Listen early, and ad-free!

178: Office pranks, meat dresses, and robocop dogs

With , ,
May 13, 2020
Read the transcript

Graham shares stories of email storms, Carole describes the steps being taken by firms as they try to coax employees back to the office, and guest Lisa Forte details a hack that has impacted Lady Gaga and other celebrities.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by special guest Lisa Forte.

Visit https://www.smashingsecurity.com/178 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guest: Lisa Forte.

Sponsored By:

Support Smashing Security

Links:

Privacy & Opt-Out: https://redcircle.com/privacy

Transcript +

This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

GRAHAM CLULEY. I think those sort of things can actually bond you together as a company, and you suddenly are chatting with the people in the French office and the New Zealand office, because of course these things go worldwide as well.

CAROLE THERIAULT. Hey Graham, that was a funny joke you made.

GRAHAM CLULEY. The poo poo in the sink.

CAROLE THERIAULT. I like you, Mr Graham. I like you.

ROBOT. Smashing Security, episode 174. 178: Office Pranks, Meat Dresses, and RoboCop Dogs with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 178. My name's Graham Cluley.

CAROLE THERIAULT. 178. I'm Carole Theriault still.

GRAHAM CLULEY. And we are joined this week by a returning guest. It's Lisa Forte. Yay, Lisa Forte!

CAROLE THERIAULT. Yay!

LISA FORTE. Here she is.

CAROLE THERIAULT. Yeah, Lisa, have any news for us? What's been going on?

LISA FORTE. Well, I have managed to tear a calf and get pneumonia in the period of 3 months. So I'm hitting some personal goals.

GRAHAM CLULEY. When you say calf, you mean the lower bit of your leg? You don't mean some sort of biblical sacrifice?

LISA FORTE. No, no, I didn't sacrifice a small cow. Not this week.

CAROLE THERIAULT. Okay. Because we'd have to stop the show right now.

GRAHAM CLULEY. That would be quite upsetting.

CAROLE THERIAULT. We need to discuss this. I'm not sure I'm comfortable.

GRAHAM CLULEY. I saw on Twitter or LinkedIn or something, you've had some encounters with the bovine species, haven't you? You've got some interesting photos. Yeah, they chase me.

LISA FORTE. Me through a field, and then one of them grabbed my rucksack and tried to pull it off my back. So I essentially got mugged by a cow.

CAROLE THERIAULT. I think I'm on the cow side. It's not like she's, you know, walking through your house willy-nilly.

LISA FORTE. That's true.

GRAHAM CLULEY. Carole, what's coming up on the show this week?

CAROLE THERIAULT. Well, first, thanks to this week's sponsors: Oracle, Immersive Labs, and LastPass. Their support helps us give you this show for free. Now, on today's show, Graham talks about Microsoft's new reply-all policy. Lisa tells us what happened when a New York celeb law firm breached, and I'm checking out what things we should expect if we're heading back to the workplace. All this and much more coming up on this episode of Smashing Security.

GRAHAM CLULEY. Now, chums, chums, last week we had on the show Geoff White, didn't we? Technology journalist, investigator extraordinaire, who'd flown all the way to the Philippines to track down Onel de Guzman, the author of the Lovebug. And of course, that was a worm which impacted email systems, clogged them up with love letters. And I think the thing is that although Arnaldo Guzmán, he escaped away with it, didn't he, causing all those problems.

CAROLE THERIAULT. Well, it wasn't illegal in his country, so—

GRAHAM CLULEY. No, no, it wasn't illegal at the time. No, there are no computer crime laws. But it's possible that all of us could launch a similar malicious attack. Maybe not in the form of a worm, but we could easily do something which could clog up an email system and cause it to crumble and make sysadmins pull their hair out at the top of their heads.

CAROLE THERIAULT. Ooh, this sounds new and fangled. What is it?

