Leicester City Council suffers a crippling ransomware attack, and a massive data breach, but is it out of the dark yet? And as election fever hits India we take a close eye at deepfakery.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
There's a very simple reason, I suspect, why they're not doing that anymore.
Okay.
Two words.
Okay.
Bird poop.
Oh.
Yeah.
Is this true or are you just guessing?
I— look.
You're guessing. Okay.
Yes.
Yes.
Smashing Security, episode 369. Keeping the lights on after a ransomware attack. Attack with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 369. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 369. My name's Graham Cluley.
And I'm Carole Theriault.
Carole, you are back from your secret mission overseas, underwater. On a different planet. I don't know where it was. It's all secret.
Yeah, I'm going to be talking about that in the pick of the week. But can I tell you something absolutely gorgeous and spring-like that I can tell you?
Oh, yeah.
Because remember a few weeks ago, I was "oh, I have a pick of the week.
It's this app called Merlin Bird ID." Anyway, so I come — I'm home from my adventures and I have 3 baby robins in my garden. And they came into the house. They flew into the house.
I was a total — what's the Disney girl that has all the — Cinderella?
It's this app called Merlin Bird ID." Anyway, so I come — I'm home from my adventures and I have 3 baby robins in my garden. And they came into the house. They flew into the house.
I was a total — what's the Disney girl that has all the — Cinderella?
Snow White?
Snow White, I don't know. One of them, most of them have little birds floating around. That was me.
I had all these tiny little birds flying around in and out of my house and it was gorgeous. So happy spring everyone from England.
So let's thank this week's wonderful sponsors, Kolide, Sonrai, and Vanta. It's their support that helps us give you this show for free.
Now, coming up on today's show, Graham, what do you got?
I had all these tiny little birds flying around in and out of my house and it was gorgeous. So happy spring everyone from England.
So let's thank this week's wonderful sponsors, Kolide, Sonrai, and Vanta. It's their support that helps us give you this show for free.
Now, coming up on today's show, Graham, what do you got?
I'm gonna be asking, will the last company to be hit by ransomware please turn off the lights?
Okay. And I'm heading to India because they've just kicked off their new elections. All this and much more coming up on this episode of Smashing Security.
Now, chums, let's travel to old Blighty, the UK. And there is a city in the UK called Leicester.
And for our American friends, it's spelled Leicester.
Leicester. That's right.
Leicester.
Leicester. And Leicester City Council, they were thrown into chaos last month.
When a crippling cyber incident, as they like to call these things, forced it to shut down its IT systems and phone lines. And it had some real, very real-world impacts.
Charities reported they were unable to support vulnerable homeless people as a result of the infrastructure being shut down. You know, it's obviously really serious.
And care homes were warned that payments of hundreds of thousands of pounds could be delayed. So their funding was being delayed due to the incident.
All kinds of nastiness being caused by a ransomware attack. Surprise, surprise.
And by the end of last month, the council was still being tight-lipped about whether any data had been breached during the attack.
And of course, normally these days, if you get a ransomware attack, you will have some data stolen at the same time because it increases the opportunities for the criminals to extort some money out of you.
When a crippling cyber incident, as they like to call these things, forced it to shut down its IT systems and phone lines. And it had some real, very real-world impacts.
Charities reported they were unable to support vulnerable homeless people as a result of the infrastructure being shut down. You know, it's obviously really serious.
And care homes were warned that payments of hundreds of thousands of pounds could be delayed. So their funding was being delayed due to the incident.
All kinds of nastiness being caused by a ransomware attack. Surprise, surprise.
And by the end of last month, the council was still being tight-lipped about whether any data had been breached during the attack.
And of course, normally these days, if you get a ransomware attack, you will have some data stolen at the same time because it increases the opportunities for the criminals to extort some money out of you.
Yeah, and I'm imagining — no offense to Leicester's city council — but I'm imagining they are not as tight in security terms as, say, a bank, for example?
Well, maybe not, but if you think about it, just as it's really important to secure your funds, it's really important to secure your citizens' details because you can't— if you live in that area, you don't have any choice.
You have to give your information to the council because, you know, you want your bins picked up and, you know, you have to pay your council tax and all the rest of it.
You have to give your information to the council because, you know, you want your bins picked up and, you know, you have to pay your council tax and all the rest of it.
Vote and stuff. Yeah.
Now, in early April, Leicester City Council confirmed that about 25 documents had been shared online by the attackers.
So they had some information stolen then.
Yeah, that's right. And they described that data leak as a very serious matter. 25 documents, they said.
It doesn't sound like a lot.
Hmm?
It doesn't sound like a lot, 25. Maybe— I have no idea how big the documents are.
Carole! Oh, I see. What you're thinking is maybe they're RTF files with a great big bitmap embedded inside them. So they're actually—
Right.
312 gigabytes or something. It's just— I mean, it's not that huge, is it really? But how do you feel about 1.3 terabytes of data?
So the biggest files on the planet.
Well, it turns out that as with many other victims of data breaches in the past, the initial estimate as to just how much data had been taken was a little bit out.
Having described 25 documents as having been taken as a very serious matter, they needed a whole new way to describe the fact that 1.3 terabytes of data was now being published on the leak site by the ransomware gang.
IncRansom is their name. Very corporate.
Having described 25 documents as having been taken as a very serious matter, they needed a whole new way to describe the fact that 1.3 terabytes of data was now being published on the leak site by the ransomware gang.
IncRansom is their name. Very corporate.
Very large files.
Well, yeah, you could argue maybe it was still 25 files. I think that's unlikely. I suspect they've got rather more than that.
And Leicester City Council can't rule out the possibility that yet more data might be leaked in the future.
In fact, IncRansom, the criminals, they claim that they've taken 3 terabytes of data. It's a huge amount of data to take from a network.
And Leicester City Council can't rule out the possibility that yet more data might be leaked in the future.
In fact, IncRansom, the criminals, they claim that they've taken 3 terabytes of data. It's a huge amount of data to take from a network.
I'm wondering though, okay, so the Leicester City Council will have probably one, maybe a handful of people that look after IT.
I imagine they've got a few more than one or a handful. I would think they'd have—
Really?
Yes, yes.
Okay.
