Smashing Security podcast #366: Money-making bots, and Incognito isn’t private

Yeah, what's your advice on this? Graham, what's your advice?

Don't be so dumb. Don't be so dumb. Just—

Don't be so stupid. Just stop a minute, yeah.

Smashing Security episode 366, money making bots and incognito isn't private with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 366. My name's Graham Cluley.

And I'm Carole Theriault. And this week we're joined by, well, he's a podcast tart, really. He's always appearing on them, isn't he? It's Thom Langford from the Host Unknown podcast. Hello, Thom.

Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us. I think you're joining us, aren't you? Something like that. I just, as you probably noticed from the last show, I tend to just say that whenever I join a podcast. It seems to work so far.

Let's thank this week's wonderful sponsors, Collide, Kiteworks and Vanta. It's their support that help us give you this show for free. Now, coming up on today's show, Graham, what do you got?

Well, I'm going to be asking the big question, which is, is there really a zero risk magic way to make a million dollars?

Hmm. OK. And what about you, Thom?

Should be a short show because that's a no. My story is, is there anything that isn't for sale nowadays?

And I'm going to be asking whatever happened to Do No Evil? A Google, all this and much more coming up on this episode of Smashing Security.

Now, chums, chums, what if someone were to tell you, what if someone would come up to you and say, hey, hey, hey, I could make you a millionaire. Just like that. Just like that. In an instant, I could make you a millionaire. What would you think to that?

All right, go shoot, go do it. Yeah.

Crack on, no effort required. Yeah, this time next year Rodney we could be millionaires.

What if they told you that they were going to make a zero risk magic money making bot that they guaranteed could turn investors into millionaires? Just give them a bit of money, they will make this and it will just churn out the money. Sounds too good to be true, doesn't it? Sounds slightly implausible.

Well, it depends who's telling me. You know, if it's someone great Elon Musk in a video that I might have seen on, you know, Twitter or the, you know, I might believe it. I don't know.

Yeah. But if they dropped a certain word into the conversation, then you would believe it's true. Because if they were to mention the word cryptocurrency, now I'm sure you trust it. Now I'm sure you really think it's going to happen, don't you?

Well, I'm sold, you know, because my own history with crypto and Bitcoin is, well, checkered at best. So, yeah, absolutely.

Isn't Bitcoin making a ton of money at the moment, though? Isn't it on the up? Oh, yes. I sold my Bitcoin about three weeks before it went from $7 to $42 of Bitcoin or something like that. Anyway, I was an idiot.

So what if I told you the person behind this magic money-making scheme, his name is Robert Rob? I literally, his name is Rob Rob. Does that ring any alarm bells in your head that there's someone called Rob Rob? It's a bit being called robbing banks.

Does he wear an eye mask and walk around in a stripy jumper? Robby robby Rob Rob.

And and this chap Robert Rob has previously spent time in the clink for swindling millions from investors after he claimed that he had a fake gambling machine which he was going to put into Las Vegas casinos and he managed to trick millions out of people for that. So he spent time in jail in the past, but you trust him though, wouldn't you? Now because now he's talking about cryptocurrency and a magic money making scheme involving cryptocurrency. Well, Rob Rob has been arrested by the FBI. No, I know it's a shock, isn't it? Because he has allegedly been perpetrating a scheme that has netted so far over one and a half million dollars because he said he was going to build, and now I'm going to try and avoid using too much technical language, there will inevitably be some things which zoom over your head Thom. Carole, you may be able to follow some of this. So, okay. He wanted to build a magical thingamajig that traded crypto with guaranteed profits.

That was in his sales spiel, was it? Is that a quote? Magical—

Thingamajig. It's maybe not a precise quote, but basically it's a magical thingamajig. This bot, he claimed, could predict what cryptocurrency people were going to buy and sell before they did it, and even hijack transactions. And in this way, his bot would actually make the purchases itself and make millions for those people who funded the scheme to create the bot. So the bot is going to do all your investing for you, probably using AI, probably using the blockchain.

I was just going to say, he must have dropped the AI, AI, AI bit of it. You would, the AIO.

Yes, exactly. So this chap, Robert Rob, he allegedly posted on Telegram. He said, poof, you're a millionaire. And he targeted people who he said had spare hundreds of thousands of dollars lying around. So people you, Thom, top podcasters, CISOs, those sort of people. Lots and lots of money lying around.

I typically carry that in my back pocket. You know, you never know. You never know.