GRAHAM CLULEY. It's not that new. What I'm talking about are email storms. I'll give you an example of an email storm. Microsoft in 1997, right? Someone at Microsoft—

CAROLE THERIAULT. hello, everybody—

GRAHAM CLULEY. they noticed that they were on a mailing list, a mailing list called Bedlam DL3, and they thought, what on earth is— it hadn't been announced to anyone. Why have I been put on this mailing list? And so they did what any sane person might do, which they sent an email to the mailing list saying, why am I on this mailing list? Please remove me from it.

LISA FORTE. Sounds reasonable.

GRAHAM CLULEY. Sounds reasonable, doesn't it?

CAROLE THERIAULT. This is 23 years ago.

GRAHAM CLULEY. This one? Yes. Okay. 23 years ago.

CAROLE THERIAULT. I just want to talk about how fast, you know, we've been working on this problem. So keep going. 23 years ago, this happened.

GRAHAM CLULEY. Now, unfortunately, There were 25,000 other people at Microsoft on that mailing list. Oh no. And they all got the email saying, why am I on this mailing list? Please remove me from it. And so what happened was one by one, oh no, they hit reply and they said, me too. Can you remove me as well? Now, not all of the 25,000 sent me too. Some of them, when they got to their desks and they saw that they'd been inundated by people saying, "Me too, can you take me off the ban list?" They replied saying, "For God's sake, stop using reply all. You're bogging down the email system. You're idiots." And those messages then went to 25,000 people.

LISA FORTE. Oh my God.

CAROLE THERIAULT. But this is not that surprising. I remember when I worked in an office, this stuff happened all the time.

GRAHAM CLULEY. Daily, I think, in your case, quite often.

CAROLE THERIAULT. Yes, and the IT team had to effectively get rid of the employee all email address and divide it up by countries just to avoid that happening again. So a subsidiary would get hit, but not the entire company.

LISA FORTE. Do you know what? There's two things that send me into an uncontrollable rage: filter coffee and reply all. That is literally the only two things. Everything else I can deal with. Oh.

GRAHAM CLULEY. Lisa, I've got three words to say to you. Hawaii.

LISA FORTE. Un.

GRAHAM CLULEY. Pizza.

LISA FORTE. Oh my god, if you say that to me, I'm off this call now.

GRAHAM CLULEY. There you are. You see, there is something else as well. Anyway, ultimately, Microsoft reckons 15 million emails were sent.

LISA FORTE. It's just ridiculous.

CAROLE THERIAULT. 23 years ago, we knew this was a problem at the company that was one of the— What was it? Biggest tech firm at the time.

GRAHAM CLULEY. It consumed 195 gigabytes of Microsoft's bandwidth. With all the data flowing around its system. Their email system fell over, 'cause it couldn't cope with the load. But they managed to restart it again. Unfortunately, when they restarted the email system, the mail agent started resending some of the messages. And so there was another—

CAROLE THERIAULT. 'Cause it wasn't able to deliver them.

GRAHAM CLULEY. There was another wave of it. They were making t-shirts with Bedlam DL3 on it, And on the back, they'd say, "Me too," and handed them out to people. People were going bonkers. Now, you can read more about this story. Back in 2004, Microsoft blogged about this incident, announcing that they had put measures in place to help prevent something similar happening again.

CAROLE THERIAULT. Mm-hmm. This was in 2004.

GRAHAM CLULEY. That was in 2004. So that's a good 15, 16 years ago.

CAROLE THERIAULT. Okay, so the thing happens, 7 years go past, And they say, "We're gonna actually, we've done something to fix this." Okay, okay, thank you. But they think they're so expert.

GRAHAM CLULEY. Well, no, no, no, maybe they'd done something internally, but they then said they'd done something to Exchange to make Exchange better with this and to make it less likely that something like this. But these sort of things happen all the time. I remember being inside organizations where maybe, for instance, a gentleman's lavatory might be blocked.

CAROLE THERIAULT. That's right. I remember those.

GRAHAM CLULEY. I remember an incident, Carole, you may remember this one as well, where there was, Was it a coat hanger?

CAROLE THERIAULT. No, no, there was people shitting in sinks.

GRAHAM CLULEY. Oh.

LISA FORTE. Where did you work? What institution were you working in?

