A Kansas City man is accused of hacking into local businesses, not to steal money, but to… get a cheaper gym membership? A DNA-testing firm has vanished, leaving customers in the dark about what’s happened to their sensitive genetic data. And Australia mulls a social media ban for youngsters.
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.
Warning: This podcast may contain nuts, adult themes, and rude language.
0:00
0:00
0:00
0:00
Show full transcript ▼
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.
Hang on, hang on. He did a DNA test on you. Oh my God.
Yes, Jeremy Kyle.
Smashing Security, episode 395. Jim hacking, disappearing DNA, and a social lockout with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to Smashing Security, episode 395. My name's Graham Cluley.
Hello, hello, and welcome to Smashing Security, episode 395. My name's Graham Cluley.
And I'm Carole Theriault.
And Carole, today we're joined by a very special guest. Can you please introduce them in your own inimitable fashion?
I don't think she needs any introduction, does she? Miss Anna Brading.
Hello, how are you two?
Welcome back.
Hello, Anna.
It's good to be back.
Anything you want to share with our listeners before we kick off?
No, no, it's nearly Christmas.
Oh, thank goodness you're here to remind us.
Okay, well, let's get this show on the road, but first, let's thank this week's wonderful sponsors, 1Password, Vanta, and ThreatLocker.
Now coming up on today's show, Graham, what do you got?
Now coming up on today's show, Graham, what do you got?
I'm gonna be talking about hacking might not help you get hired.
Okay. Anna, you?
I'm talking about a vanishing genetic testing company.
Ooh, okay. And I'm gonna look at how Oz plans to de-hook its kids from the socials. All this and much more coming up on this episode of Smashing Security.
Now, chums, chums, as Anna just mentioned, it's almost Christmas. The end of the year is rapidly approaching. Always a glorious time of the year.
Everyone enjoys all that, the passing of time, the speeding up of our lives to the inevitable doom and demise.
Everyone enjoys all that, the passing of time, the speeding up of our lives to the inevitable doom and demise.
You're so doom and gloom.
No, I'm not.
I am looking forward to the holidays.
Are you?
Yes, I think we all need a bit of cheer.
What in particular are you looking forward to?
I'm looking forward to Christmas markets. I'm looking forward to mulled wine. And Christmas quizzes, and little dinners with friends, and all kinds of stuff.
Do people actually like mulled wine? I thought they didn't.
I love mulled wine.
Yes, delicious.
I thought there was a reason they only served it once a year.
People like mince pies as well. What, do you eat them in June?
Yes, I would often be stuffing myself with mince pies. I would have no problem doing that. Maxing out the credit cards, that's another great thing to enjoy.
Well, it is nearly Black Friday.
Finding pine needles in your socks for weeks afterwards, wearing big baggy jumpers knitted for you by your aunties. Some would say it's the most wonderful time of the year.
They would.
And then January hits. And you're bloated on Quality Street chocolates, and you never want to see another slice of cold turkey ever again.
Yeah, and worse, many people do Dry January, which I'll be doing this year. So you have that first week after overindulgence during the Christmas season.
Right, okay.
Of basically sweating out the alcohol. Maybe that's just me.
A lot of people feel a little bit the worse for wear, don't they, come the New Year? And they think, this year is going to be different. This year I'm going to make a resolution.
I'm going to join the gym.
I'm going to join the gym.
Ah, the gym.
Yes. But I won't just join the gym. I'll actually— and this is different from joining the gym— I'll go to the gym, is what you'll say. Who cares? Who cares what the weather's like?
I'll be going out in all weathers. I'll go to— yes, of course I'll go to the gym. I don't mind that it costs £50 a month. It'll be worth it, you say to yourself.
You convince yourself.
I'll be going out in all weathers. I'll go to— yes, of course I'll go to the gym. I don't mind that it costs £50 a month. It'll be worth it, you say to yourself.
You convince yourself.
I think 50 would be a bargain. I think it's more 150. Yeah.
A month? Oh my God.
I live right near two gyms, right? There's two gyms on my block.
Yes.
And come January, boy, are those places jumping. There's a lineup for the machines. Everyone's got their brand new sports gear on.
My Peloton pedals are gonna be falling off in January. At the moment, they're sort of stationary.
And you— maybe you do go to the gym. Maybe you go to the gym twice. But you can't get out of the contract, can you?
And so you're still paying for the gym and not going to it in April.
And I wonder if that's what happened to a chap called Nicholas Kloster, because he turned up to his local health club on April 26th, 2024.
So earlier this year in April, maybe he joined it in the January. He showed up there just before midnight.
Now you tell me, girls, is that normal to go to the gym at that kind of time? Girls? Okay. I'm flattering you.
And so you're still paying for the gym and not going to it in April.
And I wonder if that's what happened to a chap called Nicholas Kloster, because he turned up to his local health club on April 26th, 2024.
So earlier this year in April, maybe he joined it in the January. He showed up there just before midnight.
Now you tell me, girls, is that normal to go to the gym at that kind of time? Girls? Okay. I'm flattering you.
Throwback to 1990.
Well, boy, let me tell you, I do— there is a 24-hour gym near where I live, and when I drive past it, there is often people there at all sorts of times.
Yeah.
Mine, the one on my block's a 24-hour gym. Sometimes people work really late at night, right?
If you're doing shift work and you want to put a sweat on before you hit the sheets, or hopefully hit the shower first.
If you're doing shift work and you want to put a sweat on before you hit the sheets, or hopefully hit the shower first.
Yeah, have a shower. For goodness' sake. Maybe you're right. Maybe he was going for a late-night session.
Maybe he was just trying to cancel his membership and thought it's less embarrassing if I try and do it at midnight. Not too many people see him.
Maybe he was too embarrassed to go to the gym during normal gym opening times because he'd let himself go a bit too much.
Maybe he was just trying to cancel his membership and thought it's less embarrassing if I try and do it at midnight. Not too many people see him.
Maybe he was too embarrassed to go to the gym during normal gym opening times because he'd let himself go a bit too much.
Okay, so basically he went late at night. Okay.
He went very late at night. So just before midnight, he was there at the gym.
Yeah. Normal, I'd say.
The next day, he allegedly dropped an email to the owners of the gym. This is a company which owns multiple health clubs across Kansas and Missouri.
And he claimed that he had gained access to their computer systems. Yes, there is a cybersecurity element to my story.
And what he claimed in this email was that he could easily hack into the company's IT systems. So he wasn't on the rowing machine. He wasn't pumping iron.
It sounds he was, well, doing what many of us do for exercise, you know, participating in aerobic activity via our fingertips on the keyboard instead.
I mean, no, that's what— that is a form of exercise. You can burn calories just at the keyboard if you want to.
Ultimately, if you did enough typing— You know, people come out with diet books all the time. Different ways to lose weight.
I think you could probably sell a book about how you could get a workout at your computer.
And he claimed that he had gained access to their computer systems. Yes, there is a cybersecurity element to my story.
And what he claimed in this email was that he could easily hack into the company's IT systems. So he wasn't on the rowing machine. He wasn't pumping iron.
It sounds he was, well, doing what many of us do for exercise, you know, participating in aerobic activity via our fingertips on the keyboard instead.
I mean, no, that's what— that is a form of exercise. You can burn calories just at the keyboard if you want to.
Ultimately, if you did enough typing— You know, people come out with diet books all the time. Different ways to lose weight.