I use it to wipe my arse.

I thought this was a no risk thing, therefore no money. Oh well no, but just because you're putting money in Thom, doesn't mean that there's any risk because you are guaranteed. You are guaranteed to have a huge return on your money according allegedly to Robert Rob. Because the rug has already been pulled.

I love that he calls it No Rugs though with a Z because he's obviously hip. That's because he's down with the kids.

So Rob, he told potential investors this was a capital intensive prototype.

I don't even know what that means. Capital intensive.

He said well that means you've got to put loads of money in, but it's going to cost a bit to create his prototype bot. But he said it was theoretically good enough to make everyone rich.

He said this in what? Like a document or a video or what? In his spiel. In the spiel that he was posting up on the socials, up on Telegram in front of investors. Yeah, that's kind of an alarm bell thing for me. The theoretically good enough, that's a real... Well I'd say so. I think in our cynical sort of cyber security heads on, we would say that doesn't sound necessarily like it really is good enough. You know, in theory it's good enough, but maybe not in practice. What is wrong with this guy? There's no rugs being bought. Well, the investors started getting restless and Rob when challenged, he started playing the victim crisis. Oh, you know, I've had COVID, my safety's been threatened, there's been some glitches on the exchange, there's people extorting me, I've got problems with the family. I don't know, it's not about gullibility. Isn't it? No, I mean surely Robert Rob is the problem here. He's the greedy guy who's going around faking that he can help people. And a lot of people have gotten rich on crypto.

People get rich, but people don't get rich because of a magical money-making machine. They don't get rich with something which is theoretically...

But I'm sure it wasn't called the magical money-making machine, you know?

It was theoretically good enough to be called a magical money-making machine though, Graham. So Robert claimed on Twitter that he himself has been a past victim. And in fact if you go and look on his Twitter account, I think he calls himself something like Poker Brat because he was obviously into casinos back in the day when he was scamming people with his casino machine. I think I've heard of this guy. Didn't he then go to Scotland and then open up a Willy Wonka experience?

Robert McRob of the clan McRob.

Anyway folks, yeah, what's your advice on this Graham?

Don't be so dumb.

Stop. Just stop something so stupid. Just stop a minute, ask yourself is this too good to be true, stop investing in crypto. If you have invested in crypto, make sure that you sell while the price is high Thom, don't sell when it's low.

Well there is that too. Yeah, but at least I made my own mistakes about my own investment strategy. I didn't just rely on somebody saying I'll do this for you and I'll make you loads of money.

And I can create a machine which can predict what other people are going to do with cryptocurrency and carry out a man in the middle attack by intercepting the trades and doing it for them, which I'm sure is illegal anyway, right?

Well I don't know how it was meant to work, but it all sounds very, very peculiar. There you are, it's a shock story. I know it's going to leave many of our listeners completely dumbfounded that anything to do with cryptocurrency could end up being a bit of a scam.

Well you've already called them dumb for getting involved, and now you're calling them dumbfounded when they realised. You're really being tough on our listeners I think.

We're not accusing our listeners of being dumb.

Good. I just wanted to make sure. If any of our listeners have a hundred thousand dollars to invest in a magical money-making machine, maybe they'd like to sponsor our podcast.

Sponsorship. He's quicker than me, darn it Thom. What have you got for us this week? Well, it's a little bit of a rant actually, but oh and the other one fantastic. I mean, in fact I had a great story, but Carole stole it off me. She got there too quickly. But I'm not really talking about the headline per se, but actually the underlying feeling. The headline, this is from Wired, it says, Biden bans rival nations from buying sensitive US data. And at first glance, you know, well, good, you know, rival nations, bad state actors, et cetera, shouldn't be buying sensitive data. But then when you look into it, what's actually happening is that he's putting in place a ban that stops the valid sale of personal, sensitive and potentially confidential information to people that basically they don't want to. So capitalism is good until it's not and we don't want it to go to certain people. But what I'm really shocked about is by how much our personal data is sold. So the data they're talking about is, for instance, healthcare data. So some of your most private details, potentially, are being sold, not just nationally, but internationally. And what Biden stopped doing, and it's a good thing on the whole, but it's kind of a bit like closing the barn doors after the horse has bolted, is just stopping this sale to certain countries and that the brokers that sell this data have to do more homework to ensure that it's sold to the right people. And a tentative list given to reporters...

Oh, can we guess? Can we guess?