GRAHAM CLULEY. They've never sponsored us. I think we could name names, Carole. But yes, I think it was— someone had shat in a sink in the— that was actually in the women's loo, wasn't it?

CAROLE THERIAULT. Well, that's— we don't know if they shat there. There was a piece of poo found in the female sinks.

GRAHAM CLULEY. Yeah.

LISA FORTE. Oh my God.

CAROLE THERIAULT. And HR sent an email round. Funnily, that wouldn't— didn't— cause a huge reply-all incident.

GRAHAM CLULEY. No, but you can't help but chip in, can you? When someone— when HR reminds you that you're not supposed to defecate in the sink, please use the lavatories instead, you're almost duty-bound to have a bit of a gag and reply.

CAROLE THERIAULT. You know what the punchline was though? Do you know what the person did?

GRAHAM CLULEY. No, no, no.

CAROLE THERIAULT. You don't know what happened afterwards?

GRAHAM CLULEY. What happened?

CAROLE THERIAULT. Next day, was found in the bin in the girls' loo, stinking. Yeah, a new one. Not the same one.

LISA FORTE. Oh my God.

CAROLE THERIAULT. And I found the HR rep and the CEO's PA in there having a meeting, 'cause I was working late, and they were having a meeting about what to do about it.

GRAHAM CLULEY. You pick it up. No, you pick it up. Get the tongs.

LISA FORTE. Chopsticks?

CAROLE THERIAULT. Okay, excellent.

GRAHAM CLULEY. Okay, so the thing is that sometimes, Sometimes it can be quite fun, I think, 'cause you get these crazy— We had a situation, a place that Carole and I worked, where we were told that jam doughnuts were now to be banned. We couldn't eat jam doughnuts anymore because someone had leaked some jam onto the floor tiles, and it was very expensive.

CAROLE THERIAULT. Carpet floor tiles. So quite an expensive thing to replace, right? The 30 centimetres by 30 centimetres.

LISA FORTE. Is this the same place that had VCs in the sink, or different employer now?

CAROLE THERIAULT. We can't confirm or deny.

LISA FORTE. Wow, you guys have had some careers, I tell you.

GRAHAM CLULEY. Anyway, though, when you get those sort of messages, you have to chip in with some jokes, right? Just to amuse yourself. And so I actually think sometimes these sort of Me Too reply, or will you bloody well stop replying to everything? Stop the madness. I want to die right now if I receive another message like this in my inbox. I think those sort of things can actually bond you together as a company. And you suddenly are chatting with the people in the French office and the New Zealand office, because of course these things go worldwide as well.

CAROLE THERIAULT. Hey Graham, that was a funny joke you made.

GRAHAM CLULEY. The poo poo in the sink.

CAROLE THERIAULT. I like you, Mr. Graham. I like you.

LISA FORTE. That took me a while to work out what was coming out of her mouth for a second. I was like, what is that? Oh, it's an accent.

GRAHAM CLULEY. But it is strange that the French Canadian does the least convincing French accent, isn't it? I know. So, I mean, these things, it's not just a Microsoft problem. Microsoft have, by the way, they were actually hit again last year. They had an email storm, thousands of employees. There was a GitHub notification which went to lots and lots of people. There've been other ones which happened. There was one which happened in the state government of Utah, where it was actually began as just like a Christmas potluck message being sent round, which I think is like a Secret Santa kind of thing, about a white elephant. You had to buy a $5 white elephant gift. It went to everybody. And again, people were just saying, "Please take me off this group. It's bonkers." Even the governor of the state got involved.

LISA FORTE. Oh my God.

CAROLE THERIAULT. I could have fixed all this right back at the beginning. Do you know how I would've done it?

GRAHAM CLULEY. How would you have done it?

CAROLE THERIAULT. Okay, after the bedlam that happened at Microsoft, The next day, I would've talked to the people that make the paperclip. You remember the little paperclip? When it sounds like a little paperclip?

GRAHAM CLULEY. Clippy.

LISA FORTE. Yeah.

