This week the podcast is more lavatorial than usual, as we explore how privacy may have gone to sh*t on Google Maps, our guest drives hands-free on Britain’s motorways (and is defamed by AI), and ransomware attacks an airplane-leasing firm.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by BBC Technology Editor Zoe Kleinman.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
I have to admit, I'm quite disappointed by Google Maps' ability to locate lavatories.
Because I looked up my nearest toilet, the term they like to use, to where I am right now, and it is apparently 12 hours, 48 minutes walk away.
Because I looked up my nearest toilet, the term they like to use, to where I am right now, and it is apparently 12 hours, 48 minutes walk away.
What?
Yes, it's quite a long way.
That makes me feel quite unwell just thinking about it.
Smashing Security, episode 356. Big Dumpers, AI defamation, And the slug that slurped with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 356. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 356. My name's Graham Cluley.
And I'm Carole Theriault.
And we're joined this week by a special guest, someone who hasn't been on the show for a while. We're delighted to have returned to the hot seat BBC technology editor Zoe Kleinman.
Hello, Zoe.
Hello, Zoe.
Hello. How nice to be back.
So nice to have you back.
Oh, thank you.
Proper journo.
It's been too long.
Right, we're on a tight schedule today. So Carole, pull the lever.
It's weather depending if we can even get this show out. But before we kick this show off, let's thank this week's wonderful sponsors, Vanta and Collide.
It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?
It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?
Well, I'm going to be taking a slightly different look at data dump or telling Google to bog off, all sorts of things, actually.
Okay, sounds fascinating. Zoe, what about you?
I'm gonna be telling you about what happened when I thought a chatbot was lying about me.
Ooh. And I'm gonna talk about how a slug slimed aerospace. All this and much more coming up on this episode of Smashing Security.
Now, chums, chums, we all know, I'm sure, about Maslow's hierarchy of needs. Maslow's hierarchy of needs. Did you learn about that, guys, at school?
Do you remember Maslow's hierarchy of needs?
Do you remember Maslow's hierarchy of needs?
Today it's sleep, sleep, sleep, sleep, and sleep. That's what I'm missing today.
So, your most basic needs, things like air, water, shelter, maybe a bit of grub.
And then you have another layer, which is your personal security, your health, of course, employment, and then all that sort of squishy, squashy stuff like love and friendship and intimacy and family and all those sort of things.
And some people these days think that a working internet connection overrides all of those needs, particularly me at the moment.
My internet's been up and down like bonkers over the last few days after this storm.
And then you have another layer, which is your personal security, your health, of course, employment, and then all that sort of squishy, squashy stuff like love and friendship and intimacy and family and all those sort of things.
And some people these days think that a working internet connection overrides all of those needs, particularly me at the moment.
My internet's been up and down like bonkers over the last few days after this storm.
Isn't there a whole campaign about making internet the fifth utility? You know, you've got electricity, you've got water, you've got gas. Maybe it's the fourth utility.
And one of them, they say, should be the internet.
And one of them, they say, should be the internet.
Well, there's so many things you can't do these days unless you've got an internet connection, have you?
I mean, with a digital government, they're expecting you to communicate with them via websites or to have a phone in your back pocket, some way in which to interact with them.
I mean, how else can you pay your taxes, right? You know, sending in forms or cheques, you know, that's not going to work.
So you do need some sort of digital connectivity more and more today, I think. But I would argue there are times when something even trumps all of those needs, even Wi-Fi perhaps.
For instance, picture the scene: you're out, you're about, and you suddenly realise that you unexpectedly need to go to the loo. Very, very badly indeed.
At that point, you don't care about air and water. Depending on how desperate you are, you may not even want shelter. You might just say, "I don't care.
I'll just do it here." I don't know. It doesn't matter if it's you or a young child, a toddler you're pushing around.
I mean, with a digital government, they're expecting you to communicate with them via websites or to have a phone in your back pocket, some way in which to interact with them.
I mean, how else can you pay your taxes, right? You know, sending in forms or cheques, you know, that's not going to work.
So you do need some sort of digital connectivity more and more today, I think. But I would argue there are times when something even trumps all of those needs, even Wi-Fi perhaps.
For instance, picture the scene: you're out, you're about, and you suddenly realise that you unexpectedly need to go to the loo. Very, very badly indeed.
At that point, you don't care about air and water. Depending on how desperate you are, you may not even want shelter. You might just say, "I don't care.
I'll just do it here." I don't know. It doesn't matter if it's you or a young child, a toddler you're pushing around.
Graham.
Yes, Carole? Yes.
I have heard of adults wearing diapers.
So if you feel you're getting caught short and you can't do big journeys, maybe you just need to wear a few diapers, and then you're not so nervous. You know?
So if you feel you're getting caught short and you can't do big journeys, maybe you just need to wear a few diapers, and then you're not so nervous. You know?
Maybe. Maybe, maybe. You know what? I think that day is coming ever closer to me, Carole, to be honest.
We've just potty trained my toddler, so we've got a load of leftover pull-ups you can have if you want.
Yeah, they're probably my size.
Circular economy and all that.
Yes, they're fantastic. Fantastic. Thank you very, very generous of you. So I think when you find yourself in that situation, it is more important than anything else.
So what do you do in that scenario? Well, in today's modern age, you reach into your pocket, don't you? And what do you pull out?
What do you pull out when you desperately need to go to the loo?
You pull out your smartphone, of course, because one of the things that you can get in the Apple App Store and the Google Play Store is a toilet locating app, which contain listings of millions of lavatories around the world.
Oh! Have you never used one of these, Carole?
So what do you do in that scenario? Well, in today's modern age, you reach into your pocket, don't you? And what do you pull out?
What do you pull out when you desperately need to go to the loo?
You pull out your smartphone, of course, because one of the things that you can get in the Apple App Store and the Google Play Store is a toilet locating app, which contain listings of millions of lavatories around the world.
Oh! Have you never used one of these, Carole?
No, but I think that could be very useful.
That's very useful.
I was on a city break this past weekend. And, you know, if you got lost or, you know, really need to have a wazz, you know, it might be useful.
You were in France, I believe.
I was in la belle France.
So you would want le toilette poche, I expect.
Well, no, no, they would all be— there was Fashion Week in Paris, so they would all be rammed with—
Oh, la di da! Well, there is a website as well. If you don't have an app, there's a website called toiletmap.org.uk. And I went to this website as part of my research.
Do you know my nearest loo is 2 minutes' walk away from where I'm sitting right now?
Do you know my nearest loo is 2 minutes' walk away from where I'm sitting right now?
Really?
And they will charge me 20 pence if I've toddled over to that particular loo. Thankfully, I have a lavatory actually a little bit closer en route to my front door, which I can use.
Listeners, please tweet Graham with the nearest loo to your house. We'd love to know.
Bookmark the link, everybody. Or of course, you could bookmark the link. You could have one of those loo-finding apps installed on your phone.
But what are you going to do if you're desperate and you aren't prepared? If you haven't— imagine this scenario happening? Well, that's when you go into Google Maps.
So I went into Google Maps, and I have to admit, I'm quite disappointed by Google Maps' ability to locate lavatories.
Because I looked up my nearest toilet, the term they like to use, to where I am right now, and it is apparently 12 hours 48 minutes walk away.
But what are you going to do if you're desperate and you aren't prepared? If you haven't— imagine this scenario happening? Well, that's when you go into Google Maps.
So I went into Google Maps, and I have to admit, I'm quite disappointed by Google Maps' ability to locate lavatories.