Yeah, go on, go on. Hang on, I'll tell you how many there are. There's one, two, three, four, five. There's six countries. How many can you get?

Okay, Carole, you try. You try one, Carole, then I'll try one. Iran.

Yes.

China.

Yes. I think it's called China.

That's the next guy and the previous guy. Yeah, Belgium.

Russia.

Sorry, say again?

Russia.

Russia. Yes. Three down, three to go. North Korea.

Yes. The last two are less obvious until you actually, you know, until you say them if you see what I mean.

Myanmar.

No. Right, this could get very dull unless I jump in here.

Yeah, give us the first letter.

C.

Cambodia?

No, tell us. It's where you get your cigars from.

Cuba, of course.

Cuba. Cuba. C. And the last one begins with a V.

Venezuela.

Exactly. Where the famous Monty Python beaver cheese comes from.

The Venezuelan beaver cheese? So basically what this is, you can't sell people's most sensitive and confidential of data to these six countries and you're thinking surely we shouldn't be selling this data to any countries, yeah, not just these. And it just occurs to me that I think we have reached the tipping point whereby our personal data is now no longer our data. So this is data that's been gathered by these huge organizations, hospitals?

Well, that's, you know, obviously it's that they're private companies in the US, you know, rather than sort of national institutions. But you know, that's where, how they're making money, you know.

You know, I was just gonna say, Amazon, didn't they get access to healthcare info collected by the NHS?

Well, there's a contract with the government.

Yes, that's right. In 2019, government hands Amazon free access to NHS information.

Okay. Well, yeah, there you go.

Like Amazon, they're really good. They're trustworthy and will take care of everything.

They're absolutely trustworthy. I, you know, I think the way they handle everything from data to money is impeccable and beyond reproach. Maybe we'll be proven wrong later on. So yeah, I think my whole point of this is I think we've lost, frankly. It's very depressing. I think we've lost. And I think we're now going to be living in a society where our data is not our own.

Do you know what, though? I might argue that we are just the generation that is in the middle of the transition period. It might be very different for your kids or maybe even their kids, unfortunately.

Yeah, and it might be absolutely fine. It is a moment of transition, but we're transitioning to the matrix. We're going to all be stored in pods. That's what's going to be happening. Can I inject some sanity?

No, no. If I'm in a pod, I just want to make sure I know who's next to me.

Oh, okay. I don't like the idea of countries selling this data to other countries, but I don't really like the idea of this data ending up in Mark Zuckerberg's pocket.

I don't like the idea of this data going anywhere without my permission. Exactly. But to Graham's point, maybe this is the new normal. Maybe actually future generations won't care and this is just how it is.

Oh, thank goodness you said that, Thom. I was thinking this isn't much of a rant. You're sounding very resigned to it all. I wanted some anger. I want some passion from you, Thom.

I've had enough. I've had enough of anger. Please don't.

Carole, what have you got for us this week?

I first would like to ask you to define what you think the word incognito means.

Ah, well, that's incognito. It's sort of like in disguise, isn't it? Or, you know. So people can't identify you.

When I was a young man, there was a club called Cognito. And so when you were incognito, you happened to be in that club. Just saying.

Well, I looked it up just to make sure, right, that I could understand it appropriately. And it's having one's true identity concealed. Yes. Sounds about right. And avoiding being recognised by changing your name or your appearance. So if either of you guys used incognito mode in Chrome, I mean, it's been around for donkey's years. You must have used it at some point.

Only for about two minutes at a time. Why is that? What I needed doing didn't take long. Let me put it that way.

Oh, I see. So you sort of finished whatever it was you were doing quite quickly. I finished off. You could turn off your privacy. I don't tend to use Chrome. But even in the early days? I guess I probably would have done, yeah.

But all browsers have a private mode, right? Like they all, all of them have a private computer. I think Google was the first though, wasn't it? It probably was. It wouldn't surprise me because Chrome, despite its origins, as it were, is one of the most advanced web browsers out there.

