Apple announces a new privacy feature in iOS that will allow you to hide and lock away your apps – but will it be philanderers who benefit the most? And an ex-police officer is arrested for extortion.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Yeah, okay, but there are things such as throuples these days, Graham.
What? Throuples? Yes! Yes!
Suggest it to your partner, see what she says.
Okay, I'll give it a try. Smashing Security, episode 376. iOS 18 for cheaters and a model cop extortionist with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 376. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 376. My name's Graham Cluley.
And I'm Carole Theriault.
Carole, I hope you're enjoying— is it a question of enjoying when you're on an overseas top secret mission? I'm not sure if it is or not.
Occasionally. Wait for my pick of the week to find out.
Oh, I'll tell you something that you've missed while you've been away is that I went to InfoSec in London.
And I know that's one sad thing about being away during that time is missing the wonderful award ceremony.
And I know that's one sad thing about being away during that time is missing the wonderful award ceremony.
What happened?
It was the European Security Blogger Awards, which also looks after podcast awards, of course.
And Smashing Security was named the best podcast for making cybersecurity accessible for all. Woo-hoo!
And Smashing Security was named the best podcast for making cybersecurity accessible for all. Woo-hoo!
That's a great, you know, that's kind of one of our mantras, don't you think? Is, you know, educating.
I think so. We're not the nerdiest podcast.
No.
When it comes to cybersecurity.
Maybe a funnier one though.
Well, funnier looking. But anyway, thank you to all of our listeners for voting for us. Very much appreciated. We love you all.
Yes. Let's thank this week's wonderful sponsors, 1Password and Vanta. It's their support that help us give you this show for free.
Now, coming up on today's show, Graham, what do you got?
Now, coming up on today's show, Graham, what do you got?
I'm going to be talking about something hidden inside the new version of iOS.
Ooh, and I have the story of a hot ex-cop who landed herself in a spot of extortion bother. All this and much more coming up on this episode of Smashing Security.
Now, chums, chums, many of you, I know, have got smartphones. Many of you will have the Apple iPhone, of course, as well.
And I don't know if you've heard, Carole, but it has been dubbed a cheater's paradise, the Apple iPhone, because they have announced—
And I don't know if you've heard, Carole, but it has been dubbed a cheater's paradise, the Apple iPhone, because they have announced—
Has it?
Yes, because they have announced the new privacy feature, which is coming down the tracks pretty darn quick in the form of iOS version 18.
iOS, of course, is the operating system on iPhones. And that was unveiled this week by Apple at the WWDC conference.
And folks are already playing around with the beta ahead of its general availability, which is gonna come in September. And there's some major updates in iOS 18.
The one they're really sort of crowing about a lot, a range of new AI features that they claim will make Apple phones smarter and more capable and also able to generate emojis of the people you're speaking, all kinds of stupid stuff as well.
But you know, they're putting rocket fuel into Siri to make it smarter and make it a bit more like ChatGPT.
In fact, they've got some sort of relationship now with OpenAI just to try and make the Siri assistant a bit smarter, but do various other things as well.
But we're not going to talk about the AI features.
Instead, we're going to discuss a new privacy-related one because they announced they're going to let you lock or hide your iPhone and iPad apps, making them inaccessible unless you do a Face ID scan.
So your phone or your iPad is already unlocked, but if you want to go into a particular app, you'll be able to say, oh, you need Face ID to access that one. All right.
iOS, of course, is the operating system on iPhones. And that was unveiled this week by Apple at the WWDC conference.
And folks are already playing around with the beta ahead of its general availability, which is gonna come in September. And there's some major updates in iOS 18.
The one they're really sort of crowing about a lot, a range of new AI features that they claim will make Apple phones smarter and more capable and also able to generate emojis of the people you're speaking, all kinds of stupid stuff as well.
But you know, they're putting rocket fuel into Siri to make it smarter and make it a bit more like ChatGPT.
In fact, they've got some sort of relationship now with OpenAI just to try and make the Siri assistant a bit smarter, but do various other things as well.
But we're not going to talk about the AI features.
Instead, we're going to discuss a new privacy-related one because they announced they're going to let you lock or hide your iPhone and iPad apps, making them inaccessible unless you do a Face ID scan.
So your phone or your iPad is already unlocked, but if you want to go into a particular app, you'll be able to say, oh, you need Face ID to access that one. All right.
So basically I can log into my phone, but I want to go to my banking app. I'd have to do the Face ID.
