You could listen to someone or even see them before they answered your phone call. So you would send them a call via FaceTime and you'd be able to listen to what they're doing before they've hit the answer button.

Okay, let's act it out, Graham, right now. Pretend you're calling me. Oh God, it's that fucking asshole again.

Smashing Security, Episode 113: FaceTime, Facebook, Faceplant, with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 113. My name is Graham Cluley.

And I'm Carole Theriault.

Hello, Carole.

Hello, Graham.

Hello. And we're joined this week by a special returning guest. It's John Hawes all the way from AMTSO again, the Anti-Malware Testing Standards Organization.

The worst acronym in the world.

Hey, it's a great name. It's a great name.

Bit cheeky.

Leave our name alone.

It's all right.

I missed that week when they chose the name.

It's just hard to say fast.

Well, Anti-Malware Testing Standards Organization.

It's very good for Eastern European people.

What does AMTSO do?

We encourage and guide people to test better in the security anti-malware space. So we tell people how to do it. We get them to sit down and talk to each other and play nice with each other.

To use today's parlance, are you trying to drain the swamp of crappy reviews?

Exactly. Yes. We're all into swamp draining.

Oh, thank you for draining swamps, John. And thank everyone as well who has joined us on our Reddit page. After we put out the plug in last week's episode, we've had literally hundreds, yes, plural of hundred people joining our Reddit page and chatting with us. And you can join us there as well at smashingsecurity.com/reddit. Hope to see even more of you up there.

Exactly. It's the best place to get a bit of behind-the-scenes information, if anyone actually could care about that.

Now, we've got a fun-packed show, right, Carole? Yeah.

Listen to this. We've got DJ Daddy Cluley covering the FaceTime privacy snafu. Mr. John Hawes digs into Nick Clegg's work duties at Facebook. And yours truly heads to Japan to see how they're prepping for the 2020 Olympics. All this and oodles more coming up in a pretty sweary version of Smashing Security. Are you not running a password manager in your organization? What are you thinking? Check out LastPass Enterprise. Just go to this URL: lastpass.com/smashing. Here you can learn all about what password managers can do for your firm. And you can learn more about LastPass Enterprise. I mean, if you want to solve poor password hygiene, if you fancy securing every password-protected entry point in your business, slide on over to lastpass.com/smashing. I use them, so you should check them out. Hey, Graham? AMTSO.

Yes?

So I've got a problem.

Yes?

I use a cloud service, I put all my files and data up there, and I'm kind of nervous about prying eyes looking at it. Any advice?

Yeah, you've got to encrypt it.

Before I load it up?

Well, I would recommend so, because any file which you put on Dropbox or Google Drive or OneDrive or those other sort of cloud services, it could be accessed by that company or indeed law enforcement. Ransomware or any hacker who broke into your account. So what I would recommend is use a piece of software like Boxcryptor. It's what I run on my computer, and any file before it gets uploaded to those cloud services gets encrypted with my own keys, which I control. So the cloud service itself can't see the contents of the files which I'm putting on the cloud drive. It's all encrypted.

Cool, I'll check it out.

Go to Boxcryptor.com, and thanks to Boxcryptor for supporting the show this week. Now, we are recording this on Tuesday. The episode goes out, most people I think pick it up on Thursday, so things may have changed. I'm just putting this in context because we have breaking news. Ooh. Last night I was tucked up in bed in the wee small hours of the morning with my long johns on and my Womble hot water bottle clutched close to my heart.

What a glorious image that is.

And I felt a little tingle. I felt a tingle in my spider senses.

Oh, are your long johns connected to the internet?

I knew something was not right with the internet. And so I awoke, I turned on my wee little phone, and I saw that the Twitterverse was going bonkers.

As usual.

About a bug which had been found in FaceTime.

Are you sure it was your spider sense and not just your phone going?

But yeah, I turned on Twitter and people were sharing this video. And what people were demonstrating in this video is that you could listen to someone or even see them before they answered your phone call. So you would send them a call via FaceTime and you'd be able to listen to what they're doing before they've hit the answer button.

Okay, let's act it out, Graham, right now.

Right.

Pretend you're calling me. Oh God, it's that fucking asshole again.

You guys.

That could hurt our friendship, man. That could really, that could really damage our budness.

Exactly.

I'd go down a tier, I think.

Right. You'd definitely, yeah, you'd be definitely tier 2 by that point.

So dangerous.