CAROLE THERIAULT. Right? And make him show up every time someone pressed reply all and go, "You sure you wanna do that, boss?

LISA FORTE. Are you sure?" Something like that.

CAROLE THERIAULT. Really annoying and irritating.

LISA FORTE. And then it would just go away.

CAROLE THERIAULT. It would've faded in. No one would've done it again.

GRAHAM CLULEY. Do you think you could do that with Clippy's voice, Krowl, rather than your own? Did Clippy have a voice?

CAROLE THERIAULT. That'd be even more irritating.

LISA FORTE. She actually does the Clippy voice better than the French accent, if I'm perfectly honest.

CAROLE THERIAULT. Mon dieu, mon dieu.

GRAHAM CLULEY. Now, the reason why I'm mentioning this is okay, so we've moved on 20+ years, who knows how long. 23. And Microsoft claims that it has now begun to fix the problem properly.

CAROLE THERIAULT. It's fucking embarrassing.

GRAHAM CLULEY. They say that they are rolling out a new reply-all protection feature in Office 365 to prevent email storms, which they call the reply-allpocalypse.

CAROLE THERIAULT. I know, it's the worst. It's the worst name. Are they hashtagging that as well?

GRAHAM CLULEY. I don't know.

LISA FORTE. They're gonna hashtag it. It's gonna happen.

CAROLE THERIAULT. It's so bad.

GRAHAM CLULEY. Apparently at first, they might tweak this later, but initially, they are going to detect 10 reply-all messages, which go to over 5,000 people within 60 minutes. So you can send a couple, but if everyone then says, "For God's sake, stop replying all," which of course is the worst thing to do, and don't even get me onto when people have also got read notifications on their emails, 'cause that sends even more of these things flying around. Well—

LISA FORTE. It's so true.

GRAHAM CLULEY. Well, they will then trigger, and they will block all replies, and they will display some kind of message telling you, I don't really think you should be doing this. This conversation is too busy. So good for them to do it, but a little bit slow. Just a little bit slow, perhaps.

CAROLE THERIAULT. Do you think they're going to have trouble competing with people like Zoom working at this pace? I'm just wondering.

LISA FORTE. Do you know what though? I think it's like, it also happens in WhatsApp groups, doesn't it? When they've added loads of people into a group and then you wake up in the morning and it's like, you have 392 notifications and you're like, oh my God.

CAROLE THERIAULT. Shut off.

GRAHAM CLULEY. Lisa, what's your story for us this week?

LISA FORTE. Graham.

GRAHAM CLULEY. Yes.

LISA FORTE. Imagine this. Put yourself in this position, if you will.

GRAHAM CLULEY. Yes.

LISA FORTE. Imagine you are Lady Gaga. You've just come off stage. You've performed your new single in a full-on meat dress. Please picture it.

GRAHAM CLULEY. I've been to the Waitrose delicatessen counter.

CAROLE THERIAULT. Yep.

LISA FORTE. Yeah, exactly, exactly. You've just flicked your hair over your shoulder, and you find out— that your email and your phone number has been leaked by your lawyer. How would you feel right at that moment?

GRAHAM CLULEY. I would be pissed off because people would be adding me to their WhatsApp groups. I'd be getting unpleasant messages from my fans, civilians. I wouldn't want them getting in touch with me. I'd be annoyed.

LISA FORTE. You'd be flustered in that meat dress.

GRAHAM CLULEY. I would be having a tantrum.

CAROLE THERIAULT. Sweating like a madman.

LISA FORTE. Anyways, so a large New York-based law firm has been breached. And it's believed that the attackers are holding that data to ransom. But a few days ago, they released a sneaky little taster for the public. And this scintillating taste of data, and by taste, I mean like over 700 gigabytes, reads more like a Yellow Pages of who's who of A-list celebrities and big tech companies. And this data includes like contracts, NDAs, phone numbers, email details.

GRAHAM CLULEY. Oh my goodness.