Oh, absolutely, Carole, you know, because they're—
In this age of AI, Graham, I don't know if you could be sure about that. You're just too old to understand how things work these days, I'm telling you.
Leicester's quite a big city, isn't it? I think it is. It's bigger than Magdeburg. Is it bigger than Magdeburg? Let's not start that again. Anyway, quite a big difference.
25 documents, 1.3 terabytes, maybe up to 3 terabytes.
So you can understand why some people might think that the attackers sent the council back to the dark ages and whether it can do enough to keep the lights on.
25 documents, 1.3 terabytes, maybe up to 3 terabytes.
So you can understand why some people might think that the attackers sent the council back to the dark ages and whether it can do enough to keep the lights on.
Okay.
Well, it's now nearly two months after the initial attack, and they're still struggling to get everything back up and running.
In fact, residents of Leicester may be considering donning sunglasses due to a state of perpetual brightness in the city. Now, why might that have occurred?
It's not continental drift. They're not now up in the Arctic Circle.
In fact, residents of Leicester may be considering donning sunglasses due to a state of perpetual brightness in the city. Now, why might that have occurred?
It's not continental drift. They're not now up in the Arctic Circle.
Okay, I've no idea.
What's happened is the streetlights have been found to be permanently on. 24 hours a day. And no one knows quite how to turn them off.
What, are you kidding me?
Nope.
This is your story. That's what I'm shocked at. Okay, so the lights on the Leicester streets are on continuously.
Continuously. And it's the consequence of a ransomware attack. There's a 65-year-old guy called Roger Evans.
He told the Leicester Mercury that the streetlights down his neck of the woods have been turned on constantly. So he complains to the council.
I imagine Roger complains quite a lot about things to the council. He hasn't got much to do.
And he said that they got back to him and said the ransomware attack had attacked and affected the central management system and that the streetlights were, quote, misbehaving.
He told the Leicester Mercury that the streetlights down his neck of the woods have been turned on constantly. So he complains to the council.
I imagine Roger complains quite a lot about things to the council. He hasn't got much to do.
And he said that they got back to him and said the ransomware attack had attacked and affected the central management system and that the streetlights were, quote, misbehaving.
Okay, I don't know how streetlights work in Leicester, but in my neck of the woods, they are on all night, right? I don't think I would notice them even being on during the day.
I'm not Roger Evans, but it's not like it's giving light pollution, is all I'm saying.
I'm not Roger Evans, but it's not like it's giving light pollution, is all I'm saying.
I'm not sure everyone's streetlights do stay on all night long.
I would love if mine didn't, to be honest.
Well, exactly, because it can bleed straight through your—into your bedroom window, can't it?
It does, yeah.
It can ruin your sleep. It's a very important thing.
And some of these newer streetlights with the LED, you know, it's all "Oh, designed to save energy and everything." And it's "Oh my goodness, that's so bright." Can't cope with that.
You end up having to buy really thick curtains, don't you, Carole?
And some of these newer streetlights with the LED, you know, it's all "Oh, designed to save energy and everything." And it's "Oh my goodness, that's so bright." Can't cope with that.
You end up having to buy really thick curtains, don't you, Carole?
I do have very thick curtains.
Say no more. So, a city council spokesperson said, "We are aware of a number of streetlights that are staying on during the day.
This is due to a technical issue related to the recent cyberattack.
When we were forced to shut down our systems, it means we are currently not able to remotely identify faults in the street lighting system." What?
This is due to a technical issue related to the recent cyberattack.
When we were forced to shut down our systems, it means we are currently not able to remotely identify faults in the street lighting system." What?
I wish they'd give us more information. Surely if they shared this with the world, some techno wizard would say, "This is how you can do it."
Well, you don't want any old Thom, Dick, or Harry shimmying up streetlights, Carole, trying to debug them.
No, I imagine they would've emailed them and said, "Maybe do this in the code. You know, check this out."
Oh, what, so they should just publish the streetlight code on GitHub and say, "Go for it," their remote access system? Well, because these things are bad.
I bet streetlights have got a default password. I bet they're streetlights. I bet they're roadwork signs.
I bet streetlights have got a default password. I bet they're streetlights. I bet they're roadwork signs.
I never thought about that.
So I'm surprised because I thought, why are there central systems managing streetlights anyway? Right.
I thought, surely I remember as a kid there was streetlights outside my bedroom window. You know, it was a decent enough distance, didn't keep me awake.
But I noticed it would come on when it got to about dusk and then turn off again in the morning. And it was a different time every day.
You know, it would slightly change over the weeks. You'd notice it slightly.
I thought, surely I remember as a kid there was streetlights outside my bedroom window. You know, it was a decent enough distance, didn't keep me awake.
But I noticed it would come on when it got to about dusk and then turn off again in the morning. And it was a different time every day.
You know, it would slightly change over the weeks. You'd notice it slightly.
Yeah, there'd be some sensor that would go, "Oh, daylight."
Exactly. You'd have a light-sensitive sensor telling if it's dark or not and turning the light on and off accordingly.
And, well, there's a very simple reason I suspect why they're not doing that anymore.
And, well, there's a very simple reason I suspect why they're not doing that anymore.
Okay.
Two words.
Okay.
Bird poop.
Oh.
Yeah.
Is this true, or are you just guessing? I—look.
You're guessing.
Yes.
Okay. So you just think there's these massive seagulls running around, literally trying to aim their feces at the sensors to fuck with people?
In my experience, a seagull or a pigeon with an iffy tummy can be more precise than an Exocet missile.
Why, have you been hit before in the face?
You would be surprised, Carole, where I have been hit.
I don't think I would.
By bird poop in the past. But of course, if that goes on the sensor, you have to employ someone to go round with a broom, cleaning the streetlights.
So the team at Leicester City Council and elsewhere have thought, well, what we should do is we should connect all the streetlights. Because it's all smart cities, right?
It's everything's got to be connected, everything's gotta be connected, that's brilliant, let's connect everything.
And then from one central place, we can find out if they're faulty.
We don't have to send a man round to clean them, we don't have to send a man round to see if they're not working, we don't have to man phones, because obviously there'll be a hotline for people to report broken streetlights.
So the team at Leicester City Council and elsewhere have thought, well, what we should do is we should connect all the streetlights. Because it's all smart cities, right?
