting thing about this is I think there's a sign of things to come here if this is successful of essentially freemium hardware where already some things that you buy activity trackers or something, the thing that you buy has reduced cost because you're getting a subscription afterwards.
This is kind of similar to that, but in the fact that you are getting the TV for free and then you are the product.
You are watching it and that is what is getting the money and eyeballs and stuff.
So the amount of stuff that you're kind of handing over to this company on the basis of saving yourself, you know, a couple of hundred quid. I don't say that lightly.
TVs are getting really expensive these days. But how much is it actually worth?
And the interesting thing about this is I think there's a sign of things to come here if this is successful of essentially freemium hardware where already some things that you buy activity trackers or something, the thing that you buy has reduced cost because you're getting a subscription afterwards.
This is kind of similar to that, but in the fact that you are getting the TV for free and then you are the product.
You are watching it and that is what is getting the money and eyeballs and stuff.
This seems to be quite common in TVs to some extent. I've got a Samsung TV, it's a few years old.
And you know, if I go to the menu, there are some ads which pop up, which is quite irritating.
So what I had to do is I had to put something in, you know, my router or whatever to prevent access to those ad servers because I just found it irritating.
These things— so I'm blocking them that way and it hasn't prevented my TV from working. I paid for my TV.
It does get a lot of the TV companies are looking to monetise, and we've seen in the past TVs which have monitored what you watch and then send information back to the mothership in order to collect data from.
Has this TV also got a microphone and a camera?
And you know, if I go to the menu, there are some ads which pop up, which is quite irritating.
So what I had to do is I had to put something in, you know, my router or whatever to prevent access to those ad servers because I just found it irritating.
These things— so I'm blocking them that way and it hasn't prevented my TV from working. I paid for my TV.
It does get a lot of the TV companies are looking to monetise, and we've seen in the past TVs which have monitored what you watch and then send information back to the mothership in order to collect data from.
Has this TV also got a microphone and a camera?
Microphone, camera, everything.
So you're almost the commodity as well. Oh, absolutely.
Yeah, it's not only that you're saying we're watching your ads, but we're also monitoring you and collecting when you watch, what you watch, how often you watch, where your eyeballs go.
Yeah, it's not only that you're saying we're watching your ads, but we're also monitoring you and collecting when you watch, what you watch, how often you watch, where your eyeballs go.
We're broadcasting you direct to chat roulette.
Oh, goodness. If you are most subjective to adverts during some sort of TV show that has fancy clothes in it or something, they can absolutely, you know, tell that.
I'm sitting there eating a bucket of ice cream, snarfling away, right? And it starts showing me ads for, I don't know, antacids or something.
So they're giving these away completely free?
They are, but you do have to sign a terms of service.
And so there's a quote here on The Verge that says, if some people try to game and fraud against our terms of service, we'll kindly ask you to rectify the situation or return the device.
And of course, they can turn off the TV for you as well. The telly's— this thing is called the telly, which is very confusing because in the UK all tellies are called tellies.
Telly's terms of service previously mentioned a $500 credit card charge that would be enforced on anybody that violates the agreement without returning the TV hardware as well.
So, you know, it's free, but kind of not really.
And so there's a quote here on The Verge that says, if some people try to game and fraud against our terms of service, we'll kindly ask you to rectify the situation or return the device.
And of course, they can turn off the TV for you as well. The telly's— this thing is called the telly, which is very confusing because in the UK all tellies are called tellies.
Telly's terms of service previously mentioned a $500 credit card charge that would be enforced on anybody that violates the agreement without returning the TV hardware as well.
So, you know, it's free, but kind of not really.
Yeah.
Oh my goodness, I've got it. I know how to do this. I've worked it out. Okay, this is how we scam it, right? We get one of these TVs, we put it in a room on its own, and we turn it on.
We have a camera or a camera phone which is pointed just at the top half of the screen, the bit without the bar, and we stream that onto the internet, and that's what we watch.
Oh, we would have to— actually, there's no point in this, would there? Because we'd watch that on another TV. Okay, so we'd have a— Okay, forget everything I said.
We have a camera or a camera phone which is pointed just at the top half of the screen, the bit without the bar, and we stream that onto the internet, and that's what we watch.
Oh, we would have to— actually, there's no point in this, would there? Because we'd watch that on another TV. Okay, so we'd have a— Okay, forget everything I said.
Also, can they use that camera to sense that you're in the room? And say that you're not actually watching it. There's a camera phone in front of the TV, right?
