Social media fuels conspiracies galore after Donald Trump is shot at a rally, cryptocurrency websites are hijacked after a screw-up at Squarespace, and our guest takes a close look at bottoms on Instagram.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Zoë Rose.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
It had only two photos. It was explicit. Well, the main photo was a bottom. A very lovely bottom, I will say, but not really my interest.
Male or female? Do we know what sort of bottom it was?
Both of them, both of them were female.
Her suit?
Or—
Okay, right, yes, probably not then.
Smashing Security, episode 381, Trump shooting conspiracy, Squarespace account hijack, and the butt stops here with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 381. My name's Graham Cluley.
Smashing Security, episode 381, Trump shooting conspiracy, Squarespace account hijack, and the butt stops here with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security episode 381. My name's Graham Cluley.
And I'm Carole Theriault.
And Carole, we're joined this week by a special guest, someone who hasn't been on the show for a while. It is, I'm delighted to say, Zoe Rose. Hello, Zoe, welcome back.
Hello, it's lovely to be back.
Terrific to have you.
Welcome. How you doing, Zoe?
I am wonderful. It's been a while since I've been on, so it's nice to catch up again.
Lovely to hear your voice too.
Let's thank this week's wonderful sponsors, 1Password, Vanta, and the M-WISE Conference 2024. It's their support that help us give you this show for free.
Now, coming up on today's show, Graham, what do you got?
Now, coming up on today's show, Graham, what do you got?
I'm going to be telling a story from the worldwide what the heck?
Okay, what about you, Zoe?
I'm going to be talking about a personal story about Instagram and bottoms.
Ooh, okay, you win this week. And I'm going to chat about what 12% of all social media traffic referenced on this past Sunday.
All this and much more coming up on this episode of Smashing Security.
All this and much more coming up on this episode of Smashing Security.
Now, chums, chums, great news. I can report that everything is going just splendidly in the world of cybersecurity and cryptocurrency. So that's a first. That's great news, right?
Absolutely. Everything's going really, really well. There definitely aren't any problems. None at all. No breaches occurring. We can all relax, take it easy.
Absolutely. Everything's going really, really well. There definitely aren't any problems. None at all. No breaches occurring. We can all relax, take it easy.
Everything's tickety-boo.
Enjoy the summer break. Go and grab the deck chair, sit by the pool, come back in September to see if there's anything that needs fixing. Probably won't be.
We've pretty much solved the whole problem. Well, is that true? Because I suppose there have been a few little problems which have occurred if you really want to nitpick.
We've pretty much solved the whole problem. Well, is that true? Because I suppose there have been a few little problems which have occurred if you really want to nitpick.
And you love doing that.
What, nitpicking?
Yeah, it's what you do almost every week.
Like, I have nits.
Where does that term come from?
Picking nits.
You know how they're monkeys and they're picking bugs out of people's hairs or something? Yeah. That's what it means.
You sort of sift through the hair and you find a little beetle, a little bug or something, go, "There it is. Eee, me, me." And you squash it and maybe chew it if you're hungry.
I feel like the topic that you're covering now is going to be a very large bug. Sorry, my brain works very weirdly. Carry on.
Well, I'm going to talk to you about Squarespace. You ever heard of Squarespace?
Yes.
Yes, I have, yeah.
I know a number of people with websites on Squarespace.
Oh, okay. Interesting. So people, of course, use Squarespace to build and host their websites, but it's much more than that.
These days, because last year Squarespace did a deal with Google. Squarepace, Square, I can't even say it, Squarepace.
These days, because last year Squarespace did a deal with Google. Squarepace, Square, I can't even say it, Squarepace.
Squarespace.
Squarespace.
Yeah.
Said that it was acquiring from Google its Google Domains assets and customers. Now, if you haven't heard of Google Domains, it was launched around about 10 years ago.
It was a domain name registrar and domain management service where you could set up your website, buy your domains if you wanted to, and configure how they were going to operate.
And many other things that Google starts, it got a bit bored with it because Google really hasn't got very much patience.
You know, plays with a toy for a while and then goes, oh, need something else now.
It was a domain name registrar and domain management service where you could set up your website, buy your domains if you wanted to, and configure how they were going to operate.
And many other things that Google starts, it got a bit bored with it because Google really hasn't got very much patience.
You know, plays with a toy for a while and then goes, oh, need something else now.
They can do that because they make money somewhere else, right? In their business model.
Well, they do. There are so many. There's actually a website where you can find out all the different projects that Google has killed off over the years.
Everything from Google Wave and Google Hangouts and Google Buzz and Google Reader, Google Dodgeball. Do you remember that?
Everything from Google Wave and Google Hangouts and Google Buzz and Google Reader, Google Dodgeball. Do you remember that?
No, I do remember Google Reader though, and I used to use it. So that's—
Google Reader was brilliant. Google Reader was great. People are still very, very upset Google Reader was killed off as a way to read their RSS feeds. Google Aardvark. Oh!
That was a social search service that connected users with their friends or friends of friends that are able to answer their questions so that these, you know, they've tried all kinds of things.
But Google Domains, thankfully, didn't just kill it stone dead because obviously there are a lot of people using it.
Instead, Google decided to sell it lock, stock and barrel, everything that was basically Google Domains to Squarespace.
That was a social search service that connected users with their friends or friends of friends that are able to answer their questions so that these, you know, they've tried all kinds of things.
But Google Domains, thankfully, didn't just kill it stone dead because obviously there are a lot of people using it.
Instead, Google decided to sell it lock, stock and barrel, everything that was basically Google Domains to Squarespace.
Right.
And that meant 10 million domains. So by domain, I mean the URL. Basically, so smashingsecurity.com or carole.wtf.
If you had purchased that via Google Domains, if you were administering it via Google Domains, now Squarespace are running it for you instead.
If you had purchased that via Google Domains, if you were administering it via Google Domains, now Squarespace are running it for you instead.
And very clearly said, Graham Cluley. Well done.
Thank you very much. You're welcome. And what these services do is they act like a telephone directory because if you didn't have domain registrars and management services.
In order to visit a website, you would have to type in an IP address. So it'd be 192.168 blah blah blah blah blah blah.
You know, you'd have to type in a number with dots in it rather than typing in smashingsecurity.com or whatever it is, amazon.com or whatever the website is.
So it's really, really handy, these services. But now Squarespace is in charge of all of those users, of all of those websites. What could possibly go wrong?
In order to visit a website, you would have to type in an IP address. So it'd be 192.168 blah blah blah blah blah blah.
You know, you'd have to type in a number with dots in it rather than typing in smashingsecurity.com or whatever it is, amazon.com or whatever the website is.
So it's really, really handy, these services. But now Squarespace is in charge of all of those users, of all of those websites. What could possibly go wrong?
Okay, before we answer that, I don't know about you, Zoe, but I would say from my echo chamber, I would understand Squarespace to have a good marketing—
Squarespace?
Squarespace. What did I say?
Squarepace. I don't know where you got that idea from.
Did I?
Oh God.
Squarespace. They appear a lot on ads, in podcasts and stuff and on YouTube and all these kind of places. On telly even. They have a big marketing budget. They've been around a while.
I think they would know their game. I would feel okay about that, hearing it peripherally. You know, I'd be, oh, sounds like a good idea.
I think they would know their game. I would feel okay about that, hearing it peripherally. You know, I'd be, oh, sounds like a good idea.
Well, yeah, it's a legit company, right? It's a well-known company. They've never sponsored us, and I suspect they never will. Uh-oh. I just have a slight feeling about that.
So as I said, what could possibly go wrong with Squarespace now taking over those 10 million Google purchased domains.