Yeah. If your banking app didn't already support Face ID, you'd now be able to do that at the operating system level.
Or maybe you've got a messaging app and you wanted to put that behind Face ID for some reason, or your photos perhaps.
Maybe you don't want people looking at your photos if you lend them your phone, and that would then be protected by Face ID as well.
Now it's already easy to hide apps on iOS by disabling the ability to search for them, or you could bury them deep in a folder or something like this.
But in this new iOS 18 coming in September, there's this whole new level of privacy protection.
And what they're saying is that locked and hidden apps are going to offer users peace of mind.
The information they want to keep private, such as app notifications and content, won't inadvertently be seen by others.
So you can lock the app, and for additional privacy, you can even hide an app as well.
Or maybe you've got a messaging app and you wanted to put that behind Face ID for some reason, or your photos perhaps.
Maybe you don't want people looking at your photos if you lend them your phone, and that would then be protected by Face ID as well.
Now it's already easy to hide apps on iOS by disabling the ability to search for them, or you could bury them deep in a folder or something like this.
But in this new iOS 18 coming in September, there's this whole new level of privacy protection.
And what they're saying is that locked and hidden apps are going to offer users peace of mind.
The information they want to keep private, such as app notifications and content, won't inadvertently be seen by others.
So you can lock the app, and for additional privacy, you can even hide an app as well.
Okay.
So when an app's locked or hidden, content like your messages, your emails inside the app, they're hidden from search notifications and other places across the system.
Now, I don't think this is necessarily a bad idea because the other day—
Now, I don't think this is necessarily a bad idea because the other day—
Okay, yeah, I love a scenario, a use case.
Okay, so the other day, my partner and I, we were on a long car journey, and from the back seat came this plaintive voice, which was my son. "Oh, Dad, Dad, my phone battery's died.
I want to listen to some music." You know, he wanted to listen to something, so I lent him my phone.
I want to listen to some music." You know, he wanted to listen to something, so I lent him my phone.
I feel sorry for his voice. Well, it's—
He takes after his father. And so I lent him my phone so he could listen to his Spotify or whatever, you know, whatever band that he wanted to listen to.
And then I thought, shit, what's he going to do with that? Because although some of—
And then I thought, shit, what's he going to do with that? Because although some of—
What do you mean?
Well, although some of my apps have got biometric protection on them and he'd need to point it at my face to unlock it, others wouldn't.
Well, what kind of apps are you worried about?
Well, maybe I don't want him seeing everything. Maybe I don't want him reading my email or sending emails from my account or tweeting nonsense to my followers.
It's not as though he would do that, but he could accidentally, or he could go into Twitter and like something inappropriate, or, you know, who knows?
It's not as though he would do that, but he could accidentally, or he could go into Twitter and like something inappropriate, or, you know, who knows?
I don't have a teenage son, but I'm just— the word trust issues is occurring to me slightly.
When you have a teenage son, sometimes you can trust them. It doesn't necessarily mean that you trust them to do something good. Right.
So I thought, oh darn, maybe I shouldn't have given it to him. Wouldn't it have been great if some of my apps were locked from use?
If my apps had their own bouncer, basically my face, that could lock them down like Fort Knox, only accessible after a stare down with my iPhone.
So I thought, oh darn, maybe I shouldn't have given it to him. Wouldn't it have been great if some of my apps were locked from use?
If my apps had their own bouncer, basically my face, that could lock them down like Fort Knox, only accessible after a stare down with my iPhone.
Right.
That would be great.
So with iOS 18, if someone's using your phone and you've locked an app, when they try to open the app, they'll see this pop-up saying it can't be accessed without doing the Face ID check, which is really handy if you're down the pub and someone says, oh, can I just call someone?
Or can I just do this? And you don't want them going into your photos or something. I think that's quite a good thing, right? Do you agree?
So with iOS 18, if someone's using your phone and you've locked an app, when they try to open the app, they'll see this pop-up saying it can't be accessed without doing the Face ID check, which is really handy if you're down the pub and someone says, oh, can I just call someone?
Or can I just do this? And you don't want them going into your photos or something. I think that's quite a good thing, right? Do you agree?
Yeah, yeah. I don't know how many times— I think the only times I can imagine you lending a phone is if you are a parent.
Right.
I mean, I don't know. I suppose actually, yeah, you do lend your phone.
Like if you're doing a music playlist or something and you've got connection to a speaker, everyone kind of gets their mitts on your phone.
Like if you're doing a music playlist or something and you've got connection to a speaker, everyone kind of gets their mitts on your phone.