The article says that they won't use the camera for their business, but that's this one. I'm not really worried about this one. I'm worried about the next one that comes from this.
The article says that they won't use the camera for their business, but that's this one. I'm not really worried about this one. I'm worried about the next one that comes from this.
Yeah, this is the precedent. This is the candy just to test the market.
I do kind of like the bottom screen thing. That is quite interesting to me.
If it didn't have ads on it, you mean?
If it didn't have adverts on it, yeah.
What's— so you could watch what I wanted to watch? That kind of thing?
I think one of the examples for the uses of the bottom screen, and this kind of drops the bottom out of my soul a little bit.
Parents watching the news on the primary display while their children play Flappy Bird on the bottom one.
Parents watching the news on the primary display while their children play Flappy Bird on the bottom one.
Aha.
That's one of the practical examples that they give.
Right.
Carole, what have you got for us this week?
So for my Smashing Security story this week, we need to cast our minds back to the dark Rona times.
I know it sucks, but I am a big believer in looking back so we can see where we screwed up and maybe learn from it.
So if you were a medical professional during these dark days, you would have probably seen more dead bodies than hot coffees.
And if you were furloughed, you might've mastered the headstand or upped your sourdough game or found an ingenious place to hide your hundreds and hundreds of toilet rolls, right, Clue?
And this, for many of us, was all while not freaking out about how you'd make ends meet because many of us were able to get some government grant relief, right?
Some money, paycheck relief. And in order for us to keep getting those paychecks, the government targeted relief to businesses.
So in the US, for example, there was the Paycheck Protection Program, PPP. And this initiative was a significant part of the government's response to the COVID-19 pandemic.
And it seems in order to qualify, a business had to meet certain standards, like explaining the negative impact of COVID-19 on its business.
So, you know, they lost customers or staff were getting sick, that sort of stuff. And they'd need to certify things like testifying that employees would not lose their jobs.
But of course, the huge chief worry in all this for the government launching such a scheme was fraud.
So identification and verification was key to making sure that this was as financially efficient as possible. Right, and that's a lot of work, right?
It's who's going to manage this whole verification process?
I know it sucks, but I am a big believer in looking back so we can see where we screwed up and maybe learn from it.
So if you were a medical professional during these dark days, you would have probably seen more dead bodies than hot coffees.
And if you were furloughed, you might've mastered the headstand or upped your sourdough game or found an ingenious place to hide your hundreds and hundreds of toilet rolls, right, Clue?
And this, for many of us, was all while not freaking out about how you'd make ends meet because many of us were able to get some government grant relief, right?
Some money, paycheck relief. And in order for us to keep getting those paychecks, the government targeted relief to businesses.
So in the US, for example, there was the Paycheck Protection Program, PPP. And this initiative was a significant part of the government's response to the COVID-19 pandemic.
And it seems in order to qualify, a business had to meet certain standards, like explaining the negative impact of COVID-19 on its business.
So, you know, they lost customers or staff were getting sick, that sort of stuff. And they'd need to certify things like testifying that employees would not lose their jobs.
But of course, the huge chief worry in all this for the government launching such a scheme was fraud.
So identification and verification was key to making sure that this was as financially efficient as possible. Right, and that's a lot of work, right?
It's who's going to manage this whole verification process?
Yeah.
So in the front row with hands raised super high and squealing, "me, me, me, me," you had the computer-savvy fintechs, okay?
These are modern digital financial services that pretty much do the same thing as traditional banks.
But fintech's big plus, and this is what they claimed, is that they were way more capable of quickly issuing these PPP loans than government agencies or traditional banks.
These are modern digital financial services that pretty much do the same thing as traditional banks.
But fintech's big plus, and this is what they claimed, is that they were way more capable of quickly issuing these PPP loans than government agencies or traditional banks.
Right.
And one of the reasons was because they don't have legacy systems and they're by definition able to do things digitally very— I don't know how to say the word— agilely.
With agility.
With agility.
They're fast and loose, aren't they? Yeah, fast and loose.
Yeah.
Yeah. So they can move fast, get the money to the right people securely and quickly because that was really important. People needed the cash. Businesses were going under really fast.
So this was music to the ears to the then-Trump government, right?
Depending on the lender and the type of application that you were applying for, you might be required to present a valid driver's license or a passport or other government-issued identification.
So businesses were often asked to provide their EIN number, which is issued by the Internal Revenue Service, right?