So as I said, what could possibly go wrong with Squarespace now taking over those 10 million Google purchased domains.
An organization taking over a lot of data, having an issue. I can't imagine, but they must have had a lot of data already.
You know, they must have had millions of users.
Yeah, but my trust in organizations and being able to handle data— I mean, I do work in security, so we're all cynics.
My—
Yeah, my trust is very low.
Yeah. Well, in the last couple of weeks, a number of websites have been hijacked.
I'm not talking about the kind of websites set up by your Auntie Flo or your Uncle Bob, but ones run by organizations, in particular ones related to cryptocurrency.
So what is happening is these websites have suffered DNS hijacking attacks. That's a Domain Name Service hijacking attack.
So as I said, when you are with a registrar, with a domain registrar and a domain management service managing your domain, you decide what IP address your website is actually at.
So you can point it from the name to the actual server address, which will be that hard-to-remember number.
I'm not talking about the kind of websites set up by your Auntie Flo or your Uncle Bob, but ones run by organizations, in particular ones related to cryptocurrency.
So what is happening is these websites have suffered DNS hijacking attacks. That's a Domain Name Service hijacking attack.
So as I said, when you are with a registrar, with a domain registrar and a domain management service managing your domain, you decide what IP address your website is actually at.
So you can point it from the name to the actual server address, which will be that hard-to-remember number.
Like I choose a name and then my host says, okay, this is your IP address based on—
Yes, and people will remember you're at carole.wtf to see your art. But they wouldn't remember the actual number of your website.
Of course.
Because, you know, the human brain doesn't work that way, right?
Gotcha.
So what the hackers can do is if they manage to break into your DNS records, they can modify those records to redirect a legitimate website to a malicious website, such as a phishing page.
So, carole.wtf would go actually to a phishing site, not to my art.
Or a porn site, or who knows what site.
I wouldn't like that.
I know. Imagine—
VPN.
Okay.
There's so many things I could say at this point, I'm not going to say.
Good.
So here's the scenario. You visit your favourite cryptocurrency website.
Maybe it's your cryptocurrency exchange or where you have your cryptocurrency wallet of all your investments, where you store your NFTs or something like that, and you access it the normal way.
You type in its URL, you get the URL correct. You aren't clicking on someone else's link.
You are typing in the URL, you get it absolutely correct, or you use your bookmarks where it really is the URL to that website.
Maybe it's your cryptocurrency exchange or where you have your cryptocurrency wallet of all your investments, where you store your NFTs or something like that, and you access it the normal way.
You type in its URL, you get the URL correct. You aren't clicking on someone else's link.
You are typing in the URL, you get it absolutely correct, or you use your bookmarks where it really is the URL to that website.
So your password manager is going to recognize this is legitimate and—
As well, absolutely, yeah.
Which is an important part because I do know a lot of advice when it comes to security with phishing is, make sure it's the right URL and your password manager won't recommend the password if it's not the right URL.
Right.
But in this case, it would be legitimate. So it'd be very difficult for somebody to recognize it.
And if they've made a lookalike page which appears to be asking for your credentials, so it looks just like the real site and you are at the real URL, albeit not at the right IP address, which you wouldn't know anyway, you've just handed your credentials over to identity thieves, fraudsters.
It could be trying to steal your cryptocurrency, could try and grab your NFTs from any connected cryptocurrency wallets which you have.
So actually, it'd be great news if you went to a porn site.
It could be trying to steal your cryptocurrency, could try and grab your NFTs from any connected cryptocurrency wallets which you have.
So actually, it'd be great news if you went to a porn site.
That would actually be better.
Of course it would be better rather than having all your cryptocurrency stolen. So these kind of DNS hijacks are not unheard of. These have been happening for years.
It doesn't mean the website itself has been actually hacked or defaced, but it's more the telephone directory, if you like, has been altered.
It doesn't mean the website itself has been actually hacked or defaced, but it's more the telephone directory, if you like, has been altered.
It's like I'm trying to call you, and I get rerouted to someone who looks like you and sounds like you, but isn't you.
Can you imagine?
Only in my nightmares.
So I remember, for instance, just to give you an example, The Sun newspaper's website, it got DNS hijacked by the LulzSec hacking gang.
And if you went to The Sun on that particular day, the front page story was that Rupert Murdoch had died in his front garden.
He'd tripped over some shrubbery and inhaled some palladium. And people would go there and believe the story to be true, 'cause they were at The Sun.
And if you went to The Sun on that particular day, the front page story was that Rupert Murdoch had died in his front garden.
He'd tripped over some shrubbery and inhaled some palladium. And people would go there and believe the story to be true, 'cause they were at The Sun.
Of course they were, yeah.
So, that's how convincing these things can be.
A very reputable paper.
Well, and considering when it comes to the number one motivator for a malicious actor is financial gain. So—
Yes.
Being able to steal the credentials of people's cryptocurrency wallets, that's lucrative. And how are they gonna be tracked?
And you know, there's lots of benefits there for a malicious actor.
And you know, there's lots of benefits there for a malicious actor.
So these websites which were experiencing this problem, as I said, they were cryptocurrency websites in the main.
And the one thing they had in common is they were originally registered with Google Domains and have now been switched to Squarespace looking after their domain name registration and their records.
So, questions: Have the website owners been careless in their choice of passwords? No, they haven't.
Did they fail to set up proper multifactor authentication when they set up their domains at Google Domains? No, they didn't.
And the one thing they had in common is they were originally registered with Google Domains and have now been switched to Squarespace looking after their domain name registration and their records.
So, questions: Have the website owners been careless in their choice of passwords? No, they haven't.
Did they fail to set up proper multifactor authentication when they set up their domains at Google Domains? No, they didn't.
Well, they could have, but that doesn't necessarily— In this case, it wasn't related.
It wasn't related. So how did the hackers change the DNS settings for these websites, which are now being run by Squarespace. And that is really the crux of this question.
It looks like there's been an almighty screw-up when the domains were passed from Google Domains to Squarespace.
It looks like there's been an almighty screw-up when the domains were passed from Google Domains to Squarespace.
The exact method of the hack is unclear because Squarespace, quite frankly, isn't saying anything at the moment. At the time of recording, I'm just on their website right now.
I'm not seeing anything.
Right.
I wonder if they're going to blame an intern.
Maybe it's that, or maybe they're just so desperately scrabbling around trying to work out a form of words to apologise or to fix all the people who've got problems.
But it appears that there's been a security issue with the account recreation, because obviously they took these accounts which were at Google and they had to recreate the accounts at Squarespace when they transferred the domains.
And what appears to have happened is that Squarespace assumed people logging into their accounts on Squarespace would use the social sign-up options from Google, for instance, or Apple.
You know how you can actually log in with another account to some of these things and log in, which I've always hated.
But it appears that there's been a security issue with the account recreation, because obviously they took these accounts which were at Google and they had to recreate the accounts at Squarespace when they transferred the domains.
And what appears to have happened is that Squarespace assumed people logging into their accounts on Squarespace would use the social sign-up options from Google, for instance, or Apple.
You know how you can actually log in with another account to some of these things and log in, which I've always hated.
No, I don't really warm to that.
I don't either. No.
But there is also an option to do it with an email address.
And it looks like Squarespace— so difficult to say— looks like Squarespace assumed people would use those sort of third-party authentications rather than asking for an email address.
And what was found was that hackers were able to go to the login page having worked out what the likely email address would be of a particular website, enter the email address, and it wouldn't ask for any password authentication.
Because Squarespace—
And it looks like Squarespace— so difficult to say— looks like Squarespace assumed people would use those sort of third-party authentications rather than asking for an email address.