Because I looked up my nearest toilet, the term they like to use, to where I am right now, and it is apparently 12 hours 48 minutes walk away.
What?
Yes, it's quite a long way.
That makes me feel quite unwell just thinking about it.
Maybe Google Maps hasn't put a lot of research into where the flip are the toilets, you know?
You absolutely are correct, Carole. They haven't.
How could they not think of that?
There is an absence of public lavatories near me. If I go to the West Country, I'm doing a lot better.
But here in the centre of England, very disappointingly— and the BBC really should be investigating this, I think. Google Maps.
But here in the centre of England, very disappointingly— and the BBC really should be investigating this, I think. Google Maps.
Is that a hint? Is that a hint?
Just a little bit of a hint for the 9 o'clock news, maybe. But so— So I found out this loo is, and the reviews of it are quite good.
A guy called David P, appropriately enough, left a review on Google Maps and reasonably clean, fresh and fresh for public toilets. No payment required, but there's no guarantee.
It doesn't give me opening times. So I don't know if I should set off.
A guy called David P, appropriately enough, left a review on Google Maps and reasonably clean, fresh and fresh for public toilets. No payment required, but there's no guarantee.
It doesn't give me opening times. So I don't know if I should set off.
What does fresh mean in a loo context?
You know, just sort of, you know, fragrant, I imagine, you know, but in a good way. Anyway, not very useful to me.
And I think the problem is that for some reason in much of the UK, loos, lavatories, bogs, public toilets, whatever you want to call them, aren't being added to these databases.
Now, anybody can add an entry to Google Maps telling it about a loo. And I think, hey, listeners, go and do that. Tell it about a local loo.
You might save someone who finds himself in a predicament. Just you can tell Google Maps about businesses.
But obviously, we trust our listeners to act responsibly, but can we trust the general public not to misbehave when it comes to listing things loos on Google Maps?
And I think the problem is that for some reason in much of the UK, loos, lavatories, bogs, public toilets, whatever you want to call them, aren't being added to these databases.
Now, anybody can add an entry to Google Maps telling it about a loo. And I think, hey, listeners, go and do that. Tell it about a local loo.
You might save someone who finds himself in a predicament. Just you can tell Google Maps about businesses.
But obviously, we trust our listeners to act responsibly, but can we trust the general public not to misbehave when it comes to listing things loos on Google Maps?
Hmm.
Well, this is what my story is about, in case you're wondering all this preamble. Because someone in Australia, it seems, cannot be trusted.
An Australian man called Will decided as a prank to register the shared house he lived in in Canberra as a lavatory on Google Maps.
An Australian man called Will decided as a prank to register the shared house he lived in in Canberra as a lavatory on Google Maps.
Nice way to meet new people, you know.
Can you imagine? He wasn't living in a cottage. You open your front door and there's a queue of quite desperate-looking people.
Hey, everybody! I'm so popular!
So it turns out this chap, Will, has for years been registering his houses as businesses on Google Maps as a joke. That's what you have to do in Australia for a bit of humour.
You register your house as a business. So he used to live in a house which he registers as a McDonald's. And apparently cars would drive past slowly, drivers looking confused.
You register your house as a business. So he used to live in a house which he registers as a McDonald's. And apparently cars would drive past slowly, drivers looking confused.
Hilarious.
It's a bit mean, really, if you're desperate for a—
What, for a Big Mac?
Yeah, it's not that funny, is it? Please don't do that. Another year, he registered that his shared house was a café.
And years later, he came across a real estate agent who was listing another property, a rental, which boasted the rental was only 400 metres from his fake café.
That was one of the selling points because they'd gone on Google Maps and said, oh, it's near this café. Then that's— Oh, Will.
So Google Maps, the information being stored on it about businesses and lavatories and facilities can cause all kinds of problems.
And so this chap, Will, he registered the house he was living in as a public toilet on Google Maps and he called it Big Dumpers.
And years later, he came across a real estate agent who was listing another property, a rental, which boasted the rental was only 400 metres from his fake café.
That was one of the selling points because they'd gone on Google Maps and said, oh, it's near this café. Then that's— Oh, Will.
So Google Maps, the information being stored on it about businesses and lavatories and facilities can cause all kinds of problems.
And so this chap, Will, he registered the house he was living in as a public toilet on Google Maps and he called it Big Dumpers.
Wonderful. Smart. Really smart move. I'm sure this did not go wrong for him, you know.
It's Australian humor.
No, but again, okay, so someone has to go have a so-called big dump, knocks the door, he laughs at them. What are they gonna do, shit on his lawn?
Well, you know, I mean, maybe. I don't know.
Because they might have to.
They might have to, I suppose. They may have to do— they may be upset. I don't know how close the nearest other facility is.
It may not leave a 5-star review, is all I'm saying.
Well, people have been leaving 5-star reviews. His mates have been leaving reviews extolling the virtues of Big Dumpers.
And of course, once other people leave reviews on a joke listing, other people are more likely to believe it and think, well, there is a loo there.
So is this a serious problem, is my question to you. Is this actually a problem? What do you think?
And of course, once other people leave reviews on a joke listing, other people are more likely to believe it and think, well, there is a loo there.
So is this a serious problem, is my question to you. Is this actually a problem? What do you think?
I don't think it's particularly widespread. I think it might be a problem if there was a worldwide emporium of big dumpers, but I'm not sure that there is.
About 15 years ago, I lived in a property with my ex-husband, and he registered that property to his business, which has long since gone.
About 15 years ago, I lived in a property with my ex-husband, and he registered that property to his business, which has long since gone.
Oh yeah.
But I was casually looking up where we used to live the other day on Google Maps, and I realized that it's still registered as being his business.
And I don't really know what to do about it. But I can believe that a lot of these things are sort of subject to the goodwill, aren't they, of people keeping them up to date.
Have you seen that amazing thread about people revisiting old Google Street Views to see relatives who've died?
And I don't really know what to do about it. But I can believe that a lot of these things are sort of subject to the goodwill, aren't they, of people keeping them up to date.
Have you seen that amazing thread about people revisiting old Google Street Views to see relatives who've died?
Oh, oh, oh, passed away, yes, that's right.
Yes, exactly. It's an incredible, very moving actually, discussion. It comes up from time to time, doesn't it? It's a sort of time capsule.
But again, that's a nice thing, that's a nostalgic thing. It's not gonna help you out if you're desperate for the loo.
But again, that's a nice thing, that's a nostalgic thing. It's not gonna help you out if you're desperate for the loo.
No, I think this particular issue of this chap highlighting that his old property was a public loo isn't that big a problem.
Apparently no one ever came round desperately looking for the loo. If he had, he'd told them to, you know, turn turtle and go away.
But a couple of years later, Will, who'd moved out of the house, checked out and noticed Big Dumpers was still remaining on Google Maps.
And what do you know, if you looked up Big Dumpers on Google Maps, it also showed popular times.
Apparently no one ever came round desperately looking for the loo. If he had, he'd told them to, you know, turn turtle and go away.
But a couple of years later, Will, who'd moved out of the house, checked out and noticed Big Dumpers was still remaining on Google Maps.
And what do you know, if you looked up Big Dumpers on Google Maps, it also showed popular times.
What?
Times when the location was right. This is the security angle. This is the privacy angle.
Finally. Okay. 9 minutes in.
Right. Because what he found was that Google was logging the geolocation data of people with smartphones who came to that property.