Or if you're having a poop or something and you don't want your camera on and someone's trying to do a camera—

Well, there's all number of embarrassing scenarios. And of course, as people were sharing this video and the instructions on how to do it were really very, very simple indeed. Basically, you sort of added yourself to a group call with the person, and somewhere the Apple logic went bonkers.

I didn't even know you could do group calls on FaceTime.

Yes, you can do group FaceTime in iOS 12.

I didn't know that.

But people were using this to prank each other, and I've actually got a video which you're welcome to take a look at if you wish, of two gentlemen who use it— well, one gentleman uses it to spy on his bro.

Doesn't sound very gentlemanly.

So you can check out the video right now. We'll put it in the show notes as well.

Looking.

And this is a guy who's calling his buddy. He's calling his buddy. That's right. And his buddy doesn't, you know, isn't expecting a call, let's put it that way, because he's otherwise engaged.

Oh, oh, oh.

Is it inappropriate? You good? Okay. I haven't clicked it.

That's a bit rude, Claire.

It's a bit rude.

Okay.

It's a bit rude.

Oh, no.

So to the guy on Reddit who told us he doesn't like our show because he can't listen to it with his 12-year-old son, this is very much not the episode you should be listening to.

I should think within a couple of years his son will know all about this, to be honest, if he doesn't already.

He probably already does.

Anyway, so then it turned out it wasn't just audio. They could actually look at you as well. They could take over the front-facing camera.

Wow.

Now, of course, that's deeply, deeply embarrassing for Apple, right? If you remember at the CES show recently on the West Coast, they were touting privacy very much. They had a great big poster up on the side of a hotel saying, you know, we're basically the privacy company because Google and Facebook keep on getting themselves into a mess. Apple is trying to differentiate itself, isn't it?

Mm-hmm.

So this bug has only really become public knowledge for less than 24 hours at the time of recording. It's hard to tell quite how serious it is. If you were a state-sponsored attacker, for instance, and you wanted to hack into the phone of a leader of a rival country, it doesn't seem like a way to persistently sort of open up a microphone. It's going to be quite a short length of time. It can be a little bit obvious if they haven't turned off their ringtone and suchlike. So it doesn't seem like that kind of scale of thing, but it's still bad.

Oh no, no.

And it's getting huge number of headlines everywhere.

Also, if you know that a major politician keeps their phone on a stand on their desk with lots of important secret documents underneath it.

And what, they're wearing their phone underneath their chin facing down?

No, they've got it on a little stand on their desk so that they can, you know, either watch videos or something. And the camera happens to catch a little glance of the nuclear codes or something?

It could be. I suppose it could be. Could be.

Could be.

I think, don't panic. If you're really worried about this, until Apple pushes out a proper patch, you can just turn off FaceTime if you want to. To be honest, I haven't turned off FaceTime. What Apple has done overnight, probably because they saw the furore which was going on on social media and in the newspapers as this story was breaking, was that they've made changes on their server side. They've effectively disabled group FaceTime calls. I imagine not that many which kind of solves the problem in the short term. I think they handled it very, very quickly. Were you impressed? Yes. But okay, tell me why I'm wrong on that. Well, maybe you shouldn't be quite that impressed. 'Cause at first I was thinking, well, that's quite a good response. I mean, it's obviously embarrassing that the bug was there, but they've responded quite well. Until you do a search on Twitter and what you find out is that over 10 days ago, a 14-year-old kid contacted Apple support multiple times saying that they had found this bug and they wanted it fixed, and Apple never got back to them. Okay. Okay. Yes. You're like the Nell Gwynn, but rather than oranges, you're apples.

Apple is a big company. Who knows who they called at Apple? Media.

Exactly.

Who knows who they called, right? And who knows if that person just was like, oh God, okay, thanks, thanks. I mean, a lot of people must call with those kind of things, that they found something.

Well, at least get back to them and say, can you give us more details? I mean, in these days of bug bounties and serious vulnerabilities happen. And remember, this is Apple, which is all about, well, they're now wishing that they had.

I bet.

They now wish that they had just tweeted about it. And this problem would have been fixed faster. They also, by the way, contacted Fox News, and they never heard back from Fox News either. Oh, which is surprising to me because you would think Fox News are looking for alternative news stories to focus on rather than other things which may be appearing in the headlines. So you'd think they'd want to do that.

But then also, people like Fox News must get a lot of calls from people saying, hey, look what my kid can do with his phone.

Sure.

Which aren't necessarily all going to be great news stories.

Right, but I mean, the people who I think have dropped the ball here are Apple themselves. They should have got back to him. They should have asked for more details. They should at least have acknowledged the bug report. So there's an official bug report which was submitted. They never got any response.