And what was found was that hackers were able to go to the login page having worked out what the likely email address would be of a particular website, enter the email address, and it wouldn't ask for any password authentication.
Because Squarespace—
Oh my God.
Has already half-created those accounts when it moved them over. Because it's like, well, you kind of are an account because you have a domain here.
I know.
And it didn't send any verification to the email address saying, is this really you logging in?
Oh my goodness.
And even if you had multifactor authentication enabled on your Google Domains account back when it was Google Domains, that wasn't transferred to your account at Squarespace.
So it's pretty easy, it appears, for those websites.
Let me remind you, 10 million websites which have been transferred over, and it looks like it's been fairly easy for people to compromise these websites and change their settings, provided they got there before the genuine users to sort of start off the sequence with Squarespace.
So if they went there, which is quite plausible that they would.
So it's pretty easy, it appears, for those websites.
Let me remind you, 10 million websites which have been transferred over, and it looks like it's been fairly easy for people to compromise these websites and change their settings, provided they got there before the genuine users to sort of start off the sequence with Squarespace.
So if they went there, which is quite plausible that they would.
While you have been talking, I've been flirting around their website, right?
Yeah.
To see if there's anything in a blog or buried somewhere off the main page. And I can't find anything.
Yeah. It's all news reports at the moment. And there's a great piece, actually, by a group called Security Alliance. Some security researchers have been looking into this.
They've written a very in-depth piece, which I'll link to in the show notes.
All about how they think this has happened and what steps you should take if your domains are some of those which have been transferred from Google Domains to Squarespace.
In a nutshell, turn on multifactor authentication immediately.
Make sure you don't have any other users associated with your account because potentially they won't have created a Squarespace account yet.
So even if you sort out your account, other members of your team—
They've written a very in-depth piece, which I'll link to in the show notes.
All about how they think this has happened and what steps you should take if your domains are some of those which have been transferred from Google Domains to Squarespace.
In a nutshell, turn on multifactor authentication immediately.
Make sure you don't have any other users associated with your account because potentially they won't have created a Squarespace account yet.
So even if you sort out your account, other members of your team—
Yeah, so the first thing to do is review your account, right?
Do that. Turn on two-factor authentication. See who else has access.
But other than that, you might actually want to reconsider where your domain names are actually being managed from because maybe you need a more secure option because it doesn't look like there's any audit trails.
It doesn't look like they were notifying people when changes were being made to their—
But other than that, you might actually want to reconsider where your domain names are actually being managed from because maybe you need a more secure option because it doesn't look like there's any audit trails.
It doesn't look like they were notifying people when changes were being made to their—
There's no information on their website. How many people must have been impacted and gone in and gone, oh God, oh God.
Well, and also when it comes to a security breach, it's very hard to quantify it.
So the part that you're talking about, oh, they might want to switch because they're not doing best practice. The reality is they made a mistake.
Yeah, they made an assumption, which we know what that— we know what that stands for. But also, you don't trust them anymore, right?
So an organization that's impacted by that, their customers may not trust them anymore, even though they didn't make any mistake. So it's a multi-layer issue there.
And also, I really like the idea that they just really, really messed up. Like, I was thinking it was going to be something complex, but no.
So the part that you're talking about, oh, they might want to switch because they're not doing best practice. The reality is they made a mistake.
Yeah, they made an assumption, which we know what that— we know what that stands for. But also, you don't trust them anymore, right?
So an organization that's impacted by that, their customers may not trust them anymore, even though they didn't make any mistake. So it's a multi-layer issue there.
And also, I really like the idea that they just really, really messed up. Like, I was thinking it was going to be something complex, but no.
It does seem some silly assumptions were made. Now, it's not all bad news for Squarespace. They can rebuild their reputation. In fact, I think they should start that right now.
I think if they were to get into bed with some popular cybersecurity podcasts and sponsor them. In fact, for an increased rate, we could even completely edit out this story.
So it'll be removed from our archive.
I think if they were to get into bed with some popular cybersecurity podcasts and sponsor them. In fact, for an increased rate, we could even completely edit out this story.
So it'll be removed from our archive.
No?
Zoe, what have you got for us this week?
I'm actually going to talk about Instagram. So I have an Instagram account, or I had an Instagram account. I guess I technically still do, but it's disabled. But anyway.
If you've heard people in the past complain about, oh, Instagram shows you such inappropriate photos on your feed, and everybody knows that those people complaining, they're seeing those inappropriate photos because those are the photos they look at.
That's how the algorithm works. It wants to encourage you to stay on the platform, and so it suggests photos based on your viewing habits.
If you've heard people in the past complain about, oh, Instagram shows you such inappropriate photos on your feed, and everybody knows that those people complaining, they're seeing those inappropriate photos because those are the photos they look at.
That's how the algorithm works. It wants to encourage you to stay on the platform, and so it suggests photos based on your viewing habits.
Yeah, it's learned what you like over time, hasn't it? Exactly.
It doesn't want you to go off.
When I dyed my hair pink, I looked for a lot of pictures of people with pink hair, and then I had a lot of pictures being fed to me with people with pink hair.
Exactly, exactly.
It's really clever stuff.
Well, I mean, it wants to keep you on there, so it makes sense, right? It's creating that addiction. I need more pink hair. My feed is less exciting.
I typically look at plants and children's games, and I don't remember what else — cooking. I take a lot of recipes off Instagram. I don't know why, it's very weird.
But children's games, plants, and some other random stuff. Sometimes my child likes to look at fish, and so I've got aquariums on there. That's the type of content.
It's generally quite bland. Oh, and books. I read a lot of books. I'm very nerdy, if you don't know. I read a lot, and so I get a lot of recommendations and book recommendations.
None of that relates to pornography. I'm not a super exciting person, so I don't really look at Instagram for explicit photos. I'm sure people do. All the power to them. I don't.
Although, on, I think it was Sunday, maybe Saturday, I opened Instagram and the first photo that came up was quite explicit.
I typically look at plants and children's games, and I don't remember what else — cooking. I take a lot of recipes off Instagram. I don't know why, it's very weird.
But children's games, plants, and some other random stuff. Sometimes my child likes to look at fish, and so I've got aquariums on there. That's the type of content.
It's generally quite bland. Oh, and books. I read a lot of books. I'm very nerdy, if you don't know. I read a lot, and so I get a lot of recommendations and book recommendations.
None of that relates to pornography. I'm not a super exciting person, so I don't really look at Instagram for explicit photos. I'm sure people do. All the power to them. I don't.
Although, on, I think it was Sunday, maybe Saturday, I opened Instagram and the first photo that came up was quite explicit.
Was this in your feed?
Yes, it was in my homepage. So I'm thinking, what is this? Was one of my friends' accounts hacked or something? No, it's an account I've never seen before.
I'm thinking, was my account compromised? No, what is going on?
And I clicked through the account that showed me this inappropriate photo, and it was clearly a sock account of some sort. It had only two photos. It was explicit.
Well, the main photo was a bottom. A very lovely bottom, I will say, but not really my interest.
I'm thinking, was my account compromised? No, what is going on?
And I clicked through the account that showed me this inappropriate photo, and it was clearly a sock account of some sort. It had only two photos. It was explicit.
Well, the main photo was a bottom. A very lovely bottom, I will say, but not really my interest.
Male or female? Do we know?
Both of them were female.
Her suit, or — okay, right, yes, probably not then.
As I said, she had a lovely bottom, if it was even hers. I mean, I think the account was just a fake account, but regardless, I was thinking, this is very weird.
And historically, I do get requests — I have a private account, and I do get requests from probably people going to send me malware where they are, you know, follow me or look at this cam or whatever, those kind of requests on Instagram.
