Smashing Security podcast #367: WhatsApp at Westminster, unhealthy AI, and Drew Barrymore

It doesn't sound like he did anything wrong until he did.

Yes, Carole, I never did anything wrong until I stole the crown jewels. I never did anything wrong until I murdered someone. You heard it here first, listeners. So, yes, you're right. He didn't do anything wrong until he did. Smashing Security, episode 367. What's up at Westminster? Unhealthy AI and Drew Barrymore. With Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 367. My name's Graham Cluley.

And I'm Carole Theriault.

And Carole, we're joined by a special guest, someone who hasn't been on the show for a while. Please introduce him, them, it.

We have this week Mr. John Haas. Thank you for joining us, John.

Thanks for having me. Always a joy.

Good to have you back, John. Oh by the way while we're sharing good news Amazon has now refunded me so there no way yeah they have refunded me but they haven't really explained what happened which is a little bit more annoying but yes please said kicking off a big stink on the Smashing Security show certainly helps someone somewhere still has your phone well it's curious isn't it by the way listeners if you've got a problem with Amazon we can't take on each and every one of you you can't write to us and we can't make it a rig maybe we could make it a regular segment of the show where we have a different listener who's having a problem with Amazon customer service see if we get a result Maybe not. How about we kick this show off? I'm going to be asking WhatsApp at Westminster.

Oh, I like what you did there. What about you, John?

I'm going to be talking about AI in healthcare. Is it great? Is it scary? Ooh, and I'm going to be asking what's going on with the Drew Barrymore show?

Now, chums, chums, I've got a question for you. And this may be an awkward question. This may be something which you don't want to reveal. I don't know. Has anyone from your past ever messaged you out of the blue?

Yes.

So maybe someone who suggests they may have had a liaison, a certain frisson with you, someone. Like an ex-boyfriend type thing?

Perhaps, perhaps. Sure. Something like that, yeah.

Yeah. No, not me. Not you, as I know, John.

The closest I get is distant uncles, if that counts.

And sometimes you might not be sure as to who they are. I don't know. If you've had a colourful past girl, you're thinking, well, you know, need to narrow it down a bit more.

Well, as you know, I don't actually pay a lot of attention to email or social media or any kind of communication. I mean, basically, I don't even hear my door being knocked on now. I'm turning into a hermit.

Oh, dear. So it could be happening all the time.

It could be.

It could be. It could be someone banging on your door, as it were, and you weren't even noticing. And so what I'm thinking is that there might have been someone maybe who suggests they felt a little tingle for you back in the day and you felt a little tingle for them. And maybe it's something that they want to reconnect with and re-explore. Well, this is what has been happening in the hallowed halls of the British Parliament, the Houses of Parliament itself, because politicians, staffers and journalists have been reportedly bombarded with racy WhatsApp messages. Either from someone called Abby or someone called Charlie. Have you heard about this?

It's been in the newspapers. It's been causing the headlines. I've read the headlines only, but you'll give me the inside scoop. Quite a big deal. Well, the story broke in Politico, which is a political news website, and they reported how several men from the heady world of politics had been sent these unsolicited WhatsApp messages from two suspicious phone numbers between October and February this year and the people sending these messages they sign themselves off either as Abby or Charlie and the conversation always seems to start the same way they say oh hey you know hi met you a while ago at this political event venue, you know, we got sloshed, something like that. With beer in hand, right.

Yeah, yeah, long time no speak, how you doing, miss seeing you around Westminster, a little cheeky kiss at the end of the message, and you're thinking, oh, what, what, what, what.

This is WhatsApp, you said? These are on WhatsApp. So, presumably, if you know the person, and they're in your contacts, their name would crop up. Well, and that's your confusion when you receive one of these, because you think, well, I don't recognise this number. I'm not sure who this is. So you might well say, sorry, do I know you? And then they reply, ha, ha, ha. They say, ha, ha. It's Charlie, they say. I used to work in Parliament. Don't you remember? Yeah, don't you remember? We swapped numbers after drinking one night. You know, I'd be offended, but it was a while ago. Kiss, kiss. What?