And so Will was able to see 9 o'clock in the morning on Thursdays was a really busy time for Big Dumpers. According to Google Maps. But later, it was normally completely empty.
And so Will was able to see 9 o'clock in the morning on Thursdays was a really busy time for Big Dumpers. According to Google Maps. But later, it was normally completely empty.
You're sure there was no toilet sensors or anything?
No, no, no. Because I was thinking, you know, Google obviously are very invasive. They would monitor all kinds of devices being used.
You can imagine they might— their mind boggles, literally, about that kind of thing.
But yeah, so if you registered an address on Google Maps, you might later be able to pick up when people are likely to be there and when they're not.
So, when that's a private home that's actually in there, that could potentially be rather useful.
I mean, obviously this popular times is handy if you want to go to a café or a restaurant or a cinema or some other facility.
You can look at it on Google Maps and it says, oh, the supermarket's really busy right now. But if you go along at 9 o'clock at night, it's not so busy.
You can imagine they might— their mind boggles, literally, about that kind of thing.
But yeah, so if you registered an address on Google Maps, you might later be able to pick up when people are likely to be there and when they're not.
So, when that's a private home that's actually in there, that could potentially be rather useful.
I mean, obviously this popular times is handy if you want to go to a café or a restaurant or a cinema or some other facility.
You can look at it on Google Maps and it says, oh, the supermarket's really busy right now. But if you go along at 9 o'clock at night, it's not so busy.
It doesn't take fricking Google to know that, does it, really?
No, but I mean, there are times when you think, well, should I 'Oh, it's really popular right now.
You might want to go at a different time,' or, you know, sometimes it's not obvious. So, it's interesting.
There's even a live, is it busy right now, which Google Maps can tell you as well. And of course, the way in which Google Maps is telling this is through people's smartphones.
Because if you've got Google Maps on your phone, Google can periodically check in on the location of your phone and see, to find out where you are, what you're up to, and whether a location can be assumed to be busier.
So, all kinds of information can begin to leak out.
And I think it wouldn't take a genius to work out how, if it's a private home, that potentially could be information you don't want made public or be able for anyone to access and cause mischief with.
You might want to go at a different time,' or, you know, sometimes it's not obvious. So, it's interesting.
There's even a live, is it busy right now, which Google Maps can tell you as well. And of course, the way in which Google Maps is telling this is through people's smartphones.
Because if you've got Google Maps on your phone, Google can periodically check in on the location of your phone and see, to find out where you are, what you're up to, and whether a location can be assumed to be busier.
So, all kinds of information can begin to leak out.
And I think it wouldn't take a genius to work out how, if it's a private home, that potentially could be information you don't want made public or be able for anyone to access and cause mischief with.
There was a site a few years ago called Please Rob Me. And all it basically was, do you remember that?
It was like an RSS feed, wasn't it, of data of people posting on social media going, "Woo-hoo, I'm off on holiday with the family."
It was like an RSS feed, wasn't it, of data of people posting on social media going, "Woo-hoo, I'm off on holiday with the family."
Right.
And basically, you know, advertising that their house is going to be empty. Yeah.
So, folks, if you don't like the idea of Google tracking your location, you can go into the settings on your phone.
For instance, on your iPhone, you can say, you know, only maybe ping my location when I have the Google Maps app open, or you can turn it off completely, although other things may stop working then.
I remember a few years ago there was a German artist who pulled a kid's toy cart around after him around Berlin.
For instance, on your iPhone, you can say, you know, only maybe ping my location when I have the Google Maps app open, or you can turn it off completely, although other things may stop working then.
I remember a few years ago there was a German artist who pulled a kid's toy cart around after him around Berlin.
Yes.
And he had 99 smartphones in this little toy cart he was walking around with. And Google Maps thought there was a traffic jam in Berlin.
Beautiful.
Because he was showing all these phones moving very, very slowly. But that doesn't really help in regards to people whose addresses might have been registered.
So I think, Zoe, you need to go and speak to your ex-husband and say, for goodness' sake, deregister that address because it could do harm for someone else in future.
So I think, Zoe, you need to go and speak to your ex-husband and say, for goodness' sake, deregister that address because it could do harm for someone else in future.
Okay.
If you're on speaking terms of it.
We are on speaking terms. I'm not quite sure how I'll bring this up, but I'll try.
But, you know, other people need to think about their own privacy as to how much information they're sharing with Google.
But it's an interesting way in which Google Maps could be revealing more than we want to about people's behaviour. Zoe, what have you got for us this week?
But it's an interesting way in which Google Maps could be revealing more than we want to about people's behaviour. Zoe, what have you got for us this week?
Well, I want to tell you both a little story about something that happened to me that I think is going to basically happen to all of us at some point.
And it's a sort of cautionary tale of how difficult it is to manage. So I had a little flurry of activity on social media.
People were sending me this screenshot and going, "Oh my God, have you seen this?" You know what, it's never good news when people start doing this.
So I had a look at it and it looked like a screenshot from Grok, which is the AI chatbot that's been set up by Elon Musk's company, XAI.
And the person who'd posted it had written, "Give me a list of the top 10 spreaders of disinformation on X." And there were some really big US conspiracy theorists on this list with millions of followers who were posting content about big-style conspiracy theories.
And number 9 on the list was me.
And it's a sort of cautionary tale of how difficult it is to manage. So I had a little flurry of activity on social media.
People were sending me this screenshot and going, "Oh my God, have you seen this?" You know what, it's never good news when people start doing this.
So I had a look at it and it looked like a screenshot from Grok, which is the AI chatbot that's been set up by Elon Musk's company, XAI.
And the person who'd posted it had written, "Give me a list of the top 10 spreaders of disinformation on X." And there were some really big US conspiracy theorists on this list with millions of followers who were posting content about big-style conspiracy theories.
And number 9 on the list was me.
What the heck is she doing on the show, Graham?
How did you get on?
This is my final appearance on Smashing Security.
You must have been gobsmacked.
I was very surprised because there was nothing— I didn't have anything in common with any of these other accounts. I didn't know them. None of us followed each other.
I've never reported on them. There was nothing that I could see. There were no sort of obvious data points that would put me on a list with these people, right?
We know that AI is trained on loads of data. We know that it sometimes joins dots wrong.
I've never reported on them. There was nothing that I could see. There were no sort of obvious data points that would put me on a list with these people, right?
We know that AI is trained on loads of data. We know that it sometimes joins dots wrong.
Yeah. You have a cool Twitter handle though, don't you? 'Cause you're one of those—
Oh, thanks very much.
You're one of those people who only has 3-letter Twitter handles. Very cool. ZSK. It's very cool, that. I wonder if that could have been a factor.
Well, I don't know. I mean, I didn't know how I'd got on it, but clearly I'm a working journalist. I work at the BBC. This is not a list that I want to be on.
No, right.
But it hadn't gone mad viral, you know. I wasn't seriously worried about it, but I thought, as a test case, I'd like to see what I can do about this.
Mm-hmm.
So— I do actually happen to know a bit about this stuff because I've done a lot of reporting on AI and regulation.
And while various territories and countries seem intent on doing their own thing, the one thing that a lot of them do agree with is that you should be able to challenge a decision made about you or content produced about you by an AI tool, right?
And here in the UK, what the UK government has said is they want to fold it into existing regulators.
So if you think you've got a problem, you know, you go to the regulator you would go to if you had that problem in any other area of your life.
So I thought, okay, I'll try the regulators. So I went to the Information Commissioner's Office and said, you know, this is doing the rounds, what do you think, what can I do?