Obviously I block them all because again, I'm not interested, but I was thinking, how did this show up in my feed? And so I blocked the account, and then I got another one.
It wasn't bloody. Another one.
And historically, I do get requests — I have a private account, and I do get requests from probably people going to send me malware where they are, you know, follow me or look at this cam or whatever, those kind of requests on Instagram.
Obviously I block them all because again, I'm not interested, but I was thinking, how did this show up in my feed? And so I blocked the account, and then I got another one.
It wasn't bloody. Another one.
A bleeding bottom.
This one wasn't bleeding. That would have been interesting.
But it was another one, and I'm thinking, okay, I have children, and as I said, sometimes my children like to look at fish, and I really don't want them seeing some image of somebody's bottom doing extracurricular activities.
Don't really want them to see that. They're not ready.
But it was another one, and I'm thinking, okay, I have children, and as I said, sometimes my children like to look at fish, and I really don't want them seeing some image of somebody's bottom doing extracurricular activities.
Don't really want them to see that. They're not ready.
They're not ready. No. And that's totally legit.
You're a mom and you share your Instagram sparingly with your kid and you don't want to have some kind of sexy, sexy hubba hubba something come up, especially when you don't follow that shit.
You're a mom and you share your Instagram sparingly with your kid and you don't want to have some kind of sexy, sexy hubba hubba something come up, especially when you don't follow that shit.
Exactly. Exactly. And I was looking at it, I was thinking, how the heck does this show up on my feed? Because I don't look at anything inappropriate on there.
I even have the safe filters setting, so it blocks anything explicit. Talk about the most boring Instagram you could get. That's what I have.
So I'm thinking, why in the world does this show up? And I was trying to figure it out, and I realized it's ads.
I even have the safe filters setting, so it blocks anything explicit. Talk about the most boring Instagram you could get. That's what I have.
So I'm thinking, why in the world does this show up? And I was trying to figure it out, and I realized it's ads.
How do you mean?
I'm getting ads on my Instagram for inappropriate photos.
So someone is spending money to send you pictures of bottoms, right?
Like, what a weird thing.
I imagine it's one of those same approaches as usual where you try and get people to add your account and you're pretending to be this sexy lady and they click on your malicious link or download some malicious file, whatever.
I'm assuming it's the same kind of use case, I guess.
I imagine it's one of those same approaches as usual where you try and get people to add your account and you're pretending to be this sexy lady and they click on your malicious link or download some malicious file, whatever.
I'm assuming it's the same kind of use case, I guess.
Chances are they're not spending their own money, they're spending someone else's money. Maybe compromised an account to try and drive traffic somewhere.
Yeah, maybe the account is from your story where they got access to some crypto, have some money to spend, and they're trying to get people to click it.
Or maybe they get paid for every instance of viewing.
Maybe, I don't know, right?
So I don't know, so they just spill it around.
Yeah.
All over the internet and say, oh look, 10 million people saw your pictures.
Look at this bottom, it's very sexy.
And the butt stops here.
Yeah, but it's like you're the butt of all jokes.
But from my perspective, Meta, do you really need to mess up this badly? Like, okay, my children are not old enough to be on Instagram yet, thankfully. I use it sparingly.
I share photos of my children to my specific audience, you know, I'm very careful. Careful, yeah, that's the word.
And it's frustrating because now I've disabled my account because there's no reason for me to be on there anymore, really, because I don't feel comfortable having that there in case if I ever do open it and my children are there, I don't want them to see that.
I share photos of my children to my specific audience, you know, I'm very careful. Careful, yeah, that's the word.
And it's frustrating because now I've disabled my account because there's no reason for me to be on there anymore, really, because I don't feel comfortable having that there in case if I ever do open it and my children are there, I don't want them to see that.
That's a bit of a shame for you though, isn't it?
Because if you want to share photographs and things with your family and friends about your young children, for instance, or things that you're up to, you can't do that anymore, can you?
Because if you want to share photographs and things with your family and friends about your young children, for instance, or things that you're up to, you can't do that anymore, can you?
Good old PDF attachment.
Come on, there must be an easier way to do this. I'm going to put out the call to our listeners.
Yeah, the Bat Phone.
Yeah, that's right. We're going to put the sign in the sky, the Bat Signal, right now for Zoe Rose. Listeners, Zoe needs a way to share photos privately with her family and friends.
I imagine you want this end-to-end encrypted or something as well, right?
I imagine you want this end-to-end encrypted or something as well, right?
Yeah, that would be the preference.
Because you don't want some big advertising firm or tech firm scooping up your data and doing God knows what, or training their AI from it or anything like that.
Let's be honest, it is Meta that owns Instagram. Meta, the company that is responsible for 50% of all GDPR fines at this point.
So, you know, it's almost like I can only get better at this point. I was never comfortable using Meta anyway, because I don't like Facebook.
I don't like Instagram, but I don't know of another alternative. I guess I'm just getting old. I don't know what's hip.
So, you know, it's almost like I can only get better at this point. I was never comfortable using Meta anyway, because I don't like Facebook.
I don't like Instagram, but I don't know of another alternative. I guess I'm just getting old. I don't know what's hip.
So we want something that's secure. Are you prepared to pay?
I am prepared to pay at this point.
Mm-hmm.
Okay, listeners, we want to hear your suggestions.
You can email us at , or you can also tweet us @SmashInSecurity, no G, Twitter won't allow us to have a G, and we will pass on your recommendations to Zoe.
Hmm.
You can email us at , or you can also tweet us @SmashInSecurity, no G, Twitter won't allow us to have a G, and we will pass on your recommendations to Zoe.
Hmm.
I can't wait to see them as well.
I will say, please don't recommend Flickr. Flickr does not have MFA.
Mm-hmm. There you go.
Oh, okay. Yep. Need MFA.
All right. Definitely.
Back to the drawing board, people.
Don't send us any links which point to butts, for God's sake.
Please don't.
None of that nonsense.
We've had enough butts around here.
As I said, they're lovely bottoms. I'm happy for them to pursue their careers, but I do suspect that the people in the photo are not the people behind the account as well.
Look, some people with non-lovely butts might be offended right now because, you know—
Offended.
Hey, I didn't specify what it looked like. Maybe I like not so lovely butts, right?
Good point.
Carole, what have you got for us this week? Follow that.
No, this is all a bit more serious, people. So last Saturday, July 13th, at a rally in Pennsylvania, the former U.S.
president clutched his right ear before dropping quickly to ground. And we all know what I'm talking about.
Within seconds, members of the Secret Service surrounded him, and within a minute, the ex-president got up and pumped his fist towards the crowd as blood ran from his ear to his cheek.
Actually, if I were a Secret Service agent, you know, in that scene right then, and I'm trying to use my life to protect this asset, I'd be pretty annoyed that they pumped the air.
I get they want to tell their fan club, hey, I'm okay. But, you know, I'm a paid worker putting my life on the line.
You know, just could you just, could you just cockroach out of here on the floor like a normal person? Could you stop encouraging them from shooting again?
president clutched his right ear before dropping quickly to ground. And we all know what I'm talking about.
Within seconds, members of the Secret Service surrounded him, and within a minute, the ex-president got up and pumped his fist towards the crowd as blood ran from his ear to his cheek.
Actually, if I were a Secret Service agent, you know, in that scene right then, and I'm trying to use my life to protect this asset, I'd be pretty annoyed that they pumped the air.
I get they want to tell their fan club, hey, I'm okay. But, you know, I'm a paid worker putting my life on the line.
