Smashing Security podcast #359: Declaring war on ransomware gangs, mobile muddles, and AI religion

You do the same thing? No, I would not. Yes, you know I would not know. I would not know. You would, you know, I would, you would, you would.

Just got you pegged. No, one is enough. One is enough. Alan, do you know Graham well enough to answer this question?

So I hate to say it, Graham, but I'm with Carole on this.

What? Thank you. Smashing Security, episode 359. Declaring war on ransomware gangs, mobile models, and AI religion with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 359. My name's Graham Cluley.

And I'm Carole Theriault.

And, Carole, we are joined by someone new this week, a guest who hasn't been on the show before, although we have spoken about his work. It is the ransomware sommelier, Alain Liskor. Hello, Alain.

Bonjour. Hello. You're not actually French, are you? I don't know why. I am the opposite of French. Whenever I visit Bordeaux, which is my favorite city in the world, I try my best to speak French, but it sounds very much like a Southern American trying to speak French. And they just say, please speak English and stop. So not French.

I love Bordeaux as well.

Are you a big lover of wine? I am. And I'm a big lover of wine and a big lover of the city. In fact, for a couple of years, we hosted B-Sides Bordeaux to bring security people into Bordeaux and have talks and drink wine. And it was a lot of fun. Unfortunately, I haven't been able to keep up with it as much as I'd like to. But I'm hoping we'll be able to get it back at some point. But, yes, I'm a huge, huge fan of wine. If you ever want to phish me, promise me a 1982 Chateau Margaux, and I will click on whatever link you want.

You're called the Ransomware Sommelier. You are an expert in ransomware as well, aren't you?

I am, and I'm actually a certified sommelier. So both titles are true.

Let's thank this week's wonderful sponsors, Collide, BlackBerry, and Vanta. It's their support that help us give you this show for free. Now, coming up on today's show, Graham, what do you got?

I'm stuck inside of mobile with the Meta Blues again.

How long did it take you to come up with that one?

Not as long as it took Bob Dylan.

He used to write songs in 20 minutes, so you're competing there. What about you, Alan?

I'm going to talk about war crimes, so I'm going to bring it down a little bit. I'm sorry.

And then I'm going to get us all to pray, AI-styly. All this and much more coming up on this episode of Smashing Security.

Now chums, chums, there is a chap on Reddit. His name is malfeasance. Sounds friendly enough, doesn't it? Malfeasance.

There's a lot of people on Reddit, just FYI.

There are, yeah, yes, there's certainly quite a few up there. And this chap, he posted last week about a strange experience that he had had. You see, a few months ago he changed his mobile phone number. I don't know what happened. Maybe he changed his cell phone provider, whatever. He changed his mobile phone number. And he tried to log into his Instagram account. And to do that, he entered his new phone number. And it logged him into some random woman's account. He now had access to all of their pictures, could see who their friends and contacts were, their direct messages, and so forth.

Can I just ask, though, is Instagram used for anything kind of naughty? Or is it just like pictures of flowers? I mean, I look at it for paintings, so that's all I look at.

I love the thought that you imagine there's some corner of the social media universe that isn't being used for bad stuff. Of course there's loads of bad stuff going on there, like everywhere else. Even if you went on to Club Penguin, there's probably bad stuff going on there, right? Everywhere there's bad stuff. And people are going to be exchanging messages, which they certainly anticipate will be kept private. You wouldn't want someone reading, you know, your private, oh, I've just recorded a podcast with that screwball, Cluley again.

Yeah, that would be the worst if you got a hold of that one. Right.

So pretty bad that he managed to access someone else's account just with his new mobile phone number. And then he noticed that his Amazon Alexa Echo thing, bing-bong, cack-tong, giving him reminder notifications after he connected it to his new mobile number. Reminders that he hadn't himself set. Oh, like things like 12 o'clock, go to the doctor's. And he's like, oh, I don't have an appointment. Right. Right. We now have an Amazon Echo thing. Do you? We do. It is primarily used to tell me when to take the eggs off the boil. Have you heard of a timer, dude? Yeah, I just say, give me seven minutes on the clock or something, and it will do that. So, you know, that's the main thing which is used. I know that I am ashamed to admit it on this podcast, but it's true. So what does he do? He's got access to this woman's, this young woman's Instagram account. And of course, the first thing he does is he messages the owner, the proper owner of the account from his own account, warning her to reset all of her accounts, remove her old phone number, add presumably her new mobile phone number, rather than her previous one. No, actually, he doesn't do that at all.