Well, and also they should have noticed the problem in the first place. If it's something that a 14-year-old can spot, surely a team of professional software testers should have been able to spot it.

Well, yeah, because this does seem to keep on happening with Apple, doesn't it? I mean, there've been so many bugs involving the lock screen, for instance, and ways to bypass it and bizarre logic like that. You would think with something like a phone call, there shouldn't be any data transmitted to the other person until you've actually acknowledged, yes, I want this phone call to happen. There shouldn't be any data going back at all, should there?

You should be testing that pretty thoroughly with every release.

Could be embarrassing.

I use FaceTime fairly regularly with some people.

Do you ever have problems with FaceTime, Carole?

Yeah. I do.

Yeah, me too.

One of the things I find is I find it very easy to accidentally call someone. So what happens is I'm thinking in my head, I need to call Graham, right?

Right.

And I put in my passcode, get to FaceTime, and then I forget and I go do something holding my phone. So FaceTime's open on my phone and I end up calling someone who's in San Francisco at 4 in the morning. And then I'm madly trying to get the hang up button to stop bugging them. And it always kind of goes wrong at that point.

And there was that weird thing in a— we actually covered this in a special bonus episode, didn't we? We had a little breakaway behind-the-scenes episode. Do you remember my phone used to call you on FaceTime when I was in the shower? And it didn't matter if it was my shower at home or a shower at a hotel. And I wasn't even close to the phone. I want to stress that.

And I would hear, I'd pick it up and I'd just hear this shh. And I'd go, oh no! Oh God! Oh God!

It wasn't a video call. It was only ever audio, I think.

Thank the Lord!

Have you filed Carole's Contact under Shh.

John, what's your story for us this week?

Well, I wanted to talk a little bit about Nick Clegg.

So I'm gonna go get a cup of tea. Yes, exactly. I'm going to go get a pillow. For those of you who aren't familiar with the obscure end of UK politics of the last 15 years or so, Nick Clegg used to be the leader of the Liberal Democratic Party, basically the third party in a two-party system. So they're always kind of small and feeble. With the Tories, that's right.

Everyone hated them for because, you know, you vote for Party A and they use that to get Party B into power. You're not going to get a lot of friends that way. And they didn't really do anything in the 5 years Clegg was Deputy Prime Minister, but— Well— Really? Did they? What did they do?

Well, I think they put the brakes on things like the Snooper's Charter. And they prevented some of that, you know, which Lib Dems strongly believed was a bad thing and the Conservatives want to push forward.

So they slowed it down a little bit.

Well, unfortunately, you know, politics took a particular turn and we no longer have a coalition government able to stop the Conservatives from doing things like that.

Yeah.

Little bit of politics there.

Anyway, after he was Deputy PM for 5 years, you know, they had another election and by that point everybody hated them. So the whole party pretty much collapsed. They lost all their seats. He lost his seat a couple of years later, 2017. And yeah, my main memory of him is that he was on Desert Island Discs, the BBC show where they interview celebrities about what they would take to a desert island. And his luxury he wanted to take was an unlimited stash of fags.

Cigarettes for our American counterparts.

Yes, don't take that the wrong way.

What was he planning to do then? Make a raft or something? What was his intention?

I don't know. Well, the other thing the Lib Dems were famous for was that

I don't know.

they were very supportive of the legalization of marijuana. So maybe he was hoping that Anyway, that's beside the point. So the real thing is that he there would be other things to smoke on the island. was given a job with Facebook back in October last year, Vice

Head of propaganda, basically.

Yeah, he's their lobbyist. He's there to pester government people and because he knows how to talk to them. So he's the liaison between Facebook and politicians. President of Global Affairs and Communications. So he's basically there.

You know, he is actually quite a good choice to talk about these subjects, particularly in Europe. I mean, he speaks not only English, he speaks Spanish and German and French and Dutch.

Yes, yes. He used to be an MEP and he was in Europe for a long time.

Yeah.

My nephews used to go to school with one of his sons.

No way.

Yeah, I don't know, I can't remember his name, Fernando or something like that, or maybe that was Alan Partridge. But yeah, no, it's something like some sort of Spanishy sort of name.

How very international.

Sorry, slightly off topic.

Anyway, yes, so he started this job in October. He's not been very visible in that role since he was given it. But this last week or so, he's been doing a European tour with Sheryl Sandberg, going around talking to politicians and people like that. And anyway, so he gave a speech the other day as part of this tour to a room full of journalists and policymakers and influencers in Brussels. He spent a lot of time defending the ad-supported role model that Facebook operates.