I have used it, but I wasn't, I was like, why do I use it? What do I use it for? And I was using it for things like, you know, buying presents for people and not wanting them to see it and all this kind of stuff. And I started looking around, like found this request on Quora, like from 2008. And the sender asks, why does my husband use incognito mode in his browser? Because he's buying her presents. And the responder writes, if you're security conscious, this is in 2008, if you're security conscious and you don't want to be tracked by anyone while you're surfing, private browsing incognito mode is a great way to do it. Or you can just presume he's surfing porn. That might be easier right so but I would say that's most people's assumption yeah that that's why you would use incognito mode you know perhaps maybe not the most computer or cyber savvy of us out there but still I

think that there are many valid uses for it but I would imagine that 90% of cases are because they're surfing for certain contents they don't wish others to see hang on Thom did you did you say two minutes that's very impressive for a man of your vintage well yes it's either two minutes or four days one or the other you know Now at the time when this guy responded on Quora he gave a screenshot saying have you seen the start page for incognito mode so when you select incognito mode on Chrome at the time it would provide this things saying you're browsing privately. And it would say not saved, history, searches, cookies, and temporary files. And it says it does save downloads and bookmarks.

I think you got some of those things in the wrong order, Carole. I think maybe the thing which Thom is doing in incognito mode, that probably should have begun the list. Because that seems to be what most people are using incognito mode for rather than the other stuff. How do you

Know that? They're incognito. Is that what you do? I asked a friend at Google. Yes, I was going to say, Google told him, yeah. They also allege that sites using Google Analytics or Ad Manager collected information from browsers in incognito mode, including web page content, device data, and IP addresses. They also accused Google of taking a Chrome user's private browsing activity and then associating it with their already existing user profiles. What? Not even storing it separately. Remember Do Not Evil? That was their thing. Remember that? I miss those days.

So when Chrome was saying you are now browsing privately, what it actually meant was you're browsing privately, but not from us.

Yeah. So basically, while incognito mode lets users turn off data collection when using the Chrome browser, other Google tools used by websites, such as ad tech, scoop up all the data anyway, according to this suit. Wow. The lawsuit covered millions of Google users since the 1st of June 2016 and sought at least $5,000 in damages per user for violation of federal wiretapping and California privacy laws.

You've got to admit, that is the most satisfying wank you're ever going to have in your life. If you're going to be rewarded with thousands of dollars.

Each time per violation that's how you make a million dollars really quickly. Not just any wank, a private wank. Eventually plaintiffs were basically asking for five billion in wonga payments from Google for its blatant naughtiness. Now Google initially attempted to have the lawsuit dismissed by pointing to the message displayed when users turned on the Chrome incognito mode that start page we talked about that warns users saying their activity might still be visible to websites you visit. Right. Yeah. But the judge totally rejected this. And eventually, years later, Google agreed to settle the lawsuit claiming it secretly tracked the internet use of millions of people who thought they were doing their browsing privately. So while the plaintiffs asked for this 5 billion in damages, the settlement includes no payment from Google. So instead, individuals will be able to pursue damages by filing their own complaints against Google in US state courts. But

They've already got their hands full. They've got no time to do that.

They have. They've got 23 hours and 58 minutes every day. Both hands?

About 50 people have already done so. But that's interesting, I think, that they have to do it privately. You know, they're not doing it... As a class action. Yeah. Anyway, as a result of this court case, Google will expunge billions of data records that reflect people's private browsing. This is according to the details that were made public Monday this week in a filing at San Francisco Federal Court.

Yeah, but too late. They've already sold it to Belgium or, you know, any countries which aren't on that list. Yeah. It could be everywhere by now.

I know. Listen to this. This is what Time wrote, and I'm not sure I feel comfortable with this. It says, Time reported that Google's agreement to retroactively delete user information is a significant concession as it forms the backbone of the company's lucrative advertising business, right? Which depends on the quality of its search engine. But, you know, boo-hoo Google is my view on that. They snorkel up all this data a secret spy and now they have to get rid of it all. And they're, what's going to happen to our profits? You know, I don't feel very sorry for Google. No. But to your point, Graham, once it's sold, how do they get it back from the people they sold it to?

Well, just regather it through other means.

Or how do they know that they haven't already disseminated that information, that data into other places inside Google? Well, right. Exactly. It's all very well at the collection point but what then happened to that data over the last number of years? Well you'd make a good auditor, Graham.

They also say that they've made several changes to the disclosure so basically the information on that start page when you go to incognito mode will be slightly more informative as to the fact that you're actually not incognito mode, it's just a trademark name.

It's gonna have two pairs of eyes and then saying we're watching you.

Yeah, at all times. So, okay, so we come back to that big question. You know, what the blink is incognito mode for? So what would you use it for? I found a few suggestions on Forbes. I'm just going to run it past you, see what you guys think, okay?