And they said, no, it's not us because this is content rather than data. You know, they're the data protection people. They said, go to Ofcom.
So Ofcom, it polices the Online Safety Act, which is all about online harm. I thought, right, yeah, it makes sense. So I said to Ofcom, can you help me? You know, this has happened.
I sent them the screenshot and they said, it's not us because while it's not nice. It's not criminal.
And while various territories and countries seem intent on doing their own thing, the one thing that a lot of them do agree with is that you should be able to challenge a decision made about you or content produced about you by an AI tool, right?
And here in the UK, what the UK government has said is they want to fold it into existing regulators.
So if you think you've got a problem, you know, you go to the regulator you would go to if you had that problem in any other area of your life.
So I thought, okay, I'll try the regulators. So I went to the Information Commissioner's Office and said, you know, this is doing the rounds, what do you think, what can I do?
And they said, no, it's not us because this is content rather than data. You know, they're the data protection people. They said, go to Ofcom.
So Ofcom, it polices the Online Safety Act, which is all about online harm. I thought, right, yeah, it makes sense. So I said to Ofcom, can you help me? You know, this has happened.
I sent them the screenshot and they said, it's not us because while it's not nice. It's not criminal.
So they sent you to the Milk Marketing Board and they said, wow, they only care about criminal reports.
That's what they said. That's what they said. It's not criminal, so we can't deal with it. They said go to a lawyer.
So I went to two lawyers who claimed to specialize in AI-related cases. The first one didn't want to talk to me at all, and the second one said there is no precedent for this yet.
There are a handful of cases going on around the world, but there's been no solution to any of them yet. So it's a difficult one.
She said I was in uncharted territory and I could go for defamation because it was defamatory. You know, I was on this list, I'm identifiable, and it's been published.
But there was no guarantee that I would win, and the onus would be on me to prove that it had caused me harm.
I should also say, by the way, that I went to X, which is the owner of this chatbot, and guess what? They completely ignored me. So I didn't get anywhere with anything.
So I went to two lawyers who claimed to specialize in AI-related cases. The first one didn't want to talk to me at all, and the second one said there is no precedent for this yet.
There are a handful of cases going on around the world, but there's been no solution to any of them yet. So it's a difficult one.
She said I was in uncharted territory and I could go for defamation because it was defamatory. You know, I was on this list, I'm identifiable, and it's been published.
But there was no guarantee that I would win, and the onus would be on me to prove that it had caused me harm.
I should also say, by the way, that I went to X, which is the owner of this chatbot, and guess what? They completely ignored me. So I didn't get anywhere with anything.
Not even a poop emoji?
No, I didn't even get a poop emoji. I've got absolutely nothing. Radio silence.
So I was really interested in this because, you know, basically I never set out to sue anyone for defamation, but that was the route that I was pushed down, really.
So I was really interested in this because, you know, basically I never set out to sue anyone for defamation, but that was the route that I was pushed down, really.
Yeah.
And even then I was sort of told, well, you know, there's no guarantee that you're going to get anywhere with this because nobody ever has.
And then the sort of final plot twist to all of this is that I'd also showed it to — we have a team here called BBC Verify, and they are amazing.
They are who basically look at sources and information and try to verify it and check out sort of fake news.
And they said they think there was a reasonable chance that the screenshot itself was faked. So that's kind of the conclusion of it, which was slightly weird in itself.
But for me, I felt like, you know, Zoe Kleinman, the tech editor of the BBC, I've got time to pursue this and I know how to do it because it's my job.
Zoe Kleinman, full-time working mum of 3, I had no time to do this and I don't know where to start. And I think that's the person I'm worried about.
This is gonna happen more and more. We know that the AI chatbots, they call it hallucinate, don't they? Which basically means make stuff up about you.
So where is the accountability there?
And then the sort of final plot twist to all of this is that I'd also showed it to — we have a team here called BBC Verify, and they are amazing.
They are who basically look at sources and information and try to verify it and check out sort of fake news.
And they said they think there was a reasonable chance that the screenshot itself was faked. So that's kind of the conclusion of it, which was slightly weird in itself.
But for me, I felt like, you know, Zoe Kleinman, the tech editor of the BBC, I've got time to pursue this and I know how to do it because it's my job.
Zoe Kleinman, full-time working mum of 3, I had no time to do this and I don't know where to start. And I think that's the person I'm worried about.
This is gonna happen more and more. We know that the AI chatbots, they call it hallucinate, don't they? Which basically means make stuff up about you.
So where is the accountability there?
Yeah, and it's almost like the next phase of cyberbullying.
I can see this happening with disgruntled employees pissed off at another employee and just doing little shit-stirring activities online that are kind of untraceable. Ish, right?
Because they're shared. So I don't like it at all.
I can see this happening with disgruntled employees pissed off at another employee and just doing little shit-stirring activities online that are kind of untraceable. Ish, right?
Because they're shared. So I don't like it at all.
It's worrying, isn't it? And I think, you know, we don't know what data these AI tools are being trained on. We don't see it.
The people who own a lot of them say they don't really understand sometimes why a tool comes out with the result that it does, right? They don't know themselves.
So there's a lot of unknowns here. But ultimately, I guess the question is, is it their responsibility?
You know, in the early days of social media when Facebook was going, "We're not a publisher, we're just a platform and everyone's putting stuff on us and it's got nothing to do with us." And we've kind of gone, "Well, actually, I think you'll find you do have to take some responsibility." And everyone's so desperate to avoid that situation again.
But I sort of felt a bit like, this is not going so well, is it? Because, you know, here I am sitting here trying to sort it out and actually I can't.
The people who own a lot of them say they don't really understand sometimes why a tool comes out with the result that it does, right? They don't know themselves.
So there's a lot of unknowns here. But ultimately, I guess the question is, is it their responsibility?
You know, in the early days of social media when Facebook was going, "We're not a publisher, we're just a platform and everyone's putting stuff on us and it's got nothing to do with us." And we've kind of gone, "Well, actually, I think you'll find you do have to take some responsibility." And everyone's so desperate to avoid that situation again.
But I sort of felt a bit like, this is not going so well, is it? Because, you know, here I am sitting here trying to sort it out and actually I can't.
At the very least, you should be able to add a note to the tweet or something so other people who retweeted can say, look, this is why this particular post can't be trusted — because you do see that on Twitter, don't you?
People can leave comments and then other people will vote if they agree with you that it's misinformation.
People can leave comments and then other people will vote if they agree with you that it's misinformation.
Yeah, there are community notes. But the other thing you have to bear in mind, and Graham, you have a large following on X, I know.
Carole, I'm sure you are a superstar in it as well.
Carole, I'm sure you are a superstar in it as well.
No, I don't. I don't have no idea.
But you know, sometimes getting involved in it gives it more amplification than actually it would if it just died out. And I thought— I've been in this position many times.
I'm sure you sit on your hands because you want to engage with it, but actually you know that you'll make it worse because suddenly, in my case, you know, 35,000 followers will see it when maybe only 1,000 have at the moment.
So it's that battle, isn't it, between wanting to defend yourself but not wanting to avalanche yet more of a pile on onto you.
I'm sure you sit on your hands because you want to engage with it, but actually you know that you'll make it worse because suddenly, in my case, you know, 35,000 followers will see it when maybe only 1,000 have at the moment.
So it's that battle, isn't it, between wanting to defend yourself but not wanting to avalanche yet more of a pile on onto you.