And Google.

Right. Oh, you know, we could charge for things, but then, you know, all the poor people won't be able to use it. So advertising is much better. And it's how the internet works, I think he said. And also TV and newspapers and things like that. And he talked a little bit about the data economy and how that was a growing thing and how Facebook was a big part of it and it was going to be very useful for the world in the future. Oh, really? He talked a little bit about all the efforts they're making to restrict bad content, terrorism and hate speech and things like that, and particularly fake news, obviously, and fake accounts with all the political shenanigans that have been going on, Cambridge Analytica and all that.

This seems a little flip-floppy from, you know, things like the Snooper's Charter and not supporting it. Doesn't it?

Well, he's got a new job, you know, so he's got to start spinning a new line. That's what he's paid for.

Yeah, you've got to get Fernando through school, you know.

Does anyone have any good faith anymore? Does anyone stand for anything?

I have to say, actually, in his speech he did come across as quite genuine and he was quite flexible. He was saying, look, yes, I admit this is quite bad, but, you know, we're trying to do this about it.

Ooh, fancy title.

And I'm not sure exactly how true it was.

You think Facebook is mending its ways? That's what you think?

No, no. I think he was clearly well chosen as a person to make it look a little cleaner. Yeah, just because he's making—

Because he's going to stench off the pile of doo-doo.

Yeah, yeah, yeah.

Well, look, he can say all he likes, and yes, he is a very nicely presented chap, and he seems like a decent fellow as well, but he alone isn't going to fix Facebook. He's not going to stop all the trolls, the fake accounts, the bad news which is on there, or the offensive material. There's been something in the press in the last week or so about a young woman who killed herself because of all these images of self-harm and so forth, which are still being found on Instagram. If Facebook and its sister companies want to really improve its image, it's got to clean up that stuff.

Well, he did. He talked about that a little bit as well. As always, you know, hiring more people to get more human involvement in the moderation and fact-checking and things like that, and also investing more in machine learning technologies to do it all automatically. So, but what his main point seemed to be throughout all of this was that it shouldn't be down to Facebook to deal with this stuff. Oh, it's the users' problem? No, no, they shouldn't be the ones who decide what the rules should be. Talked about they've set up an independent board to review free speech complaints, they're setting up an operation center on election integrity, but his central theme throughout it all was governments, seriously, you need to be setting some rules about what we can and can't do.

And they're just saying that because they know it's too complicated for governments to do that.

Well, they'll try and it'll take them forever and the bureaucracy is going to take forever. And if they helped, it would go a lot faster. And anyway, this really pisses me off.

And he put a little caveat on that saying, please don't restrict data flow too much because, you know, you'll still damage all kinds of innovation and things like healthcare and stuff where big data is going to be very useful in future.

So we're not suggesting we should damage data flow too much. No, we're just suggesting Facebook. Let's just cut off Facebook at the knees, right? I haven't got a Facebook account. Carole, you're not on Facebook, are you?

No.

John, I can't imagine you're on Facebook either.

I don't spend a lot of time on that. Right.

You know, and Instagram and WhatsApp

You know, he owns 51% of Facebook. So he is properly the owner. Not like Geoff Bezos or anything. He's— no.

and all of those.

So yes, coming back to the financial side, so he very briefly touched on taxation. And in various— there was a few other interviews and stuff he's been doing this last week as well where he got slightly less friendly questioning, and a lot of people obviously brought up the whole tax thing and why Facebook doesn't pay much tax.

If you feed into the Zuckerberg—

And he brought that back to pretty much the same point, saying that, you know, it's not Facebook's job to volunteer to pay tax. You as governments should be fixing this. You should be setting some rules that can handle things like Facebook, which I think is actually true and is correct and is the only possible way forward. And I think should in the long term have a much bigger impact on the internet and security in general, because once governments get together and set some kind of global system that can handle companies the size of Facebook, alongside that you have to also have not just tax regulation but also laws and crime prevention. Because at the moment, if someone attacks someone in America from a computer in Russia via another computer in Japan and steals the money that the American's been keeping in Sweden and transports it off to China, you know, you can't just call your local Bobby. You need the world police to do that.

And okay, and that's a while away. What I'm hearing in what he's saying is we are a company. Our design is to get as much as we can and give out as little as possible. And we do not want to have to do the right thing. Ethically or morally. We want to do the right thing legally. And right now it's a wild west and we want to be free to take advantage of that without getting our wrists slapped.

So, well, but he's also saying, please make sure that at some point you actually implement some kind of—

Yeah.