LISA FORTE. Yeah, and they've released only a little bit of data— well, relatively a little bit of data compared to what they actually have hold of— um, for a few of the A-list stars that this law firm represents, such as Lady Gaga, Graham's favorite Nicki Minaj, um, Mary J. Blige. Um, you know, they've also got Facebook, HBO, all these companies and people as clients. So if you're not a client of this law firm, basically you're not famous. Sorry, Graham.

GRAHAM CLULEY. Um, why, why, why?

LISA FORTE. But the law firm pulled down its website over the weekend, uh, in response. And now— and I looked literally 10 minutes ago, um— if you go to gsmlaw.com, they've just got a single holding page where you can't really go anywhere else. Um, and security researchers believe that the attackers have loads, loads more data. And this was basically just to prove to the law firm that they ought to pay the ransom because you know, they're serious, they're going to release this. It's also believed that these people are the same people that attacked Travelex back in January.

CAROLE THERIAULT. Huh.

LISA FORTE. Yep. But I think it really highlights also another issue that law firms, they're sort of a single-point treasure trove of information, right?

GRAHAM CLULEY. Absolutely. I mean, the sheer amount of personal and sensitive information which lawyers have access to is extraordinary. I mean, some of the information you just talked about, like contracts and NDAs, They would have your rider, Lisa, if you're going to go and speak at some conference, you know, about the brown M&Ms being kept out of the bowl, or, you know, it would be all those sort of things, you know, the temperature that you want your trailer to be at.

CAROLE THERIAULT. Yeah, but you surely it wouldn't be all centralized in one big database if you were representing the A-lists, would it?

LISA FORTE. Well, funny story actually, I actually used to be a lawyer. I know, I'm sorry.

CAROLE THERIAULT. Just amazing.

LISA FORTE. Sorry, world. I have repented. So actually, I know that the data you collect is not just like extensive in terms of quantity, but it's also hugely intrusive really, because clients disclose the most intimate details about their lives to their lawyers, because your lawyer is your shield against the world, you know, your shield against lawsuits.

CAROLE THERIAULT. Yes, you can imagine a celeb divorce, for example, and there's a PI investigator involved to try and catch one of them stepping out, and all those pics would be part of that, all that information.

LISA FORTE. Right. Also, one of the clients of this law firm is Mike Tyson. So, I mean, that brings other problems to the lawyers, really.

GRAHAM CLULEY. I'm just wondering if Lady Gaga, when she wore that meat suit, whether she was sponsored by a particular brand of streaky bacon.

CAROLE THERIAULT. What, she got paid by the meat guys to wear it?

LISA FORTE. I love how this show addresses, like, the real hard-hitting issues affecting society.

CAROLE THERIAULT. It's like breakfast TV.

GRAHAM CLULEY. GSMlaw.com. I just went to their website, 'cause you said they'd set a holding. Grubman, Shire, Maiselas, and Sachs. And yeah, they've got nothing up there. But I notice it's an HTTP site. So my browser says not secure.

CAROLE THERIAULT. Jesus.

LISA FORTE. Oh God.

CAROLE THERIAULT. So do we know how this breach happened?

LISA FORTE. Ah. So we don't really know how it happened or what happened, but you'd have thought that because they're New York-based and it was recent, all their staff will be work from home. New York's obviously been hit particularly badly by the coronavirus, so I wonder sort of how spread out that data had actually become as well.

CAROLE THERIAULT. Totally. It's a bit of a nightmare, eh?

LISA FORTE. Yeah.

GRAHAM CLULEY. And if they were hit by the same guys who hit Travelex— Travelex, they got hit by ransomware, wasn't there? And there was— it does sound like Travelex ultimately paid the ransom. They seem to have admitted that now, but they're still doing terribly badly. But I think there was the suggestion that the bad guys had stolen information, so it does sound plausible that they're now being extorted, perhaps, this law firm, for Because they're a law firm, we cannot confirm or deny whether a breach has happened on our premises.

CAROLE THERIAULT. We cannot confirm or deny whether we had any role in playing in this breach.

LISA FORTE. But do you think that they should pay the ransom in this situation if they have all this detail about these famous people? Potentially even their lives could be in danger, right?