Maybe they'd have to fill in, show some tax forms, some payroll records, bank statements, that sort of thing.
Documents that would help you identify that business is making the request without any bullshit, right? They're being legit.
So this was music to the ears to the then-Trump government, right?
Depending on the lender and the type of application that you were applying for, you might be required to present a valid driver's license or a passport or other government-issued identification.
So businesses were often asked to provide their EIN number, which is issued by the Internal Revenue Service, right?
Maybe they'd have to fill in, show some tax forms, some payroll records, bank statements, that sort of thing.
Documents that would help you identify that business is making the request without any bullshit, right? They're being legit.
Yeah.
So this is why fintech companies, like Blue Acorn, Womply, or Womply and Cabbage lined up to serve as middlemen.
So their job was to help small business applicants complete the paperwork and process requests. And there was great money to be made here, right?
For every transaction, they get a processing fee. So just to give you an idea, Womply and Blue Acorn apparently ended up facilitating more than 1 in every 3 PPP loans in 2021.
And the US government gave out nearly about $790 billion in PPP loans, right between March 2020 and May 2021. So that's a huge amount of money that they were facilitating.
So we have the government dishing out huge chunks of change via fintechs to small businesses who have been verified and have proven their case through all their paperwork and applications.
However, come December 2022, more than 18 months later, fintechs are accused by the Select Subcommittee on the Coronavirus Crisis to have facilitated fraud in the Paycheck Protection Program.
So in March, NBC News opened an article with, quote, "They bought Lamborghinis, Ferraris, Bentleys, and Teslas.
Of course, lots of Teslas." Many who participated in what prosecutors are calling the largest fraud in U.S.
history, the theft of hundreds of billions of dollars in taxpayer money, couldn't resist purchasing luxury automobiles, also mansions, private jets, and swanky vacations.
Experts say the theft is as much as $80 billion or about 10%.
But just this week, the Messenger publication claims to have been sent some of the IDs that were used when requesting paycheck relief, requesting help from PPP.
And these were validated as authentic and genuine and received the pay relief as requested. And I thought I would share with you some components of these IDs on our shared document.
And you tell me what you see there.
So their job was to help small business applicants complete the paperwork and process requests. And there was great money to be made here, right?
For every transaction, they get a processing fee. So just to give you an idea, Womply and Blue Acorn apparently ended up facilitating more than 1 in every 3 PPP loans in 2021.
And the US government gave out nearly about $790 billion in PPP loans, right between March 2020 and May 2021. So that's a huge amount of money that they were facilitating.
So we have the government dishing out huge chunks of change via fintechs to small businesses who have been verified and have proven their case through all their paperwork and applications.
However, come December 2022, more than 18 months later, fintechs are accused by the Select Subcommittee on the Coronavirus Crisis to have facilitated fraud in the Paycheck Protection Program.
So in March, NBC News opened an article with, quote, "They bought Lamborghinis, Ferraris, Bentleys, and Teslas.
Of course, lots of Teslas." Many who participated in what prosecutors are calling the largest fraud in U.S.
history, the theft of hundreds of billions of dollars in taxpayer money, couldn't resist purchasing luxury automobiles, also mansions, private jets, and swanky vacations.
Experts say the theft is as much as $80 billion or about 10%.
But just this week, the Messenger publication claims to have been sent some of the IDs that were used when requesting paycheck relief, requesting help from PPP.
And these were validated as authentic and genuine and received the pay relief as requested. And I thought I would share with you some components of these IDs on our shared document.
And you tell me what you see there.
This is some properly in-depth investigative journalism. I like it.
Oh, am I being boring? No, no, no.
I'm just more eagerly listening than speaking.
It's just, you know, I didn't probe Pornhub enough. Is that what you're—
Okay, so tell me what you see.
Ah, well, I see the problem immediately.
Do you see the problem immediately?
Yes.
What do you see?
Those are not real people.
No.
Those are definitely creepy statues of some kind.
What is this? Are these sex dolls? What are these? What are these things? They look—
They are dolls' faces.
Yes.
I mean, these guys, these scammers, could not have given a shit or been very bright to think that this would work. And yet it bleeding did, right? I mean, look at number 1.
It's a Barbie doll head with lots of makeup and a clearly plastic face.
It's a Barbie doll head with lots of makeup and a clearly plastic face.
I was expecting AI. I really was. I was expecting some sort of Midjourney. It costs $10 a month. That's not a lot of effort. Just create me 5 generic-looking people.