You know, just could you just, could you just cockroach out of here on the floor like a normal person? Could you stop encouraging them from shooting again?
Because if I am made this time, please, God. Yeah.
Anyway, so this image of Trump standing bleeding from his ear, fist raised in front of the US flag, no less, is now known the world over, right?
Loads of papers put on the cover the next day of their, I don't even know if they're newspapers.
And almost immediately after the incident, conspiracy theorists across the political spectrum began to speculate over the attempted assassination, causing this disinformation tsunami, right?
And this is at a time when, you know, there's a highly politicized and divided America. I think I can say that.
And everyone wants to know what happened, who's behind it, and what happens next. So what do you do? You go online.
Loads of papers put on the cover the next day of their, I don't even know if they're newspapers.
And almost immediately after the incident, conspiracy theorists across the political spectrum began to speculate over the attempted assassination, causing this disinformation tsunami, right?
And this is at a time when, you know, there's a highly politicized and divided America. I think I can say that.
And everyone wants to know what happened, who's behind it, and what happens next. So what do you do? You go online.
Yeah, I want to know what Elon Musk is saying about it because surely he'll know what's happening.
I have a quote from him later in this segment, so you'll find out.
Oh, do you?
Oh, what a surprise. What a surprise.
Now, quite a few of us hit the social for news in this situation. Can you guess how many US adults say they regularly get their news from socials?
This is according to Pew Research on this topic.
This is according to Pew Research on this topic.
I would think these days it's going to be more than from newspapers or even television.
I'm going to say 34.5%. Oh, that's very precise.
Holy moly, Zoe, you're on the ball. It's 3 out of 10. Wow. So spot on, I'd say. So 3 out of every 10 persons say, okay, that doesn't mean that they are doing it.
I'm sure much more is going on, right? They say, they admit to regularly getting their news from the socials. And we're talking here YouTube, Instagram, TikTok, X, and Reddit, right?
So first off, when you heard this news of the attempted assassination, did you have an initial thought on what might have happened?
Did you have a narrative go through your head at all?
I'm sure much more is going on, right? They say, they admit to regularly getting their news from the socials. And we're talking here YouTube, Instagram, TikTok, X, and Reddit, right?
So first off, when you heard this news of the attempted assassination, did you have an initial thought on what might have happened?
Did you have a narrative go through your head at all?
I always have opinions, and my mind has many narratives going through it.
So I did too, right? And I'm going to share mine, but I wanted to know if you guys had any on your own.
Well, it was late night here in the UK. I was up and my phone bleeped with a BBC News alert saying that he'd been rushed off the stage.
And at that point, they didn't say that he'd been shot. They just said rushed off the stage.
So I thought, well, maybe he'd had some sort of medical incident or fainted or something like that.
But I thought I imagine there might be someone out there who doesn't like Donald Trump.
And at that point, they didn't say that he'd been shot. They just said rushed off the stage.
So I thought, well, maybe he'd had some sort of medical incident or fainted or something like that.
But I thought I imagine there might be someone out there who doesn't like Donald Trump.
So you didn't go very deep.
And might have— Yeah, I know, I know. It's radical thinking. Yeah, well, is that the expert analysis you needed, Carole?
So I'm reading the headlines, the initial headlines. And I was concerned that maybe the whole thing was staged. Oh.
The reason I think I thought that was I'm thinking, this guy is wily, street smart, snubs bureaucratic governance, knows the power of martyrdom and all that.
And I just thought, you know, and remember Bolsonaro, remember? Yeah, in Brazil, right? There was an attempted assassination on him in 2018.
He became the next country's president the year later.
The reason I think I thought that was I'm thinking, this guy is wily, street smart, snubs bureaucratic governance, knows the power of martyrdom and all that.
And I just thought, you know, and remember Bolsonaro, remember? Yeah, in Brazil, right? There was an attempted assassination on him in 2018.
He became the next country's president the year later.
Right. I think most people who are assassinated don't become the next president though, Carole, just for your information.
Attempted assassinations.
Oh, okay, okay.
But then I started reading, right?
And so I hit news outlets like, you know, like Reuters and AP News, and I also went to PBS, I went to NPR, I went to Fox News, read a bunch of articles from them.
And actually you can just go to our episode show notes actually, because all the sources are there. So I wasn't alone in thinking that this whole thing might be staged, right?
But the staging conspiracy was adopted by people regardless of political leaning. Right, though the message was kind of different. So the whole keyword was staged.
That was the keyword that was on the socials, right? So left-leaning conspiracy theorists seem to point the finger at the Republican Party.
Their supposed evidence was that there was no blood on Trump's face until he raised his hand to his cheek, although apparently this is difficult to confirm based on videos posted online.
Nonetheless, they claim that Trump used a yellow squib to release fake blood.
And so I hit news outlets like, you know, like Reuters and AP News, and I also went to PBS, I went to NPR, I went to Fox News, read a bunch of articles from them.
And actually you can just go to our episode show notes actually, because all the sources are there. So I wasn't alone in thinking that this whole thing might be staged, right?
But the staging conspiracy was adopted by people regardless of political leaning. Right, though the message was kind of different. So the whole keyword was staged.
That was the keyword that was on the socials, right? So left-leaning conspiracy theorists seem to point the finger at the Republican Party.
Their supposed evidence was that there was no blood on Trump's face until he raised his hand to his cheek, although apparently this is difficult to confirm based on videos posted online.
Nonetheless, they claim that Trump used a yellow squib to release fake blood.
Oh my goodness.
Like he was holding a little pellet, you know, and then he did a little Houdini and went, "Oh, my ear." Some said the photo was just too perfect, you know, with the flag in the background, the blood, the fist.
I think I thought that. I think that was my issue with it, that still was so powerful.
I think I thought that. I think that was my issue with it, that still was so powerful.
Yes, but do you remember Donald Trump's NFTs where they presented him as a superhero? Yes. And like—
Sadly, I do remember. Remember all those?
I mean, I mean, they were so badly constructed and so badly made and amateurish that I can't imagine that a picture that brilliant, as was the photograph of him on the stage— I don't think if they'd been responsible for it, it would've been anything like that good.
No, no, no.
Okay, yeah. So it didn't look on brand in a way.
Yeah. I heard about it, but I didn't actually follow the whole story. Did anybody actually get hurt? Besides that?
Yes, yes, a person got killed, two people are severely injured in hospital, and the gunman was shot as well, wasn't he? Yep, he's 20 years old.
Yeah, they don't yet have a clear motive or reason yet, so at the time of recording they're still looking into that.
There was also theories that the Secret Service allowed Trump to stand and pose as he was escorted off stage, so that was a whole show, that picture being so perfect.
Yeah, they don't yet have a clear motive or reason yet, so at the time of recording they're still looking into that.
There was also theories that the Secret Service allowed Trump to stand and pose as he was escorted off stage, so that was a whole show, that picture being so perfect.
Yeah, but the thing that stands out to me is if you are shot or somebody attempts to shoot you, is the first thing you do stand up and say, I'm not hit? I don't know if you—
If everyone's relying on you.
I've never been in that situation. I can't say what I would do. Piss yourself, maybe. I don't know. And the adrenaline might help, but I just find that very odd.
Yeah. There was a past presidential candidate, I think it may have been in the 1800s or something, who— he was shot.
Yeah.
But after being shot, he carried on and gave his speech anyway. So, I don't think he was successful. I can't remember his name at the moment.
But, so I think, you know, if you're driven—
But, so I think, you know, if you're driven—
Fair enough.
Doesn't appear that Trump suffered a major wound, then he may well have thought, well, you know, I can carry on. I need to show that I'm the tough guy.