CAROLE THERIAULT. They already have the data.

LISA FORTE. That's true. How do you verify?

CAROLE THERIAULT. And how do you—

LISA FORTE. that they're going to delete it? But Travelex did pay, and I think they paid, what, a couple of million? In the end, something like that. It was quite a large sum.

CAROLE THERIAULT. But they might still pay. So do we know how much information they just— you said they released a sneaky taster for the public, so.

LISA FORTE. So the sneaky taster wasn't really, in my opinion, much of a taster because it was like 750 gigabytes of data. So I mean, I don't know how much more there is, but apparently it was only for a few of the A-list stars that were represented. But previously the law firm had advertised that it represents Facebook, HBO, Mike Tyson, and Robert De Niro.

GRAHAM CLULEY. But that suggests to me that maybe the blackmailers, so the criminals who've hacked that law firm, maybe the negotiations for getting their ransom being paid aren't going as well as they hoped. Because I think normally—

CAROLE THERIAULT. Well, they're gonna be pretty good lawyers, I'd imagine.

GRAHAM CLULEY. Well, normally they like to keep it schtum, don't they? They normally, they like to keep it out of the papers, because that actually puts the firms off it. It's like, that's the ultimate threat. What more can you do other than release yet more data?

LISA FORTE. Maybe it's going really slowly because everyone's hitting reply all and no one knows what's going on.

CAROLE THERIAULT. And is it ethical for a journalist to go through all this information and then report on like the private lives of Lady Gaga or any of these people?

LISA FORTE. I kind of feel like they shouldn't have been named in the article though, because if you've got like stalkers or people who are a bit overly enthusiastic, it kind of tips them off that this data is out there in a way that you wouldn't have been otherwise.

CAROLE THERIAULT. Well, cheering us up again, Lisa. Thanks.

LISA FORTE. I always lead with the real cheerful stuff.

GRAHAM CLULEY. But so, I mean, a little bit of advice is whatever the size of your business, chances are that you will be sharing sensitive information with other business partners, which might be lawyers, for instance. And how good and how well are they protected against some of these threats? And sometimes I think the law firm might be the soft touch. They might be where the data can be extricated from. So you might have good security.

CAROLE THERIAULT. Lisa's point is really, really good. Law firms have about as much information as your medical, you know, health firm does. You know, like you share a lot of information, or your shrink. I mean—

LISA FORTE. Yeah, and like not just in a personal capacity, but if you think like, imagine you're a company and you're about to launch, I don't know, a hostile takeover bid or something. There's gonna be some seriously sensitive information that those lawyers have access to. And how much due diligence do you do into the security of that law firm? And we've all imagined Graham Cluley in a meat dress now, so.

CAROLE THERIAULT. Yep, you're welcome, listeners.

LISA FORTE. Hope you've enjoyed this podcast.

GRAHAM CLULEY. And that's why we have the explicit tag on this podcast. Carole, what have you got for us this week?

CAROLE THERIAULT. Okay, so a number of countries are trying out social distancing easing methods. It's such a weird expression. And they're trying to do it in different ways. And the idea, of course, is to get people back to work so that people can provide services for the rest of us and that people can make money to eat and pay rent and stuff like that. So it's a big deal. The problem is this blasted disease is making all this very, very difficult. And for many of us, it's going to fundamentally change everything, like how we get to work, even our relationship with our employers. So in the UK, more workplaces open Wednesday this week. And the advice from the head honchos was a little bit muddled. Wasn't it first, the details were announced on Sunday at 7:00 PM or something like that? Did you guys see it?

GRAHAM CLULEY. Yeah, that's right. Boris went on to, yes. The thing was that journalists in the media had been sort of pre-briefed about the kind of thing which Boris would be announcing. And so the journalists were all ready to discuss various things. And then Boris went on TV and announced some things, that didn't mention other things, or the message got rather garbled, didn't it?

LISA FORTE. We kind of knew where it was going though, because we'd looked at like Italy and Spain and France who have started to, you know, ease the lockdown, and you kind of imagine that he would follow suit to some degree.