Go to thispersondoesnotexist.com. Yeah. It's easy to get fake faces if you want them. But these are clearly not human faces.
Look at the eye size on number 1 and number 3. Literally, it's physically impossible for those eyes to be in that skull.
So scammers created fake identities with pictures of doll faces and other figurines to rip off the US's largest COVID-19 relief program.
This is according to the images of phony accounts that were given to government investigators and later obtained by The Messenger.
Now, of course, the use of these doll faces was not rife, so it is not responsible for the entire $80 billion that was taken, but it does underline just how lax security was.
So scammers created fake identities with pictures of doll faces and other figurines to rip off the US's largest COVID-19 relief program.
This is according to the images of phony accounts that were given to government investigators and later obtained by The Messenger.
Now, of course, the use of these doll faces was not rife, so it is not responsible for the entire $80 billion that was taken, but it does underline just how lax security was.
And we aren't claiming that any of these dolls are the fraudsters, are they? They're all innocent.
Oh, look at the bottom left. He's definitely been forced into it.
He looks like Frankenstein's monster. He looks like he's got a zip along the top of his head.
Now, Womply blamed a sub-vendor for approving the doll face ID photos, right? Of course, supply chain issue. We've heard it before.
But The Messenger also reports that despite its promises and a wide net of lenders, congressional investigators found that Womply was one of two companies that enabled the majority of PPP fraud, processing over $5 million in loans for itself.
But The Messenger also reports that despite its promises and a wide net of lenders, congressional investigators found that Womply was one of two companies that enabled the majority of PPP fraud, processing over $5 million in loans for itself.
Yeah.
Okay, for itself.
But the big problem here, and this is the big important point, is that although fintechs behave like banks and traditional depository institutions, they are not subject to banking regulations such as the Bank Secrecy Act, which would require them to implement certain processes and structures to ensure security and the soundness of their operations.
But the big problem here, and this is the big important point, is that although fintechs behave like banks and traditional depository institutions, they are not subject to banking regulations such as the Bank Secrecy Act, which would require them to implement certain processes and structures to ensure security and the soundness of their operations.
I think you're being a little bit unfair here, Carole.
Maybe these fintechs were actually protecting the privacy of individuals, and so they didn't use the individual's faces, but they made dolls which looked a bit like them.
Maybe these fintechs were actually protecting the privacy of individuals, and so they didn't use the individual's faces, but they made dolls which looked a bit like them.
On an actual fintech site, I quote, "the absence of a single regulator makes fintech agile and flexible for changes and adaptations.
Fintech companies don't have to follow rigorous guidelines, so it's easier for them to integrate new services and solutions." And, you know, apparently helps steal mountains of cash.
Fintech companies don't have to follow rigorous guidelines, so it's easier for them to integrate new services and solutions." And, you know, apparently helps steal mountains of cash.
I mean, Mrs. Cabbage Patch at the top there is perfectly happy with her banking applications.
God. So there you go. This is how you get your parsnips buttered, apparently, is just become a fintech and do whatever the fuck you want. Wow.
I look forward to the following news story, which is one of these dolls with their arms upright in a Lamborghini driving off.
Our sponsor Kolide has some big news. If you're an Okta user, then you can get your entire fleet to 100% compliance. How?
If a device isn't compliant, the user can't log into your cloud apps until they fix the problem.
If a device isn't compliant, the user can't log into your cloud apps until they fix the problem.
Problem.
It's that simple. Kolide patches one of the major holes in zero-trust architecture: device compliance.
Without Kolide, IT struggles to solve basic problems like keeping everyone's OS and browser up to date.
Insecure devices are logging into your company's apps, but there's nothing there to stop them.
Kolide is the only device trust solution that enforces compliance as part of authentication, and it's built to work seamlessly with Okta.
The moment Kolide's agents detect a problem, it alerts the user and gives them instructions to fix it. If they don't fix the problem within a set time, they're blocked.
Kolide's method means fewer support tickets, less frustration, and most importantly, 100% fleet compliance. Want to learn more? Of course you do. Visit kolide.com/smashing.
That's kolide.com/smashing. And thanks to Kolide for sponsoring the show. Darknet, darkweb.
Without Kolide, IT struggles to solve basic problems like keeping everyone's OS and browser up to date.
Insecure devices are logging into your company's apps, but there's nothing there to stop them.
Kolide is the only device trust solution that enforces compliance as part of authentication, and it's built to work seamlessly with Okta.