But remember, this is all happening in the first few hours, right? Before the FBI have even identified the person, right?
We have also right-leaning theorists putting the blame at the feet of a number of people like Joe Biden, right? The president, or the U.S.
Department of Justice, or other powerful actors.
We have also right-leaning theorists putting the blame at the feet of a number of people like Joe Biden, right? The president, or the U.S.
Department of Justice, or other powerful actors.
I don't think it's Joe Biden who shot him. I don't think that's likely. I can't imagine him climbing up from a roof.
I would also say I find those theories very strange. Like, if— I mean, maybe I'm out of touch, but I feel like if I'm going to assassinate someone, I wouldn't do it publicly.
Yeah, I don't know if you can get into the Trump compound or whatever, Trump Tower, wherever he hangs out these days. Mar-a-Lago, I don't know.
Yeah, but if you're a nation-state actor, would it be that difficult?
I don't know. You're not asking the right person.
I don't know.
I don't know.
Anyway.
Come on, Carole, admit it. Admit it. You do know. You are a nation-state actor. Zoe's rumbled you.
So there are all these people online throwing all this stuff about, right? This muck about saying, this is what I think, this is what I think.
But then you've also got powerful influencers, right? Fueling the fire or stirring the pot or however you want to put it. You have political advisors and Democratic donors.
This guy urged supporters in an email late on Saturday to contemplate the, quote, possibility that this shooting was encouraged and maybe even staged so Trump could get photos and benefit from the buzz.
But then you've also got powerful influencers, right? Fueling the fire or stirring the pot or however you want to put it. You have political advisors and Democratic donors.
This guy urged supporters in an email late on Saturday to contemplate the, quote, possibility that this shooting was encouraged and maybe even staged so Trump could get photos and benefit from the buzz.
Backlash.
Yeah, not one newspaper opinion leader in America is willing to openly consider the possibility that Trump and Putin staged this on purpose. Ask the question, people, he said.
The next day he apologized, so I think he got, yeah, he was told to take that down.
But Elon Musk apparently reposted multiple messages from an alt-right political activist asking how the shooter was able to crawl onto the closest roof to a presidential nominee, suggesting the Secret Service was intentionally remiss.
One of these posts garnered some 91 million views so far.
The next day he apologized, so I think he got, yeah, he was told to take that down.
But Elon Musk apparently reposted multiple messages from an alt-right political activist asking how the shooter was able to crawl onto the closest roof to a presidential nominee, suggesting the Secret Service was intentionally remiss.
One of these posts garnered some 91 million views so far.
So here we are now, right? It is 60 years since John F. Kennedy was assassinated. And there are still conspiracy theories swirling about that.
There have been books and movies and all the rest of it and inquiries. Now, it's like that, but it's with petrol poured on top, isn't it?
Because social media is inflaming these conspiracy theories.
There have been books and movies and all the rest of it and inquiries. Now, it's like that, but it's with petrol poured on top, isn't it?
Because social media is inflaming these conspiracy theories.
Yeah, and you're right, references to these false assassination narratives amassed more than 100 million views in 24 hours on X alone, and that far exceeds the 35 million views for content related to false flag rumors and other conspiracy theories after school shooting in Uvalde, Texas in 2022.
And I feel really bad for the person that was killed and the people injured, because they're just kind of not really important enough to be talked about.
I 100% agree, because it just goes to show how desensitized we might be becoming, because there was even bad taste memes in the first few hours.
There was one, a bloodied ear becoming, for example, a reaction to hearing a new album by female singer Katy Perry, right? So that was going around, and people are dead.
There was one, a bloodied ear becoming, for example, a reaction to hearing a new album by female singer Katy Perry, right? So that was going around, and people are dead.
Yeah.
So who's behind all this noise, right? And someone might argue that we all are, you know, because we're all vulnerable to wanting to figure out why something shocking's happened.
And we only have a few puzzle pieces, and then we're given a bunch more and we have no idea if they're duds or if they're legit.
And then we make this whole viewpoint up and we share it online.
And we only have a few puzzle pieces, and then we're given a bunch more and we have no idea if they're duds or if they're legit.
And then we make this whole viewpoint up and we share it online.
Well, and I'd like to point out what you did, which I think is very important for people to recognize, is you looked at multiple sources, even the ones you might not agree with and the ones that you suspect are skewed in their opinion.
I think that's really important.
When I used to do— I've never worked in intelligence, but I've worked beside intelligence, with the team, and I always make sure to look at multiple sources and consider somebody else's opinion that I don't agree with because it's really easy to create an echo chamber online.
I think that's really important.
When I used to do— I've never worked in intelligence, but I've worked beside intelligence, with the team, and I always make sure to look at multiple sources and consider somebody else's opinion that I don't agree with because it's really easy to create an echo chamber online.
Well, to that point, the social media analysis company Sciabra found that 45% of profiles on X, Facebook, Instagram, and TikTok spreading the theory that the shooting was orchestrated by Mr.
Trump were fake accounts.
And PeakMetrics, a firm that tracks online trends, said the conspiracy theories made up 12% of all social media traffic referenced the shooting at some point on Sunday.
Trump were fake accounts.
And PeakMetrics, a firm that tracks online trends, said the conspiracy theories made up 12% of all social media traffic referenced the shooting at some point on Sunday.
So who's controlling those accounts and why?
And who's paying for it? So to Zoe's point, be careful where you get your information. Double, triple check your sources before you start mouthing off. I really tried in this story.
And if you screw up, most importantly, own it and apologize, remove the statement and move on. Don't leave it there to fester with no comment.
Because, you know, especially in the States, free speech includes the right to spout snake oil and horse poop and all the other synonyms you guys can come up with. Quackery.
And if you screw up, most importantly, own it and apologize, remove the statement and move on. Don't leave it there to fester with no comment.
Because, you know, especially in the States, free speech includes the right to spout snake oil and horse poop and all the other synonyms you guys can come up with. Quackery.
Whether you're starting or scaling your company's security program, demonstrating top-notch security practices and establishing trust is more important than ever.
Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money while helping you build customer trust.
Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center. All powered by Vanta AI.
Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to manage risk and improve security in real time.
Get $1,000 off Vanta when you go to vanta.com/smashing. That's vanta.com/smashing for $1,000 off.
Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money while helping you build customer trust.
Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center. All powered by Vanta AI.
Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to manage risk and improve security in real time.
Get $1,000 off Vanta when you go to vanta.com/smashing. That's vanta.com/smashing for $1,000 off.
Are you looking for a security conference where frontline practitioners get solutions to the toughest challenges they face? You're looking for M-WISE.
Built by practitioners for practitioners, M-WISE is a unique intimate community where expert knowledge is shared in a non-competitive, non-commercial spirit, brought to you by Mandiant, now part of Google Cloud.
It's a place where real talk and serious knowledge are shared generously, and where the focus is on the practical tactical solutions that make sense right now.
M-WISE is vendor-neutral and not sales-focused. Even better, you'll get ample opportunity to connect one-to-one, not only with your peers, but with the experts.
And this year, they're taking it up a notch in Denver. So get ready for microbrews, killer views, and serious cyber. Join M-WISE from September 18th-19th in Denver.
Get details at smashingsecurity.com/mwise. That's M-W-I-S-E. And thanks to M-WISE for sponsoring the show.
Built by practitioners for practitioners, M-WISE is a unique intimate community where expert knowledge is shared in a non-competitive, non-commercial spirit, brought to you by Mandiant, now part of Google Cloud.
It's a place where real talk and serious knowledge are shared generously, and where the focus is on the practical tactical solutions that make sense right now.
M-WISE is vendor-neutral and not sales-focused. Even better, you'll get ample opportunity to connect one-to-one, not only with your peers, but with the experts.