Yes, Karel, this is how the youngsters do it these days. It is WhatsApp. That's what it's for. So

You're like, hi, I use WhatsApp a lot and, A, I don't respond to messages I don't know from people I don't know. I just ignore them. In fact, I think I just view contact information. So maybe people are sending me messages I don't even know because they're not my contacts, so I don't care.

But you're not single, Carole, and you're presumably in a happy relationship with your Yeti. Presumably, yes. Presumably. And not a member of parliament. That's the other thing. Because they're all randy as anything, I suspect. Anyway, in some cases, explicit images were also sent via WhatsApp. I think it's called a thirst trap. Have you heard of a thirst trap? No. Oh, go home. Not a new one. You guys.

Yes, we live under, we both live under rocks, Graham.

Okay. Well, a thirst trap is if you send an image, I think, of yourself working out at the gym or yourself looking very, very hot in your tennis shorts, something like that. It's to lure in the people, the gender that you're interested in to be going, ooh.

So it's not nudie pictures necessarily, but it's sexy pictures.

It could be. It could be. I mean, you know, it's slightly fruity, slightly. Yeah, it varies the level of fruitiness. But, you know, it'd be something like that sort of thing. Do you fancy a little bit of this or not? And in some cases, this Charlie fellow, he said, you know, oh, no, I used to work in parliament and Charlie would brag. Charlie would brag about having had sex with several conservative and Labour MPs, because that's the sort of thing you boast about, isn't it?

Having Charlie's. Yeah. But Charlie's in a picture of himself.

Well, he's got a picture on his profile. There's a picture on his profile of presumably Charlie and a woman as well. So there's a picture of, in fact, the same image is being used both by Abby and Charlie. So you're not sure which one of them is sending the message, but one of them calls themselves Abby. Charlie could, of course, be a woman's name too, I suppose, if they're not sure. But anyway, it's...

Surely, I'm just saying, if you see someone's picture and the guy's like, hey, do you remember me? Or the girl's like, you remember me, remember me? And then you see a picture of them and you're like, no and no. Surely that's end of.

Carole, you obviously haven't been to very many political events where you get very, very drunk on the nation's dime. And you may not remember absolutely everyone who you flirt with. You're obviously not living that kind of life. John, you work in the anti-malware testing community. Are there any events like that where, you know, those sort of things happen?

I must say I have certainly been to conferences where I don't necessarily remember the people I spoke to.

There you go. There you go. So it is possible. So you might bump into someone and think, oh, you know, have a little flirty conversation. We won't include this, but I'm thinking. I just definitely remember that. Anyway, anyway, it seems you would get contacted by Abby or Charlie, depending on whether you were likely to be interested in men or women. An unusual exception was BBC chief political correspondent Henry Zeffman. He has written an article about how he was approached. And his situation was unusual because he got approached by both of them. Both Charlie and Abby had contacted him.

Well, you never know, right? He might swing both ways.

Well, maybe he does. I don't know what Henry's persuasion is. But, you know, I suspect that was actually the person sending the message being a little bit sloppy, you know, using the same phone number, forgetting if they were Abby or Charlie when they were sending the message. Probably. Anyway, one MP who received these messages, he smelled a rat. He contacted the police. I think very, very sensible thing to do, because if you're an MP, you've always got to be on the lookout for someone trying to get dirt on you, right? It could be a tabloid newspaper. It could be an enemy state. It could be the opposition. Someone who's trying to catch you out in some way. Or maybe a potential blackmailer. Contact the police and say, have this strange thing. sending me pictures of themselves in tight tennis shorts. What should I do about this?

Well, as we talked about a few weeks ago, if the pictures are of them nude and they weren't requested, that's cyber flashing. You know, that's illegal.

I suppose it is. I suppose. Is cyber flashing, Carole, you did your research into cyber flashing, is cyber flashing something which only someone with a penis can do? Or is it something that you could do if you were... Non-penis carrying. Yes, a non-penis carrying.

I suspect it's not a gender-specific law.

I think, yeah. What would happen if you were to send a picture of a statue of someone with a turgid member?

What statue do you know of that has a turgid member? Oh, Carole, I'm sure. And no ivy in front of it.

I'm sure they exist. I'm sure they exist. Anyway, whether there's a turgid member or not, I just suspect that, you know, a photograph.

I don't know. Are you talking about politicians again when you talk about that?