Just to hide the evidence from your wife, it seems. Yeah. That's the main thing. Partner. All right, partner, yes.

So they say maybe if you wanted to sign into multiple email accounts, you might do that. So it's a pain if you want to check your personal inbox, but you're logged into another account. So instead of using a separate browser, which is what I probably would do, you could go into incognito mode or even sign out and then sign in again. Revolutionary, Thom. Shopping for gifts. We talked about that one. Avoid autofill suggestions, which is interesting because that does get annoying. What about booking travel? They say some travel companies keep track of what you're searching for and will increase prices the next time you visit the site. If you use incognito mode, you don't have to worry about house gouging.

That's probably a fair one, yeah.

Getting out of your bubble. I think this is quite true if you're trying to look for new stuff. So I do this sometimes when I look for new stories. I might go into incognito mode just so it doesn't show me the same information that I might have seen before because it has me all, you know.

Do you know what? That had never occurred to me. Maybe if I'd switched on incognito when I was looking for the story after you stole this one from me before, I would have come up with another story, probably less depressing.

And the other one is viewing a site as an outsider so that, you know, obviously there's all these trackers and stuff. So maybe you want to see what it looks like without all the ads they tend to show you.

Yeah. Or if you're in web development and you're logged into your CMS, you may want to see what regular users would see on your website instead of what you see as a logged in admin.

I get that. It's quite an edge case, though, isn't it, for the average user? But it's a fair comment.

I think we're missing the big one, which is to hide. Well, we mentioned it. Yeah, to hide the porn. Hide the browser history. Yeah, bingo.

So in short, incognito mode is not anonymous mode. Or at least on Google anyway. Websites and services will still be able to track you and collect your data, and perhaps enabling the block third-party cookies setting might be more helpful to you. But God, do I miss the days of Do No Evil? Because I can understand. I wonder if they were forced to get rid of that.

I mean, you've got to think of the meeting they had where they said, right, let's have a look at the company motto again. And they all look at it and there's silence around the boardroom. They go, should we get rid of this this year? Yeah. No, we'll leave it for another year. No deal about it.

Legacy managed file transfer tools are dated. They lack the security that today's remote workforce demands. Companies that continue relying on outdated technology put their sensitive data at risk. Well, this podcast is sponsored by Kiteworks, who enable organisations to effectively manage risk in every send, share, receive and save of sensitive content. To do that, they've created a platform that delivers content governance, compliance and protection to customers, tracking, controlling and securing sensitive content as it moves within, into and out of organisations, all while ensuring regulatory compliance on all sensitive content communications. Kiteworks provides the industry's first private content network for protecting risky third-party communications with secure email, secure file sharing, secure mobile, secure web forms, managed file transfer and governed SFTP servers. Visit kiteworks.com to get started today. That's kiteworks.com and thanks to them for supporting the show.

Smashing Security is also sponsored by Vanta. Managing the requirements for modern security programs is increasingly challenging and time consuming. Enter Vanta. Vanta gives you one place to centralize and scale your security program quickly, access risk, streamline security reviews and automate compliance for ISO 27001, SOC 2, and more. You can leverage Vanta's market-leading trust management platform to unify risk management and secure the trust of your customers. Plus, use Vanta AI to save time when completing security questionnaires. Smashing Security listeners, you get 20% off Vanta. All you lucky sausages have to do is visit vanta.com slash smashing to claim your discount. That's V as in Victor, A-N-T-A dot com slash smashing. And thanks to Vanta for sponsoring the show. You've probably heard us talk about Collide before, but did you know Collide was just acquired by 1Password? Well, that's pretty big news since these two companies are leading the industry in creating security solutions that put users first. I don't. I have no idea what you're talking about.

I know you don't. He's been on the phone to me all weekend. No, you're kidding me. Oh, my God. I've had a bit of an issue. I've had a bit of an issue with a company called Amazon.

Why did you not get it from Apple? Why didn't you do this? Why didn't you do that?