The moment Kolide's agents detect a problem, it alerts the user and gives them instructions to fix it. If they don't fix the problem within a set time, they're blocked.
Kolide's method means fewer support tickets, less frustration, and most importantly, 100% fleet compliance. Want to learn more? Of course you do. Visit kolide.com/smashing.
That's kolide.com/smashing. And thanks to Kolide for sponsoring the show. Darknet, darkweb.
Today's podcast is also brought to you by NordLayer. Now, NordLayer safeguards your company's network, but it's much more than just a VPN for business.
As you already know, business networks today are more vulnerable than ever due to remote work, ransomware attacks, data leak incidents.
Well, NordLayer secures and protects remote workforces as well as business data, and it can even help you ensure security compliance.
Simply go to nordlayer.com/smashingsecurity and get 1 month free.
NordLayer is easy to start at, and it takes less than 10 minutes to onboard your entire business on a secure network.
NordLayer is easy to combine as it's hardware-free and compatible with all major operating systems.
And finally, NordLayer is easy to scale as you can choose a plan unique to your business requirements and your rate of growth.
So if you want to secure your business network, go to nordlayer.com/smashingsecurity to get your first month free. And thanks to NordLayer for supporting the show. And welcome back.
Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.
As you already know, business networks today are more vulnerable than ever due to remote work, ransomware attacks, data leak incidents.
Well, NordLayer secures and protects remote workforces as well as business data, and it can even help you ensure security compliance.
Simply go to nordlayer.com/smashingsecurity and get 1 month free.
NordLayer is easy to start at, and it takes less than 10 minutes to onboard your entire business on a secure network.
NordLayer is easy to combine as it's hardware-free and compatible with all major operating systems.
And finally, NordLayer is easy to scale as you can choose a plan unique to your business requirements and your rate of growth.
So if you want to secure your business network, go to nordlayer.com/smashingsecurity to get your first month free. And thanks to NordLayer for supporting the show. And welcome back.
Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.
Pick of the Week. Say Pick of the Week.
Oh, Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. It doesn't have to be security related necessarily.
Could be a funny story, a book that they read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. It doesn't have to be security related necessarily.
Better not be. Yeah.
Now, a few weeks ago I was very excited because I was told there was a new Indiana Jones movie coming out. And I remembered back in the '80s— Indiana.
Indiana Jones.
Indiana— sorry, what's the problem? Indiana Jones. Indiana Jones. Yeah, what have I done wrong? I don't know.
Indiana. I don't know.
Oh, I always say Indiana. Anyway, so—
Tomato, tomato.
Anyway, Indiana Jones. And I remembered seeing Raiders of the Lost Ark and all those movies, late '70s, early '80s. Brilliant. I thought, this is great fun.
And so I was speaking to my son and I said, "You heard of Indiana Jones?" He said, "Yeah, Indiana Jones," he said.
But he said, "I've heard of it, never seen it." And I said, "Oh well, why don't we watch Raiders of the Lost Ark?" And we watched that the other night on the TV. He loved it.
He thought it was brilliant.
And so I was speaking to my son and I said, "You heard of Indiana Jones?" He said, "Yeah, Indiana Jones," he said.
But he said, "I've heard of it, never seen it." And I said, "Oh well, why don't we watch Raiders of the Lost Ark?" And we watched that the other night on the TV. He loved it.
He thought it was brilliant.
Brilliant. It is brilliant.
It was great. I really enjoyed it. And I said to him, "There's a new Indiana Jones movie coming out." And he went, "Indiana?" Called The Dial of Destiny.
And I said, "Why don't we watch all the Indiana Jones apart from that rubbish one involving the crystal skull and the aliens, and we'll have a great old time, and then we can go to the cinema, because I'm sure it's going to be good," I said.
Anyway, last weekend I went to the cinema and I saw Indiana Jones and the Dial of Destiny.
And I said, "Why don't we watch all the Indiana Jones apart from that rubbish one involving the crystal skull and the aliens, and we'll have a great old time, and then we can go to the cinema, because I'm sure it's going to be good," I said.
Anyway, last weekend I went to the cinema and I saw Indiana Jones and the Dial of Destiny.
And your man's still in it, right? They wheeled him out.
Just about. Just about.
So my bar is that Crystal Skull one, because that was just dire. Is it better than that?
I haven't seen the Crystal Skull one since it came out about 15 years ago. And I remember I hated it.