Let's move back. Let's move. Let's go back. Anyway, so I say one MP smelled of rat. But the question is this. How did Abby and Charlie know who to contact? Where did they get these phone numbers from of politicians, political journalists, staffers, etc., etc.? And this has been revealed to us since the initial story, right?

Okay, but before you reveal, surely if you're a member of parliament, your phone number is on your website for your jurisdiction that you look after.

It could be. It could be. I remember Boris Johnson had a very public phone number when he was prime minister. He left it lying around for years and years, didn't he?

Yes, and they must have lots and lots of contacts as well, like journalists and things that they talk to. And presumably their number's reasonably easy to get hold of compared to a normal person.

I don't think most members of Parliament would give their mobile phone number on their website. They'd probably give their office number, not the mobile phone number. You would think that you would just get deluged with people signing you up for stuff or sending you unpleasant messages. Anyway, so how do they work this out? How do they get the numbers? Well, it has since turned out that another MP, a chap called William Wragg, he has admitted providing phone numbers of his fellow MPs to a man he met on Grindr, the gay dating app.

What?

Yes.

No, no, I'm just... Okay, so I want to hear how this happened. How does he provide these numbers?

Well, it appears that William was contacted by someone who we will call Charlie for these purposes. So, Wragg, he's gay. And he said he was mortified. He said he's apologised for his weakness. He's also said he never hired Charlie as a parliamentary aide because Charlie was contacting these other people, saying, oh, I used to work for William Wragg in Parliament. And William Wragg said nothing to do with me.

Okay, so let me just make sure I understand. So William Wragg, who happens to be gay, gets contacted via WhatsApp saying, hey, you're kind of cute. Look at this picture. They met on Grindr?

They met on Grindr. And then the conversation, as it got a little bit more fruity, it transferred to WhatsApp later.

Right. And then at some point he was like, hey, can you give me the phone numbers of all your buddies? Well, it's one way of flirting. It doesn't quite work that easily. So what happened was William Wragg says that this Charlie fella had managed to get some compromising photographs off him.

Maybe he was just after more and more phone numbers, like a pyramid scheme.

Maybe he's a phone number collector. A bit like being a train spotter or something like that. I used to write down licence plate numbers of cars. I used to think that would be a good hobby.

Did you?

When I was very young, yes.

You can get back to it when you retire, don't worry.

It turned out it wasn't that exciting. Anyway, MPs as a consequence. So this William Wragg guy, he was deputy chairman or something on the 1922 committee. He stepped down. He's not resigning as an MP or anything like that. He's going to carry on as Conservative MP, at least until the next election. He says he is going to stand down the next election, as many other Tory MPs are.

It doesn't sound like he did anything wrong until he did.

Yes, Carole, I never did anything wrong until I stole the crown jewels. I didn't do anything wrong until I murdered someone. You heard it here first, listeners. Yes, he didn't do anything wrong until he did.

No, no, but my point is, there's nothing wrong with being on Grindr. There's nothing wrong with sharing sexy images. You both want them, blah, blah, blah. But he went astray when the guy's like, you know, give me the numbers or else.

Well, if you're an MP and you think that someone having nudie pictures of you would be potentially compromising, then handing...

Why the fuck did you send them?

Yes, exactly. That's doing something wrong.

It's not great judgment, I think, because people in these sort of positions are open to being blackmailed. He's probably got more to lose than you or I have got to lose by being blackmailed by, for instance, Russian agents or something like that.

You know what? I have an idea. So say you're in that situation where you want to share nudie pictures with somebody. What about doing your nudie picture as a kind of walk-by, like maybe have a remote? So basically, it's just like you're walking naked in a room. You know, you're not paying attention and showing off everything. And then you can say, look, I was just walking across to get a cup of coffee in the buff. Or you could just send them a drawing instead.