And that's why you came to Smashing Security, and we love you for that.
And that's why I'm here, exactly, in a nutshell.
Carole, what have you got for us this week?
I'm talking about how a slug slimed aerospace. So have you guys heard of AerCap? I don't know how you say it. A-E-R. It's a Dublin-based company. AerCap. I'm going to say that.
Well, I don't know. AerCap. I don't know what that is.
No. No.
They're an Irish aviation leasing company. Now, I didn't know there were aviation leasing companies.
I suppose I never thought about it before, but apparently airlines lease aircraft from other airlines or these leasing companies just to basically avoid the financial burden of the purchase of buying a plane.
I suppose I never thought about it before, but apparently airlines lease aircraft from other airlines or these leasing companies just to basically avoid the financial burden of the purchase of buying a plane.
Well, yeah, you don't want to buy— planes are expensive. So I guess buying a car is expensive, and sometimes it may make more sense to lease one for a while.
Right. So maybe around Christmas, you might go and lease a plane or two planes just to increase capacity because you have more people traveling.
I don't know what kind of Christmas parties you have, Carole, that you're leasing planes.
Do you ever feel some people live really different lives to you, Graham?
Now, AerCap seems to be the largest leaser of airlines in our global town.
And the reason I'm talking about these guys is that AerCap just confirmed that it suffered a cyberattack on January 17th. This was reported this week by Reuters.
And it seems it was a ransomware attack that snuck in and got away with a terabyte of data. And for those who aren't sure, it's a lot, a lot, a lot of data.
And the reason I'm talking about these guys is that AerCap just confirmed that it suffered a cyberattack on January 17th. This was reported this week by Reuters.
And it seems it was a ransomware attack that snuck in and got away with a terabyte of data. And for those who aren't sure, it's a lot, a lot, a lot of data.
Well, it depends, doesn't it? It could be a database of plaintext records, or it could be a bunch of torrent movies which have been downloaded from some torrent site.
So they've got, you know, the latest Mission: Impossible.
So they've got, you know, the latest Mission: Impossible.
They just went on to the administrator's private cache.
Yeah, exactly. When they say, oh, you know, it's a gigabyte or something like this, well, it might be a lot, might not be so much.
But a terabyte, man.
Yeah, okay. All right. Yes, it is quite a lot of data. All right. I'm being silly.
It's significant. And the users, the group rather, the group who claim to be leading this little ransomware boogie-woogie are known as Slug.
I haven't heard of them before.
Slug.
Slug.
They're brand new, apparently.
Right. All the good names are gone.
It's an unusual name, right?
Because normally we were talking recently about how they all had tough guy names, you know, these scammers. And this is kind of the opposite. It's gross imagery.
Yeah. Yes.
Anyway, so this all came to the public eye with HackManac.
This is a group that manages the largest repository of cyberattacks from open sources, and they first reported the incident on the 18th of January, the day before Aircap made its filing to the SEC.
And this is all according to the Air Finance Journal, another brand new publication in my echo chamber, Air Finance Journal.
So HackManac CEO Sophia Scorsari, she said, "We identified the new cybercriminal group named Slug during our analysis of the dark web.
This post is authentic." And they, according to Slug, who left some comment, they say that Aircap was its first victim.
Now Slug have reportedly told Aircap that they have until the 29th of January to pay up or enter negotiations and stuff.
Exactly, to settle up with a payment or the data that they've stolen would start oozing out like slug slime. Of course, this is not the first time aerospace kingpins have been hit.
Last year, Boeing was faced with a cyberattack involving 45 gigs of data. And I think what I found interesting in all this — so we don't know what data was stolen.
I can't find any information on that as yet, but this story is still unfolding.
We also don't know how much the payment negotiations are, but we rarely know that at this stage, whether they decide to pay or not pay.
This is a group that manages the largest repository of cyberattacks from open sources, and they first reported the incident on the 18th of January, the day before Aircap made its filing to the SEC.
And this is all according to the Air Finance Journal, another brand new publication in my echo chamber, Air Finance Journal.
So HackManac CEO Sophia Scorsari, she said, "We identified the new cybercriminal group named Slug during our analysis of the dark web.
This post is authentic." And they, according to Slug, who left some comment, they say that Aircap was its first victim.
Now Slug have reportedly told Aircap that they have until the 29th of January to pay up or enter negotiations and stuff.
Exactly, to settle up with a payment or the data that they've stolen would start oozing out like slug slime. Of course, this is not the first time aerospace kingpins have been hit.
Last year, Boeing was faced with a cyberattack involving 45 gigs of data. And I think what I found interesting in all this — so we don't know what data was stolen.
I can't find any information on that as yet, but this story is still unfolding.
We also don't know how much the payment negotiations are, but we rarely know that at this stage, whether they decide to pay or not pay.
Well, you're not meant to, are you?
Yeah, right. But it's interesting. So this comment was made by Air— I've written Aircrap here. Can you believe that?
Aircap.
I'm sorry.
I think you're mixing up with my story, Carole.
Yeah, autocorrect, autocorrect.
So Aircap said, "We have full control of our IT systems, and to date, we have suffered no financial loss related to the incident." So that's their primary comment.
Do you not feel, do you really have full control? Really?
So Aircap said, "We have full control of our IT systems, and to date, we have suffered no financial loss related to the incident." So that's their primary comment.
Do you not feel, do you really have full control? Really?
Well, it doesn't sound like they have full visibility. At least they're not sharing it at the moment as to what data has been taken.
I mean, that's one of the first questions you would want to know if you were a company which dealt with Aircap, if you were in the business of leasing aircraft through them.
You may want to think, well, has anyone got any information about us that you were storing that they might attempt to exploit?
I mean, that's one of the first questions you would want to know if you were a company which dealt with Aircap, if you were in the business of leasing aircraft through them.
You may want to think, well, has anyone got any information about us that you were storing that they might attempt to exploit?
I don't know. I think after a terabyte had been stolen, you had to go public.
If I were a shareholder, and they seem to be catering quite strongly to shareholders based on their homepage, it seems to be, you know, they're very, well, come on in.
If you want to invest, we're here. But there's no information about this ransomware at all there that I could find.
If I were a shareholder, and they seem to be catering quite strongly to shareholders based on their homepage, it seems to be, you know, they're very, well, come on in.
If you want to invest, we're here. But there's no information about this ransomware at all there that I could find.
That does annoy me. Often you will find company websites after they've suffered a cyberattack won't mention it in the least.
Even online commerce sites, you know, where you're buying things from an online store where the information's been stolen.
If you are a new customer the following day, you might go to that online store and there won't be a mention of it.
There'll be some, there might be an advisory squirreled away deep inside the press section, there might be a release about it, but it's like, shouldn't this be front and center so people can make an informed choice as to whether they want to trust you with their sensitive data or not?
Even online commerce sites, you know, where you're buying things from an online store where the information's been stolen.
If you are a new customer the following day, you might go to that online store and there won't be a mention of it.
There'll be some, there might be an advisory squirreled away deep inside the press section, there might be a release about it, but it's like, shouldn't this be front and center so people can make an informed choice as to whether they want to trust you with their sensitive data or not?
I agree with you there, but I also think I sort of feel a sense of helplessness when you get the inevitable email saying, "Oh, we think, you know, we've been compromised and we think you might be in it, but we don't really know and we're not sure what data of yours." We don't think it was any bank account details, but it might be, you know, keep an eye on your bank account.