Look, I'm just asking a question. I think someone may have said that to Graham already. No, we didn't do that because we wanted it delivered the next day, okay? And we wanted to be sure, and Amazon - we're with Amazon Prime and they're normally really, really good at delivering things really quickly because they're just so amazing. Amazon's awesome. So we thought, all right, let's just do this, and if there's any problems, you know, we can send it back if you decide you don't like the iPhone because she's currently an Android user. All right, so we did it, right? Well, I know, I know. So I sat in my office overlooking my front door last Tuesday, waiting for it to be delivered. And I was reassured because I've got a little video doorbell thing, so I go bing bong and, you know, it records people who come here. I'd be able to hear the door going. Also, Amazon had told me that my signature would be required to accept the delivery. And here's the thing. Here's the thing: my doorbell didn't go, my doorbell didn't record anyone at the door, I never gave my signature to anyone, and I have not been given the iPhone. Right? It wasn't delivered to me. No big deal, you think. No big deal - just contact Amazon Customer Service and get yourself a refund or a replacement.

Do you get an email saying Amazon guy's on his way? Oh, yes.

Oh, yes. Oh, yeah, you got that. Oh, yes, you got that. Yes, I got an email telling me that they were out for delivery, and then I also got an email telling me that they had delivered it. And they told me that they had handed it to a resident. And so obviously, I went out my front door, had a little look around - nothing left out here. Obviously, I hadn't signed for anything. Spoke to my neighbours - no, they hadn't received something, and some of them are, you know, a bit old and doddery anyway, and they probably wouldn't know how to use an iPhone. But so, you know, I believed them. I thought, no, they haven't got it, I haven't got it. I even looked in the bin because, you know, it's not unknown for Amazon delivery people to put things in the bin, especially the day before rubbish day.

Or the day of. Yes, exactly, that never happens to me. Well,

And they said to me, well, you have to wait two days before making a complaint because maybe it'll show up. So I waited two days. And after two days, I said again, can you please refund me or send a replacement? They said, well, we're going to have to investigate this. And that'll take up to three days. I thought, oh, it's a bit frustrating. All right. And they said, well, if you haven't received your refund by the end of March, let us know. So I began to wait. Now, fortunately, I didn't have to wait three days to hear back from Amazon. Unfortunately, when I did hear back from Amazon, it wasn't good news. Because what they said to me was, we've investigated and you received the item. It was delivered to you intact. And I said, oh, no, I didn't. That's the polite version of what I said. And they said, we are not going to be issuing you a replacement or a refund because you did receive it and it was in good condition. We are unable to offer you any further assistance on this matter. We appreciate your business and hope to see you again soon. So Amazon tells me they're not going to reply to my emails anymore. They tell me that there's no way to escalate it. In fact, they say to me that they've all been trained in how to deal with customer complaints. And so there is no point in escalating the issue any further.

Well, they haven't been trained very well, have they?

No, because I've got some ideas on how they can improve the customer experience. Yeah. Give me my bloody iPhone or give me my money back. Because they're basically saying I'm a liar. I'm a fraudster. I'm not a fraudster. I'm lovely. OK, so I'm really upset.

Surely, surely, though, with the purchase of that value, the driver must take a picture of it being delivered at the proper address, doesn't it? Seemingly not. And seemingly they didn't also. So I've asked them, I've said, have you got a photograph? Have you got a signature? They're not answering my questions. So are you going to buy from Apple from now on? Directly from Apple. Maybe I should. Maybe I should. Did you pay by credit card? I got a new phone last week. Oh, yeah. I bought it from the source.

Apple?

Yeah. Yeah, the Apple source. I received it the very next day. Oh. And it's all a wonderfully perfect experience.

Well, thank you very much for being so smug. No, I'm not trying to be smug. I am just saying I've actually never had a problem with Apple delivery. Yes, it's very possible, yes. Did you come round to my house and find a package? By the way, the video doorbell, no evidence of any delivery drive.

Carole's very sneaky. I dressed as one of his bins.

She was incognito. Thom, what's your pick of the week?

I must admit, I've been watching loads of cool stuff on Netflix and all of those sorts of things. I've been playing with loads of cool new toys and whatever. But actually, the one I came down to was, well, it's Concorde, basically. So any man, possibly a woman as well, but any man of a certain age has a very soft spot in their heart for Concorde, I think.

Well, because it looks like a cock.

Yes. The passion that people feel, that men feel for inanimate objects, is often a little bit greater and maybe, I don't know. I'm making this up and I'm starting to panic a little. But, nonetheless.

Carole has a lot of passion for her husband and he's pretty inanimate.

Hey, hey. He sounds like a movie with a dead guy. Oh, Weekend at Bernie's. He's not a Weekend at Bernie's. Anyway, so I remember growing up, he used to fly over my house in South East London twice a day because that was it, to route out and he always used to see it. I used to work in Heathrow and it would take off twice a day and it was you know the loudest thing ever it was just wonderful. I never got to fly on it which is unfortunate. I did have an opportunity once but I love Concorde you know I think it's a beautiful piece of engineering it's amazing you know quite accomplished it was and all that sort of good stuff.