When you said a walk-by, I was imagining like a drive-by shooting. You just drive past the house naked very, very quickly. And say, if you happen to look out the house now, you might see me going past. So we don't know who's behind the attacks. Was it a tabloid newspaper? Was it an enemy state? Was it YouTuber pranksters? You know, we don't know. But I think there's some advice we can offer our listeners, which is if someone suspiciously hot starts messaging you out of the blue, it's probably a trap. Well, unless you're super hot. Well, even so. It's probably. Especially if you work in politics. You know, if you're a politician, there's no one less sexy in the world at the moment than politicians. No one sexy is trying to have sex with you. It's just not happening. This is a golden age for quantity surveyors and estate agents and traffic wardens because they're not the least sexy profession anymore, right? Politicians are. So there's no chance of you having sex. No one's interested in flirting with you. You're considered vile. And the other thing is, Westminster, get your act together. This is like cyber security 101. It's gone horribly, hilariously wrong. But just be sensible. I mean, what's next? Are MPs going to believe they're going to inherit a fortune from a Nigerian prince? You know, this isn't complicated. They should know how to protect themselves and act sensibly. Did anyone else fall for it?

Was it just this one guy that actually engaged? Or did other people start saying, oh, yes, Charlie, I don't remember you, but here's a picture of my armpit.

There have now been, I think, about 17 people who say that they got the messages. It's unclear how many may have taken the flirtation a little bit further and actually exchanged images and maybe other information as well. And, of course, it may be more than 17 people this has happened to, who are nervous about going to the authorities and saying, yeah, we've done it as well. So the Speaker of the House has said, if there's anyone else out there who's done this inside the House of Commons, please let us know because we are trying to investigate this.

What, they're naked inside the House of Commons?

Always, yes, yes, that's right, Carole. That's exactly what's going on. That's what I thought. Right, yeah. John, what have you got for us this week?

So I wanted to talk a bit about AI in healthcare. That seems to be a thing that's cropping up in my various news feeds a lot lately. And The Economist magazine did a big quarterly technology special on it. So AI has been in use in health things for quite a long time now. I'm sure you probably remember the Google DeepMind when they brought out their AlphaFold, which could fold proteins into shapes.

Oh, I thought it was some sort of machine learning origami. When you say AI, it kind of is. It's like, is it? Well almost. It's not paper, it's protein. And at the end, it turns it into a swan or something like that, does it?

No, it turns it into a protein, which might be incredibly useful as a drug or who knows. Oh, okay. Yes. So that's a big thing. So that's now solved 600 million of these in the three or four years since it's been around, which compares to the 170,000 in the 60 years people have been working on it without this kind of technology. And there's a lot of similar kind of techniques being developed to help in developing drugs, which is probably a good thing, hopefully. I mean, it's not made an enormous impact yet, mainly because the process of putting out a drug, it's not just, oh, look, we've made a molecule done. What it's really doing is identifying potential drugs that then have to go through great big long trial processes, which are the same as they always were, and take years and years and cost billions. So it's reduced the time to find the candidates and possibly made the candidates better but if still 80, 90 percent of candidates rejected like very early stages of trials and then the trials have to be completed anyway there's not really any safety angles there that I could see. Okay, that's a general benefit, that's a win-win. It's more on the other side of things where the humans come in I guess. So things like diagnosis. So again, AI has been used in that for a long, long time. I think it was 12 years ago that the first machine X-ray readers proved to be better than humans at spotting potential issues in scans and things. And they've been getting better and better all the time. So it means you can process a lot more data with a lot fewer doctors, obviously. You can use less X-rays in radiation because the machine reading, it doesn't need it to be as, I guess, bright. You can have much smaller machines that are much cheaper. So you can have like a tricorder like in Star Trek, where you just go and kind of run it over someone rather than having a huge room-sized machine.

That would be fun in Parliament, someone running around with one of those. So there's lots of these new ideas and techniques and hardware and particularly software coming out all the time. And in that side of things, the kind of trial testing side isn't really keeping up, or possibly people are getting around it by not having very good testing methodology.

In the UK they're telling you not to go to the doctors aren't they they're to the pharmacist instead and tell them how you feel. And they probably just use the same kind of flowcharty thing and go, yeah. And then they get to the bottom and it says, okay, call an ambulance or go home and go to bed, whatever.

Also a lot of shit as well. As well as a lot of nonsense it's read on the internet. Exactly.