I think you could probably sell a book about how you could get a workout at your computer.
Yeah. Wouldn't be on my top 10 list, but just—
Is there a way to count your fingertip strokes your steps? 'Cause my Apple Watch doesn't count that. Of course.
Smart rings, they exist.
Install a keylogger. You could just count the key presses, couldn't you? It would work.
Perfect.
You may have to turn off auto-repeat so you can't cheat by just holding down a key, pressing it 58 times.
Anyway, this chap Kloster, he's alleged to have sent an email from his work email address, and he said the following.
He said, I've managed to circumvent the login for the security cameras at the gym by using their visible IP addresses.
I've also gained access to the Google Fiber router settings which allowed me to use, and at this point the feds have redacted a word, it's the name of a tool which he used, but anyway, he says it allowed me to use something or other to explore user accounts associated with the domain.
He said, if I can reach the files on a user's computer, it indicates potential for deeper system access. So he's saying there's a security vulnerability, right? Yeah.
Anyway, this chap Kloster, he's alleged to have sent an email from his work email address, and he said the following.
He said, I've managed to circumvent the login for the security cameras at the gym by using their visible IP addresses.
I've also gained access to the Google Fiber router settings which allowed me to use, and at this point the feds have redacted a word, it's the name of a tool which he used, but anyway, he says it allowed me to use something or other to explore user accounts associated with the domain.
He said, if I can reach the files on a user's computer, it indicates potential for deeper system access. So he's saying there's a security vulnerability, right? Yeah.
Yeah.
He's saying he was able to access security cameras, he's able to access and fiddle around with things.
And he's told this to the company in question, not advertised it on some forum.
That's right. And he went on to claim that he had assisted over 30 other small to medium-sized businesses in the Kansas City area.
A little digital vigilante here.
A very interesting point. And he attached a file. Now you're probably wondering what the contents of that file were. Were they malicious? Were they malware? Were they ransomware?
Were they something—
Were they something—
They open it and they in turn get infected and held up for ransomware. Exactly.
What it was is what he described as his resume, his CV.
Ah.
So, according to the FBI, who've been involved in this case, and they've charged Kloster, it was quite different from his normal resume, the one he normally handed out.
So, we don't know exactly the details, but it sounds awfully like he sent an email to the gym's owners claiming he'd hacked into their systems, into their computers, and was looking to get hired by them for security consultant services at the same time.
So, he's done the advert for his services at the same time as breaking into systems.
And my question to you, and I think I already know the answer from you, Carole, is do you think that's okay?
So, we don't know exactly the details, but it sounds awfully like he sent an email to the gym's owners claiming he'd hacked into their systems, into their computers, and was looking to get hired by them for security consultant services at the same time.
So, he's done the advert for his services at the same time as breaking into systems.
And my question to you, and I think I already know the answer from you, Carole, is do you think that's okay?
I think it is if he's responsibly disclosed it. I suppose he's hacking rather than he's just found a vulnerability.
Don't a ton of legit companies do this all the time? They'll send you a report going, we found 546 problems in your system.
But generally, they're invited, aren't they, to do a penetration test on a company?
Not always.
Certainly Facebook and other big companies have hired people after they've hacked into their systems, haven't they?
Yes, but they've announced a bug bounty.
They've given the rules and they've said, if you find a vulnerability, or you're welcome to do this and do this kind of testing, you're not welcome to do other kinds of testing, but this is the kind of test you can participate in.
And if you do, get in touch with us and then we may, you know, send you a t-shirt or something like that.
They've given the rules and they've said, if you find a vulnerability, or you're welcome to do this and do this kind of testing, you're not welcome to do other kinds of testing, but this is the kind of test you can participate in.
And if you do, get in touch with us and then we may, you know, send you a t-shirt or something like that.
Yeah, but I think they've hired people that have stolen stuff.
And I would argue, I think it depends on his next actions as well.
So if they say, huh, thanks so much, we don't have an opening there, but you know, thanks so much for the information.
And then he then holds them to ransom or advertises to everybody what he's done, or retaliates in some way, then that's the issue.
I don't know if there's much of an issue in saying— If someone came to me and said, "Really love your press release, girl, but there's a mistake here, right?
You made a mistake here in this paragraph. And boy, I could help you in future doing those much better."
So if they say, huh, thanks so much, we don't have an opening there, but you know, thanks so much for the information.
And then he then holds them to ransom or advertises to everybody what he's done, or retaliates in some way, then that's the issue.
I don't know if there's much of an issue in saying— If someone came to me and said, "Really love your press release, girl, but there's a mistake here, right?
You made a mistake here in this paragraph. And boy, I could help you in future doing those much better."
Isn't that how you hired me, Carole?
There you go. But do you know what I mean?
I agree with you. I think it's a grey area, at least based upon the information that we know so far from this press release.
But it does appear the US Department of Justice aren't terribly happy with this chap. And there are some more details what he did. I don't know if this is a 24-hour gym or not.
And I wondered maybe whether he had gained access by—
But it does appear the US Department of Justice aren't terribly happy with this chap. And there are some more details what he did. I don't know if this is a 24-hour gym or not.
And I wondered maybe whether he had gained access by—
Did he break in?
Well, perhaps. Because it turned out the staff at the gym found out shortly afterwards that he'd done some other things.
For instance, he'd deleted his photograph from the gym's database. He had stolen a staff member's name tag.
I don't know if that's something which might have helped him gain access to areas of the gym. And also he reduced his monthly gym membership to just $1 per month.
For instance, he'd deleted his photograph from the gym's database. He had stolen a staff member's name tag.
I don't know if that's something which might have helped him gain access to areas of the gym. And also he reduced his monthly gym membership to just $1 per month.
I think that's allowed. Come on!
That's allowed?
It's expensive, the gym! And those photos are never flattering.
No!
Ransomware. Exactly.
Now, some weeks after sending this email to the company, this chap Kloster is said to have posted an image to social media of what appears to be a screenshot of his desktop computer showing control of the security cameras of the gym.
Now, some weeks after sending this email to the company, this chap Kloster is said to have posted an image to social media of what appears to be a screenshot of his desktop computer showing control of the security cameras of the gym.
Oh, right.
And there's a chatbox window saying, "How to get a company to use your security service." Ah, you see, Graham, I don't know if it's fair that you ask us these questions.
This is a new technique.
Well, this came out months later.
Yeah, no, okay, okay.
But you got us to kind of give our point of view, basically saying this is the information we have, and you're like, oh, and by the way, the gym's not a 24-hour gym.
Did I happen to mention that?
But you got us to kind of give our point of view, basically saying this is the information we have, and you're like, oh, and by the way, the gym's not a 24-hour gym.
Did I happen to mention that?
Well, I don't know. I don't know if it is or not. I don't know if it is or not.
Do you know that he broke in? And do you know that he's gay?
I don't know. I don't know.
Well, okay. Well, I'm glad you don't know, 'cause we don't know.
But okay, but again, I'm not sure about this, right? He posted on social media a screencap of his desktop showing he had control over the security cameras.
You do see vulnerability researchers sometimes sharing information to prove that they had access to a system.
The chatbox says, "How to get a company to use your security service." Again, he's not saying, "I'm gonna screw these guys up," or, "I'm gonna wipe their tapes," or anything, is he?
You do see vulnerability researchers sometimes sharing information to prove that they had access to a system.