And this year, they're taking it up a notch in Denver. So get ready for microbrews, killer views, and serious cyber. Join M-WISE from September 18th-19th in Denver.
Get details at smashingsecurity.com/mwise. That's M-W-I-S-E. And thanks to M-WISE for sponsoring the show.
In a perfect world, end users would only work on managed devices with IT-approved apps.
But every day, employees use personal devices and unapproved apps that aren't protected by MDM, IAM, or any other security tool.
There's a giant gap between the security tools we have and the way we actually work.
1Password calls it the access trust gap, and they've also created the first-ever solution to fill it.
1Password Extended Access Management secures every sign-in for every app on every device.
It includes the password manager that you know and love, and the device trust solution you've probably heard of on this podcast, back when it was called Collide.
1Password Extended Access Management cares about user experience and privacy, which means it can go places other tools can't, like personal and contractor devices.
It ensures that every device is known and healthy, and every login is protected.
So stop trying to ban BYOD or shadow IT and start protecting them with 1Password Extended Access Management. Check it out at 1password.com/smashingsecurity.
And thanks to 1Password for supporting the show. And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
But every day, employees use personal devices and unapproved apps that aren't protected by MDM, IAM, or any other security tool.
There's a giant gap between the security tools we have and the way we actually work.
1Password calls it the access trust gap, and they've also created the first-ever solution to fill it.
1Password Extended Access Management secures every sign-in for every app on every device.
It includes the password manager that you know and love, and the device trust solution you've probably heard of on this podcast, back when it was called Collide.
1Password Extended Access Management cares about user experience and privacy, which means it can go places other tools can't, like personal and contractor devices.
It ensures that every device is known and healthy, and every login is protected.
So stop trying to ban BYOD or shadow IT and start protecting them with 1Password Extended Access Management. Check it out at 1password.com/smashingsecurity.
And thanks to 1Password for supporting the show. And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
Pick of the Week. Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something.
It could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish.
It doesn't have to be security-related necessarily.
It could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish.
It doesn't have to be security-related necessarily.
Better not be.
Well, my pick of the week this week is not security related.
My pick of the week is a TV program which I watched, and I have to tell you, I had a rather interesting experience while watching it. I watched a show on ITV.
First of all, that's a bit of a novelty, watching something on ITV, which is the independent channel here in the UK. It's called Douglas Is Cancelled.
Have either of you seen this show?
My pick of the week is a TV program which I watched, and I have to tell you, I had a rather interesting experience while watching it. I watched a show on ITV.
First of all, that's a bit of a novelty, watching something on ITV, which is the independent channel here in the UK. It's called Douglas Is Cancelled.
Have either of you seen this show?
No.
It's only just come out. You can watch it streaming on ITVX.
It's the story about a middle-aged white TV news presenter played by Hugh Bonneville, who you may remember from Downton Abbey.
And he's got a younger, attractive female sidekick played by Karen Gillan, who was in Guardians of the Galaxy and Doctor Who and things like that.
And this TV presenter, Douglas, he is accused on Twitter of making an ill-advised sexist joke at a wedding. And social media begins to turn against him.
It's the story about a middle-aged white TV news presenter played by Hugh Bonneville, who you may remember from Downton Abbey.
And he's got a younger, attractive female sidekick played by Karen Gillan, who was in Guardians of the Galaxy and Doctor Who and things like that.
And this TV presenter, Douglas, he is accused on Twitter of making an ill-advised sexist joke at a wedding. And social media begins to turn against him.
Okay.
And of course, you're wondering, what's the joke going to be? And you don't actually find out what the joke is all about until towards the end of the series.
It's in 4 parts, this show. So it's a bit of a mystery hanging in the air. And it's— that's not really the main reason to watch, though. And I'd read some good things about this.
And so I said to my wife, I said, let's watch this on the telly. Okay, let's give it a try.
It's in 4 parts, this show. So it's a bit of a mystery hanging in the air. And it's— that's not really the main reason to watch, though. And I'd read some good things about this.
And so I said to my wife, I said, let's watch this on the telly. Okay, let's give it a try.
Listen to my wife just throwing it out there in all au naturel.
I know, I was just gonna say.
She is my wife. And I said, you know, let's— And to be honest, the first couple of episodes left me pretty cold. I wasn't very interested. I didn't really care.
I'm surprised.
I very nearly didn't watch anymore, but I read online that episode 3 was good. So I carried on, and I'm pleased I did.
Because it is one of the most uncomfortable, tense, and disturbing things I've ever seen on television.
Because it is one of the most uncomfortable, tense, and disturbing things I've ever seen on television.
What?
Episode 3 of this programme, yep. My wife and I were literally watching the TV with our eyes covered.
She actually told me at one point, you know, turn the sound off and you can watch the subtitles, because she didn't want to hear what was happening.
She actually told me at one point, you know, turn the sound off and you can watch the subtitles, because she didn't want to hear what was happening.
Yeah, I understand that. I get that. It's just I hide behind the sofa and go, I can't, I can't, I can't.
Yeah, it's I can't even hear what's happening. But for a seemingly benign TV programme to take such a dark, sudden, gut-wrenching twist was really, really alarming.
But it was also superb.
But it was also superb.
Cool.
So, I don't want to give anything away about what happens, but the final two episodes of Douglas Is Cancelled— I said, it's four episodes in total— make it must-see, thought-provoking TV.
So, my pick of the week, I'd really recommend it, is Douglas Is Cancelled. And I'd love to discuss it with people who've actually seen the programme.
I don't want to give anything away to people who have yet to experience it. So that is Douglas Is Cancelled, my pick of the week.
So, my pick of the week, I'd really recommend it, is Douglas Is Cancelled. And I'd love to discuss it with people who've actually seen the programme.
I don't want to give anything away to people who have yet to experience it. So that is Douglas Is Cancelled, my pick of the week.
Bold recommendation.
I'm not gonna lie. I'm gonna be honest with you. This is a secret that nobody can share, obviously.
When I get really anxious about movies, or, well, more accurate, books, I read the end. And then I go back and read the rest.
When I get really anxious about movies, or, well, more accurate, books, I read the end. And then I go back and read the rest.
Not a bad idea. Not a bad idea. Zoe, what's your pick of the week?
Mine is definitely not technical because every time I'm on, Carole is you can't have it technical.
So every time I try and think of something, I'm can't be technology, can't be technology. So mine is child-related. I have two children now. Which is—
So every time I try and think of something, I'm can't be technology, can't be technology. So mine is child-related. I have two children now. Which is—
Congratulations.
Yeah, it's a big thing.
You get a lot of time off. I hear that you get a lot of time off during that time.
So much. So I'm also a single mom, so it makes it even more time off. Obviously I have all the time in the world and tons of sleep.
But the biggest problem I have is I have two children, and yes, I have two hands, but I also need to do other things. And they're young enough that they both want to be carried.
And buggies or prams, or what are they called otherwise? Strollers. Yes, strollers are not the most useful things.
Like, if you've got a single stroller or buggy or pram, then you have another child you're carrying.
If you've got a double, you run into it's really long and awkward, or it's really wide and awkward. And so, hello again, Instagram.
Now it's Instagram moms recommended, because in North America you see a lot of Instagram moms with wagons. They're like wagons for children, so they've got like seats.
So that's what inspired me to buy my pick of the week, which is literally a wagon. But it's a wagon that you push like a buggy.
It's the greatest thing in the entire world, and I absolutely adore... What's its brand? Pinolino.
But the biggest problem I have is I have two children, and yes, I have two hands, but I also need to do other things. And they're young enough that they both want to be carried.