It's everything's got to be connected, everything's gotta be connected, that's brilliant, let's connect everything.
And then from one central place, we can find out if they're faulty.
We don't have to send a man round to clean them, we don't have to send a man round to see if they're not working, we don't have to man phones, because obviously there'll be a hotline for people to report broken streetlights.
It's not man phone.
Alright, people phone.
Thank you.
And— Sorry. Anyway, so as a consequence, in Leicester, the lights are on.
24/7.
I don't know if there's anybody home in the IT department. Now, this is not the first time lights have been permanently left on.
There is a school in Massachusetts which had 7,000 of its lights left on for over a year because no one could work out how to turn them off.
It cost thousands of dollars every month, and it caused problems when teachers were trying to play videos on the whiteboards, and some teachers resorted to unscrewing light bulbs.
The reason was they struggled to make contact with the firm that had installed this system which controlled the lights.
It changed ownership a few times, apparently, the firm, and then they waited for months and months for parts to be delivered from China.
There were supply chain issues, which obviously has been a security issue in the past.
And there were complaints at the time, "Why are we outsourcing our light bulbs, lighting systems to China?" And I mean, I don't think it was an attack, but you've gotta be careful about this sort of thing.
There is a school in Massachusetts which had 7,000 of its lights left on for over a year because no one could work out how to turn them off.
It cost thousands of dollars every month, and it caused problems when teachers were trying to play videos on the whiteboards, and some teachers resorted to unscrewing light bulbs.
The reason was they struggled to make contact with the firm that had installed this system which controlled the lights.
It changed ownership a few times, apparently, the firm, and then they waited for months and months for parts to be delivered from China.
There were supply chain issues, which obviously has been a security issue in the past.
And there were complaints at the time, "Why are we outsourcing our light bulbs, lighting systems to China?" And I mean, I don't think it was an attack, but you've gotta be careful about this sort of thing.
Yeah, so do you think this is part of the attack or do you think this is maybe incompetence on the part of the council?
Oh, I don't think it's the ransomware gang. No.
Right.
No, I think this is just a side effect of the IT systems being busted. In Leicester, they're longing to turn off the lights, they want to recover from the attack.
But the councillor said it's not gonna pay any ransom.
Frankly, they said, we're broke, even if we wanted to, we can't afford it, because like many councils in the UK, they've just got no money and there's no more money coming from central government.
But the councillor said it's not gonna pay any ransom.
Frankly, they said, we're broke, even if we wanted to, we can't afford it, because like many councils in the UK, they've just got no money and there's no more money coming from central government.
And presumably they're more concerned about the 3 fucking terabytes of data they lost as opposed to the lights being on.
Yeah, that's not—
I would be.
That could be quite costly, couldn't it?
I mean, what happens when the regulators start fining them over that or find them to be incompetent or they didn't encrypt properly or blah, blah, blah, blah, blah, about that data, which is now in the hands of the criminals?
I mean, what happens when the regulators start fining them over that or find them to be incompetent or they didn't encrypt properly or blah, blah, blah, blah, blah, about that data, which is now in the hands of the criminals?
Exactly. Who is that guy you quoted? Roger Ewins, right? 65-year-old Roger Ewins who complained.
He maybe should be more worried about the data they stole from him and where it's ended up.
He maybe should be more worried about the data they stole from him and where it's ended up.
Don't get him started.
Which the lights being on.
Well, at least we are shining a light on this problem.
And don't— Remember everybody, cyberattacks— I hate it when they call them cyberincidents, or there's been an IT— Just use the R word. It's a ransomware attack.
Don't be afraid. Carole, what's your topic for us this week?
And don't— Remember everybody, cyberattacks— I hate it when they call them cyberincidents, or there's been an IT— Just use the R word. It's a ransomware attack.
Don't be afraid. Carole, what's your topic for us this week?
Well, we're going to India, and you might be aware that India is currently going through an election cycle that just kicked off in earnest last Friday.
Yes.
And for those of you out there who are unfamiliar with the country's political modus operandi, know that India's democracy is the largest in the world.
The country has a parliamentary system defined by its constitution, with power distributed between the central government and the states.
The country has a parliamentary system defined by its constitution, with power distributed between the central government and the states.
Yeah.
Now, India's elections are no small feat because they must cater to almost a billion voters, more than a tenth of the world population.
It's amazing, isn't it?
It's incredible. And there's another hurdle, the languages, right? So whereas the UK has one—
UK has Welsh.
Oh, you're absolutely right.
Gaelic, Cornish. Cockney? Mancunian?
Okay, let me rephrase.
So whereas the UK has a small number of official languages and where Canada has two official languages, India has 23 official languages including English, but there are apparently 780 languages spoken.
What? Imagine.
So whereas the UK has a small number of official languages and where Canada has two official languages, India has 23 official languages including English, but there are apparently 780 languages spoken.
What? Imagine.
That's crazy.
Imagine.
So no wonder that India's elections take upwards of six weeks and involve millions of poll workers, voting machines, and security forces to cover deserts, mountains, forests, and cities.
And India's laws also state that no voter is required or should be required to travel more than two kilometres from their home to get to a polling station. What?
So no wonder that India's elections take upwards of six weeks and involve millions of poll workers, voting machines, and security forces to cover deserts, mountains, forests, and cities.
And India's laws also state that no voter is required or should be required to travel more than two kilometres from their home to get to a polling station. What?
Really?
Yes. So workers, poll workers and all this, must trek up mountains, go deep into forests.
According to the New York Times, they will be using all manner of transport to collect the votes, even camels or elephants, let alone helicopters and boats.
And with a billion voters, you need millions of machines, right?
According to the New York Times, they will be using all manner of transport to collect the votes, even camels or elephants, let alone helicopters and boats.
And with a billion voters, you need millions of machines, right?
Okay. So this two kilometre rule, I can— That seems insane to me at first, because it's well, two kilometres doesn't take you very long to walk two kilometres, does it?
It's gonna take—
It's gonna take—
No, it takes you long to walk 10 kilometres. Right.
But at two kilometres, it's gonna take you what? 10 minutes, 15 minutes, something like that? I guess there are problems if you're in a mountainous area.