The chatbox says, "How to get a company to use your security service." Again, he's not saying, "I'm gonna screw these guys up," or, "I'm gonna wipe their tapes," or anything, is he?
Did he list the gym, the name? Did he name and shame? Don't know, don't know.
The name of the gym has been removed from all of the court documents so far. So I've been through all the indictments.
Because I think, again, that changes things, right?
Because if he identifies the company and says, these guys have a security vulnerability and I cracked in, I think that it tells other baddies that there may be a way for them to access.
Although he was on premise, so, you know.
Because if he identifies the company and says, these guys have a security vulnerability and I cracked in, I think that it tells other baddies that there may be a way for them to access.
Although he was on premise, so, you know.
Also, did he blur the images? What's on the images? I think it's a gray area.
Excellent questions. Yeah, no, I think you're right, because we don't know enough. We haven't had this picture shared with us. We haven't been able to examine it.
We only know what you're telling us, which is probably less than what's available.
I'm telling you everything I know. Everything I know. And here's another thing I haven't told you yet, which is it was now the following month, right?
The month after he sent the email.
So it's May of 2024, and Kloster allegedly entered the premises of another company, a nonprofit organization, into an area that wasn't supposed to be accessible to the general public.
Right? It's beginning to sound a bit shady.
He accessed a computer with internet access, and he's said to have used a boot disk, is how it describes it, to access the computer through various user accounts.
He circumvented its password protection and installed upon this computer a VPN, possibly to maintain access to the company's systems.
The month after he sent the email.
So it's May of 2024, and Kloster allegedly entered the premises of another company, a nonprofit organization, into an area that wasn't supposed to be accessible to the general public.
Right? It's beginning to sound a bit shady.
He accessed a computer with internet access, and he's said to have used a boot disk, is how it describes it, to access the computer through various user accounts.
He circumvented its password protection and installed upon this computer a VPN, possibly to maintain access to the company's systems.
Make them more secure, of course.
Make them more— so yes, he's identifying security holes.
And helping them along in order to help them produce a report. That's illegal though. That's illegal messing around with someone else's system, right? Now he's breaking the law.
Well, it's illegal to access a system. It's not just to fiddle with a system, but to access a system without permission is as well.
So you could argue accessing the camera feed is a breach of computer crime laws.
Anyway, this nonprofit, they say they suffered losses of over $5,000 as a result, trying to remediate this security breach.
And do you remember I told you that when he sent the initial email to the gym, it went from his work email address? Well, the feds have been round to there as well.
And the people who hired him there, they say that he used stolen credit card information from them and used it to purchase, quote, hacking thumb drives.
So on the company, he had a company credit card.
Whether allowed to or not, unclear, and was purchasing potentially tools which could be used maybe as a penetration tester, maybe as a hacker.
So you could argue accessing the camera feed is a breach of computer crime laws.
Anyway, this nonprofit, they say they suffered losses of over $5,000 as a result, trying to remediate this security breach.
And do you remember I told you that when he sent the initial email to the gym, it went from his work email address? Well, the feds have been round to there as well.
And the people who hired him there, they say that he used stolen credit card information from them and used it to purchase, quote, hacking thumb drives.
So on the company, he had a company credit card.
Whether allowed to or not, unclear, and was purchasing potentially tools which could be used maybe as a penetration tester, maybe as a hacker.
Yeah, and the fact that the tool that he used at the gym is not being disclosed, just that perhaps it may be a tool that shouldn't be.
It could have been File Manager. It could have been, who knows what it was, right? It could just have been a command line.
Well, it could have been.
We don't know what it was. So, some lessons here, I think. It's all suspicious. If you go to the gym.
No, it's not.
Late at night.
No, it's not.
If gym is closed and you break in, that's a little suspicious.
If there's a 24-hour gym— If you were at Tesco's at 2 in the morning buying diapers, we'd be like, well, that's suspicious.
If there's a 24-hour gym— If you were at Tesco's at 2 in the morning buying diapers, we'd be like, well, that's suspicious.
That would be suspicious. I don't have a child who needs diapers.
No, I meant adult diapers, Graham.
Oh.
That wouldn't be suspicious.
That'd be so predictable. Anna, what have you got for us this week?
Well, Carole and Graham, do you know your heritage?
My heritage? I mean, I know my parents are.
Yes, I think I do. Yes.
Do you?
Go on then, what is it?
I'm a very exotic mix.
Are you?
As you can imagine. Yes. Oh, I'm sure you could have picked that up.
Yes.
I've got a bit of Aldershot in me.
Great.
From Hampshire. Yeah, I've got a bit of that. And my father was born in the Middle East, albeit in one of those sort of imperial British places before we got kicked out.
Right.
So, yes, so, you know, quite exotic.
That is exotic.
Yes.
It's kind of like mine, actually.
I don't think so.
Mine is part English, part Germanic.
You're from Jamaica?
Part Germanic. There's some Danish, Scottish, French.
Ooh.
How do you know this?
So I know this thanks to one of my parents who paid to find out via DNA testing.
Hang on, hang on, hang on. One of your parents, was this your father, perchance, who was interested as to what your origin was? He did a DNA test on you?
Oh my God. Yes, Jeremy Kyle.
Oh, hold the front page. We need this. We need to put you at the start of the show. This is great.
Okay.
All right.
So yeah, did a DNA test to check my heritage.
Right.
But the parent that did this is not the only one, because as we know, many people have sent their saliva off to DNA testing labs.
Do you?
In the hope of finding out more about themselves. And there are loads of these companies.
Can I just say, I have not. I have not.
No, I have not either.
No, because we're sensible, right?
Mm-hmm.
But the problem is that other people inside our family can do it.
Yes.
And maybe reveal something about us.
People didn't think forward about the implications. But anyway, so there's Ancestry, there's MyHeritage, and there's 23andMe, Carole, which you spoke about on a recent show.
And then there is Atlas Biomed. Have you heard of them?
And then there is Atlas Biomed. Have you heard of them?
No.
I've heard of them, but I don't know anything about them.
Right. So I hadn't heard of them, but they're based here in the UK.
Yeah.
Lisa Topping from Essex had heard of them, and she paid about £100 to get a personalised genetic report from them.
Atlas said they could not only tell her about her heritage, but also about diseases and injuries that she might be predisposed to.
Atlas said they could not only tell her about her heritage, but also about diseases and injuries that she might be predisposed to.
Yeah.
I looked at their Instagram posts and there's a lot of talk about learning about your gut microbiome. So I'm guessing this was a popular feature as well.
Yeah, 'cause people wanna know about health issues. That seems to be a really big driver.
23andMe were doing the same thing, find out about family traits and get ahead of the illness that you might be facing.
23andMe were doing the same thing, find out about family traits and get ahead of the illness that you might be facing.
Yeah, and keep an eye out.
And they can tell about your gut just from some saliva. You don't have to send them something else. That's impressive.
You don't have to poop in a jar. Is that what you're worried about?
That's what I'm thinking about. Yeah, it's always hard getting the lid on the jam jar afterwards.
I suppose that's how they do DNA tests.
Yes.
Anyway, Lisa got her results through, and at first everything was fine. She couldn't download any of the information, but that seemed normal for Atlas.
But she could access it all online, which she did every so often. Until one day the website didn't work. She tried to contact the company, but there was no answer.
Another customer, Kate Lake, hard to say, sent in her sample but didn't receive anything back. She contacted Atlas and they said they'd send her a refund, but that didn't arrive.