And you're "what actually is the purpose of this information?" You're not giving me anything at all that's either concrete fact or that I can do anything about.
And you're "what actually is the purpose of this information?" You're not giving me anything at all that's either concrete fact or that I can do anything about.
Yeah, it's not actionable, it's just worrisome.
Yes, exactly.
I suppose it's to cover their ass if the ICO later investigate and say, "Why didn't you inform customers?"
Yeah, but isn't the process flawed? What are you telling me? You know what, there's absolutely nothing I can do about this, is there?
If you've got, we had a situation here at the BBC where there was a potential hack of a payment system that was used.
And I say potential because I now think they're not even sure whether BBC data was included in the breach or not.
So you've got free credit monitoring for a couple of years, I think. But it just sort of, it did feel both worrying but also completely powerless.
There's nothing I can do about this, you know. If somebody's got hold of my National Insurance number, what can I do about that? Nothing.
If you've got, we had a situation here at the BBC where there was a potential hack of a payment system that was used.
And I say potential because I now think they're not even sure whether BBC data was included in the breach or not.
So you've got free credit monitoring for a couple of years, I think. But it just sort of, it did feel both worrying but also completely powerless.
There's nothing I can do about this, you know. If somebody's got hold of my National Insurance number, what can I do about that? Nothing.
I totally get that no company wants to advertise or market the fact that they were kneecapped by a cyberattack in some way, right?
Yeah, yeah.
Especially if, you know, the person who's done this to you is apparently called Slug, you know, that makes it somehow worse.
That kind of makes you even more memorable. I was gonna say, genders do know, but we do hear about so many of these things that we don't necessarily remember.
But I reckon I'd remember Slug.
But I reckon I'd remember Slug.
Yeah, easy to spell as well, right? So maybe it's not so silly.
I was thinking, if only the passwords were salted.
Oh, oh, oh, oh, oh.
That's possibly too nerdy. Bit too geeky, that one.
But I think it goes to show that while we're all still AI mad at the moment, right? I am completely. There's still things ransomware that is not new or sexy, but it's still rife.
And as long as there's money to be made, data napping isn't going anywhere. Napping. See, nappies, napping.
And as long as there's money to be made, data napping isn't going anywhere. Napping. See, nappies, napping.
Interesting.
Well done. Well done.
There's so many threads to this, though, aren't there?
This episode of Smashing Security is sponsored by Kolide.
Wouldn't it be great if a device which lacked compliance or lacked security was denied access to your organization's applications, SaaS apps, and other resources?
Because this would mean that the hackers who had nabbed the unlucky employee's credentials, for example, could not gain access to your assets. It would effectively lock them out.
Welcome to Kolide, a world where access is only given to approved, secure devices.
As the administrator, you can manage every operating system, even Linux, Macs from a single dashboard.
Another bonus of Kolide: employees can often fix their own problems without involving IT support, meaning less resources are needed to effectively operate a more secure environment.
Kolide is the device trust solution for companies with Okta. Kolide ensures that if a device is not trusted or it's insecure, it is denied access to your cloud apps.
Learn more at kolide.com/smashing. That's kolide.com/smashing. And huge thank you to Kolide for sponsoring the show.
Wouldn't it be great if a device which lacked compliance or lacked security was denied access to your organization's applications, SaaS apps, and other resources?
Because this would mean that the hackers who had nabbed the unlucky employee's credentials, for example, could not gain access to your assets. It would effectively lock them out.
Welcome to Kolide, a world where access is only given to approved, secure devices.
As the administrator, you can manage every operating system, even Linux, Macs from a single dashboard.
Another bonus of Kolide: employees can often fix their own problems without involving IT support, meaning less resources are needed to effectively operate a more secure environment.
Kolide is the device trust solution for companies with Okta. Kolide ensures that if a device is not trusted or it's insecure, it is denied access to your cloud apps.
Learn more at kolide.com/smashing. That's kolide.com/smashing. And huge thank you to Kolide for sponsoring the show.
Shortcut compliance without shortchanging security. That's what Vanta can bring your company.
Expanding the scope of your security program with Vanta's market-leading ransomware protection. Leading compliance automation, saving your business time and money.
Vanta has over 5,000 customers around the globe who are saving over 300 hours in manual work and up to 85% of their costs for SOC 2, ISO 27001, HIPAA, GDPR, custom frameworks, and more.
And with Vanta's 200+ integrations, you can easily monitor and secure the tools your business relies on.
From the most in-demand frameworks to third-party risk management and security questionnaires, Vanta gives SaaS businesses of all sizes one place to manage risk and prove security in real time.
And as a special bonus, Smashing Security listeners can get a stonking 20% off Vanta. Just go to vanta.com/smashing to claim your discount. Vanta.com/smashing.
And thanks to Vanta for supporting the show. And welcome back, and you join us at our favourite part of the show, the part of the show that we like to call Pick of the Week.
Expanding the scope of your security program with Vanta's market-leading ransomware protection. Leading compliance automation, saving your business time and money.
Vanta has over 5,000 customers around the globe who are saving over 300 hours in manual work and up to 85% of their costs for SOC 2, ISO 27001, HIPAA, GDPR, custom frameworks, and more.
And with Vanta's 200+ integrations, you can easily monitor and secure the tools your business relies on.
From the most in-demand frameworks to third-party risk management and security questionnaires, Vanta gives SaaS businesses of all sizes one place to manage risk and prove security in real time.
And as a special bonus, Smashing Security listeners can get a stonking 20% off Vanta. Just go to vanta.com/smashing to claim your discount. Vanta.com/smashing.
And thanks to Vanta for supporting the show. And welcome back, and you join us at our favourite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week.
Zoe Kleinman.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they like.
It doesn't have to be security-related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they like.
It doesn't have to be security-related necessarily.
Better not be.
Well, my pick of the week this week is not security-related. My pick of the week this week is a YouTube channel run by an American comedian and singer called Randy Rainbow.
Do either of you know of Randy Rainbow?
Do either of you know of Randy Rainbow?
No.
No? Well, he's quite a jolly chap, I have to say. He's a big fan of the show tunes, and he makes political satirical parody show tune videos from a liberal perspective.
Basically, not a big fan of Donald Trump. So sorry for any listeners who are big fans. To be honest, I think we lost most of you long ago.
But anyway, Randy Rainbow makes a series of videos. So he will do show tunes.
"Don't Rain on My Parade." That will be "Don't Rain on His Parade." Don't tell him he's a dirty lying braggart.
Basically, not a big fan of Donald Trump. So sorry for any listeners who are big fans. To be honest, I think we lost most of you long ago.
But anyway, Randy Rainbow makes a series of videos. So he will do show tunes.
"Don't Rain on My Parade." That will be "Don't Rain on His Parade." Don't tell him he's a dirty lying braggart.
Life's Big Macs and the son's a ball of MAGA. Don't anybody dare rain on his parade.
I don't have a lot of time.
And it's quite amusing, just these little mock videos interviewing, maybe it's Donald Trump or another presidential candidate talking about things going on in the news.
He did a parody of "Lucy in the Sky with Diamonds" and it was "Donald in the John with Boxes." If you remember, there were lots of sensitive documents being stored in Mar-a-Lago's restrooms.
I find him quite amusing. Obviously, I have to take my mind off what is happening in America. Who knows who's going to be president? Oh, we've got that to look forward to.
In the meantime, I'm cheering myself up, my little liberal heart, by watching some of these videos on YouTube. Randy Rainbow. I found them quite amusing. Maybe you too.