Or someone says, oh, my phone's run out of battery. Can I just make a call or something? Or can I just borrow your phone for a sec? I think it does happen.
Sometimes it happens quite casually. I mean, even with people you may not know that well.
Sometimes it happens quite casually. I mean, even with people you may not know that well.
But I would say no if I didn't totally trust the person.
You would?
I wouldn't say F off, but I'd say no.
Mm-hmm.
I'll make the call for you.
Right.
Okay. Anyway, so interesting idea.
Let's cut to the chase, right? I've given you a scenario where it could be handy. What's the most common use case of this? How are people actually gonna use this?
Pervy things?
Exactly.
Oh.
People are going to use this to hide their Tinder or their Hinge app from their significant other.
Only if they're a dweeb.
I think that's how—
Right, it's not most people.
I think that's how— No, I'm not saying most people, but I'm suggesting that most of the people who actually use this feature are probably going to do it to hide some kind of activity on their phone, which they don't want someone in their household from seeing.
Well, in your case, it's just your fricking email.
Well, it might, it might be, but I'm sure there's plenty of people as well who may be having affairs or flirting or something like that.
And wouldn't it be handy to hide the app from other people?
And that's why plenty of folks have had a bee in their bonnet, taken their pitchforks and torches to Twitter, claiming that this feature is a way to keep affairs under the radar.
And by the way, I did some research. Apparently it's the case that nearly two-thirds of Tinder users who were surveyed said they were already in relationships.
So there are a fair number of people in relationships who are using—
And wouldn't it be handy to hide the app from other people?
And that's why plenty of folks have had a bee in their bonnet, taken their pitchforks and torches to Twitter, claiming that this feature is a way to keep affairs under the radar.
And by the way, I did some research. Apparently it's the case that nearly two-thirds of Tinder users who were surveyed said they were already in relationships.
So there are a fair number of people in relationships who are using—
Yeah, okay, but there are things such as throuples these days, Graham.
What? Throuples? Yes. Yes.
Suggest it to your partner, see what she says.
Okay, I'll give it a try. So if you do this, your hidden apps get placed in a folder called Hidden. That actually exists even if there are no apps hidden inside it.
So that's because I wondered if you hide an app, how do you then find it to actually run the damn thing if you can't search for it and you can't see the icon?
So there is a place where you can go and look. So that you might think that gives you a hint that someone has deliberately hidden apps, but apparently—
So that's because I wondered if you hide an app, how do you then find it to actually run the damn thing if you can't search for it and you can't see the icon?
So there is a place where you can go and look. So that you might think that gives you a hint that someone has deliberately hidden apps, but apparently—
Do you open that up? Do you open that up with Face ID as well? The hidden folder?
Well, the folder actually exists even if you don't have anything hidden inside it. But I imagine it then gives you a sort of preview of, I don't know.
Yeah, I guess you have to unlock it, don't you? With your Face ID.
Yeah, I guess you have to unlock it, don't you? With your Face ID.
That would be a really big, that would be a big slip-up, wouldn't it? You could just go in and— Unhide them.
Go, go. Yes, exactly. Now, there are arguably legitimate use cases to hide and/or protect an app.
For instance, maybe you're in an abusive relationship, you have an overly jealous partner that wishes to violate your privacy.
Maybe you share a device with your son, in my case, or a partner.
iOS still— I can't believe this is the case— it still doesn't do what desktop computers do, which is they give you user profile. You're able to log in as different people.
I mean, surely things like iPhones and iPads should have that ability by now. So you can log in differently and have a different setup.
For instance, maybe you're in an abusive relationship, you have an overly jealous partner that wishes to violate your privacy.
Maybe you share a device with your son, in my case, or a partner.
iOS still— I can't believe this is the case— it still doesn't do what desktop computers do, which is they give you user profile. You're able to log in as different people.
I mean, surely things like iPhones and iPads should have that ability by now. So you can log in differently and have a different setup.
And I still haven't got my head around it. I'm not kidding. I don't get it at all.
Well, don't worry, because Apple has said that not every app is going to get this VIP lock and hide treatment.
Apparently, iOS won't let you lock and hide Maps, Stocks, Clock, and the Calculator app.
Apparently, iOS won't let you lock and hide Maps, Stocks, Clock, and the Calculator app.
Well, thank God Stocks is there. Well, because, you know, for my day-to-day needs in the world of where am I? What time is it? And how much is it?
I'm glad that Stocks are at least a default.