In fact, the company appears to have done a complete vanishing act.
But she could access it all online, which she did every so often. Until one day the website didn't work. She tried to contact the company, but there was no answer.
Another customer, Kate Lake, hard to say, sent in her sample but didn't receive anything back. She contacted Atlas and they said they'd send her a refund, but that didn't arrive.
In fact, the company appears to have done a complete vanishing act.
So how long was this company around for?
Quite a long time. I'm not sure exactly, but years.
Yeah.
Okay.
So it was established. It wasn't just a pop-up, pop away.
Yeah. And it looks from their social media, it looks like they were using influencers. It's quite glossy and shiny what they were posting.
If they're charging £100, I mean, you would hope it would be quite a luxurious service and you would have an expectation. Well, because it's a lot of money.
Because Carole, frankly, you could send me some of your spit and I'll say, "Oh yeah, you seem a bit Canadian to me. Maybe a little bit—" Yeah, okay.
Because Carole, frankly, you could send me some of your spit and I'll say, "Oh yeah, you seem a bit Canadian to me. Maybe a little bit—" Yeah, okay.
Thanks.
"—wherever else." You know, I could do that. But, you know, if there are proper scientists in white coats, you know, it's— Yeah.
Anyway, you would expect the service to be up and running for £100. You'd expect a quality service, I would hope.
Anyway, you would expect the service to be up and running for £100. You'd expect a quality service, I would hope.
But now, no, not at all. Their website's down. They haven't posted on social media since June 2023. And their accounts haven't been submitted to Companies House. Nothing.
According to the BBC, who wrote about this story, Atlas Biomed appears to have links to Russia.
Two of its officers are listed at the same address in Moscow, along with a Russian— What? Yeah. Along with a Russian billionaire.
According to the BBC, who wrote about this story, Atlas Biomed appears to have links to Russia.
Two of its officers are listed at the same address in Moscow, along with a Russian— What? Yeah. Along with a Russian billionaire.
At the FSB headquarters. Exactly. Two officers.
Of the company. Yeah, so the Russian billionaire is a resigned director for Atlas. I mean, we can't speculate on what those ties to Russia are, but we do know—
Oh, I think we can speculate. We can speculate. We'd quite happily speculate as to what's going on here.
I don't think you can do that based on where it's based.
You don't know who's in it. Yeah.
No, we can't reasonably, but we can unreasonably speculate is what I'm saying.
That's what Graham does regularly, yeah.
But we do know that whatever the ties are to Russia, it's not just the company that's disappeared, it's also all the customers' DNA data, of course.
And that is the most valuable data. It's literally what makes you you. I work for an American company.
There's often talk about Social Security numbers that are breached, and they're a nightmare because you only have one, but they actually can be changed. It's just a massive faff.
DNA can't. And even if you give it to a company, it doesn't disappear like Atlas or isn't breached like 23andMe.
You're still trusting that data to a company and hoping that their security and privacy and ethics hold up because you don't know what they'll do with it or what the future holds.
Because we are looking at a future where health insurers put a higher premium on those with predispositions to certain diseases.
Drug makers could target us with ads for ailments that we might have, but we haven't even spoken to a doctor about.
And that is the most valuable data. It's literally what makes you you. I work for an American company.
There's often talk about Social Security numbers that are breached, and they're a nightmare because you only have one, but they actually can be changed. It's just a massive faff.
DNA can't. And even if you give it to a company, it doesn't disappear like Atlas or isn't breached like 23andMe.
You're still trusting that data to a company and hoping that their security and privacy and ethics hold up because you don't know what they'll do with it or what the future holds.
Because we are looking at a future where health insurers put a higher premium on those with predispositions to certain diseases.
Drug makers could target us with ads for ailments that we might have, but we haven't even spoken to a doctor about.
And millions of people have done this, right? Yeah. Millions of people with a myriad of different companies.
Yes. And law enforcement's already using DNA data. And it doesn't even need to be your own DNA data.
It could be your close relative's DNA data that, you know, if you've committed the crime, it could be then matched to you.
And we don't all know all the implications because we don't know what the future holds, so—
It could be your close relative's DNA data that, you know, if you've committed the crime, it could be then matched to you.
And we don't all know all the implications because we don't know what the future holds, so—
The good news is, Anna, your father's DNA can't be matched to you. There's no link there, apparently. So do we know how many people have been affected by this?
No, we don't. I don't think it was a huge company. It's not 23andMe, which is obviously massive. But it's still—
So it could have been someone like me just collecting jam jars full of spit and sweat and other bodily fluids.
And writing back, you know, sort of stock, I'll say, oh yes, you appear to be a bit English. Everyone likes to be a bit exotic, don't they?
Say, oh yeah, there appears to be a little bit of Egyptian princess in you or something. Do you think so?
And writing back, you know, sort of stock, I'll say, oh yes, you appear to be a bit English. Everyone likes to be a bit exotic, don't they?
Say, oh yeah, there appears to be a little bit of Egyptian princess in you or something. Do you think so?
Well, I'm a Danish queen. So yeah, yeah, yeah.
Oh, you're related to Marie Antoinette. Carole, what have you got for us this week?
Okay, so this story is about a little hoo-ha going on down under.
Like many countries around the world, Australia's government has voiced concerns about the impact of social media on young people.
And the Aussie powers that be have taken a bold approach to effectively ban under-16s from having accounts on these platforms. Oh, really? Yes. So this was announced just last week.
So they say, "Social media is doing harm to our kids, and I'm calling time on it," said the prime minister. Now, you both are parents, right?
So before we get into any of the meat of this, what's your immediate reaction to— both of your kids are under 16, so cool.
Like many countries around the world, Australia's government has voiced concerns about the impact of social media on young people.
And the Aussie powers that be have taken a bold approach to effectively ban under-16s from having accounts on these platforms. Oh, really? Yes. So this was announced just last week.
So they say, "Social media is doing harm to our kids, and I'm calling time on it," said the prime minister. Now, you both are parents, right?
So before we get into any of the meat of this, what's your immediate reaction to— both of your kids are under 16, so cool.
Yeah, mine are really under 16, they're under 10, and my one hope is that it's all figured out before they get smartphones and social media, because it does terrify me.
It really, really worries me.
I worry about the fact that if they're having a horrible time at school, they won't be able to escape it because they will be constantly on social media.
I worry about the effect of AI friends they might make. I worry about bullying. There's so much. Yeah.
It really, really worries me.
I worry about the fact that if they're having a horrible time at school, they won't be able to escape it because they will be constantly on social media.
I worry about the effect of AI friends they might make. I worry about bullying. There's so much. Yeah.
My child does have a phone and he is on some social media. Does he have a favourite? I would think the one he's on the most is Snapchat.
Apparently it gives you a score as to how many snaps you've received or sent. Oh, does it?
Apparently it gives you a score as to how many snaps you've received or sent. Oh, does it?
So they've gamified the use of it.
Oh, yes. Oh, and it will go up like 5,000 in a day. I'd love that kids weren't using social media. I think it would be fantastic. Yeah.
So the bill that was introduced in Parliament just last week wants to address the concerns about online safety and the negative impact of social media on young people's mental health.
Check. And this approach has backing across political divides. The leaders of all 8 Australian states and mainland territories have unanimously backed the plan.
Opposition party said it would have done the same thing after winning elections due within months if the government hadn't moved first.