I have to say, what happened during Indiana Jones and the Dial of Destiny was I was there with my partner, and I realised that we were sort of looking around the room, and then we looked at each other and laughed.
And at one point she leant over and said, "Shall we just go? Shall we just go home?" And I said, "Yeah, let's go." Because it was—
I have to say, what happened during Indiana Jones and the Dial of Destiny was I was there with my partner, and I realised that we were sort of looking around the room, and then we looked at each other and laughed.
And at one point she leant over and said, "Shall we just go? Shall we just go home?" And I said, "Yeah, let's go." Because it was—
And what, you left your son there?
No, no, no, he wasn't there. We didn't take him with us. He's gonna see it another time. But it was just me and her. I would've done.
I often will be at the cinema and decide to go home, leaving my son there if he's watching the Mario movie or something like that.
I often will be at the cinema and decide to go home, leaving my son there if he's watching the Mario movie or something like that.
The Emoji movie, yeah.
This movie is— Now, I'd warned her in advance. I said, "I've heard a little spoiler that the ending is particularly catastrophic." We didn't get as far as the last 10 minutes.
You walked out, eh? Both of you.
We really walked out. And to be honest, I think my life is the better for it, because it was horrendous.
So, my pick of the week this week is anything other than Indiana Jones and the Dial of Destiny. Anything else, you will be—
So, my pick of the week this week is anything other than Indiana Jones and the Dial of Destiny. Anything else, you will be—
Even Face/Off? Face/Off?
Face/Off with John Woo and John Travolta and Nicholas— Brilliant! Brilliant bit of Face/Off. Much more entertaining than this movie. Okay, okay.
And that's despite Dial of Destiny including Phoebe Waller-Bridge, who obviously we love from Fleabag, and she's terrific. But this is not— this is not good. It's not good.
And so Anything Else is my pick of the week. Sorry to be negative.
And that's despite Dial of Destiny including Phoebe Waller-Bridge, who obviously we love from Fleabag, and she's terrific. But this is not— this is not good. It's not good.
And so Anything Else is my pick of the week. Sorry to be negative.
Oh, I'm very disappointed about that.
I wanted to save people's money because that cost me about £24 to go and see that rubbish. So I don't want anyone else wasting their money like that.
Matt, what's your pick of the week? Or maybe non-pick of the week?
Matt, what's your pick of the week? Or maybe non-pick of the week?
Well, obviously, I'm gonna pick, for example, the Random and Memorable Podcast. You can go and catch up on all 110 episodes now. Somehow, we've been allowed to do 110 episodes.
Congratulations.
That's a great achievement. Well done.
Thanks. Yeah, it's good to have a hobby that is also your job. And I feel like that is the energy that we bring to that podcast.
But my actual pick of the week is Jury Duty, the TV show on Amazon Prime. I explain this TV show.
It's got some bad reviews and some good reviews, but I explain it as essentially it's The Office where they do kind of pieces to camera and it's a general sitcom, except one of the people is not an actor in it.
One of the people is real and they build this kind of court case around them. And that person doesn't know that everyone else is an actor, right?
But my actual pick of the week is Jury Duty, the TV show on Amazon Prime. I explain this TV show.
It's got some bad reviews and some good reviews, but I explain it as essentially it's The Office where they do kind of pieces to camera and it's a general sitcom, except one of the people is not an actor in it.
One of the people is real and they build this kind of court case around them. And that person doesn't know that everyone else is an actor, right?
Oh, doesn't have a clue. No.
And you can genuinely see that in the end when they kind of debrief and tell this guy all of this was completely fake.
He's gonna have PTSD for the rest of his life.
They celebrate him 'cause he made such good decisions. Honestly, I feel like the mischievous side of me would kind of try and mess with them a bit, but they didn't.
They played this everybody, the actors between themselves, and then it's just him kind of being the audience and being going, "What the heck is going on?
Is this my life?" The absurdity. James Marsden is also in it, who is in a bunch of movies, Sonic and The Notebook and that type of thing. He was also in Westworld.
They played this everybody, the actors between themselves, and then it's just him kind of being the audience and being going, "What the heck is going on?
Is this my life?" The absurdity. James Marsden is also in it, who is in a bunch of movies, Sonic and The Notebook and that type of thing. He was also in Westworld.
Right.
He is playing a caricature of himself with a giant ego. Which is also brilliant.
So when I heard you were going to choose this, I hadn't heard of this show, but I went and watched some clips on YouTube.