That's a big problem. That it's prone to hallucinations and really bad decisions. And it can't actually say why it's made that decision. You can't trace back all the inputs that it's based that on. So I like this chatbot called perplexity.ai because it works a little bit like Wikipedia in that it gives you notes. It gives all its references. The other kind of part of this is that you have these kind of medical specialists, I guess, that are making the kind of things like on the NHS website. And then they're thinking, oh, well, we kind of want to make this a bit more human friendly. So we need to kind of put some AI stuff on the front to make it able to converse with the person and maybe even like put a face on it and a voice so you can consult with it like you would. I don't know. I haven't seen a doctor in person for years. It's always over Zoom these days. So you could easily just be a deepfake doctor. So there's the ones that the medical teams are making and they're trying to make feel more human and then there's the other side where there's ChatGPT and things like that which already can seem perfectly human. We just need to plug in a bit more medical knowledge and a bit more carefulness, maybe. And there's a kind of a race between those two as to which one is going to become the most popular. It feels a bit like the IoT issue where people who made washing machines and TVs suddenly said, oh, you know, we can just plug in some internet into here and that'll make it way better. And then obviously they didn't really know exactly what they were doing. So that's a big risk. I can think that AI would be maybe a very good pre-triage for medical establishments and hospitals, right? Because you could go through it and how many people now go to hospital and it's like, oh, you just have a splinter. Totally. Yeah. Well, that's, again, back in the kind of reading scans thing, that's where it's really helped a lot. Because in a lot of things, you would, traditionally, you would need to have two doctors. Right. One radiologist or whatever, one looking at it and the other one checking to make sure they got it right. Whereas now in a lot of less serious cases, they can just say, okay, the AI has spotted something. One doctor looks at it and goes, yeah, I agree, done. So you're saving a lot of time and effort there as well.

Let's hope that doctor's not overworked and going, yeah, it looks fine. Looks fine. Looks fine. Looks fine. Looks fine. Doctor's overworked. As if. And of course, in all of this, there's the age-old issues of both data security and privacy. Apparently in a lot of cases people feel it's more private to be talking to a machine about sensitive stuff than an actual person but you know how much of that conversation is actually being recorded, it's all being fed back into the AI's learning system. So no matter how much people try to anonymize it, yeah the AI's not been built exactly right, it might just one day turn around to someone and spit out oh Graham's got the clap.

John, have you not been to the doctors yet about your hairy toes? Or are you showing your hairy toes on Zoom? Because it's bad enough what people are receiving on WhatsApp at the House of Commons, let alone...

Would that be considered cyber flashing if they're really too hairy?

I think it might be. Carole, what have you got for us this week?

I want you guys to start off by looking at your inbox, your main email inbox. Okay. Yes, I'm going in. Tell me, how many unread mails have you sitting around?

Zero.

Zero? Okay, what about you?

Oh, well, I've got lots of folders and things. Do you mean the...

In the inbox, not the folders, in the main inbox. Coming in, not classified.

Okay, it's only 1,779 at the moment.

That's pretty good. Wow. Can I tell you mine? 48,835.

In your inbox? Yeah. This is why you never check your email, right? Because it's too hard, yeah. Yes, because I'm too afraid. It's too much. I know, I think I'm just good. I think I'm just going to delete it all and start again. I think that's what I'm going to do. And maybe that's why I'm so out of touch because I can't even bring myself to manage the glut of emails.

I didn't know she had a chat show, no. She's had one since 2020. What? We all remember that late 2020 was, you know, the time of the Rona virus. And this show, which I've never seen, seems to follow the format of chatting with a variety of people such as other actors that were famous when they were kids, interior designers testing out viral beauty hacks and the like. Oh, the guy who eats a lot. The guy who eats competitive eater. Enormous sandwiches.

Yeah, yeah. He eats a lot in his little Corvette or whatever, little red car.

Oh, it sounds like a great chat show, I have to say. I can't believe I've not been tuning into this wonder.

Yeah so he was apparently on the show recently to review a new McDonald's recipe. Would you try this? A hash brown and McFlurry sandwich. Isn't that disgusting?

Well how would that, wouldn't your bread get all soggy?

Well I don't know, maybe it's like cold mayonnaise, I don't know. So basically Drew, that's what the people in the know call the show, the Drew Barrymore Show. Drew focuses on human interest stories, celebrity guests, lifestyle segments and field pieces, all driven by a particular brand of humor and optimism that is Drew Barrymore. Now, the show's launch took place in Manhattan during the lockdown. So, there's no in-person audience, right? Instead, members of a virtual crowd would be beamed in via a platform called Audience and then projected on a large display behind Barrymore.