I'm glad that Stocks are at least a default.
I think it's an odd decision of theirs not to let you lock Stocks.
Oh, do you?
Yes.
Oh yeah, of course.
Because Stocks, you could find out what stock someone is following, which could be a piece of private information, even if it doesn't share how much they may have invested in them.
Similarly, clocks might give private information away. Like if you've associated names with your alarms going off at certain times. Alright, alright, you're dubious. What about maps?
So they haven't allowed you to lock maps.
Similarly, clocks might give private information away. Like if you've associated names with your alarms going off at certain times. Alright, alright, you're dubious. What about maps?
So they haven't allowed you to lock maps.
Yeah, maps is interesting.
Because maps, you can see recently searched places, places you've gone to, information you may not want to share.
Or extreme example, what if you needed to travel out of state or to a different country because something like abortion was illegal where you lived.
Maps could reveal where you went. So shouldn't you be able to lock behind—
Or extreme example, what if you needed to travel out of state or to a different country because something like abortion was illegal where you lived.
Maps could reveal where you went. So shouldn't you be able to lock behind—
But your phone's already locked.
Yes, but in the scenario, someone else has gained access to your phone.
You've given them access, but you may want to lock recently searched history of Maps or pinned places in Google Maps. And Calculator is the worst of them all.
The apps, it's filth, Calculator.
You've given them access, but you may want to lock recently searched history of Maps or pinned places in Google Maps. And Calculator is the worst of them all.
The apps, it's filth, Calculator.
What, because of boobs?
Exactly. Just type in 5318008 and turn it upside down.
Every 8-year-old who's listening is loving it.
Like they've ever used—
They're like, what's a calculator?
Exactly. They don't know what we're talking about. Carole, what's your story for us this week?
Well, Graham, actually, you have the whiff of tech influencer about you.
Oh, well, thank you.
Don't you? And good for you. It's a proven way for the interesting or beautiful or gobby to market their services, right? And/or gobby.
Yeah.
To market their services. And these days, it's not the Yellow Pages that you need to be in, but on the web. You have a website.
I do.
A smattering of socials out there where you tap dance and showcase your services and skills and mouth skills. I don't know. Words.
Boy, oh boy.
Speaking presence. That's why I don't have it, Graham. That's why I don't have it. Okay, but let's say you are running a small business with a big personality.
Yes.
And dang it, you found yourself in a spot of bother because someone is trying to extort you, trying to take some of your money or your property or stuff like this.
Oh dear. Yep.
Now a person can use a number of different tactics to extort. Okay, so there's the threat of violence, give me your website or I'll kneecap you. That could be one.
That seems extreme.
Right?
Yeah. Not very nice.
Seems a little extreme. I'm just saying, under extortion, that is a way that it has happened in the past.
I like that's where you've started. Presumably you're going to get worse.
Well, no, no, there's the threat of force.
That's another one where I'm taking your website because I was able to bypass your security or dupe you into handing over your credentials. Something like that.
There's property damage. Didn't the mafia infamously offer protection for like fire protection to ensure people around the neighborhood that their place wouldn't get burned down?
That's another one where I'm taking your website because I was able to bypass your security or dupe you into handing over your credentials. Something like that.
There's property damage. Didn't the mafia infamously offer protection for like fire protection to ensure people around the neighborhood that their place wouldn't get burned down?
All the time. I mean, that's standard, isn't it? It's like, you know, nice place you got here. Real shame if something bad happened to it.
Exactly. Right.
So yeah.
So say someone could say, look, you know, when you go into your speaking events, Graham, 'You know, your tech speaking events, I'll make sure no one is in the audience ready with a cream pie.' Yes, or a milkshake.
'So you can pay me.' Yeah. Yeah, or a milkshake, right? Or lastly, you could extort someone by threatening their reputation.
Like someone might write a review of, you know, our podcast saying it's full of hooey.
But obviously, it's clearly extremely informative and entertaining, seeing as we just won a very important award.
'So you can pay me.' Yeah. Yeah, or a milkshake, right? Or lastly, you could extort someone by threatening their reputation.
Like someone might write a review of, you know, our podcast saying it's full of hooey.
But obviously, it's clearly extremely informative and entertaining, seeing as we just won a very important award.
We have had some bad reviews. As well as lots of lovely good ones.
So in this specific fictitious scenario featuring you, what do you think would be the most likely extortion attempt that someone would want to— someone would do on you?
Ooh.