So Facebook has done a nice little PR exercise here and they've put out some talking points. But for me, the big point is that we do need much better global regulation of the internet and these giant companies, and governments don't want to hear that because it basically means the purpose of a government is to be in charge, and you don't want to admit that you're too small to be in charge of something anymore.

Well, why don't you wait to hear my story and see if you change your mind on that?

Alright then.

It might enlighten you.

Alright, well, Carole, you've teed it up nicely. What's your story for us this week?

Well, for my story we head to Japan. This is the land of deliciously slurpy ramens and sci-fi toilets with built-in butt sprays and dryers. You've been on one of those, haven't you, Cluley?

Not this morning, but yes, in the past.

But whatever your thoughts on Japan, it's a country where people enjoy the fourth largest life expectancy in the world.

That's all that sushi.

Of 84 years. Can you guess, actually, guys, can you guess what might be a country that beats Japan?

Is it like Nepal or something?

Oh, good guess. Nope. Iceland?

Get 3 guesses. Nope.

More than Japan?

Yep. So people live longer than in Japan. There's only one I think you might get.

The Vatican. No, a lot of very old folks there.

So, but you know what, you're on the right, you're on the right, the right path. First one's Monaco, then Hong Kong and Macau. So interesting. You always get interesting facts from me. So Japan is getting its glad rags on and putting on a bit of face slap ahead of the 2019 Rugby World Cup and 2020 Olympics. And all manner of gentrification and improvements are afoot. Two of Japan's biggest 24-hour convenience store chains have said they will stop selling porn magazines ahead of the two world-class events. The stores fear that this could give a negative impression.

Be inconvenient.

People are going to be so disappointed. Darn it.

Well, no, I've been to Japanese convenience stores and they quite often have basically a porn aisle. You get one for a cup of soups and one for, you know, your everyday basics, your milk and eggs and cheese. And then the other one is porn.

Do Olympic athletes tend to go into a convenience store to buy a porn magazine just before?

Graham, I think we're talking about the 20 million tourists that are showing up.

Yes, it's all about—

Oh, I understand.

I understand.

Giving a good impression of the company. They did this. They had a either was it a Winter Olympics or was it World Cup, I think they had there a while ago. I'm not sure this is strictly true. I just heard this from someone I knew out there. They temporarily banned the sale of magic mushrooms during the event, which no one at the time knew that magic mushrooms were even legal in Japan. They kept it very quiet. But while all these foreigners were there, they made it illegal and then they overturned the rule when everyone left.

Yeah.

Now apparently not all bogs are high-class gizmos, right? Thousands of public ones are actually squat loos, where there's a pan or a bowl on the floor.

But you have little footmarks to show you where to put your feet.

What is your obsession with lavatories?

Well, it's interesting. It's interesting because they're concerned that these squat loos will be stressful for tourists. Maybe I'm just thinking—

They are quite stressful.

I would find that stressful. And so they're going to be replaced by Western toilet models.

Okay. Yeah, not the super fancy ones with the dials and the knobs.

Actually, if you had to squat, it must be a really good thigh workout.

It's all poop related.

Yes, I'm teeing it up now. And Japan also wants to improve cybersecurity ahead of these big sporting events. So I took a peek at Japan's 2018 cybersecurity strategy. There's a link in the show notes for anyone interested. And one of the big focus areas is the establishment international delivery model for addressing vulnerabilities in IoT devices. So this is a fancy schmancy way to say we need to figure out a way to fix the growing problem of insecure and vulnerable IoT devices all over the land.

Okay, sounds good.

According to Koji Nakao, government advisor on cybersecurity and guest professor at Yokohama University, so, you know, a knowledgeable dude, one would presume, one of the big reasons that these IoT devices are vulnerable is because they use very simple user IDs and passwords. And he says the typical end user— this sounds very familiar to us here in the West as well— the typical end user has poor knowledge of cybersecurity. They connect and forget, relying on default passwords provided maybe with the device. And he says most people in Japan wouldn't have a clue how to update it. So all these millions of devices connected all around Japan, and they're all holding a ton of information, private and sensitive and all that. And the big worry is that too many of them are vulnerable and they could be compromised by some malicious code or an attacker today or in the future.

Mm-hmm.

So what does a country do when it wants to educate its users on being better with passcodes and user IDs? So you expect them to launch a splashy media campaign, right, on password hygiene. But Japan went a different route entirely. They've approved a rather radical approach to dealing with this problem just this past Friday.