Well, you do shock me. People don't bother to turn up in person to watch this show. I'm surprised. So, it's all virtual. What a surprise.

I've always liked Drew Barrymore, though. Okay. I like her.

Not enough to go to New York and sit and watch her talking about burgers. No. No, not that much. Even as a VIP, I would say thanks. Actually, I wouldn't see the email, would I? No. And some guests have even been asked to appear via green screen during lockdown because, you know, either they're far away or whatever.

scam relies upon people being so desperate to appear on the Drew Barrymore show that they will pay to appear on the Drew Barrymore show with their product, I guess, or their service. Well, I don't know if it's desperate. I mean, people do pay to have, you know, to have themselves like that's what ads are. Right. And there is spade content out there that's legitimate. Advertorial.

And she hates Le Cruze?

She hates Le Cruze. I have no idea. But, you know, no one asked her permission is what she's saying. So I'm thinking if you're a celebrity, you have to basically spend quite a big proportion of your time going around going, not me, Gov. Not me. That's not me. I didn't do that. You have a team for that, don't you? Yeah, yeah. Okay, okay. But still,

you know. You just add a full-time denier to your entourage.

But okay, imagine Graham, okay? Say some ne'er-do-well. Let's say John Haas, our VIP guest today. Not that guy. Let's say he's going around booking guests on Smashing Security, or attempting to, just to secure some fraudulent payments from these potential guests.

Outrageous. Oh, I'd be annoyed.

Now, we wouldn't know that it's John doing it, right? All we'd hear, if we were lucky, is reports of some potential guest getting in touch with us going, hey, when am I on air? So what would we do? We would warn people on the show saying, don't fall for the scam.

I suppose so. Yeah. Yeah.

Would we report it to the authorities?

What are they going to do? I don't know. But yeah, certainly we'd mention it on the podcast. Maybe we'd post it up on the socials telling people, you know, don't trust this. This is the way to get in contact with us. If you want to be a sponsor on the show, here's how you do it. See what I did there? Here's how you contact. Studio at smashingsecurity.com. That's the best way. The only way to contact. Exactly right. I don't know. If anyone wants to get in touch with me because I don't read my emails and it's important, I'm thinking email Graham or John because you both read your emails. Legacy managed file transfer tools are dated they lack the security that today's remote workforce demands companies that continue relying on outdated technology put their sensitive data at risk well this podcast is sponsored by kiteworks who enable organizations to effectively manage risk in every send share receive and save of sensitive content to do that they've created a platform that delivers content governance, compliance and protection to customers, tracking, controlling and securing sensitive content as it moves within, into and out of organisations, all while ensuring regulatory compliance on all sensitive content communications. Kiteworks provides the industry's first private content network for protecting risky third-party communications with secure email, secure file sharing, secure mobile, secure web forms, managed file transfer, and governed SFTP servers. Visit kiteworks.com to get started today. That's kiteworks.com, and thanks to them for supporting the show. Carole. Smashing Security is also sponsored by Vanta. Managing the requirements for modern security programs is increasingly challenging and time-consuming. Enter Vanta. Vanta gives you one place to centralize and scale your security program. Quickly access risk, streamline security reviews, and automate compliance for ISO 27001, SOC 2, and more. You can leverage Vanta's market leading trust management platform to unify risk management and secure the trust of your customers. Plus, use Vanta AI to save time when completing security questionnaires. Smashing Security listeners, you get 20% off Vanta. All you lucky sausages have to do is visit vanta.com slash smashing to claim your discount. That's V as in Victor, A-N-T-A dot com slash smashing. And thanks to Vanta for sponsoring the show. Graham. You've probably heard us talk about Collide before, but did you know Collide was just acquired by 1Password? Well, that's pretty big news since these two companies are leading the industry in creating security solutions that put users first. For over a year, Collide Device Trust has helped companies with Okta ensure that only known and secure devices can access their data. And that's what they're still doing, but now as part of 1Password. So if you've got Okta and you've been meaning to check out Collide, now's a great time. Collide comes with a library of pre-built device posture checks and you can write your own custom checks for just about anything you can think of. Plus, you can use Collide on devices without MDM, your Linux fleet, contractor devices, and every BYOD phone and laptop in your company. Now that Collide is part of 1Password, it's only going to get better. Check it out at collide.com slash smashing to learn more and watch the demo today. That's K-O-L-I-D-E.com slash smashing. And thanks to them for supporting the show. And welcome back. Can you join us at our favourite part of the show? The part of the show that we call Pick of the Week. Pick of the Week. Pick of the Week. Pick of the Week is the part of the show where everyone chooses to say. It could be a funny story, a book if they've read, a TV show, a movie, a record, or podcast, a website or an app. Whatever they like. It doesn't have to be security-related necessarily. Better not be. Well, my pick of the week this week, it's a bit of a pick of the week, it's a bit of a nitpick of the week. I'll be honest. Yeah, I'm sorry. It's a bit of both. This week, there has been a birthday in the Cluley household. Carole. Happy birthday to whoever that was. Graham. Thank you very much. And it was decided that we would celebrate it by doing something a little bit different. And we went to the Royal Opera House in London where we saw Carmen, Bizet's Carmen. To get some culture. It's a bit of culture. Never been to the Royal Opera House before. Carole. Did you wear a dickie bow? Graham. Certainly not, no. But I was smartly dressed. You know, sartorily, I've always been premier division, haven't I? Well, by premier division, I don't mean that I wear football stuff. But there I was at the Royal Opera House. And, you know, marvellous singing, the music, the drama. She gets strangled at the end, you know, but I guess they couldn't change the plot. Spoilers but it seems a little bit brutish but where my nitpick comes is with the presentation. Okay, because I want to ask you a question is it all right and what do you think about taking something classic, something which is well established where you expect to see a certain amount of spectacle, you expect to see it presented in a particular way and what they've done is they've placed it in another time period so the Carmen at the moment at the Royal Opera House has been set in the 1970s and there are people with mullets and you know it's all sex clubs and you know is it mainly the mullets you're objecting to well it's just you do expect to see a certain amount of bosom and you know I