Oh. He doesn't get in contact with them. Instead, he was curious. No, I would not.

Yes, you would.

No, I would not. I absolutely would not.

You would?

You would? No, I would not.

You would.

I would not.

No, no, no, no, no, no, no, no, no, no, no. You would do it before you contacted the woman because you'd want to see how big of a problem it was to back up your argument before you tell her to change the passwords or whatever. Can't do that.

No, one is enough. One is enough. One, you can access one account.

Alain, do you know Graham well enough to answer this question?

So I hate to say it, Graham, and I appreciate the invitation here, but I'm with Carole on this. What? Thank you.

Oh, my God. So effectively, he's stalking people. Yeah, and we have to keep our phone numbers forever.

Well, this is it. Because, of course, if you change your mobile phone number, your cell phone operator doesn't then throw that into the eternal fires of hell, never to be reused again. What they do is they wait. It depends where you are in the world. But some places like America, it may be 45 days. Other places, it may be six months. It doesn't matter. Your phone number eventually gets recycled. This is one of the big problems with phone numbers is we just use numbers. If we had alphanumerics, if you had a phone number which was 9K, big B, exclamation mark, if we had phone numbers that, we'd have much more variation. We wouldn't have so much trouble. But numbers run out, so they get recycled. So he, at this point, got worried. Not because he might be found guilty of stalking this woman and accessing her accounts without permission, which I think is a bloody dodgy thing that he did. But because he was thinking, hang on, my old number might be recycled. Someone else might get access to my accounts.

That's what motivates him. That's what motivates him. Protect his own butt.

Yeah. Fantastic. So, you know, I find it quite hard to feel sympathetic towards him because it does seem that he was worried more about himself when he posted this message on Reddit than this young woman.

Well, at least he's honest, right, Graham? Well, because I'm being honest too.

Why is my voice raised that?

Because you're full of shit. Anyway.

So, if you're able to accidentally log into someone else's account with a new phone number, it is never all right to see how many other accounts you can also log into, right? 100%. The first one, you can consider an accident. But after that, it looks you're kind of doing this deliberately. Now, there is potentially some blame on tech companies here, though, because I think no platform should ever have just your phone number as a login credential when these phone numbers are recycled so often. Well, you know, it's weird. Just today, I had to call a medical provider, right? I love it when they say this call may be recorded for training purposes. And I'm now thinking, is it AI training? Is it all going into ChatGPT? Can you give me details of exactly what this training is?

Have you tried to ask ChatGPT what your address is? See if they get it.

Right. Oh, no, I haven't. No. That's a scary thought. Anyway, so I don't think tech companies should be using this as a login credential, your phone number. And that is also the opinion of a privacy wonk called Alexander Hanf, who posted about this thing on LinkedIn. This is where I found out about this story. He tried to contact Meta, the owners of Facebook and Instagram, via his bug bounty program because he couldn't find any other way. He wasn't after any money. He wasn't after a bounty. He just thought, how the hell do I contact Facebook to tell them about this? Right. And he got a response back saying, well, this is a concern, but it's not a bug. And we don't have any control over telecoms providers who reissue phone numbers. So not our problem. And, you know, but they do have control over allowing people to log in with just a phone number. It's part of their

design. Then you could make the argument, well, we don't have any control over people who reuse passwords. And yet, you know, there are companies that have built in protections. When you try and reuse an old password, they'll let you know, hey, please don't use this password again. So I think that that is a ridiculous and short-sighted argument. You know, we have to be aware of the shortcomings everywhere else around us, including with the phone companies.