I'm looking at photographs of it now Thom it looks incredible.

It is. It's lovely.

Where do you put it? In your house. Yeah. But where does it go? Well, it's kind of squashed in somewhere. I've got a wall mount, but I haven't got enough wall to put it on. But it's like I say, some of these larger complex models often, you know, because it's about three and a half thousand, four thousand pieces, something like that. And they're quite small, you know, because it's quite detailed model anyway.

So it's smooth on the top of the wings because it—

Uses the side of the stud and the way that's built up. So you've got, it's beautifully smooth edge, the nose, the snoot droops as it were. Well yes, that can happen, yes. You know all about that Thom. And the landing gear goes up and down, the flaps. It's just beautiful, it's just a beautiful model. So I must say Graham, anybody who's got a soft spot for Concorde—

Go for it. I think it's a beautiful thing Thom, I'm very jealous. I think it's a thing of beauty and I love Lego as well. I don't buy a lot of it because it's really rather expensive but what a wonderful thing.

Cheaper than an iPhone, Graham.

Well yeah, when you get your chargeback, go and buy this maybe. I should, fantastic. Carole, what's your pick of the week? Right, so it's Easter time at the moment and I've had some friends visiting. And we were hanging out last night and we were talking, you know, just yabbering away. And we were talking about how annoying houses can be now because of all these machines we have that make all kinds of beeps and tweaks and stuff when they're finished working. Right. They're playing it on a trout?

No, it is— for fuck's sake Graham. Sorry. Am I just culturally— yes. Oh okay, culturally barren, right? Yes, you're culturally barren. So there's this eleven, you know, minute song and she's trying to find the bit it does and I said look, don't worry, I will find someone on YouTube will have put up the exact 8-bit version that the washing machine does. And she's like, no they would not, that's so stupid. And I'm like, oh no, look, here I found it. So we're listening to this and it goes on for about 30 seconds.

Oh, that's lovely. I'd like my washing machine to do that.

Would you? Would you? But I keep scrolling, I keep scrolling. And it turns out that there's a number of people trying to duet with their washing machines. Musicians of all caliber trying to post the renditions of their beloved washing machine along with their, in some cases, guitars or ukuleles or what about a piano or drums or pet trout or a flipping harp that's the size of my Yeti or rock out with an electric guitar or a full fucking rock band. I'm not making this up.

Not bad, right. Some people have too much spare time, I'm just saying.

Says the guy who just made the Concorde Lego.

So I'm thinking this must have been the kind of micro viral thing that might have happened during the pandemic. No, still going on. So there you go, my pick of the week is how wonderful people are by trying to take something very annoying eight-bit music off a washing machine and try to make it, I don't know, make it into a duet.

Excellent, excellent stuff, Carole. Episode 366.

When I heard you talking about, you know, household objects, well you know white goods etc. making beeping noises, it did remind me of the guy who turned his robot vacuum that every time it bumped into something he got it to swear. So this thing was going around and it was going, "Fuck!"

And on that note, we've pretty much wrapped up the show. Thom, I'm sure lots of our listeners would love to follow you online and find out what you're up to. What is the best way for folks to do that?

Oh, why don't you go along to podcast.hostunknown.tv? That's always a good place to go.

Terrific. And you can follow us on Twitter at Smash In Security, no G. Twitter wouldn't allow us to have a G. And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast app such as Apple Podcasts, Spotify, and Pocket Casts.

And all the mea culpas in the world to our episode sponsors, Vanta, Collide, and Kiteworks. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free. For episode show notes, sponsorship info, guest lists, and the entire back catalogue of more than 365 episodes, check out smashingsecurity.com.

Until next time, cheerio. Bye-bye. Bye. Stay secure, my friends. Carole, why mea culpa to our sponsors? Mea culpa? Oh, it means sorry, doesn't it? Yes, it means sorry. Yeah. I mean, maybe that's accurate.

That's not what I meant to say at all. Let me just do that one more time. No, I think it's—

Great. I think it's great as you've done it. I mean, it's just... All the—

Mea culpa's in the world. What the fuck? Do you know what? I missed that entirely. I don't know what just happened to my brain. Me too.