Carole, is there any security

So starting in a few weeks' time, Japan plans to crawl the Japanese internet, hammer away at IoT devices in homes and in offices all around Japan to break in, to break into them. And here's the gist.

content at all in what

Using an exhaustive list of passwords, the National Institute of Information and Communication Technology, NICT, will attempt to break into devices by hammering away at these usernames and passwords.

you're telling us?

Presumably the first thing they're testing there is not whether your password is any good, it's whether your device allows you to try tens of thousands of passwords until it lets you in. Surely it should lock you out after 3 attempts or something.

Webcams and routers is where they want to start, and they plan to attack hundreds of millions of these devices. And when they successfully gain access to the device, the owner will be contacted and advised on how to improve security measures. The researchers at the institute admit that it will potentially be possible that they might unintentionally gain access to webcam images or stored data.

Oh, that's fine.

But they say it would be a violation of the constitutional rights to privacy if those identities were revealed. So note that it doesn't say that they see it, it's just as if they release that information. And the many articles I read on this all include assurances that this is all for the betterment of the country's cybersecurity defenses. Naturally.

Oh, so this sounds a little half-baked.

Thorny little nest of ethics here, isn't there?

First of all, yes, there is the ethical concern of should they even be hacking in at all? Are they going to access other countries' devices? And how will the other country feel if this organized Japanese government effort to access their IoT devices is spotted and how they might respond to that. Maybe not be— well, but how are they going to contact the owners of these devices to tell them to improve their security? How are the owners of these devices going to respond if they are contacted at all, if that's possible? Are they even going to understand what any of this means? It seems weird.

How do you— if someone came to me and said, oh, your webcam allows me to try 10 million passwords before it locks me out. I can't fix that.

Yeah, exactly. That's true. Now, both of you have not mentioned the big question that came to me immediately. I was like, whoa, is this even legal? Is this legal? And apparently it is. So reportedly, a revised law went into effect last November which gives the NICT the authority to gain access to people's devices over a 5-year period.

Yeah, so they were getting ready for this.

No, they've been getting ready for it since they created their Smashing Security strategy in 2018. So all the things you mentioned, Graham, I worry too. How do you know? Who are you gonna contact exactly? And are you just gonna snoop at the information you've accessed to find out the identity so you can contact them? Is that how they're gonna do that? And then aren't they setting a dangerous precedent here? So many people would definitely not want their governments having full access to all their private day-to-day stuff. And why should they? And what if you don't trust your government?

Well, hopefully with most things you can actually log in without them going through all the data that's available in it.

You don't have to sit and watch a webcam for 8 hours to know that. You would imagine that they're logging in, they're accessing the admin panel and maybe they can initiate an update, for instance, a firmware update or something like that, if that is required. But this, it's weird, this sort of resetting the passwords and telling people what—

That's a whole other step. If once they're in there, do they then go and fix any problems themselves?

Right.

Oh, right.

Yeah, yeah, yeah.

From the stuff I've read, I didn't see anything on that. It was all about contacting the owner, but that is another big can of worms. I'm sure that will be eventually how it is that they can go in and just change stuff or remove stuff or add stuff as—

And break stuff.

Yeah.

You get a letter in the post saying, sorry, your password was rubbish. Here is your new one.

Now, the other interesting thing I was thinking about is how do they compel people to care? I was reading all these—

Is the answer magic mushrooms? Is that how we're going to make them care?

Actually, but that's a good point. How is this going to help with their appearance to all these visitors that are coming for the Olympics? You wander around the country.

Connecting to people's Wi-Fi. I don't know, maybe people do. There's 20 million people expected, right?

Yeah, but you don't wander around the country going, oh, this is a rubbish country, all of these webcams have been hacked.

Yeah, it's true. I think it probably might improve the country's overall cybersecurity posture, but I don't think the ends justify the means here at all in my book. I think basically to ensure better privacy and security, we will compromise your privacy and security, and now it's legal for us to do so. And we're doing it in the name of good, so that's okay. So yeah, so while they live the longest, the Japanese, they are not the happiest. They're 56 out of 154, apparently.

That's all the suicides.

Canada's 7th.

So this is another typical segment of Smashing Security. Something has gone terribly wrong with the internet and we're going to grumble about it.

Isn't that what we're here for?

Is that how you've reduced my work? I've put quite a bit of work into this.

I'm sure someone from the Japanese government is listening and they will change this.

I've heard we're big in Japan. Oh, that was in the '80s, wasn't it?

Yeah.

I think we should probably move on. To pick.

I shouldn't sing it yet.

And welcome back. Can you join us on our favorite part of the show? The part of the show that we like to call Pick of the Week.