Oh, by the way, Alexander Hanf, when he got that reply, he reckons the response he received was actually AI generated. I'm sure it was. He said they literally closed the ticket within seconds of him submitting it. He said it would have taken longer than that for a human to even have read what he wrote to them, let alone evaluate it. You know what?

This is going to be this new world where we'll have to have key words to ensure the AI then puts it in the appropriate bucket so that human eyeballs see it.

Yes, yes. Mention Mark Zuckerberg, Echelon, something that, which is going to trigger all the... Ahoo, ahoo. Yeah, ahuga, ahuga. So the truth is Facebook, Instagram, these other sites, they don't want the hassle of dealing with how many millions of people forget their passwords every day and say, oh, we can't prove who we are. And so that's why they're pushing this. You can reset your password via your phone number because it's so much easier for the tech company, but it's poorer for security. They could insist upon the use of authentication apps, one-time passwords, instead of SMS-based authentication, but too much hassle. They don't want to do it. Well, too many people wouldn't understand, I suspect. I suspect not, but for better protection, we need to do that, and we need to educate people to turn on those features when they are available. Also, should telecoms companies be doing more to warn users when they change their phone number? So T-Mobile, I noticed, they do advise companies to change the numbers on any accounts they may have their old number saved on, such as bank accounts and social media, etc. But many others, I think, aren't doing this at all. So once again, SMS is a load of old rubbish. Except we use it all the time. Well, you use it for SMSing, but for anything secure, maybe you want to be a bit more careful, because if it's just the phone number, we know from SIM swap attacks and other things, but also we've got these bloody mobile phone companies recycling our numbers. It sucks. It sucks, which we should actually spell, I think, S-U-C-K-3. See, that could be a phone number, couldn't it? We could do something that, or a dollar sign. What about putting an emoji in there? Alain, what would your number be if you didn't have to have a number?

If I didn't have to have a straight number? Oh. I would just – well, so it's – you know, in the U.S. the numbers are 10 digits, so I would just make it my password. And that way my password and my phone number are the same thing. So much easier to get through life. I mean, everybody's phone number would be their first pet and their date of birth. So yes that or their stripper name

How did you know my password

Alain what story have you got for us this week

So I know you to keep it light-hearted but what's been bothering me lately is the rash of ransomware attacks against hospitals right now as we're recording romania has more than a hundred hospitals that are under attack by a ransomware attack that seems to be attributed to a phobos variant which is ridiculous but you know we've had the saint laurie's children hospital this year we've had the hospitals in maine hospitals in chicago a hospital in germany and that's just this year so far yeah it's just early february yeah yeah healthcare is just under non-stop onslaught from ransomware attackers who don't feel there'll be any consequences for going after a hospital for shutting down services and so on and we need to figure out how to stop it so

I remember Alain that a while ago some of the ransomware gangs said they weren't going to target hospitals because they thought maybe that was a bad idea now in the case of this romania attack i read that it was an it service provider for these hospitals who maybe had been breached and maybe that's where the attack came through so is it possible the ransomware gangs don't know who their actual real victims are or is it that they just don't care So since since Carole already used the term bullshit I'll go ahead and say my usual line that we have to remember that ransomware actors are lying pieces of shit and yes there was an attempt early on in the, you know, back in 2020 in the start of the pandemic where a bunch of ransomware actors said, oh, no, we won't go after hospitals. And then what they've done is they've changed the definition of hospital over time. So basically, only things they deem a qualified hospital count.

But why hospitals? Why hospitals as an industry, do you think? I think there are a couple of reasons. One, it gets a lot of attention. So it gets a lot of media press, which garners more, for lack of a better term, street cred or clout for the ransomware group.

It's gross. So have you got a solution for this, Alain? What's your advice? Other than chopping off their fingers with bolt cutters. I love how it's Alain's responsibility now. Yeah, well, I brought the problem to us today, so I'm hoping he's got a solution as well.