And there is the clip of this actor guy, James Marsden, sort of saying, look, maybe I should be excused because I'm going to be a distraction because I'm famous, because I've been in these movies.
And the judge didn't recognise him. And I didn't recognise him either. I thought, I don't know who this guy is. So I wouldn't have listened to him either.
But it is quite, from the bits I've seen, this is quite fun. I quite like it.
And the central guy, the guy who isn't an actor, the guy who's effectively being duped, does seem like a—
And there is the clip of this actor guy, James Marsden, sort of saying, look, maybe I should be excused because I'm going to be a distraction because I'm famous, because I've been in these movies.
And the judge didn't recognise him. And I didn't recognise him either. I thought, I don't know who this guy is. So I wouldn't have listened to him either.
But it is quite, from the bits I've seen, this is quite fun. I quite like it.
And the central guy, the guy who isn't an actor, the guy who's effectively being duped, does seem like a—
Yeah, they basically give him not moral choices, but slightly on the side of that. And the interesting thing is to see him really care for the people around him.
He is definitely the hero of that show. I think they picked it really well.
He is definitely the hero of that show. I think they picked it really well.
Is he Canadian? Is he Canadian?
I think it's all set in America.
But this goes on for weeks, doesn't it? So he was in a hotel, he was disconnected from the internet.
He couldn't Google any of these people. Yeah, they sequestered the jury.
Wow.
Which was a brilliant little addition to it, which makes them all stay in a hotel. And just the weirdness of it all is just so brilliant.
And the plot orchestration of how they architect all the plot points and lead him into them is just— it's beautiful. It really is very well done.
And the plot orchestration of how they architect all the plot points and lead him into them is just— it's beautiful. It really is very well done.
Okay, I'm putting it on my watch list. This is my kind of— I hate that I like this though, because it's like, we love watching people being duped. We're addicted to it.
You know, but I am too. I just don't know why we're just—
You know, but I am too. I just don't know why we're just—
I'm not sure it's making fun of it. I've only seen little clips.
Yeah, no, it definitely paints him as the hero. This isn't Trigger Happy TV where you're just looking for people's reaction.
Yeah. Okay, I'll watch it. I'll watch it on your recommendation, Matt.
And the name of the show again, Matt, is?
Jury Duty.
Jury Duty on Amazon Prime. Fantastic. Carole, what's your pick of the week?
Okay, I have to give a little background for my pick of the week. I got new windows a few years ago now, and they were a little bit bigger and heavier than the previous ones.
And basically, after they were put in, they were glorious, but they made a mess of our render, what Americans call stucco across the pond.
Now, the problem with rendered or stuccoed houses is they need maintenance, right? You have to paint them and check for cracks and fill it in. And not my idea of fun or talent.
You know, we went around and looked for a renderer, and we couldn't find one for love or money, right?
I was even trying to pimp out my husband, you know, a date with him, but even that didn't— So long story short—
And basically, after they were put in, they were glorious, but they made a mess of our render, what Americans call stucco across the pond.
Now, the problem with rendered or stuccoed houses is they need maintenance, right? You have to paint them and check for cracks and fill it in. And not my idea of fun or talent.
You know, we went around and looked for a renderer, and we couldn't find one for love or money, right?
I was even trying to pimp out my husband, you know, a date with him, but even that didn't— So long story short—
Hello, you surprised me.
My husband panicking found an incredible solution, right?
My baby was panicking.
And it was called spray cork rendering or spray cork stucco. And the stuff is awesome, okay? So you basically, you can apply it over anything that you would paint.
So you could put it over stucco, you could put it over steel, plaster, aluminum, wood, brick, vinyl, shingles, anything and helps to regulate temperature, resistant to abrasion, salty air, fungus, mold.
It's environmentally cool, right? Because it's 80% cork granules, 20% water-based paint, and you apply it with a spray gun that's compressed air, right? Or electricity.
And cork is completely renewable and it's non-toxic. I can go on and on and on.
So you could put it over stucco, you could put it over steel, plaster, aluminum, wood, brick, vinyl, shingles, anything and helps to regulate temperature, resistant to abrasion, salty air, fungus, mold.
It's environmentally cool, right? Because it's 80% cork granules, 20% water-based paint, and you apply it with a spray gun that's compressed air, right? Or electricity.
And cork is completely renewable and it's non-toxic. I can go on and on and on.
And that's why we're sponsored this week by—
No, it's just really cool.
Right.