So you've got kneecapping, violence, force, property damage, or phishing.
I really don't want to be kneecapped.
No, it would put a serious dent in your park run fund.
I've had some nasty threats before. People have said they're gonna shoot me. I have had people say they're gonna burn down my house before.
I didn't really take them very seriously, 'cause I think they were just sort of teenage virus writer types.
I didn't really take them very seriously, 'cause I think they were just sort of teenage virus writer types.
Were they suggesting that unless you give me money?
No, I think it was regardless of whether I gave them money.
It was just trolling. It was just trolling.
I just think just trying to put the frighteners on me.
Yeah.
Oh, crumbs. What would make me pay? Well, there's ransomware, of course, I suppose.
You know, if I didn't have a backup, if I found my backup didn't work and all my information was encrypted, then I'd have to think long and hard as to, well, how do I get my business up and running again?
You know, if I didn't have a backup, if I found my backup didn't work and all my information was encrypted, then I'd have to think long and hard as to, well, how do I get my business up and running again?
Yeah.
Sorry, a bit of a boring answer, but, no, no, no, but, well, you know, no surprise there.
No, no, no. I was thinking more of threat to reputation would be the thing because it's a big one. Like, especially if you're reliant on a specific community for growth. Right.
If you imagine you trained horses and someone like the horsey version of shit went around on all the horse forums and horsey whatever saying, I heard of a mysterious horsey flu happening on your training grounds, you wouldn't be a happy camper.
If you imagine you trained horses and someone like the horsey version of shit went around on all the horse forums and horsey whatever saying, I heard of a mysterious horsey flu happening on your training grounds, you wouldn't be a happy camper.
I wouldn't be happy. Or if they said that I ate horses or something.
Oh, God, that's way worse.
Why didn't that occur to me?
I saw him—
I saw him munching on a horse burger the other day and licking his lips saying, this is really yummy.
Oh my God, I was gonna marry a horse once, remember that?
I remember. Sorry it didn't work out for you.
But I digress. So you might say it's just some idiotic internet troll, you know, who's getting their kicks from screwing about online, whatever.
But what if the person turned out to be, considered to be rather upstanding, like an ex-cop, a former cop?
But what if the person turned out to be, considered to be rather upstanding, like an ex-cop, a former cop?
Okay.
And a rather attractive one as well. So this is what allegedly happened in Orange County.
A 32-year-old former deputy of the Orange County Sheriff's Office turned model—okay, because she's a former cop turned model named Ali—she's in cahoots with a conspirator, Elizabeth, and the two of them managed to extort $9,000 from a small cosmetology business.
Now I know you're thinking, oh, small potatoes, small potatoes, but if you think of it, I don't know what size their potatoes were.
A 32-year-old former deputy of the Orange County Sheriff's Office turned model—okay, because she's a former cop turned model named Ali—she's in cahoots with a conspirator, Elizabeth, and the two of them managed to extort $9,000 from a small cosmetology business.
Now I know you're thinking, oh, small potatoes, small potatoes, but if you think of it, I don't know what size their potatoes were.
I have no idea.
9K can be life-threatening to a small business in terms of the business surviving, because if there's nothing in the coffers and that money is needed to pay your few employees, and then someone comes along like an ex-cop/model with her sidekick, and they allegedly managed to nab the 9K by threatening to make false statements on the internet that would harm this small cosmetology business.
Cosmetology? Sorry, I—
That makeup.
Oh, I thought you were saying to do with the cosmos or astrology. I thought it was—
No, it's more like, hey, I used this cream and it gave me a rash.
Okay, okay. I thought they were saying—
I'm imagining.
I was imagining Uranus rising or something.
Yeah.
Apparently the duo threatened to slander, report fictitious violations to the New York State Board of Cosmetology, and file complaints to the Department of Labor for alleged employee violations against a business that were untrue.
Apparently the duo threatened to slander, report fictitious violations to the New York State Board of Cosmetology, and file complaints to the Department of Labor for alleged employee violations against a business that were untrue.
Right.
Now, this is all according to local prosecutors, as the two have now been charged with grand larceny in the third degree and coercion in the third degree.
But I wanted to share it because you did mention ransomware earlier, but we rarely hear about this type of extortion anymore. Right? Because these days it's all ransomware.
You rarely hear about someone kind of saying, look, unless you do this, I'm going to go online and say bad things.
But I wanted to share it because you did mention ransomware earlier, but we rarely hear about this type of extortion anymore. Right? Because these days it's all ransomware.