Check. And this approach has backing across political divides. The leaders of all 8 Australian states and mainland territories have unanimously backed the plan.
Opposition party said it would have done the same thing after winning elections due within months if the government hadn't moved first.
Yeah, yeah, we would have done that. We'd actually have done that. You just got there before us, but we thought of it too. We thought before you.
Well, no, but that's interesting. They're not saying it's a shit idea. No, no. Yeah, it's kind of sometimes refreshing to hear political rivals singing from the same hymn sheet.
Well, it's not the under-16s who are voting for the political party, is it?
I think that the grumpy old people like myself are the ones who are saying, yes, this is a really bloody good idea.
I think that the grumpy old people like myself are the ones who are saying, yes, this is a really bloody good idea.
And I really want to debate that, because if this law passes, the Aussie legislation will put the social platforms in the financial hot seat if they fail to have bouncers at the digital door, you know, blocking entry to the youth.
So in other words, they need to take reasonable steps to stop people under 16 from creating and holding accounts. Okay, that's all about creating and holding accounts.
And if they fail, they could impose fines up to $50 million Australian or $32 million US for non-compliance. That doesn't feel like very much.
So in other words, they need to take reasonable steps to stop people under 16 from creating and holding accounts. Okay, that's all about creating and holding accounts.
And if they fail, they could impose fines up to $50 million Australian or $32 million US for non-compliance. That doesn't feel like very much.
Not a huge amount for the social media companies maybe, but I guess it would escalate if they continued, you know, if after 6 months they continued to allow under-16s on.
But how are they going to prove it? How are we all going to be uploading our IDs if we haven't already?
Interesting point.
I think they should do a facial scan of yourself. If you have some facial hair.
I look very young, Graham, so. Well.
I think you'd, anyway, so, but maybe it would be something like that. Yeah.
Okay, so to your point, Anna, right, both of you were saying we're concerned effectively, right?
And of course, other countries are trying to figure out ways to mitigate the risk of the evils of social for Gen Z and Alphas.
Like in June this year, 10 US states have passed laws requiring children access to social media be restricted or parental consent gained.
Last year, France introduced legislation to ban children under 15 from accessing online services unless they have parental permission.
And of course, other countries are trying to figure out ways to mitigate the risk of the evils of social for Gen Z and Alphas.
Like in June this year, 10 US states have passed laws requiring children access to social media be restricted or parental consent gained.
Last year, France introduced legislation to ban children under 15 from accessing online services unless they have parental permission.
That's tricky because my son last year really wanted a Switch for Christmas, and he really, really wanted one.
And we thought, okay, fine, you know, it's a nice Christmas present, it's fine, appropriate for his age if we get the right games.
We bought him one, and lots of his friends got one.
One of them didn't, and so the dad actually went out and bought one after Christmas so that his son could be the same as the other boys in his year.
And so it only takes one parent to give in, and then it becomes a snowball effect, because it is hard if one of them's doing something and the others aren't.
You don't want your child to be left behind or be the weirdo.
And we thought, okay, fine, you know, it's a nice Christmas present, it's fine, appropriate for his age if we get the right games.
We bought him one, and lots of his friends got one.
One of them didn't, and so the dad actually went out and bought one after Christmas so that his son could be the same as the other boys in his year.
And so it only takes one parent to give in, and then it becomes a snowball effect, because it is hard if one of them's doing something and the others aren't.
You don't want your child to be left behind or be the weirdo.
Absolutely. And it puts the onus on you to be no, we're not going to be doing that.
So what's interesting is no jurisdiction so far has seemed to have used age verification methods like biometrics or government identification to enforce a social media age cutoff.
These are two methods that are apparently being trialed in Australia. That's not to say that they're going to be implemented, but they're being trialed at this point.
And the other interesting thing is the bill won't stop people under 16 from watching videos on YouTube or seeing content on Facebook.
It's primarily designed to stop them from making accounts. And this means that the wider ecology of anonymous web-based forums including problematic spaces like maybe 4chan.
So what's interesting is no jurisdiction so far has seemed to have used age verification methods like biometrics or government identification to enforce a social media age cutoff.
These are two methods that are apparently being trialed in Australia. That's not to say that they're going to be implemented, but they're being trialed at this point.
And the other interesting thing is the bill won't stop people under 16 from watching videos on YouTube or seeing content on Facebook.
It's primarily designed to stop them from making accounts. And this means that the wider ecology of anonymous web-based forums including problematic spaces like maybe 4chan.
Or even worse than 4chan, they could end up on Twitter.
Hey.
Okay, so let's noodle a few points of contention here that people have brought up.
One of them is this is a world-first proposal to set the highest age limit by any country, apparently. And there's no exception for parental consent.
And there is no exception for preexisting account holders. So who should be boss, parents or government? It's a bit like buying alcohol, isn't it?
One of them is this is a world-first proposal to set the highest age limit by any country, apparently. And there's no exception for parental consent.
And there is no exception for preexisting account holders. So who should be boss, parents or government? It's a bit like buying alcohol, isn't it?
So in the UK, they— when I was younger, I could easily go into pubs, I could go into shops and buy alcohol. No one really— they might have said, are you over 18?
And I'd say, yes, I am. Even now, me, and I'm still very young obviously, but I get asked for ID a lot, especially going into pubs. That once happened to us, Anna.
And I'd say, yes, I am. Even now, me, and I'm still very young obviously, but I get asked for ID a lot, especially going into pubs. That once happened to us, Anna.
It did. You and I were together and we were buying a bottle of champagne for some special occasion, and because you were with me, they would not sell me the champagne.
She had to produce her own ID in order for me to be able to buy it.
She had to produce her own ID in order for me to be able to buy it.
Wow.
They thought you were buying it for your daughter. But the onus is on the staff in the shop and the shops themselves and the pubs, and they get big fines if they don't.
I reckon they just fancied you and wanted to know your name so they could look you up on social media. They didn't think you were underage. They just thought, oh, hello, hello.
Yeah, she probably did think that, the granny that served us. Yes. Crack on, Anna.
I think the onus is on the pubs and the restaurants and the shops, whereas when you give the responsibility to the parents, it's much easier for them to just be a bit more wishy-washy with it.
Yeah. So if it was like drinking and there was no law against, people would maybe tut, but they wouldn't be able to do anything legally. Exactly.
I think it needs to be the companies themselves I think the companies bear a responsibility.
I think there's a parental responsibility as well.
But it is, as Anna describes, extremely hard because the whole nag factor of children and so much, I think, of kids' social interaction these days actually does happen online.
Then, much as it might gall us, then they're not getting together quite as much maybe as we would like to imagine we did when we were kids.
And so, you know, during lockdown, for instance, things like Fortnite were fantastic because it let kids play with each other.
But it is, as Anna describes, extremely hard because the whole nag factor of children and so much, I think, of kids' social interaction these days actually does happen online.
Then, much as it might gall us, then they're not getting together quite as much maybe as we would like to imagine we did when we were kids.
And so, you know, during lockdown, for instance, things like Fortnite were fantastic because it let kids play with each other.
Yeah.
My son would love to watch YouTube Kids, and he'd be allowed to watch YouTube Kids by the companies, but I don't let him watch it because the stuff that is on there is just rubbish.
That has to be a consideration, but I think there needs to be more put in place where it's harder for them to access it in the first place.