It took about a week to put up, which is also amazing because I've seen houses take forever to get even just painted. And Kevin McLeod from Grand Designs even gives it a thumbs up.
So we used a company called Corksawl, but I'm sure there's other reputable ones around in your neck of the woods. This was in the UK. We got it done around Easter.
The house looks so much smarter. So my pick of the week is spray cork rendering or stuccoing. It's very cool.
So we used a company called Corksawl, but I'm sure there's other reputable ones around in your neck of the woods. This was in the UK. We got it done around Easter.
The house looks so much smarter. So my pick of the week is spray cork rendering or stuccoing. It's very cool.
Very cool. Wow.
That's left field, but I love it.
It's great. I know it's left field. You can even— I want to do it inside my bathroom instead of tiling it. Just stucco, just spray cork the inside of the bathtub area.
I am actually genuinely tempted to do this in my garage because I have unfinished walls in the garage and this would be pretty good.
I have links in the show notes and you can even do it yourself totally. They literally all— Ah.
And it feels nice, doesn't it, Carole? It's kind of, yeah.
It's got a little bit of a sponge to it, but it feels solid. And they just basically covered all the windows and all the sides and the pipes and then just spray-gunned it.
So anyway, check it out. Very cool stuff.
So anyway, check it out. Very cool stuff.
Well, that just about wraps up the show for this week. Matt, thanks very much for joining us.
I'm sure lots of our listeners would like to follow you online and find out what you're up to. What's the best way for folks to do that?
I'm sure lots of our listeners would like to follow you online and find out what you're up to. What's the best way for folks to do that?
I am on Mastodon, Matt Davey, and I guess I'm on social.lol. I think you have to say, I'm not really on Twitter anymore. But you can follow 1Password on Twitter at just @1Password.
Terrific. And you can follow us on Twitter at Smashing Security, no G to Twitter @matt_davey, and we also have a Mastodon presence.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast apps, such as Pocket Casts, Apple Podcasts, and Spotify.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast apps, such as Pocket Casts, Apple Podcasts, and Spotify.
And big, big thank yous to this episode's sponsors, Kolide and NordLayer. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest list, and the entire back catalog of more than 328 episodes, check out smashingsecurity.com.
For episode show notes, sponsorship info, guest list, and the entire back catalog of more than 328 episodes, check out smashingsecurity.com.
Until next time, cheerio. Bye-bye.
Bye-bye.
Thanks for having me.
Bye. Thank you, Matt. Brilliant. It was fun.
Thanks so much, Matt. Really appreciate you coming along. Great stories. Terrific Pick of the Week.
Yes, watch it. It's great.
Yeah, I will do. I'm going to start tonight.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Matt Davey – @
Episode links:
- Pornhub Is Being Accused of Illegal Data Collection – Wired.
- StopDataPorn brings Pornhub to court for abusing users’ personal data with GDPR complaints – StopDataPorn.
- The Password Game – Neal.fun.
- The True Cost of a Free TV – Wired.
- Telly dual-screen TV first look: it’s free and may be the future – The Verge.
- Swindlers Used Barbie Dolls to Rob COVID Relief Program – The Messenger.
- How rampant abuse by fintech fueled covid relief fraud – The Washington Post.
- ‘Biggest fraud in a generation’: The looting of the Covid relief plan known as PPP – NBC News.
- “We Are Not the Fraud Police”: How Fintechs Facilitated Fraud in the Paycheck Protection Program – Fox News.
- ‘The Dial Of Destiny’ Is Now The Worst-Reviewed ‘Indiana Jones’ Movie – Forbes.
- “Jury Duty” TV series – Wikipedia.
- “Jury Duty” trailer – YouTube.
- Spray Cork: What Is It? – Build with Rise.
- CorkSol.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Zero Trust for Okta. Watch a demo today!
- NordLayer – NordLayer safeguards your company’s network, securing and protecting remote workforces as well as business data. It can even help you ensure security compliance. Get your first month free.
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Local Storage [EXPLETIVE] !!
I have been ranting about this since the first disclosure of Flash Cookies in the early 2000's, if not earlier.
Yet another scenario for "What on Earth Could Wrong".
Another reason I also practice Safe Browsing and clear all aspects of browsing history, downloads, cookies, storage, cache, autofill data, application cache and site settings (and deny Third Party Cookies), unless I need them as some sites I need are broken without them.
Also not a fan of sites like porn hub. Little interest as I would rather a live woman .
Been together over 50 years. Must be something there.
Cheers