I have the most American solution that is out there. Oh dear. Drone strikes. No, stop. I figure you take out one of these dudes with a drone while they're sitting in their house and all of them will very quickly learn not to go after hospitals. And I mean it's not like their OPSEC is that great. We saw this when Australia a couple weeks ago hit the sanctions on the ransom actor that went after Medibank. They had everything except for what he had for lunch that day. You may think you have good OPSEC as a cyber criminal, but you don't have GCHQ OPSEC, right? You can't hide from people that have satellites. And so we know where most of these, not me personally, but I am sure intelligence agencies could very quickly find out where they are and one drone strike and you take them out. Barring that, since we can't seem.

Yeah. I was going to say otherwise, is there any other options for how we could handle this? I don't know what else we can do. We sanction. Well, I mean, we. Fair enough. Fair enough. We sanction ransomware actors directly. So, you know, we've. That's not something we've normally done in the past, but now we sanction cyber crime groups.

What do you think of basically making it illegal for companies to pay off ransomware gangs?

So I'm torn on that. So in the 70s and 80s, there was a spate of kidnappings in Italy. And so what Italy did to solve the problem in 1991 is they banned ransom payments. So you weren't allowed to pay a ransom to kidnappers. In fact, if you reported a kidnapping, they didn't just make it illegal for you to pay the ransom, and they also temporarily froze all of your assets so that you couldn't pay a ransom. And what happened was for the first couple of years, the number of kidnappings appears to have gone up. It's really hard to get solid kidnapping data, but contemporary reports say the kidnappings went up. I just can't find real hard numbers, which as an analyst drives me nuts, in part because the kidnappers could double extort you, right? They could get the money, if you had the resources, they could get the money to pay the ransom. But then also, once you paid the ransom, they could blackmail you for paying the ransom. So it's like double jeopardy, yeah. And so there was this incentive that was seen here for the kidnappers. Now, what wound up happening, because assets were frozen, people just couldn't pay the ransom anyway. And even though that period was very, very painful, eventually the number of kidnappings in Italy went down significantly. But there were a couple of years of pain. And the question is, are we willing to put businesses through a couple of years of pain in the hopes that ransomware will go away? And it won't. I mean, maybe it takes a different form. There'll be a new kind of cyber crime activity that's happening. So we're not really solving the problem. We're just morphing the problem into something else. On the other hand, I'm tired of cyber criminals driving Lamborghinis while I drive a Subaru.

Would you really want to drive a Lamborghini?

Oh, God, no. No, I just don't want them to drive a Lamborghini either.

Carole, what have you got for us this week? So AI, it's worming its way into every industry. It's every institution, every organization. And it's doing so at breakneck speed. And it's helped along by companies that don't want to be left behind, thinking that all their competitors are doing it. Oh, excellent, because we've upset enough of our listeners talking about sex and politics in the past. So let's now tackle religion. Let's do the whole trifecta. Good, good.

Okay, so put your thinking caps on, gents. How do you see AI helping religions of the world? So not any specific religion, but any organization.

Yeah. So I'm imagining that I am the Pope, for instance, which is, you know, I might become the Pope one day. Who knows? It is possible. I'm imagining that if I have to roll out once a week or however often onto his little balcony and give a sermon or a speech or say something, albeit in Latin or Italian, I don't know what he does. But anyway, AI will help me construct that sermon, you know, because there's only so many stories you can roll out. Once you're 70, you've done them all in the past before. So that would help me. And it could do the translation as well, maybe, which would be good.

Exactly. So you could get your message across internationally, couldn't you?

Yeah, I could relax as the Pope watching Homes Under the Hammer and not have to worry so long writing my speeches. So as a lapsed Catholic, I could see going to confession to an AI. So instead of having to go all the way to church and confess my sins, I just type it into the AI.

I love that. I could mention an app. There's going to be an app for that, right? You don't even have to get out of bed. I bet there is. You should TM it right now, Alain. Seriously. And what a cool thing, or for me, I thought was quite cool, is generative AI systems could be trained on massive troves of scriptures, right, and religious texts and images and make them more accessible to all. And this includes ancient texts as well.

I was just thinking, the Bible's a very popular book, isn't it?

I heard so. They have them a lot in hotel rooms I've seen.