Yeah. Elephants, Graham.
They're not very fast.
Yeah, but they can go through debris that humans can't go through.
Only if you— Yeah. And they only go for so far until you've got to fill them up again at a diesel station.
I'm getting back to my story.
Go ahead.
But this election cycle is different from previous elections thanks to the rising power of AI. And it turns out that AI plus elections equals crazy times a-go-go.
Ugh.
So of course we have the troublemakers, right? An example would be fake videos featuring two prominent Bollywood actors.
Yep.
Aamir Khan and Ranveer Singh, where they purportedly criticized Prime Minister Narendra Modi and advocated support towards the opposition Congress Party.
The two videos have been viewed on the socials more than a million times, reported Reuters. Now, both actors have said the videos are fake.
Facebook, X, aka Twitter, and at least 8 fact-checking websites have said they are altered or manipulated, which the Reuters Digital Verification Unit also confirmed.
There was also a viral video of Rahul Gandhi's resignation from Congress that took over social media, but it was fake.
They used an AI-generated cloned voice and used an altered video of him filing his nomination papers for the 2024 polls.
So they basically took an existing video, tweaked it, added new voices to it, and tried to say, "I'm resigning from Congress." But AI is also being used legitimately by candidates.
So imagine, Graham, right? So let's say we're having an election here in the UK, right? And you pick up the phone, the phone rings, right?
You pick it up and it's a cold call campaign thingy saying vote for Rishi Sunak. So what do you do, right? You would probably, what would you do? Would you hang up?
Would you say, I'm very sorry, I'm not interested?
The two videos have been viewed on the socials more than a million times, reported Reuters. Now, both actors have said the videos are fake.
Facebook, X, aka Twitter, and at least 8 fact-checking websites have said they are altered or manipulated, which the Reuters Digital Verification Unit also confirmed.
There was also a viral video of Rahul Gandhi's resignation from Congress that took over social media, but it was fake.
They used an AI-generated cloned voice and used an altered video of him filing his nomination papers for the 2024 polls.
So they basically took an existing video, tweaked it, added new voices to it, and tried to say, "I'm resigning from Congress." But AI is also being used legitimately by candidates.
So imagine, Graham, right? So let's say we're having an election here in the UK, right? And you pick up the phone, the phone rings, right?
You pick it up and it's a cold call campaign thingy saying vote for Rishi Sunak. So what do you do, right? You would probably, what would you do? Would you hang up?
Would you say, I'm very sorry, I'm not interested?
I'm a very busy man.
Say you're eating or pooping or something. Yeah, my other half calls bathroom breaks business meetings. So you have a big business meeting to attend.
I'm just on a conference call at the moment. Yeah. I would be pretty annoyed. I don't— so it's just a robot, is it? It's not actual human ringing up on Rishi Sunak's behalf.
Well, no, but the way normally, typically these campaign calls would work is you would either get someone calling up and going, who are you voting for? What are you doing?
And it's just a huge invasion of my privacy. It's none of their business. I don't want to speak to anyone from any political party on the phone. How dare they?
Ring my bloody phone and interrupt my life.
Ring my bloody phone and interrupt my life.
What if they show up at your door?
Well, you know, I can obviously—
Slam the door in their face as opposed to hang up the phone?
I don't mind when people come round to the door as much.
It's because you're lonely, probably.
I think that could be the reason.
Come in for coffee!
Please, please be my friend, please!
But what if, you know, the phone's ringing, you pick up, and the caller says, "Hi, Graham, I hear there are issues in your town, such as Amazon deliveries going awry."
Yes, that's very true.
Right. So they use your name and contextualize the pitch for you to make you stay on the phone longer and hear what they have to say.
Yeah, yeah, yeah. Okay.
Right.
And this is what's happening right now in India, making the job of candidates much easier, all thanks to AI, because they can use AI to contact their voters in their native tongue, be it one of the 780 languages that are spoken.
And this is what's happening right now in India, making the job of candidates much easier, all thanks to AI, because they can use AI to contact their voters in their native tongue, be it one of the 780 languages that are spoken.
Wow.
And talk about the issues that are close to the communities and the specific geographies.
But are they actually having conversations with people, or are they just reading out a speech?
Honestly, I have no idea.
But I can appreciate if you were a candidate in India going for the prime ministership, and you have 780 languages, and you speak, what, two of them, as the current prime minister apparently does?
How do you get your message across to everybody else? So AI-generated stuff could be the answer, right?
Because it can translate it into all the dialects, at least the 23 official ones. So political parties are crafting AI-generated news anchors, right?
So you even have fake news anchors to convey political messages, election promises, and manifestos. Now, when I say AI-generated, I don't mean fake.
These are advocated by the actual party. And the point is to connect with a wider voter base over live streaming on social media platforms across diverse linguistic demographics.
But I can appreciate if you were a candidate in India going for the prime ministership, and you have 780 languages, and you speak, what, two of them, as the current prime minister apparently does?
How do you get your message across to everybody else? So AI-generated stuff could be the answer, right?
Because it can translate it into all the dialects, at least the 23 official ones. So political parties are crafting AI-generated news anchors, right?
So you even have fake news anchors to convey political messages, election promises, and manifestos. Now, when I say AI-generated, I don't mean fake.
These are advocated by the actual party. And the point is to connect with a wider voter base over live streaming on social media platforms across diverse linguistic demographics.
Well, hang on, hang on. Just roll back a second. What do you mean here? So you're saying these are AI-generated, but they're not fake. Do you mean they're not malicious?
They're not deliberately deceptive?
They're not deliberately deceptive?
Yes, they're not deep— see, that's the problem. So I think many of us associate the word deepfake with bad.
OK.
Right? But if I am a party and I want to do this, I'm like, let's just create an avatar. Let's get the messages out. Let's target specific messages based on specific regions.
And then let's slap it in and way to go.
And then let's slap it in and way to go.
You know, I think these politicians, I think they've got the wrong end of the stick of how to deal with this.
Because I think most people do not want a call from a political candidate, right? They do not want to have that phone call.
What I would do if I were a political party, so if it were the Cluley Party, what I would do I think is I would run a campaign which rang up people pretending to be my opposition, right?
And annoy the voters with my constant phone calls pretending to be the opposition in order that I get the votes instead.