CAROLE THERIAULT. Yeah, yeah. Well, the key advice from the UK that I read was basically they're— wear masks. That's a new one for us, isn't it? They haven't mentioned—

LISA FORTE. especially as they said masks don't work initially.

CAROLE THERIAULT. Exactly. Uh, wash your hands, avoid public transport where possible. And if public If transport is a must, then remain 2 metres apart at all times. Now, anyone who's been to Oxford Circus or Piccadilly on the Tube in London, that is going to be a really big nightmare tomorrow. So we're recording this on Tuesday.

GRAHAM CLULEY. Frankly, battery chickens have more room, don't they, than a typical person travelling on the London Underground?

CAROLE THERIAULT. In the olden days, pre-COVID, yeah.

GRAHAM CLULEY. Yeah, you're crammed in like sardines.

CAROLE THERIAULT. Yeah, you'd rather go to a restaurant for 2 hours and miss rush hour.

GRAHAM CLULEY. Yes.

CAROLE THERIAULT. Yeah. So, but basically all over the world, people are trying to figure out how best to manage people when they're outside their homes, right? Now we know we've talked tons about the COVID apps that are being launched everywhere, but Seattle, for example, is blocking off a section of its city so it'll be for residents only. New York is considering closing down 40 miles of streets to widen sidewalks and add bike lanes.

LISA FORTE. Wow.

CAROLE THERIAULT. Singapore has Boston Dynamic robo dogs with cameras in parks.

LISA FORTE. I have to say, those are the most amazing things ever. I am in love with Boston Dynamics.

CAROLE THERIAULT. And I hope one never chases you down.

LISA FORTE. Well, it shouts at people. Did you see? Yes, it like, it goes through the park and starts shouting at people. I mean, I just think that is absolute paradise.

CAROLE THERIAULT. And it's got a camera on it, right?

LISA FORTE. So, uh, that's awesome.

CAROLE THERIAULT. I don't know what— imagine, Graham, you're like sitting there, right, talking to someone, the robot goes, move along, sir, move along. Oh my God, social distancing and all that.

LISA FORTE. Carole, I have an idea. This is how we can get Graham to exercise. Exercise. We buy one of these, we chase after him down the street yelling at him, he'll get his exercise. So if Boston Dynamics are listening, can you drop us a favor and just give us one, please?

CAROLE THERIAULT. Graham, this is how you get famous. This is how— listen to Lisa, listen to Lisa.

LISA FORTE. This is how he's going to become a client of that law firm.

CAROLE THERIAULT. Now employers, of course, have jumped on the bandwagon as well. We're seeing companies set up fever detection and facial recognition camera services. It's all called health tracking tech. That's the term at the moment. That's— now, for example, PopID is one of these. So the system records the date and the time, the employee name, and the temperature. So imagine you go up to this thing, it recognizes your face, logs the time, logs your temperature, and creates a historical log for the employers to be able to check on the worker compliance with all this stuff.

GRAHAM CLULEY. Basically, Hot or Not is what they're, what they're doing with their employees.

CAROLE THERIAULT. Very good.

LISA FORTE. Yeah, I was in the UAE and they had this everywhere, like literally everywhere. Every single hotel, restaurant, uh, like place that you went, it had these cameras. And if you set them off, they pulled you over, they took your temperature manually, and then they did a test, a nose swab for coronavirus. Paris. And I then I came back into the UK and I went through Heathrow and I was like, where is everyone? There is no testing. So it's just like, I just kind of feel that, you know, this is something that's so useful. Maybe it's not foolproof, but I definitely think it helps identify people who you otherwise would be unable to identify.

CAROLE THERIAULT. It's interesting, the whole testing thing. We have to come back to that in a second because basically employees are trying to get around that. They don't have the tests, so they're trying to do other stuff. And this other service called Clear that takes temperatures with a thermal camera and verifies the results of their medical tests for the virus, sharing the results with employers as color-coded scores like green or red. What does that mean? Fire them?

GRAHAM CLULEY. So do you need special cameras to do this kind of thing, or is this something that could be done with an iPhone app or something like that?