Wouldn't it be good to have a sequel? You could get an AI to write a follow-up and make some money that way. Has this podcast been banned yet, by the way? There was a recent article on this very topic in phys.org. Computer scientists from the University of Kentucky used AI to reveal the contents of a carbonized papyrus that was burnt in the eruption of Mount Vesuvius in AD 79. Don't you think? Well, sorry, Carole, I'm somewhat distracted by the fact that you say papyrus rather than papyrus. Is that what you say, papyrus? Well, it's what I say, but the number of times I've been criticised for my pronunciation on this podcast with caesia and other words, I hate to bring it up, but I feel I should say something. Surely it's papyrus.

Since we're going to criticise pronunciation, something, again, as a long-time listener, I've always thought the way you say Carole reminds me of the way Rik would say Carl in The Walking Dead. So I'm just going to throw that out there for the world to have.

Anyway, back to the AI 3D, this thing.

So you're able to basically take things that human eyes can't see and basically reveal it. So think of ancient texts, like in the Indian subcontinent, for example, they may be in a Sanskrit language or script. And these could be processed, translated for all. It's kind of amazing. Very cool. What about AI worship? So some argue that it could lead to the production of works of art, the formation of new communities, and perhaps attempts to change society for the better. There was a recent article in The Conversation, this is included in the show notes, listeners, that explains how we are about to witness the birth of a brand new kind of religion, and it predicts the emergence of sects devoted to worship of AI. Oh, for God's sake. Is that a little scary?

As if religion hasn't caused enough problems in the world, we're now going to have an AI religion as well. This is brilliant.

Lovely. To me, though, I think what we're actually going to see, because each religion is going to train their AI in their own scriptures. And I think what we're going to have is a battle of the different religious AIs. So the Mormon AI taking on the Catholic AI, taking on the Protestant AI. Persecuting each group. Right, exactly. I think we're going to have the different religious trained AIs just all battling each other out, man. Yeah, I think you're

Right. And remember, we had the Pope in the puffer jacket. Oh, yes, yes. That was a bit of a joke. But, you know, if you just expand it a bit, it's a bit scary. But you know what the Pope's biggest worry about AI is?

I don't know. What is his biggest worry?

It's apparently the impact the AI will have on the elderly and the vulnerable, like they will be left behind and perhaps not be able to interact with our new AI-driven society.

That's funny because I'm more worried about when AI does interact with members of society. I think good for the older people that they won't have anything much to do with it.

But see, my question at this point was, who advises the Pope on these matters? I mean, really? Like, what does he know about AI?

Oh, well, I mean, there are a lot of scholars in the Vatican. So I imagine they have religion and AI scholars. They would have to. They have scholars about everything else. Correct, Alain, correct. Enter Franciscan friar Paolo Benanti. He is the man who has both the ear of Pope Francis as well as the Italian prime minister. And this guy is not just a friar. He's an ethics professor, an ordained priest and a self-proclaimed geek. And he is very active in this AI debate.

I was actually contacted by someone who's lost his job because of AI.

Really? Can we know what his job maybe was?

He is a journalist. Well, he's a sub-editor. So he used to check other people's copy, looking for mistakes, improving the text. And he says completely been replaced now by AI.

A lot of that's happening, though. I mean, you know, we hear stories all the time about news sites going entirely AI to write articles, you know, and you lose a lot with that. But I guess if you're the owner, you save a lot of money. That's it. That's a very interesting point, Alain. I'm going to be touching on that. So secondly, his second point that Benanti is unsettled by is the prospect that some people might be becoming overly reliant on AI systems for key choices. The only friar I know is Friar Tuck from Robin Hood fame, and I would not want that dude in charge of AI ethics. I wish it was a friar that was actually doing this.

What about you, Clue? Do you think it's too late to try and apply ethics or an ethical code to the use of AI?

Yes, probably, but you should still try. You know, I mean, obviously, barn door is open, everything's bolted, but no harm in trying to create some kind of standards and some kind of ethics. But inevitably that will be broken and ignored.