Because I think most people do not want a call from a political candidate, right? They do not want to have that phone call.
What I would do if I were a political party, so if it were the Cluley Party, what I would do I think is I would run a campaign which rang up people pretending to be my opposition, right?
And annoy the voters with my constant phone calls pretending to be the opposition in order that I get the votes instead.
Do you think that's not happening right now? Do you think that there are not other parties that are trying to, you know, take down the current political leader?
It's like a Joe job, isn't it? Yeah, oh, I'm sure there are, but I just think use the deepfake and the AI technology to pose as—
No, no, don't do that. Don't do that. Do not listen to Graham. No, no, no, no.
No, no, I'm not saying do it. I'm just saying that if—
I think what I'm saying is both things are happening. So a legitimate party is using AI tech to be able to get their messages out in a more engaging way. To a broader audience.
But also you've got the baddies that are trying to discredit certain parties or cause some strife using deepfakes to try and mess the whole thing up, misinformation, all that stuff.
But also you've got the baddies that are trying to discredit certain parties or cause some strife using deepfakes to try and mess the whole thing up, misinformation, all that stuff.
Yes. All I'm saying is the bad guys don't have to be lying in the message.
They could just be saying, "Hey, isn't the party Van Dabby Dozy terrific?" And just the sheer fact that they've rung you up is irritating enough that you would never vote for Van de Beekdosen.
They could just be saying, "Hey, isn't the party Van Dabby Dozy terrific?" And just the sheer fact that they've rung you up is irritating enough that you would never vote for Van de Beekdosen.
Okay. Okay. Okay. Well, they've heard it here. You've heard it here, folks. There's elections coming up across Europe and the States, and maybe they'll use that, Graham.
So you've given that away for free.
So you've given that away for free.
I bet everyone agrees with me. I bet everyone agrees.
I'm sure they do. So in my view, there are a few massive problems here. Right?
Right.
Number one, voters don't know what's real or fake.
Yeah, because there was also on Instagram, there was an Instagram Reel featuring the current Prime Minister Modi singing a popular Bollywood song using AI.
The video depicts the Prime Minister seated cross-legged playing a guitar, and it's amassed over 3.4 million views on Instagram.
Now, as far as I understand, there's no political message in there. It's just like, oh, isn't he great? Look at him, so cute.
Yeah, because there was also on Instagram, there was an Instagram Reel featuring the current Prime Minister Modi singing a popular Bollywood song using AI.
The video depicts the Prime Minister seated cross-legged playing a guitar, and it's amassed over 3.4 million views on Instagram.
Now, as far as I understand, there's no political message in there. It's just like, oh, isn't he great? Look at him, so cute.
There he is, sat cross-legged. That's quite impressive for a man of his years.
Well, who knows if it was really him, right? So voters don't know what's real or fake. The use of AI has led offenders to disown their statements after criticism.
So if people complain, they go, "Obviously, that was a deepfake, nothing to do with us.
We wouldn't have done that." But maybe the most important thing, which is the Wild West effect at the moment, or Wild East in this situation, is there's no serious legislation to curb the misuse.
So while policymakers and regulators from Brussels to Washington are racing to craft legislation restricting AI-powered audio, images, and video on the campaign trail, a regulatory vacuum is emerging.
So the European Union's landmark AI Act does not take effect until after June's parliamentary elections.
And in the US Congress, bipartisan legislation that would ban falsely depicting federal candidates using AI is unlikely to become law before the November elections.
So I think the thing I'm, I guess I'm trying to get across is pay attention to the India elections and what happens throughout them.
Try and use reputable sources like Reuters or The Times or The Washington Post or the—
So if people complain, they go, "Obviously, that was a deepfake, nothing to do with us.
We wouldn't have done that." But maybe the most important thing, which is the Wild West effect at the moment, or Wild East in this situation, is there's no serious legislation to curb the misuse.
So while policymakers and regulators from Brussels to Washington are racing to craft legislation restricting AI-powered audio, images, and video on the campaign trail, a regulatory vacuum is emerging.
So the European Union's landmark AI Act does not take effect until after June's parliamentary elections.
And in the US Congress, bipartisan legislation that would ban falsely depicting federal candidates using AI is unlikely to become law before the November elections.
So I think the thing I'm, I guess I'm trying to get across is pay attention to the India elections and what happens throughout them.
Try and use reputable sources like Reuters or The Times or The Washington Post or the—
And don't answer the phone.
I don't know if it's only phones that we need to worry about. It's all over the socials as well.
Okay. Oh, sorry. Yes, you're right. Don't go onto Instagram.
I agree. Follow my lead. Get the fuck off the socials. So as the lines between real and fake blur, what the actual fuck are voters supposed to do? Like, what are their options?
Don't vote because you don't know what you don't know. You don't know what's real. You don't know what's fake. Or you cast a vote and hope that you weren't misled.
Like, it's a bit of a nightmare for democracies the world over, and it's leaders of countries that aren't democratic that might actually win out here.
Yeah, that's a bit ominous, but there you go. So there's my cheery pick of the week.
But I would just say pay attention to see what happens there, because elections are coming in lots of our countries.
A lot of our listeners live in countries that I've mentioned, and it might be good to have an idea of what actually happens there, because trust me, the bad guys are paying attention too.
Don't vote because you don't know what you don't know. You don't know what's real. You don't know what's fake. Or you cast a vote and hope that you weren't misled.
Like, it's a bit of a nightmare for democracies the world over, and it's leaders of countries that aren't democratic that might actually win out here.
Yeah, that's a bit ominous, but there you go. So there's my cheery pick of the week.
But I would just say pay attention to see what happens there, because elections are coming in lots of our countries.
A lot of our listeners live in countries that I've mentioned, and it might be good to have an idea of what actually happens there, because trust me, the bad guys are paying attention too.
You just said pick of the week, I think, by accident. He said, and there's my cheery pick of the week.
I can't wait to get to my pick of the week, that's why.
I've noticed, so there are some elections coming up here in the UK. Yes.
At both local elections, and then later in the year, there's at some point to be determined, there's going to be a general election as well.
And it's quite interesting, this whole, are we going to begin to see fake news?