And that is my pick of the week. Zoe, what's your pick of the week?
And it's quite amusing, just these little mock videos interviewing, maybe it's Donald Trump or another presidential candidate talking about things going on in the news.
He did a parody of "Lucy in the Sky with Diamonds" and it was "Donald in the John with Boxes." If you remember, there were lots of sensitive documents being stored in Mar-a-Lago's restrooms.
I find him quite amusing. Obviously, I have to take my mind off what is happening in America. Who knows who's going to be president? Oh, we've got that to look forward to.
In the meantime, I'm cheering myself up, my little liberal heart, by watching some of these videos on YouTube. Randy Rainbow. I found them quite amusing. Maybe you too.
And that is my pick of the week. Zoe, what's your pick of the week?
I recently test drove a new car, and it was the Ford Mach-E. Now, full disclaimer, they lent it to me so that I could try out hands-free driving on the motorways.
And here in the UK, I know that in the US and China, you guys are all way ahead of us, but here in the UK, this is the only car that you can do it with.
And it only works on the motorways, and it's geofenced, so it switches itself on when you are in the zone.
You can't, well, you probably could, Graham, but I don't know how to make it, how to break that.
And I wanted to try it out because there's a lot of noise about automated driving, isn't there?
We've got the government here saying they want to introduce more automated driving on Britain's roads. So I decided to have a go.
So I just took it, I had it when I was in London, and I took it around the M25, which is the motorway that goes around the city. It's one of the biggest, busiest motorways.
And basically what we do is you get onto the motorway and you activate the cruise control, and then when you're on the motorway properly and you're settled, basically there's a screen that goes blue and then it says you can take your hands off the wheel now.
And I did, and I found it incredibly weird. I've been in driverless cars before, but I haven't actually been in control of a driverless car before.
And you know what, you don't have to have your foot on the accelerator, on the gas pedal, but I did because I felt like I've got to have even if it's just my big toe, I've got to feel like I've got a little bit of control of this car.
And I sat there and the other weird thing is you've got to watch the road, right? So there's trackers, I think they're below the mirror in the center, so they're watching your eyes.
You've got to watch the road because legally you are still in charge of the car even though you're not doing anything.
So I didn't know what to do with my hands, and it reminded me about 20 years ago now I quit smoking and I went through this really weird phase.
I just didn't know what to do with my hands at all, ever, and I felt really awkward.
And I really live that moment of thinking, so I don't need to have my hands on the steering wheel, but I can't do anything else.
I still can't pick up my phone, I can't read the paper, I can't go on Twitter and tell everyone what I'm doing. So I don't know what to do with myself.
But it was a really interesting experience, and it made me think, you know, I was watching other drivers around me who were driving past because we were filming it as well, so I was trying to be quite exaggerated so it was obvious that I was not driving this car.
And I could see people looking at me going, what is she doing? You know, this car is an accident waiting to happen.
But I wondered what you guys think about the whole concept of driverless cars and whether we are ready for them.
And here in the UK, I know that in the US and China, you guys are all way ahead of us, but here in the UK, this is the only car that you can do it with.
And it only works on the motorways, and it's geofenced, so it switches itself on when you are in the zone.
You can't, well, you probably could, Graham, but I don't know how to make it, how to break that.
And I wanted to try it out because there's a lot of noise about automated driving, isn't there?
We've got the government here saying they want to introduce more automated driving on Britain's roads. So I decided to have a go.
So I just took it, I had it when I was in London, and I took it around the M25, which is the motorway that goes around the city. It's one of the biggest, busiest motorways.
And basically what we do is you get onto the motorway and you activate the cruise control, and then when you're on the motorway properly and you're settled, basically there's a screen that goes blue and then it says you can take your hands off the wheel now.
And I did, and I found it incredibly weird. I've been in driverless cars before, but I haven't actually been in control of a driverless car before.
And you know what, you don't have to have your foot on the accelerator, on the gas pedal, but I did because I felt like I've got to have even if it's just my big toe, I've got to feel like I've got a little bit of control of this car.
And I sat there and the other weird thing is you've got to watch the road, right? So there's trackers, I think they're below the mirror in the center, so they're watching your eyes.
You've got to watch the road because legally you are still in charge of the car even though you're not doing anything.
So I didn't know what to do with my hands, and it reminded me about 20 years ago now I quit smoking and I went through this really weird phase.
I just didn't know what to do with my hands at all, ever, and I felt really awkward.
And I really live that moment of thinking, so I don't need to have my hands on the steering wheel, but I can't do anything else.
I still can't pick up my phone, I can't read the paper, I can't go on Twitter and tell everyone what I'm doing. So I don't know what to do with myself.
But it was a really interesting experience, and it made me think, you know, I was watching other drivers around me who were driving past because we were filming it as well, so I was trying to be quite exaggerated so it was obvious that I was not driving this car.
And I could see people looking at me going, what is she doing? You know, this car is an accident waiting to happen.
But I wondered what you guys think about the whole concept of driverless cars and whether we are ready for them.
Oh, I think it might make the road safer when everyone's got a driverless car, but of course it's a bit of a worry when other people haven't.
Yeah, I worry what people are going to do with their hands if they don't have to have them on the steering wheel.
There is also that. I did keep my hands in full view, I have to say.
Was your car overtaking other cars and doing things like that as well?
So it didn't overtake, but it did undertake. And I thought, oh, I don't think I would have done that. And I actually looked it up.
It's not illegal, but it's strongly discouraged in the Highway Code. So that's to undertake a car on the left-hand side. But it did do that a few times. It didn't change lane.
You had to change lane to make it change lane, and then you sort of took back control for a bit.
Another thing it did that I wouldn't do was it accelerated when you came off the slip road.
So as you come off the motorway, you kind of regain control, but in that brief second, it would accelerate.
It's not illegal, but it's strongly discouraged in the Highway Code. So that's to undertake a car on the left-hand side. But it did do that a few times. It didn't change lane.
You had to change lane to make it change lane, and then you sort of took back control for a bit.
Another thing it did that I wouldn't do was it accelerated when you came off the slip road.
So as you come off the motorway, you kind of regain control, but in that brief second, it would accelerate.
Well, that's not good. Yes.
Now, I would decelerate coming off a motorway because you're going quite fast, right? So it did a couple of things that I think I would not have done.
But I don't know, I sort of felt like— I do a lot of driving. I live in Glasgow now, but I come down to London a lot.
My family's all in the south of England, so I'm up and down those motorways a lot. And I did sort of think, actually, this is quite nice. I feel like I could relax into this.
But would I relax too much? Would I fall asleep? You know, would I just be bored?
But I don't know, I sort of felt like— I do a lot of driving. I live in Glasgow now, but I come down to London a lot.
My family's all in the south of England, so I'm up and down those motorways a lot. And I did sort of think, actually, this is quite nice. I feel like I could relax into this.
But would I relax too much? Would I fall asleep? You know, would I just be bored?
I was thinking, would you get some sunglasses with fake eyes impressed upon them so you could sleep and the video sensor would think that you are paying attention?
You haven't blinked in 20 minutes.
Well, obviously I was not going to do anything remotely illegal, but I did wonder whether the eye tracking— you know, if I had my phone taped to the windscreen, would it know that I was watching YouTube rather than the road?
I did not test this because it would be illegal, but I did wonder, I did wonder if there was a way around it that way and how safe that would be.
Because I think the thing is that, you know, if you drive long distances, it's boring, isn't it?