So I thought the same, right? But then I was thinking like cars, right? When cars were first invented, they had no seatbelts, no airbags, little concern for security. Like you could drive sauced to the eyeballs without a worry in the world. And it was only the accidents and the needless deaths across the lands that led to rules and regulations, right, that we totally depend on now. So maybe that's how it works. And that may be. I mean, you know, government always plays catch up with new technology, which is what we're seeing now. Governments around the world trying to regulate AI when AI has been around for, you know, more than a decade now. I don't know, do you have any worries that he represents a major religion or has affiliations with a major religion and is also advising on this?

Everyone's got a vested interest in something, everyone's got their back pocket filled with someone's money or other, aren't they? Or they're affiliated with some business or — who's your patron? Me, me, the lovely patrons of Smashing Security, that's who it is, and our sponsors, of course. With Cylance AI, the team at BlackBerry are helping you keep one step ahead, stopping more attacks earlier and with less effort than other solutions in the market, and that's independently tested and proven. The lightweight AI offers broad coverage, consistently low false positives, and quick threat responses, supporting endpoints seamlessly. Now many solutions boast about how little time it took them to respond after a threat emerged, but with BlackBerry's Cylance AI you'll find out how long before — and it can be months or years — it has already protected its customers. Staying one step ahead is central to everything BlackBerry does. And in fact, it's your 24/7 AI-driven security partner. So visit smashingsecurity.com/blackberry to find out more. Thanks to them for supporting the show.

This episode of Smashing Security is sponsored by Kolide. Wouldn't it be great if a device which lacked compliance or lacked security was denied access to your organization's SaaS apps and other resources? Because this would mean that the hackers who had nabbed the unlucky employee's credentials, for example, could not gain access to your assets. It would effectively lock them out. Welcome to Kolide, a world where access is only given to approved secure devices. As the administrator, you can manage every operating system, even Linux, from a single dashboard. Another bonus of Kolide: employees can often fix their own problems without involving IT support, meaning less resources are needed to effectively operate a more secure environment. Kolide is the device trust solution for companies with Okta. Kolide ensures that if a device is not trusted or it's insecure, it is denied access to your cloud apps. Learn more at kolide.com/smashing. That's K-O-L-I-D-E dot com slash smashing. And huge thank you to Kolide for sponsoring the show. Shortcut compliance without shortchanging security. That's what Vanta can bring your company, expanding the scope of your security program with Vanta's market-leading compliance automation, saving your business time and money. You see, you should be drinking a bit. Then you could have a drinking game and you could have a little slurp every time they did something quirky. I think there was just a little bit of tackiness on his tongue sometimes, maybe the way he spoke. And it was doing it all the time. How is your blood pressure, dude?

I'm beginning to wonder. Me too. But I want the subtitlers of this world to realise. I want to know what they're saying. I don't mind if there's a sound which would actually help people who are hearing impaired to tell them, oh, there's a police car outside or there's a screech, something like that or a gunshot. That's fair enough. Clicks mouth? Not necessary. That is why it is my nitpick of the week. Thank you.

Very nice.

Alan, what's your pick of the week? Actually, my pick of the week is the Saint.

Oh. Not the movie with Val Kilmer.

No, the original television series and the books. I've been just feeling nostalgic lately, and so I've been re-watching the Saint series on TV and then re-reading some of the books. So I have a first edition copy of, first edition British copy, I should say. And I've always been a big Saint fan. I think maybe that's one of the reasons why I'm in InfoSec, because it feels like he was a precursor to kind of what we do here.

Alan, before you go on, there will be some young people listening to the podcast who are not familiar with The Saint or indeed Return of The Saint with Iain Ogilvie. Do-do-do-do-do-do-do with a flashy car. Maybe you can tell people what the premise of The Saint is. So the Saint is an antihero. And in the books, he's much more an antihero than he is in the television series and then the movies and then the god-awful Val Kilmer movie. Please don't watch that.

It's kind of Robin Hood isn't it right so.