And buggies or prams, or what are they called otherwise? Strollers. Yes, strollers are not the most useful things.
Like, if you've got a single stroller or buggy or pram, then you have another child you're carrying.
If you've got a double, you run into it's really long and awkward, or it's really wide and awkward. And so, hello again, Instagram.
Now it's Instagram moms recommended, because in North America you see a lot of Instagram moms with wagons. They're like wagons for children, so they've got like seats.
So that's what inspired me to buy my pick of the week, which is literally a wagon. But it's a wagon that you push like a buggy.
It's the greatest thing in the entire world, and I absolutely adore... What's its brand? Pinolino.
Pinolino. And it's a klappbollerwagen.
Oh, I'm looking at it.
Yes.
It's brilliant because I can walk with children and stuff. I could take it swimming. I could take it to the shopping centre and buy stuff and fill it.
Even today, I went, dropped the kids at crèche and then went to the shop and bought some food, and I filled it with food. So it was amazing. I love it. Greatest thing ever.
So not technical, although I do call it my Cyber Wagon.
Even today, I went, dropped the kids at crèche and then went to the shop and bought some food, and I filled it with food. So it was amazing. I love it. Greatest thing ever.
So not technical, although I do call it my Cyber Wagon.
It looks amazing.
Yeah, right. And links in the show notes if anyone wants to go check it out.
And if you don't have children, my colleagues have said it also would be great if you're coming home from the pub and one of your friends wants to push...
Carole, what's your pick of the week?
Carole, what's your pick of the week?
Okay, so I have a new cat. I've adopted a stray young mum cat.
Hooray!
Yeah, and she's fab, but she's not microchipped or spayed or fully vaccinated yet, and that's coming next week. But I've needed to keep her indoors until I can get all this done.
And we're kind of midway through this process and it's been hard weeks.
I know I'm bitching to a person who has a parent of two human children, but Kate, last week she got out and she came back in heat.
And then we had this tomcat stalking us outside for three days, meowing for her. And she's sitting there flirting at the window like a pervert.
And he's all like, "Ugh." It was disgusting. Anyway, so I needed a distraction. Distraction, right? I needed a distraction. So I bought some toys and stuff. Seems to...
she prefers our sofa to any scratching post, but whatever. What do I do? What do I do? What do I do to keep her entertained? The answer came to me.
Someone must have invented cat TV, right? If you can imagine it, must exist. Rule 34. So people have put hours upon hours of TV featuring birds, and rodents and whatnot.
And my little Wilmington Wilma loves it. She watched for an hour last night while we had dinner.
And we're kind of midway through this process and it's been hard weeks.
I know I'm bitching to a person who has a parent of two human children, but Kate, last week she got out and she came back in heat.
And then we had this tomcat stalking us outside for three days, meowing for her. And she's sitting there flirting at the window like a pervert.
And he's all like, "Ugh." It was disgusting. Anyway, so I needed a distraction. Distraction, right? I needed a distraction. So I bought some toys and stuff. Seems to...
she prefers our sofa to any scratching post, but whatever. What do I do? What do I do? What do I do to keep her entertained? The answer came to me.
Someone must have invented cat TV, right? If you can imagine it, must exist. Rule 34. So people have put hours upon hours of TV featuring birds, and rodents and whatnot.
And my little Wilmington Wilma loves it. She watched for an hour last night while we had dinner.
Yeah.
It's basically you have this cute setting, like maybe a little nature scene or a backyard or a deck, and someone's put some food in front of a high-def camera. And allons-y, right?
And then these birds come and chipmunks and all kinds of shit. And she tries to...
it's all great except when she gets excited and jumps on the desk, hits the keyboard and kills the video.
And then she mews and like little servants, we come along and give her her fix. Anyway, so my pick of the week, Cat TV.
If you have a bored, irritated, annoyed cat because they really wanna be outside and they can't be yet, maybe this is for you. So links in the show notes of my preferred.
And then these birds come and chipmunks and all kinds of shit. And she tries to...
it's all great except when she gets excited and jumps on the desk, hits the keyboard and kills the video.
And then she mews and like little servants, we come along and give her her fix. Anyway, so my pick of the week, Cat TV.
If you have a bored, irritated, annoyed cat because they really wanna be outside and they can't be yet, maybe this is for you. So links in the show notes of my preferred.
Maybe that would work for children.
I think it would.
My eldest does like to look at birds and I debated getting one of those feeders that have a camera. So maybe.
Okay, seriously, I will send you the link of my favorite bird one so far. It'll be in the show notes as well.
Listeners, try it on your kid, let us know, because I bet they will love—
Listeners, try it on your kid, let us know, because I bet they will love—
Just don't judge me.
No, no judgment. God, where we can get peace, baby.
Brilliant. Well, that just about wraps up the show for this week. Zoe, I'm sure lots of our listeners would love to find out what you're up to and follow you online.
What's the best way for folks to do?
What's the best way for folks to do?
Well, so probably the best place would be my website, which is rosesec.com.
And you can follow us on Twitter at Smashing Security, no G, Twitter announced ever, Jean. Don't forget to ensure you never miss another episode.
Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
And huge, huge thank you to our episode sponsors, that's 1Password, Vanta, and the MYIS Conference 2024. And of course, to our wonderful Patreon community.
It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest list, and the entire back catalog, more than 380 episodes, check out smashingsecurity.com.
It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest list, and the entire back catalog, more than 380 episodes, check out smashingsecurity.com.
Until next time, cheerio, bye-bye. Bye.
Cheers.
Yeah, how do you have 380 episodes?
That's insanity.
That is the definition of insanity.
I think Graham and I passed that limit a while ago.
Episode 124, I think, was probably the— That's when sanity finished.
Yeah, that's when it all came undone.
Who was on that episode? Were they the cause?
Hang on, let's see, shall we? Hang on, I'll tell you. Hang on. 124.
Let's see who it is.
Brian Honan from Ireland.
Definitely the cause.
Yeah.
Definitely. I worked for him. I'm gonna text him, you caused Graham and Carole to go crazy.
Thank you so much, Zoe, for coming on the show. We appreciate it so much, especially with your crazy, crazy relaxing schedule.
Yes, bottoms up to you.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Zoë Rose – @RoseSecOps
Episode links:
- Killed by Google.
- Squarespace Enters Definitive Agreement to Acquire Google Domains Assets – Squarespace.
- A Squarespace Retrospective, or How to Coordinate an Industry-Wide Incident Response – Security Alliance.
- Trump shooting: all seven conspiracy theories examined – The Telegraph.
- Fact-checking the wild conspiracy theories related to the attempted Trump assassination – PBS News.
- We fact-checked some of the rumors spreading online about the Trump assassination attempt – Reuters.
- Minutes after Trump shooting, misinformation started flying. Here are the facts – AP News.
- Joy Reid suggests Trump couldn’t ‘avoid the consequences’ of his own rhetoric after assassination attempt – Fox News.
- The Gunshots Rang Out. Then the Conspiracy Theories Erupted Online – New York Times.
- Trump assassination attempt – News, Research and Analysis – The Conversation.
- Douglas is Cancelled – ITV.
- Douglas Is Cancelled review – you might hate this show for daring to exist – The Guardian.
- Klappbollerwagen ‘Cruiser’ – PinoLino.
- Videos for Cats to Watch – YouTube.
- Cat TV for Cats to Watch – YouTube.
- Entertainment for Cats – YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- mWISE – Don’t miss the cybersecurity conference built by practitioners, for practitioners. mWISE runs September 18 – 19 2024 in Denver.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky at @smashingsecurity.com, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