Pick of the Week.

Pick of the Week.

Pick of the Week is the part.

I like it.

Is the part of the show where everyone choose something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they like. It doesn't have to be security related necessarily.

Oh, no, it should not be.

And my pick of the week this week is a website. Well, actually, first of all, let me ask you, do you remember the '70s and '80s when you turn on the TV and there wouldn't be any programs on? This was certainly true in the UK. We didn't have programs all day long.

Okay.

And there would be something on the screen called teletext, or sometimes called Ceefax. And they had this in different countries around the world. It was beautiful. There's 24 lines of 40 characters. So it's like a blocky sort of pixely game. And it would give you information about the news or the TV listings.

I remember it in the UK. I don't remember it when I was in Canada.

You were probably more advanced in Canada and North America.

You probably had all-night TV.

Yeah, you probably had hockey reruns or something. The website I want to point you towards is called Teletext the World, which is a celebration of teletext.

Okay.

And specifically, it has a feature which I quite enjoyed where you can upload an image and turn it into its teletext version as it would have, because they were remarkably creative on that small palette. I've also included a little link to a YouTube video where you can see— we'll put this in the show notes— you can see some of the incredible things which can be done with teletext. And I've made images of myself and both you, John, and Carole. Well, you've loaded my picture on a random website. Well, you have been converted into teletext on the website via the website's image generator. And with your permission, Carole, with your permission, which wasn't granted, this is a picture which you have put on the Smashing Security website. I will post these on Twitter so people can see your teletext representations.

That's fine. I think my teletext representation is excellent, actually. I really like it.

Yes, these are probably quite good for privacy because no one's ever going to recognize any of these people, right?

Your one is clearly you, John. There's no doubt that is you.

100%. That must just definitely John.

Anyway, I think teletext was fab. I enjoyed checking out this website and being reminded of teletext. And that is why Teletext the World is my pick of the week.

Super.

Nice little pick of the week.

Thank you very much. John, have you got a pick of the week for us?

I have, and I feel quite proud of myself actually, because it kind of connects back to my main story, even though I chose the pick of the week much longer ago than the whole Nick Clegg thing came out.

Is it a Nick Clegg 2019 calendar?

It is not. It has nothing to do with actually Nick Clegg. So I wanted to think a little bit about perspective. You know, sometimes it's important to take a step back, look at the bigger picture and just remember that probably your problems aren't that serious. And I have a few things that I use when I feel the need for a little perspective, which I quite like to share with you. One of them is the Cosmic Eye video. Actually, all of these are quite old. This is from 2012. So I've been dipping in and looking at this every now and again for a long time. It's very famous. It starts with a face and it zooms out and it goes face, person, building, city, country, planet, all the way out to universe and then all the way back in into the eye and then all the way into—

Oh yes, I remember this. It zooms—I'm watching it now. It zooms all the way out into the cosmos and then goes back into this woman's eye.

Yeah. And then all the way down to the size of atoms and things like that. Which is very fun. It's only about 3 minutes long. I thoroughly recommend it. I have another one called ChronoZoom, which is a time thing. It's an academic project. Again, this is from 2012. Obviously sometime around 2012, I felt the need for a lot of perspective and I looked up a bunch of these things, which I've hung on to ever since. So this one does pretty much the same thing, but with time. So it's laid out various bits of timeline and you can—I recommend going to Humanity, where it shows you the last 5,000 years where we've kind of documented history since we invented writing. And then if you click from that and then go to, I think it's Cosmos, and you watch it zoom out and it shows you how insignificant an amount of time humans have been around. It's kind of super. And then the third one, which is actually my favorite of the three, is a site called Wait But Why. They have a post from, again, from about 5 years ago. It was called Putting Time in Perspective, which is kind of similar to Chronozoom, except that it's much more simple than—

Oh, it's quite fun.

It starts with, you know, a year and then puts that year into the last 30 years. And each time the previous graph shrinks down into the corner of the next one. And it does the same thing. Kind of goes through—

Oh, I like that one, John.

History of humanity.

Yeah.

Yeah. So that's brilliant. And I actually, the whole website, I thoroughly recommend. Their piece on electric cars is amazing.

This is the Wait But Why website.

Yeah, it's really, really good. Again, they don't do stuff very often. I'm not actually sure they're still doing stuff. They typically only put out something every 6 months or something.

But I like in their banner, their banner image, they say new post every sometimes.

Yeah, that's very sweet.

And they're very cute. They have lots of little cute little line drawn cartoons to illustrate things and lots of little graphs and things like that. But they do some amazingly in-depth stuff, which is very recommended.