He's often referred to as a modern day Robin Hood. A lot of the British 30s 40s and 50s antiheroes so if you look at the Green Archer and the Saint and all of these, they were the anti-hero. They did a little bit of good and a little bit of bad. You can find it, at least in the US, on Amazon Prime. So if you have Amazon Prime, you can watch all six seasons of it. And that's kind of what I've been doing. My specific pick of the week is Leslie Charteris said one of his favorite places to vacation was Palm Springs in California. And so he wanted to do a movie, The Saint Goes to Palm Springs. And he got the script option. And then the movie studio sat on it forever. So in May of 1941, he did a piece with Life Magazine where they went to Palm Springs and they did a pictorial detective story. So it was basically him telling his story through pictures and a little bit of writing. And it's all laid out in this magazine. And I managed to get a copy of it. And it's just great to read through. It's also great to see what 1941 Life Magazine is like with, you know, because obviously World War II was going on and so there's a pictorial of army uniforms and Navy uniforms and so on and there's an ad for Boris Karloff's favorite shaving cream in there and all kinds of things. But I absolutely just love this pictorial story. It was a great read. Want to bring back The Saint as a comic book if I could ever get the rights to that and I already have my first plot lined out here. It's going to call The Saint Gets a Text and it's one of those texts that comes in that is hey I'll be there in five minutes and you don't know who the person is and then they start a conversation pretending to be your friend and they steal all your cryptocurrency. You know started with that but The Saint of course would turn the tables and shut down the entire operation while the police are yelling at him for doing it wrong. He never used drones Alan, he never used drones. He didn't have to. So if I were as cool and suave as The Saint is, I would not have to use drones either. So, but I'm just not that cool or suave. I just need a silk scarf and a martini glass, it seems, no? Right, exactly. That was, well, he was more of a bourbon. It was only when Roger Moore was James Bond that he went to martini, but he was more of a scotch or a bourbon kind of guy.

Oh, my kind of guy. What's your pick of the week? So last week, my pick of the week was a little bit dark. So I'm going to U-turn and give a feel-good series to check out. It's called God's Favorite Idiot. And it's from our pals at Netflix. And the premise is very simple. A tech support employee becomes the unwitting messenger of God. It is actually quite funny. I actually laughed out loud, which doesn't happen very often. Melissa McCarthy is the star of the show. And it was written by her husband and frequent collaborator, Ben Falcone. Falcone plays Clark, the mid-level tech support worker, a normal average guy until he's struck by lightning from a divine cloud and starts getting weird powers that are hard for people to ignore. And McCarthy plays Aimee, a co-worker and a romantic interest of our tech support guy who's been touched by God and you're watching them kind of fumble along. Plus, you've got Satan running amok and God has chosen Clark to be the messenger and his job is to spread the word and strengthen the hand against the diabolic forces coming for us all. So it's quite light. Yeah. It's a bit like that show. What was that show with Ted Danson, The Good Place? Oh, yes. Is that what it's called? Yeah, it has that kind of feel. So it has that kind of over, there's lots of color and it's kind of light and fun. It's a very good thing to do while you're making dinner to watch or if you've had a hard day. It's funny. So if that sounds like your thing during your downtime, you can find it on Netflix. It's called God's Favorite Idiot, which is a very sweet title. And that's my pick of the week. God's Favorite Idiot. Fantastic.

So if you're on Bluesky, it's just ransomware sommelier.com. And if you're still on Twitter, it's UUAlain, U-U-A-L-A-I-N.

Terrific. And you can follow us on Twitter at Smashing Security. No G. Twitter wouldn't let us have a G. We also have Mastodon accounts. And look up the Smashing Security subreddit. And don't forget to ensure you never miss another episode follow Smashing Security in your favorite podcast app such as Apple Podcasts, Spotify and Overcast. And huge huge shout out to our episode sponsors Kolide, BlackBerry and Vanta and to our wonderful Patreon community. Thanks to them all that this show is free.

Until next time, cheerio, bye bye bye cool. How'd you feel Alain?

I felt good, how did you all feel? This is a real honor for me so I hope I didn't ruin your fantastic show.

No, you didn't ruin anything, you were a fabulous guest.

Pleasure to have you on. I think he may have done something for America's foreign policy against ransomware gangs. They may cause some international incidents. But other than that, I think I'm a walking international incident, so that's perfectly fine.