You rarely hear about someone kind of saying, look, unless you do this, I'm going to go online and say bad things.
And I guess because she's a former police person and a model, people will listen to her.
Yeah, model police officer. You got to get it in the right order.
Oh, I thought you meant like—
No, no, no, you were right.
Oh, okay. I thought you meant a really good police officer.
Cop slash turned model.
Oh, okay.
Okay.
Right. Okay.
All right.
Fair enough.
She was on the beautiful person list on Maxim magazine or something.
Anyway, but what's interesting to me is I wondered whether prosecutors would have even looked at the case had the small business not paid up.
Because in other words, if someone threatens you and you don't pay, but you report it, right? Is it considered a crime?
Because extortion is actually you've managed to get money out of them by threatening them. Do you know what I mean?
Anyway, but what's interesting to me is I wondered whether prosecutors would have even looked at the case had the small business not paid up.
Because in other words, if someone threatens you and you don't pay, but you report it, right? Is it considered a crime?
Because extortion is actually you've managed to get money out of them by threatening them. Do you know what I mean?
But it should be a crime, shouldn't it? Because you're still making a threat. Surely that is still a crime.
I'd like to think so. Depends, I guess, where you live. You know, years back I had this archaeologist friend that tried to blackmail me. What?
Yeah, it turned out he had a lot of dirt on me. That's why we're award-winning!
Yeah, it turned out he had a lot of dirt on me. That's why we're award-winning!
In a perfect world, end users would only work on managed devices with IT-approved apps.
But every day, employees use personal devices and unapproved apps that aren't protected by MDM, IAM, or any other security tool.
There's a giant gap between the security tools we have and the way we actually work.
1Password calls it the Access Trust Gap, and they've also created the first-ever solution to fill it.
1Password Extended Access Management secures every sign-in for every app on every device.
Includes the password manager that you know and love and the device trust solution you've probably heard of on this podcast back when it was called Kolide.
1Password Extended Access Management cares about user experience and privacy, which means it can go places other tools can't, like personal and contractor devices.
It ensures that every device is known and healthy and every login is protected.
So stop trying to ban BYOD or shadow IT and start protecting them with 1Password Extended Access Management. Check it out at 1password.com/smashing.
And thanks to 1Password for supporting the show.
But every day, employees use personal devices and unapproved apps that aren't protected by MDM, IAM, or any other security tool.
There's a giant gap between the security tools we have and the way we actually work.
1Password calls it the Access Trust Gap, and they've also created the first-ever solution to fill it.
1Password Extended Access Management secures every sign-in for every app on every device.
Includes the password manager that you know and love and the device trust solution you've probably heard of on this podcast back when it was called Kolide.
1Password Extended Access Management cares about user experience and privacy, which means it can go places other tools can't, like personal and contractor devices.
It ensures that every device is known and healthy and every login is protected.
So stop trying to ban BYOD or shadow IT and start protecting them with 1Password Extended Access Management. Check it out at 1password.com/smashing.
And thanks to 1Password for supporting the show.
When it comes to ensuring your company has top-notch security practices, things can get complicated fast.
Vanta automates compliance for ISO 27001, SOC 2, GDPR, and more, saving you time and money.
With Vanta, you can unify your security program management with a built-in risk register and reporting, and proactively manage security reviews with AI-powered security questionnaires.
Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to build trust and prove security in real time. Our listeners get 10% off Vanta at vanta.com/smashing.
That's vanta.com/smashing for 10% off. And thanks to Vanta for sponsoring the show.
Vanta automates compliance for ISO 27001, SOC 2, GDPR, and more, saving you time and money.
With Vanta, you can unify your security program management with a built-in risk register and reporting, and proactively manage security reviews with AI-powered security questionnaires.
Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to build trust and prove security in real time. Our listeners get 10% off Vanta at vanta.com/smashing.
That's vanta.com/smashing for 10% off. And thanks to Vanta for sponsoring the show.
And welcome back. Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security related necessarily.
Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish.
It doesn't have to be security related necessarily.
Better not be.
Well, my Pick of the Week this week is not security related. In fact, it's not a Pick of the Week. It's a Nitpick of the Week.
Because as I mentioned earlier today, I was at the InfoSec show at the Excel Centre in London this week, or last week, or whenever it was recently, the other day.
And there were lots of people there, and it's always the case.
I don't know if you remember, Carole, but when you go to one of these big industry shindigs, you see lots of people who you know, right? And that's lovely.