At both local elections, and then later in the year, there's at some point to be determined, there's going to be a general election as well.
And it's quite interesting, this whole, are we going to begin to see fake news?
Of course we will.
Well, I'll tell you what I've been noticing. I've been getting campaign leaflets through my door.
Now, there's a particular political party which isn't doing terribly well in the polls at the moment compared to their current allocation of members of Parliament.
I'm not going to name any names. But what's interesting is the things which come through the door, they've really disguised which political party they're from.
So if it's the incumbent who isn't doing terribly well, you have to look really, really hard to actually work out, well, which political party is this person actually represent— oh, it's that one.
'Cause they don't want to mention it 'cause they know that that's not taken the right way.
So I wonder if we will see fake, you know, deepfake and AI technology somehow getting around that problem as well.
Now, there's a particular political party which isn't doing terribly well in the polls at the moment compared to their current allocation of members of Parliament.
I'm not going to name any names. But what's interesting is the things which come through the door, they've really disguised which political party they're from.
So if it's the incumbent who isn't doing terribly well, you have to look really, really hard to actually work out, well, which political party is this person actually represent— oh, it's that one.
'Cause they don't want to mention it 'cause they know that that's not taken the right way.
So I wonder if we will see fake, you know, deepfake and AI technology somehow getting around that problem as well.
Yeah, and still I would say today, I think, I don't know, I'm just guessing here, the ballparking, but I feel that when I read AI-generated content, I can kind of spot it after a few paragraphs, if not earlier.
But I suspect that's going to get much, much harder to spot with the naked eye in years to come.
But I suspect that's going to get much, much harder to spot with the naked eye in years to come.
Good luck in your election.
Actually, I think it's more good luck to all of us who are going to be facing elections in the near future. So take heed, my friends.
When it comes to ensuring your company has top-notch security practices, things can get complicated fast.
Now you can assess risk, secure the trust of your customers, and automate compliance for ISO 27001, SOC 2, and more with a single platform. And that platform is Vanta.
Vanta's market-leading trust management platform helps you continuously monitor compliance alongside reporting and tracking risk.
Plus, you can save hours by completing security questionnaires with Vanta AI.
Join thousands of global companies like Atlassian, Flow Health, and Quora that use Vanta to automate evidence collection, unify risk management, and streamline security reviews.
Smashing Security listeners get 20% off Vanta. All you have to do is go to vanta.com/smashing to claim your discount. That's vanta.com/smashing.
And thanks to Vanta for supporting the show.
Now you can assess risk, secure the trust of your customers, and automate compliance for ISO 27001, SOC 2, and more with a single platform. And that platform is Vanta.
Vanta's market-leading trust management platform helps you continuously monitor compliance alongside reporting and tracking risk.
Plus, you can save hours by completing security questionnaires with Vanta AI.
Join thousands of global companies like Atlassian, Flow Health, and Quora that use Vanta to automate evidence collection, unify risk management, and streamline security reviews.
Smashing Security listeners get 20% off Vanta. All you have to do is go to vanta.com/smashing to claim your discount. That's vanta.com/smashing.
And thanks to Vanta for supporting the show.
If a security software company said they could help you reduce the permissions attack surface in your cloud by 92% with the click of a single button, what would you say?
Sonrai Security just made achieving least privilege easy with the Cloud Permissions Firewall, a scalable solution that easily restricts excessive permissions from human and machine identities, quarantines unused identities, and disables unused regions and services without any disruptions.
Even better, the solution maintains this level of risk reduction by automatically enforcing least privilege policies as new identities are added to the environment. What's better?
The fact that you can test drive Sonrai's Cloud Permissions Firewall for free for 14 days. Just visit smashingsecurity.com/sonrai. That's smashingsecurity.com/sonrai.
That's S-O-N-R-A-I.
Sonrai Security just made achieving least privilege easy with the Cloud Permissions Firewall, a scalable solution that easily restricts excessive permissions from human and machine identities, quarantines unused identities, and disables unused regions and services without any disruptions.
Even better, the solution maintains this level of risk reduction by automatically enforcing least privilege policies as new identities are added to the environment. What's better?
The fact that you can test drive Sonrai's Cloud Permissions Firewall for free for 14 days. Just visit smashingsecurity.com/sonrai. That's smashingsecurity.com/sonrai.
That's S-O-N-R-A-I.
You've probably heard us talk about Kolide before, but did you know Kolide was just acquired by 1Password?
Well, that's pretty big news since these two companies are leading the industry in creating security solutions that put users first.
For over a year, Kolide Device Trust has helped companies with Okta ensure that only known and secure devices can access their data.
And that's what they're still doing, but now as part of 1Password. So if you've got Okta and you've been meaning to check out Kolide, now's a great time.
Kolide comes with a library of pre-built device posture checks and you can write your own custom checks for just about anything you can think of.
Plus, you can use Kolide on devices without MDM, your Linux fleet, contractor devices, and every BYOD phone and laptop in your company.
Now that Kolide is part of 1Password, it's only going to get better. Check it out at kolide.com/smashing to learn more and watch the demo today. That's kolide.com/smashing.
And thanks to them for supporting the show. And welcome back. Can you join us at our favorite part of the show? The part of the show that we to call Pick of the Week.
Well, that's pretty big news since these two companies are leading the industry in creating security solutions that put users first.
For over a year, Kolide Device Trust has helped companies with Okta ensure that only known and secure devices can access their data.
And that's what they're still doing, but now as part of 1Password. So if you've got Okta and you've been meaning to check out Kolide, now's a great time.
Kolide comes with a library of pre-built device posture checks and you can write your own custom checks for just about anything you can think of.
Plus, you can use Kolide on devices without MDM, your Linux fleet, contractor devices, and every BYOD phone and laptop in your company.
Now that Kolide is part of 1Password, it's only going to get better. Check it out at kolide.com/smashing to learn more and watch the demo today. That's kolide.com/smashing.
And thanks to them for supporting the show. And welcome back. Can you join us at our favorite part of the show? The part of the show that we to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they like.
It doesn't have to be security-related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they like.
It doesn't have to be security-related necessarily.
Better not be.
Well, Carole, you know me. I to keep my picks of the week topical.
All right. Is this from the '50s or something?
1957 it was.
Oh my God.