My son would love to watch YouTube Kids, and he'd be allowed to watch YouTube Kids by the companies, but I don't let him watch it because the stuff that is on there is just rubbish.
That has to be a consideration, but I think there needs to be more put in place where it's harder for them to access it in the first place.
It's interesting because, of course, not everyone is a fan.
MSD International in Australia say removing the benefits that social media brings will not achieve the government's objective of improving young people's lives and ignores the fact that the harms extend beyond children and young people to marginalized groups and people.
Yeah.
And the Australian Human Rights Commission says, given the potential of these laws to significantly interfere with the rights of children and young people, the commission has serious reservations about the proposed social media.
The appointed cyber czar, Elon Musk, has also publicly poo-pooed it. Of course he has. Yeah, I wonder why.
Seems like a backdoor way to control access to the internet by all Australians.
MSD International in Australia say removing the benefits that social media brings will not achieve the government's objective of improving young people's lives and ignores the fact that the harms extend beyond children and young people to marginalized groups and people.
Yeah.
And the Australian Human Rights Commission says, given the potential of these laws to significantly interfere with the rights of children and young people, the commission has serious reservations about the proposed social media.
The appointed cyber czar, Elon Musk, has also publicly poo-pooed it. Of course he has. Yeah, I wonder why.
Seems like a backdoor way to control access to the internet by all Australians.
So I can understand some of these arguments. I mean, my son, for instance, when he was really very young, he used to enjoy watching history documentaries on YouTube.
They were little cartoon ones which would explain you know, about the kings of England or about various wars and battles which had happened around the world.
And he learned a lot about World War II and, you know, the Napoleonic Wars and things like this. And this wasn't harmful to him. This was his way of educating himself.
And it wasn't just entertaining, it was him learning.
They were little cartoon ones which would explain you know, about the kings of England or about various wars and battles which had happened around the world.
And he learned a lot about World War II and, you know, the Napoleonic Wars and things like this. And this wasn't harmful to him. This was his way of educating himself.
And it wasn't just entertaining, it was him learning.
I wondered about YouTube as well. So listen to this final point here. So the bill is focusing on, they've named Facebook, Instagram, TikTok, Snapchat, and Twitter/X.
Also many more minor platforms and services. I'm sure they'll be able to add to that list as they see fit.
Interestingly, the legislation has an exclusion framework that exempts messaging apps such as WhatsApp, online gaming platforms, and services with the primary purpose of supporting the health and education of end users.
So things like Google Classroom.
So I was watching some of the parliamentary discussion on this, and one of the questions raised was, how do you define a social media platform from, say, a messaging app? Yeah.
And they got specific, why ban Snapchat but not WhatsApp? And there was a little bit of floundering.
But I think I have a reason that I feel fits, but I want to see if you guys have any thoughts.
I mean, the gamification of Snapchat that you mentioned earlier, that's one difference. I've never seen that on WhatsApp.
I don't get awards for sending more messages or less messages.
Also many more minor platforms and services. I'm sure they'll be able to add to that list as they see fit.
Interestingly, the legislation has an exclusion framework that exempts messaging apps such as WhatsApp, online gaming platforms, and services with the primary purpose of supporting the health and education of end users.
So things like Google Classroom.
So I was watching some of the parliamentary discussion on this, and one of the questions raised was, how do you define a social media platform from, say, a messaging app? Yeah.
And they got specific, why ban Snapchat but not WhatsApp? And there was a little bit of floundering.
But I think I have a reason that I feel fits, but I want to see if you guys have any thoughts.
I mean, the gamification of Snapchat that you mentioned earlier, that's one difference. I've never seen that on WhatsApp.
I don't get awards for sending more messages or less messages.
Oh, I'd get a good award I'd be on platinum, baby. I think, well, I don't know enough about how Snapchat works.
Yeah, there's a lot more features and filters and all kinds of stuff.
But one thing that I noticed was that WhatsApp, unless you're in WhatsApp Business, but WhatsApp for consumers doesn't have ads, right?
And Snapchat itself boasts itself to potential advertisers.
I went to their website and it says, "Reach Gen Z and millennials with Snapchat ads." And it says Snapchat reaches 90% of 13 to 24-year-olds population, 25+ countries.
I wondered what about YouTube as well, and the advocacy group that put together the report suggested that YouTube remain accessible to kids, but they remain concerned by young people being able to start their own accounts and upload videos.
I think it's interesting that they're focusing here on accounts, right? Because it's about them being tracked, I suppose. So it's not so much about them seeing content.
But one thing that I noticed was that WhatsApp, unless you're in WhatsApp Business, but WhatsApp for consumers doesn't have ads, right?
And Snapchat itself boasts itself to potential advertisers.
I went to their website and it says, "Reach Gen Z and millennials with Snapchat ads." And it says Snapchat reaches 90% of 13 to 24-year-olds population, 25+ countries.
I wondered what about YouTube as well, and the advocacy group that put together the report suggested that YouTube remain accessible to kids, but they remain concerned by young people being able to start their own accounts and upload videos.
I think it's interesting that they're focusing here on accounts, right? Because it's about them being tracked, I suppose. So it's not so much about them seeing content.
Oh, because they recognize that the creation of an account, the use of your account is a gateway through which potentially a check could be made.
Whereas if you just anonymously go to a website, you were given the analogy of having a bouncer at the door.
Well, the bouncer at the door is at the point where you enter your credentials to log into a site.
Whereas if you just anonymously go to a website, you were given the analogy of having a bouncer at the door.
Well, the bouncer at the door is at the point where you enter your credentials to log into a site.
I mean, obviously they can't stop someone looking over someone's shoulder. That's it. But if you don't have an account for Instagram, for example, you can't see a lot on there.
It'd be brilliant, 'cause you could blame the politicians. It's, "Oh, I'd love you to have the kids.
I'd love you to have the— I'd love you to have it, son." Unfortunately, that evil Prime Minister has prevented it.
I'd love you to have the— I'd love you to have it, son." Unfortunately, that evil Prime Minister has prevented it.
Do zero-day exploits and supply chain attacks keep you up at night? Worry no more. You can harden your security with ThreatLocker.
Imagine taking a proactive deny-by-default approach to cybersecurity, blocking every action, process, and user unless specifically authorized by your team.
ThreatLocker helps you do this and provides a full audit of every action for risk management and compliance.
Onboarding and operation is fully supported by their US-based support team.
Stop the exploitation of trusted applications within your organization to keep you running efficiently and securely.
Worldwide, companies like JetBlue trust ThreatLocker to secure their data and keep their business operations flying high.
To learn more about how ThreatLocker can mitigate unknown threats and ensure compliance for your organization, visit smashingsecurity.com/threatlocker.
That's smashingsecurity.com/threatlocker. And thank you to ThreatLocker for sponsoring the show.
Imagine taking a proactive deny-by-default approach to cybersecurity, blocking every action, process, and user unless specifically authorized by your team.
ThreatLocker helps you do this and provides a full audit of every action for risk management and compliance.
Onboarding and operation is fully supported by their US-based support team.
Stop the exploitation of trusted applications within your organization to keep you running efficiently and securely.
Worldwide, companies like JetBlue trust ThreatLocker to secure their data and keep their business operations flying high.
To learn more about how ThreatLocker can mitigate unknown threats and ensure compliance for your organization, visit smashingsecurity.com/threatlocker.
That's smashingsecurity.com/threatlocker. And thank you to ThreatLocker for sponsoring the show.