I had loads of people come up and say, "Hey, Graham," you know, and it's like, oh yes, yes, come on, hello, how are you? And all this chit-chat, chit-chat.
But there's some people, there's some people you see and you recognise their face and you reckon, you think, oh, I know them, that's— and you think, I know you, I did used to work in the same company as you for about 10 years, but I don't think we ever actually spoke in the company.
And if I acknowledge your presence now by talking to you, it's going to be really awkward because I won't have anything to say other than, I know your name, and we worked at the same company.
And then they will say to me, I know who you are, and yes, we did.
Because as I mentioned earlier today, I was at the InfoSec show at the Excel Centre in London this week, or last week, or whenever it was recently, the other day.
And there were lots of people there, and it's always the case.
I don't know if you remember, Carole, but when you go to one of these big industry shindigs, you see lots of people who you know, right? And that's lovely.
I had loads of people come up and say, "Hey, Graham," you know, and it's like, oh yes, yes, come on, hello, how are you? And all this chit-chat, chit-chat.
But there's some people, there's some people you see and you recognise their face and you reckon, you think, oh, I know them, that's— and you think, I know you, I did used to work in the same company as you for about 10 years, but I don't think we ever actually spoke in the company.
And if I acknowledge your presence now by talking to you, it's going to be really awkward because I won't have anything to say other than, I know your name, and we worked at the same company.
And then they will say to me, I know who you are, and yes, we did.
This is basically you saying, oh, I have celebrity problems. People come up to me and say, well, hi, Graham. And you're like, I don't remember them.
No, no, no. This is someone who did not come up to me, who's someone who I passed. I'm not gonna name any names. I'm gonna tell you though. Right? Never spoke to her at Sophos. Right?
I think you're overthinking this. I think you just go, "Hey, how's it going?" "Great, great." "Yeah, yeah. Cool, cool." You don't have to chase after her.
But if she raises an eyebrow and gives you a nod, you just nod back, Lou.
But if she raises an eyebrow and gives you a nod, you just nod back, Lou.
We made eye contact. And then there was that—
Did you smile or just pretend she didn't know you? No, no. You just ran past her. You scarpered.
All I'm talking about is there is this awkward dance you do trying to avoid eye contact with someone who you barely know on the street, or in my case, at InfoSec.
And it makes me feel awkward. And that is my nitpick of the week. Because I think something needs to be done about it.
And it makes me feel awkward. And that is my nitpick of the week. Because I think something needs to be done about it.
Your awkwardness. That's what's wrong. The awkwardness.
Well, maybe it is.
Your awkwardness is your nitpick of the week.
Maybe it is.
I agree.
Maybe my nitpick of the week is me and my inability to deal with social situations. And if any readers have any suggestions as to how I can solve this problem, maybe—
Please.
Maybe just stay at home and not go out in public, then that'd be great.
But there is this— the worst thing in the world is going down a corridor, a long corridor, a long, thin corridor, and you see someone coming towards you who you kind of know, but don't really know enough to say much to, and then you have to decide the optimum point where to go, huh, you sort of smile at each other, all right, yeah, you're all right.
Because of course you don't want to stop and have a conversation because you really do have nothing to say.
But there is this— the worst thing in the world is going down a corridor, a long corridor, a long, thin corridor, and you see someone coming towards you who you kind of know, but don't really know enough to say much to, and then you have to decide the optimum point where to go, huh, you sort of smile at each other, all right, yeah, you're all right.
Because of course you don't want to stop and have a conversation because you really do have nothing to say.
To be you, to live in your brain.
I'm sure lots of our listeners, I'm sure lots of our listeners have exactly the same problem, and it's only the brave people like me who are identifying this and aren't afraid to bring it out into the daylight because this is the kind of thing we need to have a national debate about.
And that is why it is my nitpick Pick of the Week.
And that is why it is my nitpick Pick of the Week.
We look forward to your book, 6 Steps to Overcome Anxiety When Walking Down Long Hallways.
Carole, what's your Pick of the Week?
Well, I think this is going to make you more anxious and awkward.
Oh, God.
Now, a few weeks ago, you were talking about being a healthier human, you know, with your park runs and box fits and whatnot.
Thank you.
And I too have been looking into a little self-improvement.
Yes.
Even though I'm pretty near there. No, I'm kidding. But I wanted to share with you and our dear listeners a little exercise that I've been trying out for the last 27 hours.
Oh, is it— does it involve your pelvic floor?
No, no, no.
Not interested.
Shall I tell you some of the claimed benefits and you can see if you can guess?