Well, why don't you ask for your money back then? Why don't you go ask for your money back? You seem to be good at this.

You saw the problem I had getting money back off Amazon. I don't know if I'm gonna get it for the Royal Opera House. Had they rewritten the music in a disco style? No, they hadn't. But it was... Because that would be a bit weird. That would have been weird. But it might be great. Anyway, it's just something I want to... I'm just putting it out there into the universe. I'm just asking the questions. Is it okay to take the classics and put them into another time period? That is my question for you.

The answer is yes. Yes, it is.

Totally fine. Two out of three say yes. Often great. And I'm saying, in this particular case, I'm not so sure. And that is why it's both my pick of the week and my nitpick of the week. Thank you very much. I rest my case, my lord. John, what's your pick of the week, John?

So, not a lot of people know this, but I really enjoy big dumb action movies. And especially big dumb action movies set on aeroplanes. Con Air. You give me Nicholas Cage on a plane. Denzel on a plane. Liam Neeson on a plane. Harrison Ford on a plane. Snakes on a plane. Snakes on a plane I've not seen, but I would like to. Leslie Nielsen on a plane. Also good, but a slightly different genre. Jodie Foster on a plane. That was good. Kurt Russell on a plane with Poirot. Great. Anyway, that's beside the point. I also very much like a TV show that put out a new series this week. It's called Mandy. It's on the BBC. They've done two series before, I think the first one 2020 and the second one 2022. It's starring and created, written, made by Diane Morgan, who many people might know as Philomena Kunk. She did a lot of work with Charlie Brooker, had her own mockumentary series, which was also great, which has been in quite a few other things as well but this is her own series and the first two series were excellent the Christmas special was fantastic and series 3 has now come out and I was delighted to find the first episode was basically Mandy on a plane in a big dumb action movie scenario and it was fantastic and I haven't watched the rest of it yet but I'm very much looking forward to it because it's going to be amazing. It's a very funny show.

I didn't know there was a new series. I'm very much looking forward to catching this. Because I particularly like it. I like it so much, in fact, that it was my pick of week a couple of years ago. So we have had this before. Not series three. No, John. As it's such a good TV programme, I think it's well worth renewing. I'm going to allow it. Yeah, because Graham's the boss.

That's good. Good to hear. Self-declared.