When a movie came out, which I have never seen, a classic movie. Maybe you can guess what it is. Directed by Sidney Lumet. Nope. Starring Henry Fonda.
Oh, I Henry Fonda, but I haven't seen all his films.
Also has Jack Klugman, who later found fame as Quincy in it.
Hmm.
It's basically—
Our listeners are going crazy. They're, 'Carole, don't you understand?
It's easy.' It's an all-male cast and largely on one set. It is 12 Angry Men.
I had the flu this weekend, so I was cuddled up on the sofa, and I thought, 'What can I do?' to make myself feel better. And so I watched 12 Angry Men.
Have you ever seen 12 Angry Men?
I had the flu this weekend, so I was cuddled up on the sofa, and I thought, 'What can I do?' to make myself feel better. And so I watched 12 Angry Men.
Have you ever seen 12 Angry Men?
I think I have, because my husband's a movie buff. So, I get to be educated regularly with wonderful films from the past, yeah.
It's a great old black-and-white movie with fantastic cast. It is a seemingly open-and-shut case of murder where a jury has to decide if a young man is guilty or not.
If he is found guilty, he's gonna be sentenced to death. And I'm sure many people already know this.
Some, many of you may already have watched it, but for you youngsters who listen to the podcast who haven't got around to watching it yet, or people me who are sort of quite mentally young and culturally young, you may not know.
But anyway, the premise is this: at the beginning of the movie, only one of the jury believes that there is reasonable doubt about the murder charge.
Everyone else thinks that the suspect is guilty. And they also think they should be allowed to nip home early from the jury service to go and watch the ball game.
And so it's up to Henry Fonda as the one man on the jury to convince all the others—
If he is found guilty, he's gonna be sentenced to death. And I'm sure many people already know this.
Some, many of you may already have watched it, but for you youngsters who listen to the podcast who haven't got around to watching it yet, or people me who are sort of quite mentally young and culturally young, you may not know.
But anyway, the premise is this: at the beginning of the movie, only one of the jury believes that there is reasonable doubt about the murder charge.
Everyone else thinks that the suspect is guilty. And they also think they should be allowed to nip home early from the jury service to go and watch the ball game.
And so it's up to Henry Fonda as the one man on the jury to convince all the others—
Brilliant.
—that it shouldn't be a guilty verdict. I'm gonna watch this.
I'm sure I've seen it. I'm gonna watch it again.
It's great. Great characters, sharp script. Explores prejudices in this single claustrophobic jury room. I'm sure it's been done as a play many times as well.
Christ, do you think we're going to get AI-generated movies where the plots are going to be so fucking boring we're going to want to just gouge our ears?
I saw a trailer for one just the other day. A completely AI-generated movie.
It's going to make so much money just because people want to see, and it's going to be so poo-poo.
After watching the trailer, you won't want to see it, probably.
No, it's not on my list.
Anyway. 12 Angry Men. I only just saw the original Top Gun a few years ago, so—
No, you're hip, you're hip, you're fashion.
I still have to see E.T. and Jurassic Park. So once I've seen those, I'll maybe make a decision.
Oh, E.T., come on. Gotta see E.T.
Never seen it, never seen it.
That's so adorable.
Carole, what's your Pick of the Week?
Well, as listeners know, I was travelling last week. I was in Canada, and I ended up taking the train to catch my plane back to Heathrow.
And the trains in Canada are operated by VIA Rail. And I have to admit, I've always been a big fan, especially after coming to England, because they are staffed by lovely people.
There's a lot of staff. You know, there's people to help you on the train, people to help you put your bags away, people to direct you where you need to go.
It's just— you're never lost. You're always feeling like, I know where I'm going and I know what I'm doing and I know where my seat is.
And the trains in Canada are operated by VIA Rail. And I have to admit, I've always been a big fan, especially after coming to England, because they are staffed by lovely people.
There's a lot of staff. You know, there's people to help you on the train, people to help you put your bags away, people to direct you where you need to go.
It's just— you're never lost. You're always feeling like, I know where I'm going and I know what I'm doing and I know where my seat is.
Did you say there are lovely people manning the train?
Damn it! So— Oh, working on the train. Right. No, no, thank you, thank you. Let's just keep doing this. This is good for us.
Also, you seem to have offended everyone who works on the train system in the UK by suggesting they're not lovely. I mean, there may be fewer of them, but—
Okay, you tell me at the end of this story if this would happen in the UK. All right.
Now, the only drawback of these trains, and I'll admit this now, is they're not nearly as frequent as trains in Europe.
So you have to plan your journey a little more carefully so you don't end up waiting somewhere for hours. Anyway, I take the train. Great experience.
Get to the airport on time and then end up getting some food because the plane is delayed by a few hours. I know, right? So whatever. We have some food.
We go through the secure area and I'm getting ready to fly. And I realize I do not have my wallet.
Now, the only drawback of these trains, and I'll admit this now, is they're not nearly as frequent as trains in Europe.
So you have to plan your journey a little more carefully so you don't end up waiting somewhere for hours. Anyway, I take the train. Great experience.
Get to the airport on time and then end up getting some food because the plane is delayed by a few hours. I know, right? So whatever. We have some food.
We go through the secure area and I'm getting ready to fly. And I realize I do not have my wallet.
Oh, not Carole.
I didn't pay. I didn't pay the food, so I didn't notice at the restaurant. But I pack and unpack my carry-on luggage, tiny, but nowhere to be found.
And now I'm out of contact with the world for seven hours. And in the wallet, I had a number of important cards, banking stuff and all that.
I had my driver's license, and I had a lot of cash because I'd sold a few paintings while I was out in Canada. So nightmare, just annoying.
So when I get home, I'm jet lagged as anything 'cause it was a full flight. They basically put two flights onto one. So we were sitting sardines on an overnight flight.
But I start calling banks to cancel cards. And they were all, aside from one, Barclays, relatively easy to do with new cards being dispatched instantly.
So I get some shut-eye because I'm jet-lagged. I haven't slept. I get to sleep for a few hours. I wake up and I have a lovely email from the people at Via Rail.
I get this email from Via train agent Raphael, emails me to say they have found my wallet on the train at the end of the line and requests that I get in touch with them on how they can get it back to me.