They say don't drive for too long because you get tired, you get bored, you've got to take a break.
And I wondered whether it's sort of the same with driverless cars but kind of worse, because although you've got to stay alert, you're not actually doing anything.
I did not test this because it would be illegal, but I did wonder, I did wonder if there was a way around it that way and how safe that would be.
Because I think the thing is that, you know, if you drive long distances, it's boring, isn't it?
They say don't drive for too long because you get tired, you get bored, you've got to take a break.
And I wondered whether it's sort of the same with driverless cars but kind of worse, because although you've got to stay alert, you're not actually doing anything.
Yeah. I think it is going to be unsettling for many of us. I think these things are inevitable. It's going to happen. And it's going to be strange.
I mean, frankly, it was strange when we had to stop cranking up cars to start them or had a little man running in front with a red flag, wasn't it?
I mean, frankly, it was strange when we had to stop cranking up cars to start them or had a little man running in front with a red flag, wasn't it?
Oh, you remember that, do you?
Oh, you'd be surprised, Carole. But it's going to be an odd experience. But then, our kids probably will never learn how to drive a manual.
No.
They're all going to be driving automatics.
Yeah.
I mean, your toddler is just going to be having probably a fully automated car, aren't they?
But the thing that worries me is, quite possibly he will. You know, if my toddler never learns to drive a car, great.
But what if he actually suddenly then does have to take control of the car because it's malfunctioning? He's not gonna know what to do because he's never driven before.
But what if he actually suddenly then does have to take control of the car because it's malfunctioning? He's not gonna know what to do because he's never driven before.
Isn't motherhood fun?
Another thing to worry about.
Another dilemma.
Carole, what's your pick? Of the week.
My pick of the week this week is a little card game called Taco Cat Goat Cheese Pizza. Have either of you played?
Sounds like a recipe for one of your dinners.
It sounds like a Netflix series, I think.
I don't know, it's kind of, okay, it reminds me of a game which, you know, the name escapes me, but you will remember.
But you basically, you shared all the cards like a card game, and there's pictures of these, either a taco, cat, goat, cheese, pizza, on a random selection of cards that you have in your hand.
You're not looking at these cards and you've got to flip them over, but sequentially say those words, those five words in that order.
And as you go around the table, even though your card doesn't match that, does that make sense?
But you basically, you shared all the cards like a card game, and there's pictures of these, either a taco, cat, goat, cheese, pizza, on a random selection of cards that you have in your hand.
You're not looking at these cards and you've got to flip them over, but sequentially say those words, those five words in that order.
And as you go around the table, even though your card doesn't match that, does that make sense?
Yeah.
And then if it does match is when everyone has to notice and put their hand down. And if the last one collects the cards and whole goal is to get rid of all your cards.
So the more cards you collect, the shittier it is for you.
So the more cards you collect, the shittier it is for you.
Okay.
Quite fun. Very easy. No rules. You know, sometimes you go to people's houses and they go, hey, do you want to play Catan? And you might go, I've never played Catan before.
And they go, okay, let me explain the rules. And an hour and a half later, you're just, I don't want to do this at all anymore.
And they go, okay, let me explain the rules. And an hour and a half later, you're just, I don't want to do this at all anymore.
I can't bear that. I am so nervous if people saying, come around and play a game. I just think, oh, I'm not going to be able to.
I'm going to stop listening halfway through the instructions.
I'm going to stop listening halfway through the instructions.
I think I've been at your house, Carole, when you've tried to describe that it's a card game called shitface.
Shithead.
Yeah, shithead. I cannot get my head right. I mean, we call it—
The kids and I call it poo head. Poo head. So, yeah.
Oh, okay. I can't— I just don't—
It's so easy as well.
Exactly. I'm always told that.
So we're an eight-year-old learned. So, you know, anyway, this is a card game you would buy as a box. You could probably build it yourself. It's great fun.
We had a great time when we were out in La Belle France. And that is my pick of week, Taco Cat Goat Cheese Pizza.
We had a great time when we were out in La Belle France. And that is my pick of week, Taco Cat Goat Cheese Pizza.
Terrific. Thank you very much. And thank you, listeners. That just about wraps it up for this week.
Zoe, I'm sure lots of our listeners would love to follow you online and find out what you're up to. What is the best way for folks to do that?
Zoe, I'm sure lots of our listeners would love to follow you online and find out what you're up to. What is the best way for folks to do that?
Oh, please do. I don't know where to start these days. There's so many different platforms out there that we're meant to be on.
Why don't I just give you X, which we all know is still really Twitter. It's @ZSK.
Why don't I just give you X, which we all know is still really Twitter. It's @ZSK.
Simple. You can follow us on Twitter at @smashingsecurity, no G, Twitter wouldn't allow us to have a G.
We've also got a Mastodon account and you can also look us up on Reddit and don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Overcast.
We've also got a Mastodon account and you can also look us up on Reddit and don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Overcast.
And the biggest shout out to our episode sponsors, Kolide and Vanta, and to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest list, and the entire back catalog, more 355 episodes, check out smashingsecurity.com.
For episode show notes, sponsorship info, guest list, and the entire back catalog, more 355 episodes, check out smashingsecurity.com.
Until next time, cheerio. Bye-bye.
Bye.
Bye-bye.
Great stories.
Thanks so much, Zoe.
I hope that was all right.
Oh no, it's terrific. I was able to find the video of you driving and things on TikTok and on Twitter, so I'll link to those in the show notes.
I have one question. So, okay, it takes over, right? It's driving for you, but then suddenly you're, I don't like what you're doing, and you put your hands on the steering wheel.
Do you automatically get control again?
Do you automatically get control again?
Yeah, it just switches off. Yeah, exactly. Or if you hit the brake, if you do anything, it just gives you back control of the car.
Yeah.
But you can't activate it. It's— well, it activates and says you can take your hands off the wheel now, but you don't have to, obviously. But you can't switch it on.
You can't choose for it to come on when you're ready. It tells you when it's ready.
You can't choose for it to come on when you're ready. It tells you when it's ready.
Yeah, you need two stress balls in each hand, right? Just so you can kind of work on the RSI problems that we all have as computer users.
And, you know, get rid of some of the, oh my God, I'm gonna die
And, you know, get rid of some of the, oh my God, I'm gonna die
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Zoe Kleinman – @zsk
Episode links:
- The Great British Public Toilet Map.
- How one man’s pay-to-use toilet gag revealed Google Maps can be used to track people – Crikey.
- Please Rob Me site exposes danger of sharing too much information online – Graham Cluley.
- Artist creates a virtual traffic jam in Google Maps – YouTube.
- How to Get Google to Quit Tracking Your Location – PC Magazine.
- Grieving With Google Street View – Slate.
- Zoe describes her curious tangle with AI – Twitter.
- What happens when you think AI is lying about you? – BBC News.
- Aercap confirms cyber threat involving ransomware – Air Finance.
- Ransomware crims slime AerCap, claim to have stolen 1TB – The Register.
- AerCap discloses cybersecurity incident – Reuters.
- BBC staffers warned of payroll data breach. BA and Boots also affected by MOVEit vulnerability – Graham Cluley.
- Randy Rainbow – YouTube.
- Donald in the John With Boxes – A Randy Rainbow Song Parody – YouTube.
- Zoe drives hands-free on a British motorway – Twitter.
- How to Play Taco Cat Goat Cheese Pizza – Wikihow.
- Asmodee Taco Cat Card Game – John Lewis.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