Whether you're starting or scaling your company's security program, demonstrating top-notch security practice and establishing trust is more important than ever.
Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money while helping you build customer trust.
Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center, all powered by Vanta AI.
Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to manage risk and prove security in real time. Get $1,000 off Vanta when you go to vanta.com/smashing.
That's vanta.com/smashing for $1,000 off.
Quick question: do your end users always, and I mean always without exception, work on company-owned devices and IT-approved — I didn't think so.
So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices?
Well, 1Password has an answer to this question, and it's called Extended Access Management.
1Password Extended Access Management helps you secure every sign-in at every app on every device because it solves the problems traditional IAM 1Password.com/Smashing.
Go and check it out for yourself at 1Password.com/Smashing. That's 1Password.com/Smashing. And thanks to the folks at 1Password for supporting the show.
And welcome back, and you join us at our favourite part of the show, the part of the show that we like to call Pick of the Week. Pick of the Week.
Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money while helping you build customer trust.
Plus, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center, all powered by Vanta AI.
Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to manage risk and prove security in real time. Get $1,000 off Vanta when you go to vanta.com/smashing.
That's vanta.com/smashing for $1,000 off.
Quick question: do your end users always, and I mean always without exception, work on company-owned devices and IT-approved — I didn't think so.
So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices?
Well, 1Password has an answer to this question, and it's called Extended Access Management.
1Password Extended Access Management helps you secure every sign-in at every app on every device because it solves the problems traditional IAM 1Password.com/Smashing.
Go and check it out for yourself at 1Password.com/Smashing. That's 1Password.com/Smashing. And thanks to the folks at 1Password for supporting the show.
And welcome back, and you join us at our favourite part of the show, the part of the show that we like to call Pick of the Week. Pick of the Week.
Pick of the Week.
Pick of the Week is the part of the show where everyone chooses something they like.
Could be a funny story, a book that they've read, a TV show, movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security-related necessarily.
Could be a funny story, a book that they've read, a TV show, movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security-related necessarily.
Better not be.
Well, my pick of the week this week is not security-related. Excellent. My pick of the week is a bit of a throwback because I don't know if you remember, Carole, back in episode 339.
No. I talked about hobs with knobs and how hobs needed to have knobs. Oh, I— how could I forget?
No. I talked about hobs with knobs and how hobs needed to have knobs. Oh, I— how could I forget?
Can you remind me? Me. Obviously I listen every episode, but let me do it, Graham, just to show how I pay attention to the show.
Okay, let's see, let's see.
Graham was lamenting he had moved house and lamenting that he could not find a hob with knobs because of all the panels and the gizmos, and made a huge 10-minute rant that I probably shortened to as much as I possibly could to save our listeners from the soapbox appeal.
A listener did come back and gave him some advice, I believe.
A listener did come back and gave him some advice, I believe.
I think I found the solution. I recommended it to people. So what happened— a hob, by the way, for the benefit of our American listeners, is a stovetop.
And the problem is that a lot of induction stovetops or induction hobs these days have touch-sensitive controls, and you press them and they don't really work well.
And I just wanted a knob you could turn. Who's getting old, right? Yeah, exactly. I found one with a proper knob. Physical control. And I recommended it in episode 339.
And Carole, who got a little bit annoyed about me going on about my hob so much, with its knobs, said she didn't want to hear about it for at least a year.
And she said, "I'd love you to come back on and tell me how you're getting on." Well, there we go.
And the problem is that a lot of induction stovetops or induction hobs these days have touch-sensitive controls, and you press them and they don't really work well.
And I just wanted a knob you could turn. Who's getting old, right? Yeah, exactly. I found one with a proper knob. Physical control. And I recommended it in episode 339.
And Carole, who got a little bit annoyed about me going on about my hob so much, with its knobs, said she didn't want to hear about it for at least a year.
And she said, "I'd love you to come back on and tell me how you're getting on." Well, there we go.
Okay.
I suspect I did not say "love." I suspect that's a paraphrase of the highest order. But okay.
We could find the clip. Anyway, here we are.
Here we are, and I'm excited.
And I am back with an update. And I have to say that the hob with the knobs was fantastic.
It worked very well and continued to work very well until last month when two of the hobs— it wasn't a problem with the knobs— two of the hobs stopped working, which means that half of my stovetop is no longer working.
It worked very well and continued to work very well until last month when two of the hobs— it wasn't a problem with the knobs— two of the hobs stopped working, which means that half of my stovetop is no longer working.
Oh. Even if you can turn the knobs really easily?
I can turn the knobs, but those two hobs—
So it turns out it's not the knobs that are super important. Oh, interesting.
So, naturally, I contacted the company and said, I've been a great ambassador for your product.
Gold. Hashtag ad.
Yeah, hashtag ad. And hashtag, you know how many followers I have?
And I said, there is a problem with two of your hobs, not with the knobs. They're no longer coming on. I don't understand why. Christmas is coming.
We're going to be making Christmas dinner. And they got back to me and they said, unfortunately, your warranty ran out two weeks ago. So this is not a Pick of the Week.
This is a Nitpick of the Week. You see what I've done here? It's a nitpick because it's about electrical items which fail within days of your warranty running out.
We're going to be making Christmas dinner. And they got back to me and they said, unfortunately, your warranty ran out two weeks ago. So this is not a Pick of the Week.
This is a Nitpick of the Week. You see what I've done here? It's a nitpick because it's about electrical items which fail within days of your warranty running out.
Okay, Graham. Yes. I think good advice for our listeners here is maybe when you're purchasing some white goods that cost a lot of wonga— It didn't cost a lot.
Oh, it didn't cost very much. Interesting. That's the problem, Graham. Oh, so you bought a piece of shit?
Oh, it didn't cost very much. Interesting. That's the problem, Graham. Oh, so you bought a piece of shit?
No, because it was the only one with knobs. It was the only one I was able to find which had knobs.
Can I just say, I have got an induction hob with knobs. And I bought it this time last year. It's a Rangemaster. Hashtag ad.
Oh, and is there any problems with it, Anna? No, there's not.
But it did cost me a lot of money. And that's where you've gone wrong, Graham, because you bought cheap. And you know, if you buy cheap, you buy twice. So that's what you'll be doing.
Maybe you can send me a link, because I could be in the market for a hob with knobs for Christmas.
So the moral of the story, don't buy hobs with knobs unless you listen to Anna.
I could have helped you. I did a lot of research. Anna, what's your pick of the week? Well, so I love a pacey show, a TV show. I loved Ozark, loved Breaking Bad, loved Happy Valley.
Did you watch them?
Did you watch them?
Yep, all three, loved them.
Yeah. Yeah, I watched Breaking Bad and Happy Valley, yep.
Yeah, so I'm always on the lookout for something that will give me that, you know, as you're going to bed, you're like, "Oh, just one more.
I'll just watch one more." That's what I want. So, the latest show I've been enjoying is Day of the Jackal.
I'll just watch one more." That's what I want. So, the latest show I've been enjoying is Day of the Jackal.
Have you heard of it? No, no.
I've seen the movie with Edward Fox. Yeah, so there was a—
That was great.
There was the book and then the film in the '70s. And so this is a remake.
There was a Bruce Willis remake. Oh, was there? I think. I'm sure that was shit.
Hey, can't speak ill of Bruce now.
Yeah, you're not allowed. I don't know why.