I tell them, I'm out of the country. Could a family member in a completely different city pick it up? Yes, no problem.
The wallet was on the train the next day to be delivered to the station of my request. Now, my question in my head is, will the cash be in there?
Because who knows how the wallet got into the hands of the lost and found Via Rail. It could have been somebody.
And now I'm out of contact with the world for seven hours. And in the wallet, I had a number of important cards, banking stuff and all that.
I had my driver's license, and I had a lot of cash because I'd sold a few paintings while I was out in Canada. So nightmare, just annoying.
So when I get home, I'm jet lagged as anything 'cause it was a full flight. They basically put two flights onto one. So we were sitting sardines on an overnight flight.
But I start calling banks to cancel cards. And they were all, aside from one, Barclays, relatively easy to do with new cards being dispatched instantly.
So I get some shut-eye because I'm jet-lagged. I haven't slept. I get to sleep for a few hours. I wake up and I have a lovely email from the people at Via Rail.
I get this email from Via train agent Raphael, emails me to say they have found my wallet on the train at the end of the line and requests that I get in touch with them on how they can get it back to me.
I tell them, I'm out of the country. Could a family member in a completely different city pick it up? Yes, no problem.
The wallet was on the train the next day to be delivered to the station of my request. Now, my question in my head is, will the cash be in there?
Because who knows how the wallet got into the hands of the lost and found Via Rail. It could have been somebody.
Oh my goodness.
Well, you don't know how much cash was in it. It was an annoying amount of cash. I'm a very good artist.
I would never even have thought of that. Really? No, I wouldn't worry about the cash. It's the cards that matter, isn't it?
I know, but whenever I'm with you, you never seem to have any cash on you at all.
Exactly. So my wallet was picked up by a family member. And guess what? All the money is still there.
I thought you're going to say the family member pinched it.
They probably have. So my pick of the week is that I love Via Rail, I love Mr.
Raphael, and if you find yourself in Canada, I do think you should check out the trains just to see how to do them right, because it is a really lovely experience.
I might even do a cross-Canada, east to west on the train sometime because it's so comfortable.
Raphael, and if you find yourself in Canada, I do think you should check out the trains just to see how to do them right, because it is a really lovely experience.
I might even do a cross-Canada, east to west on the train sometime because it's so comfortable.
Well, it is a lovely story and a true reflection of how Canadians are the loveliest people in the universe.
But did they charge you anything for delivering your wallet to the sovereign?
But did they charge you anything for delivering your wallet to the sovereign?
Yeah, £400. Reasonable, right? Not a cent.
Okay, not a cent. Not a cent.
All I got was lovely emails, 'cause obviously I was very effusive at this service.
I think I sent at the end, I was like, "Digital hugs." It occurs to me that this could be something which could be exploited.
Because maybe if you want to deliver a package or a parcel across Canada, maybe what you do is just leave it on any old train and wait for Via Rail to get in touch with you and say, oh, could you deliver it to a family member in Vancouver?
And they'll say, sure, we'll organise that. And then it gets over there and you don't have to pay anything.
Because maybe if you want to deliver a package or a parcel across Canada, maybe what you do is just leave it on any old train and wait for Via Rail to get in touch with you and say, oh, could you deliver it to a family member in Vancouver?
And they'll say, sure, we'll organise that. And then it gets over there and you don't have to pay anything.
I cannot believe you would put a tinge of shit on this otherwise beautiful rainbow of a story, Graham. Actually, I'm not surprised at all.
I'm not surprised at all that you've done that. Anyway, Via Rail is my pick of the week. Thank you very much, Raphael.
Thank you to everyone who helped find it and return it to me, and I'm thrilled.
I'm not surprised at all that you've done that. Anyway, Via Rail is my pick of the week. Thank you very much, Raphael.
Thank you to everyone who helped find it and return it to me, and I'm thrilled.
That is a brilliant story. Oh Canada! Yes, yay Canada! Well, that just about wraps up the show for this week.
You follow us on Twitter @SmashingSecurity, no G, Twitter allows to have a G. And don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast apps, such as Apple Podcasts, Spotify, and Pocket Casts.
You follow us on Twitter @SmashingSecurity, no G, Twitter allows to have a G. And don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast apps, such as Apple Podcasts, Spotify, and Pocket Casts.
And huge, huge thank you to our episode sponsors, Sonrai, Vanta, and Kolide. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest list, and the entire back catalog of more than 368 episodes, check out smashingsecurity.com.
For episode show notes, sponsorship info, guest list, and the entire back catalog of more than 368 episodes, check out smashingsecurity.com.
Until next time, when we have a great special guest. Cheerio. Bye-bye. Bye.
Who's our guest next week? I'll tell you. Secret.
I don't get to know. I can tell you. It is in the calendar.
The listeners do. The listeners. Okay.
I'll just open my email. We can beep it out. We can beep it out if you like. It's only— Oh, fuck.
Do I just block out the fuck or—
You can just block out whatever you want.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Episode links:
- When a breach goes from 25 documents to 1.3 terabytes… – Graham Cluley.
- Leicester street lights stuck on all day due to cyber attack – Leicester Mercury.
- Top AI researchers race to detect ‘deepfake’ videos: ‘We are outgunned – Washington Post.
- AI deepfakes threaten to upend global elections. No one can stop them – Washington Post.
- Models, dead netas, campaigning from jail: How AI is shaping Lok Sabha polls – India Today.
- Why Elections Take So Long in India – The New York Times.
- How A.I. Tools Could Change India’s Elections – The New York Times.
- Bollywood deepfakes fuel AI election meddling fears in India – GG2.
- World Explained: How India’s politicians are using AI to reach voters in the world’s most populous country – The Scotsman.
- 12 Angry Men – Wikipedia.
- VIA Rail.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Sonrai’s Cloud Permissions Firewall – A one-click solution to least privilege without disrupting DevOps. Start a 14 day free trial now!
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Graham, I would be your friend and have a coffee with you! lol
Carole, I know the horror of losing a wallet (maybe not with as much money as you had as I am NOT artistic) and am so delighted that your experience has ended the way it did! My maternal grandmother instilled in me from a very young age, the love of travelling by trains in Canada and I have never experienced any misadventures in using VIA!