Go ahead.
Reduces stress.
Masturbation.
Improves physical health. No.
Okay, carry on.
And improves your relationship.
Masturbation.
Nothing to do with my pelvic floor.
Is it badminton? I don't know. What is it?
We're talking the daily smooch.
Oh.
Or the daily kiss.
Your pick of the week is kissing every day.
Well, it's a specific kiss because someone did some science. And they decided there's an ideal length of smooch in order for a connection to happen between the two people.
Can you guess how long that is?
Can you guess how long that is?
17 minutes.
6 seconds.
6 seconds.
Now let's— okay, let's just do dead air for 6 seconds.
Okay. I'll count down. So, ready? 2, 3, go.
See, it's already really long.
You see, it's long.
Now, the idea is this: 6 seconds makes you feel more connected to a person, or apparently a yeti, says my friend therapist.
You're able to navigate and overcome conflict if you feel a strong connection with someone.
And if the connection's really strong, this is according to John Gottman, the psychotherapist dude who came up with all this, you're in positive sentiment override, Graham.
You're able to navigate and overcome conflict if you feel a strong connection with someone.
And if the connection's really strong, this is according to John Gottman, the psychotherapist dude who came up with all this, you're in positive sentiment override, Graham.
Oh, PSO. Yeah, okay.
Apparently, this is where you have a positive perspective on your relationship because you have a strong connection. So it all kind of feedback loop.
Anyway, so I was jokingly challenged by a therapist friend to try this out 27 hours ago.
Anyway, so I was jokingly challenged by a therapist friend to try this out 27 hours ago.
All right.
And, you know, it seemed pretty straightforward, you know, exercise to get your head around it. Right? Daily 6-second smooch. Not difficult.
But, you know, in order to make my pick of the week, I ended up on Psychology Today, which actually gives a detailed kissing homework assignment. Would you like it?
But, you know, in order to make my pick of the week, I ended up on Psychology Today, which actually gives a detailed kissing homework assignment. Would you like it?
Yes, I flippin' well would.
Okay. Quote, try out timing your 6-second kiss once you get a feel for the length.
Because that's really sexy, isn't it? Have a stopwatch.
You can't count 6 seconds in your head, seriously? Grab your partner, set a timer on your phone, and get kissing.
You can make it a game by guessing when you've hit 6 seconds or seeing the longest kiss you can do without taking a breath.
You can make it a game by guessing when you've hit 6 seconds or seeing the longest kiss you can do without taking a breath.
Oh, how fun it is to be in love.
What else can you do for less than a minute a week that will improve your relationship?
It's not that kind of podcast.
So there you go. There you have it. My pick of the week, the 6-second daily Yeti smooch in my case. Enjoy. It lasts a long time.
But hang on, you haven't answered the most important question. Has your relationship improved since you've been conducting this experiment?
27 hours ago?
Yeah.
I haven't really seen him since, so it's been brilliant. No, I'm kidding. I'm about— I'm actually— I'm timed in. I better go.
I have to leave this podcast to go do my 6-second Daily Smashing Security.
I have to leave this podcast to go do my 6-second Daily Smashing Security.
Well, I guess we better wrap up things then. Listeners, you can follow us on Twitter @SmashingSecurity, no G, Twitter isn't allowed to have a G.
And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Pocket Casts.
And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Pocket Casts.
And huge, huge thank you to our episode sponsors, Vanta and 1Password, and of course to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 375 episodes, check out smashingsecurity.com.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 375 episodes, check out smashingsecurity.com.
Until next time, cheerio, bye-bye.
Bye-bye.
Safe journey home, Carole.
Thanks. Can't believe I will pelvic floor.
I can't talk about that.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Episode links:
- Graham’s video thanking people for voting for “Smashing Security” – Twitter.
- iOS 18 makes iPhone more personal, capable, and intelligent than ever – Apple.
- Apple’s new iOS 18 feature is being called ‘a cheater’s paradise’ – Daily Mail.
- 2 Accused In Internet Extortion Scheme Against Boss – Patch.
- District Attorney: Ex-police officer turned model among duo arrested in Orange County – Westchester News.
- Former N.Y. cop, internet model Ally Thueson arrested for extortion – NY Daily News.
- Extortion – FindLaw.
- Smile politely, nod awkwardly: greeting people you barely know – University Times.
- How to pass people in hallway without awkwardness? – Reddit.
- How Long Should a Great Kiss Last? – Psychology Today.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsors:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