Okay, alright, sorry. You can speak ill of him if you want, but it's Eddie Redmayne. And it's a TV show, and he stars as the Jackal. So he's a ruthless assassin who kills people.
And he takes on their identities, and then he becomes them in order to kill more people. But he's a top, high-level assassin. There's an Elon Musk tech guru called UDC.
There's lots of rich people trying to get one over on each other. But what's interesting about this show is that they also show his human side.
So he's a family man, and he appears to love his wife and his baby son.
And he takes on their identities, and then he becomes them in order to kill more people. But he's a top, high-level assassin. There's an Elon Musk tech guru called UDC.
There's lots of rich people trying to get one over on each other. But what's interesting about this show is that they also show his human side.
So he's a family man, and he appears to love his wife and his baby son.
Aw. For goodness' sake. He's an assassin.
Stop going, "Aw." But it is conflicting. It's conflicting.
Yeah, so was Leon, but we all loved him too.
So it becomes a cat and mouse chase between the Jackal and a British intelligence officer, Bianca, as she's trying to hunt him down and stop him.
Oh, this sounds right up my alley actually, and I'm looking for a new show, so I'll watch it. Yeah, what's it on?
It's on Sky. I've been watching it through Sky. It's also on Now TV. Sorry guys, sorry, I'm very rich.
Did you hear that? She's got Now TV, she's got Sky. She's very rich. If only. Will she give you YouTube Kids? No, she won't.
But I did spend a lot of money on my Hobbit nobs. But you can also, I think you can download it from other places, legal places, and it's on Peacock in the US, if you're in the US.
That's my pick of the week.
That's my pick of the week.
Carole, what's your pick of the week?
So last night, one of my girlfriends took me out on a movie date. And this was quite exciting because she has younger kids, so we never go out ever.
And she took me to see the 2024 Palme d'Or winner, a movie called Anora.
Note, Graham, yeah, not Narrowly Missed the Palme d'Or, which we recommend— Graham and I don't recommend for reasons we can talk about another time. But the winner.
Okay, so the premise, just quickly, you've got this Uzbek-American seasoned stripper, Anora.
And she knows all the moves, and she's entrusted by her boss to do the sexy routine for any Russian-speaking clients.
And one day, she meets a kid, or a young adult, called Vanja, the son of a gazillionaire Russian oligarch.
And she dances for him, he swoons, they hit it off à la Pretty Woman, and he turns her life upside down because he is beyond wealthy, completely free, and only 21.
And life is good, you know? And Anora can't believe that she's finally been chosen for this wonderful world. What could go wrong? More than you can imagine is the answer.
This is Cinderella minus— for adults, minus the saccharine ending. But it is a wisecracking whirlwind of a film. It has romance, it has loads of sexy times.
Starts with it right at the beginning. But it has action and comedy gold moments. People were in hysterics in the theater. And it's 2.5 hours long, apparently. But it flew by.
Literally, I was thinking, "Oh, I'm probably about halfway," and the movie was ending. Strong acting, strong direction, strong script.
There's a few cameos our oligarch kid slides into the first scene à la Thom Cruise in— what was it? Risky Business. Risky Business, exactly.
And there's a word-for-word scene that's taken out of Pretty Woman. A cameo for that. So it's genius, and it's a must-see for all adult movie buffs.
And she took me to see the 2024 Palme d'Or winner, a movie called Anora.
Note, Graham, yeah, not Narrowly Missed the Palme d'Or, which we recommend— Graham and I don't recommend for reasons we can talk about another time. But the winner.
Okay, so the premise, just quickly, you've got this Uzbek-American seasoned stripper, Anora.
And she knows all the moves, and she's entrusted by her boss to do the sexy routine for any Russian-speaking clients.
And one day, she meets a kid, or a young adult, called Vanja, the son of a gazillionaire Russian oligarch.
And she dances for him, he swoons, they hit it off à la Pretty Woman, and he turns her life upside down because he is beyond wealthy, completely free, and only 21.
And life is good, you know? And Anora can't believe that she's finally been chosen for this wonderful world. What could go wrong? More than you can imagine is the answer.
This is Cinderella minus— for adults, minus the saccharine ending. But it is a wisecracking whirlwind of a film. It has romance, it has loads of sexy times.
Starts with it right at the beginning. But it has action and comedy gold moments. People were in hysterics in the theater. And it's 2.5 hours long, apparently. But it flew by.
Literally, I was thinking, "Oh, I'm probably about halfway," and the movie was ending. Strong acting, strong direction, strong script.
There's a few cameos our oligarch kid slides into the first scene à la Thom Cruise in— what was it? Risky Business. Risky Business, exactly.
And there's a word-for-word scene that's taken out of Pretty Woman. A cameo for that. So it's genius, and it's a must-see for all adult movie buffs.
Movie buffs. Yes. Movie butts. Yeah.
But this is perhaps not for a first date, okay?
Because there's oodles of erotica.
Maybe it is for a first date.
There's a lot of potty-mouth chatter going on. But yeah. And it has a strong message.
It talks, it kind of flirts with the whole concepts of class wars, gender roles, money, flawed humanity.
It talks, it kind of flirts with the whole concepts of class wars, gender roles, money, flawed humanity.
Oh, yes, yes. All that stuff.
I loved, loved, loved it. So that's Anora, winner of the Palme d'Or, my pick of the week. Go see it if you're over 18.
Well, that just about wraps up the show for this week. Anna, thank you so much for joining us.
I'm sure lots of our listeners would love to find out what you are up to and follow you online. What's the best way for folks to do that?
I'm sure lots of our listeners would love to find out what you are up to and follow you online. What's the best way for folks to do that?
Thank you for having me. I'm still on X, Twitter, @AnnaBrading. I've got my username on Bluesky, but I haven't done anything on it yet. But get me on LinkedIn if you hate X.
And you can find Smashing Security on Bluesky, unlike Twitter, which wouldn't let us have a G. And don't forget to ensure that you never miss another episode.
Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
And huge, huge thank you to our episode sponsors, ThreatLocker, Fanta, and 1Password. And of course, to our wonderful Patreon community.
It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 394 episodes, check out smashingsecurity.com.
It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 394 episodes, check out smashingsecurity.com.
Until next time, cheerio, bye-bye.
Bye. Bye. Bye.
Hosts:
Graham Cluley:
@grahamcluley.com
@
/ grahamcluley
Carole Theriault:
Guest:
Anna Brading – @annabrading
Episode links:
- KC Man Indicted for Computer Hacking – Department of Justice.
- DNA testing company vanishes along with its customers’ genetic data – Malwarebytes.
- DNA firm holding highly sensitive data ‘vanishes’ without warning – BBC News.
- Australia proposes ‘world-leading’ ban on social media for children under 16 – Reuters.
- The government has introduced laws for its social media ban. But key details are still missing – The Conversation.
- Australia’s under-16 social media age ban legislation excludes messaging apps – YouTube.
- Australia’s plan to ban children from social media popular but problematic – PBS News.
- Which Countries Are Considering Social Media Bans For Teens? – Newsweek.
- Graham’s previous encounter with hobs with knobs – Smashing Security.
- “The Day of the Jackal” trailer – YouTube.
- “Anora” trailer – YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management – Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- ThreatLocker – the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!
Support the show:
You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.
Become a Patreon supporter for ad-free episodes and our early-release feed!
Follow us:
Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.
Thanks:
Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