I had some criticism in my pick of the week slash nitpick of the week. So, you know, well done, John. I think Mandy is a terrific TV programme.

It's lovely. It's 15 minutes per episode as well. You can watch a whole series in an hour or two. Fantastic. Carole, what's your pick of the week?

Mine is a book by bestselling author Xochitl Gonzalez. And the book is called Anita de Monte Laughs Last. And it's centered around a first generation Ivy League art history student who uncovers the genius work of a female artist, Ana de Monte, who is a rising star in the 80s. Now, the novel, while fiction, is inspired by a very real mystery involving Cuban-born conceptual artist Ana Mendieta, who in 1985 was found splatted on the New York streets, having either jumped in a suicide attempt, which people are saying super unlikely, or perhaps more likely, was pushed by her minimalist artist husband, Carl Andre. He was the darling of New York art scene at the time. And rumor has had it, he was being driven mad by her rising success.

He could have argued it was a performance art that he was actually doing this for, perhaps. Not very minimalist if she was splattered. Good point.

This is a guy that would put three bricks, you know, in a room and everyone would go, oh, my God, it's so good. That's so deep. Do you see what he's doing there?

As long as he doesn't set the bricks in a different time period, I'm all right with it.

Well, I think I had a pick a week earlier that had a podcast about this whole story with Anna Mendieta and Carl Andre. But the name escapes me now. Anyway, this book. So Anita De Monte Laughs Last is basically the novelization of this New York's big art mystery. And Gonzales uses a two-pronged approach, one telling the firsthand story of Ana de Monte in her own words, but the other protagonist is a young art history student, also Cuban, who decades after Anita's death, learns about this whole mystery and death while researching the husband's art career for her degree. So the book delves into being a minority in elite environments, power privilege or lack thereof and of course the complexities of affirmative action and there's even an unexpected touch of magic realism in them. But the reason it's my pick of the week is because I did not read this book I experienced it via audiobook which is how I do things and this telling of this novel is unlike anything I've heard before. You have some seriously powerful performances by three different readers who make up all the different characters. And it is just when I first, it opens with extremely strongly. So you could listen to the sample at the beginning and go, this is for me or not for me. But for me, it kind of cracks the door open of what audiobooks could become. So I love the story. I love the writing, love the audiobook, highly recommend. And so my pick of the week this week is Xochitl Gonzales' Anita de Monte Laughs Last.

I think we've been very highbrow in our choice of picks of the week. I went to the Royal Opera House.

I didn't. No, no, you didn't have a pick of the week. You just bitched about the fact that they were dressed in 70s clothing. No, No, no. I, I, I, no, I, it was a pick of the week combined with a nitpick of the week. Yeah. He said the music was nice. Yeah. The singing was great. You know, I had no complaints to that. How were the facilities? The facilities were fantastic. It's amazing, the Royal Opera House. Well, there we go.

That? I'm on LinkedIn. I'm the one with the beard. Or if you want to get in touch directly, you can send Graham an email and he'll forward it on.

And you can follow us on Twitter at Smashing Security. No G, Twitter on the house. Have a G. And don't forget to ensure you never miss an episode. Follow Smashing Security in your favourite podcast apps, such as Apple Podcasts, Spotify and Pocket Casts.

And huge thank you to our episode sponsors, Tanium, Collide and Kiteworks. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free.

Until next time, cheerio. Bye-bye. Bye. Bye-bye.

But, you know, I'm in a difficult situation right now because you said nitpick of the week and pick of the week 80,000 times. Do you really want me to play music each time? No. Yeah, so maybe I'll cut it down. You use

Your discretion. I will. I know you

Enjoy saying those words, but I think we need to just watch it. No, no,

No. We wouldn't ever do that. We don't drive people crazy. We wouldn't ever do that, no. We would do it to the right amount. What we think sounds right. It's not a...

Okay. Thank you very much, John, for coming on the show. I know you're busy today.

No problem.

John, what are you doing? Are you reading

Already? No, I'm just taking all these weird boards down off

My window. Oh, yes. It's a bit dark. I'll put my track in the fold now, Carole, if you're working on it. Yeah, I'll do the same. All right. Okay. Okay. Thanks so much. Okay. Thanks. Bye. Bye. Bye.