Cool. Okay, it's bookmarked. Thank you very much.

Your talk about perspective there, John, reminded me of something about perspective as well. Do you remember that Father Ted sketch where Ted speaks small, teaches far away? Yeah, with the cows. Very funny. I've just put the YouTube link in there for you. Right, Carole, what's your pick of the week?

Well, I kind of wanted to do Roger Stone's documentary, Get Me Roger Stone, because of everything that's been going on politically in the past few days with respect to the Nixon lover. But I think you did it already on a previous show.

I have spoken about it before.

Yeah, yeah, yeah, I think it was your pick of the week. So I have another political satirical mockumentary. Well, this is a mockumentary rather than a documentary. Jonathan Pie, and it's called Jonathan Pie's American Pie. Now, Jonathan Pie is not everyone's favorite, but I find him quite edgy and I like him. So, in this show, Jonathan Pie's American Pie, he plays a spoof news reporter. He kind of mashes together, you know, Louis Theroux's Weird Weekends personal deep dive bits and the furious blasphemy from Peter Capaldi in In the Thick of It. And the kind of Steve Coogan suaveness in Alan Partridge. So it's kind of like a mashup of those three, for real. And he pulls it off, I think, quite well. Not everyone thinks so. It's not perfect. But I was really glued to the script, to him, to how he was handling it. And I love how you kept seeing the cameramen behind people. Like, I don't know, there's kind of a behind-the-scenes feel to it that makes it great, I think.

It's easy to create a narrative that Donald Trump is just this orange buffoon. Very easy. Huge mistake. The people who voted for Donald Trump in 2016 are not having buyer's remorse. Sometimes we get fixated on, he can't have said that, the president can't describe African countries as shithole countries.

Yeah.

You know, I mean, the words I've used on air, grabbing people's pussy. I mean, I've never said that not before in my career. Not in your career, not on camera. Plans for election night? Because we're all going to go and have a few beers on, you know, you can join us if you like for election night. What do you think I'm doing?

I'm working.

I'm covering an election. Yeah, of course, sorry. Done well for yourself, John. Done well for yourself. Good to see you, John. Cheers. Cheers. Thanks a lot. Arsehole. What a dick.

You dare dance? Anyway, I say check it out. It's on iPlayer. I've seen it. I quite liked it.

I've seen some very short videos of his, which popped up on Twitter from time to time, often by people who think they were genuine news reports. Yeah, so I think that's how he made a name for himself, wasn't it?

Yeah. That's it.

We're talking about some political things.

I didn't think it was hilarious. And I actually, I found him quite, I didn't like him at all to begin with, but he kind of grew on me through the thing.

And yeah, and that's kind of interesting because I was just thinking when I was covering this, deciding to put it into the Pick of the Week, it's— I was suddenly going, oh, I wonder if satire is going to die because of fake news.

I think satire has died because you just can't send up reality any longer.

The world's too crazy.

And it's such a sad thing because, you know, one of the reasons I moved to England was because you guys were pretty satirically wonderful.

Don't worry, Carole, everything's going to be wonderful. We have a glorious future lying ahead. I just feel sorry for Europe. I just don't know how they're going to cope without the United Kingdom. Poor, poor fellows.

Well, why don't You guys are still welcome to listen to our show no matter what happens. We're here. And that just about wraps it up for this week. Thank you, John, for joining us. you turn off the ringer?

Thanks for having me. You can email .

God, how '90s.

I'm very old school.

That's cool.

Well, you can find us on Twitter @smashinsecurity, no G. Twitter wouldn't allow us to have a G.

You can find us on Reddit at smashingsecurity.com/reddit.

And if you enjoy the show, please tell your pals.

Yeah, you could even leave us a review if you wanted.

That'd be nice.

Thanks to all of you for listening to the show, and thank you to our sponsors, Boxcryptor and LastPass.

Is that it? Are we done?

Right, until next time, cheerio, bye-bye!

Later, bye!

Bye!

Bye!

Excuse me, my phone's ringing. Well, I'm trying to do it without actually answering the phone because I have to pick it up. Someone from France.

It's on the side to answer it.

Hang on, takes a while to turn off. I told them I wasn't free.

No, I'm alright. Are we all following at the moment?

Yes, I'm going to act out. I want to respond to that.

Mm-hmm.

You're going to act out?

I'm going to act out right now.

Right.

Okay.

Okay. I'm ready.

Hang on, they're going to contact the owners and tell them how to improve the security. How will they contact the owner?