CAROLE THERIAULT. Well, I don't think an iPhone app can take your temperature temperature?

GRAHAM CLULEY. Well, I don't know. I mean, they're jolly clever these days.

LISA FORTE. I got to play with one in the UAE, and it was so awesome. It identifies your face, takes a photo of your face, and then it tells you your average body temperature. And you can see through the— The thermal camera will show the hot parts of your body and whatever, and they compare it. And it was very cool. Very cool indeed.

GRAHAM CLULEY. But how have they managed to roll these things out? Quickly in some countries.

CAROLE THERIAULT. Yeah, it took Microsoft 23 years.

GRAHAM CLULEY. But like you said, Heathrow Airport, when Lisa arrived at Heathrow Airport, there was nothing at all. It was like, "Oh, you're coming." Her fans were there.

CAROLE THERIAULT. We know that.

LISA FORTE. We won't get started on that. That's another conversation.

CAROLE THERIAULT. Okay, now here's my issue with it though. What if I were sick? I'm sick, right?

GRAHAM CLULEY. Yes.

CAROLE THERIAULT. And I don't know that I'm sick. Or what if I were pregnant?

GRAHAM CLULEY. Right.

CAROLE THERIAULT. The first person who's going to find out about that stuff is my employer.

LISA FORTE. Would it though?

CAROLE THERIAULT. Just saying, your temperature goes up in some situations like pregnancy and like illness, any illness, but your employer, under this, your employer is going to know before you or your doctor could potentially know. And I don't know if we need to care about that. What are they doing with that data that they're gathering? Like some companies, Subway says it's gathering a lot of data like this, and this is how it's going to try and manage everything. But it's going to dump the data after 30 days.

LISA FORTE. I think this is half the problem with fear generally. Like when anything happens that causes widespread fear and panic, I think you've got to sort of, it's a really difficult balance to work out how much privacy are we willing to sacrifice and is that actually necessary and proportionate, see lawyer talk, necessary and proportionate to the risk that we face. Because actually, you know, privacy, as we know from looking at some other countries, you know, it can be the hardest thing in the world to fight to get back.

GRAHAM CLULEY. Back.

LISA FORTE. So, you know, how easily do we want to give that up?

CAROLE THERIAULT. Some firms— and this is from Ford— they are basically making employees sign, like, read a questionnaire and then agree with these 4 questions, like, have you ever received a confirmed diagnosis for coronavirus in the last 14 days? Have you traveled internationally in the last 14 days? Have you had close contact or cared for someone with? But what, they have to answer that every day?

LISA FORTE. Yeah, exactly.

GRAHAM CLULEY. That's why I'm just wondering, you know, you get your username, password to log into your computer, and now you've got to answer this this 18-questionnaire.

LISA FORTE. That's what I think is so weird about all the testing, and I know you said you're going to come on to that, but like, it gives you like a point in time. Okay, at this present moment in time, no, you don't have the virus, but you could walk down the street and catch the virus straight away. So I'm not really sure, you know, how we sort of manage that really.

CAROLE THERIAULT. Like, how many tests? Exactly, exactly. There's social distancing wristbands and there's immunity badges. This one's quite interesting for employees. So, you know, if employees have developed coronavirus antibodies, they could be wearing a badge or a wristband that basically says, hey, you're cool to work. So everyone's trying to jump on the bandwagon. PwC have a contact tracing app they're developing. Salesforce are working on a new tool called Work.com to help employers safely reopen. And the thing is, a lot of this stuff is very invasive to privacy, but the question is whether it will save lives. And to the point you made earlier, Lisa, a lot of these tools like infrared thermometers and antibody tests, at the moment can be wildly inaccurate, right?

LISA FORTE. Because I, I actually am one of the few people who've had a coronavirus test, and, um, I was told by the person that it was like 68% or 72% or something accurate. So I mean, that's almost 50/50 really.

CAROLE THERIAULT. So you were sick, right? Yeah, you were sick and you got a test.

LISA FORTE. Yeah.

GRAHAM CLULEY. And did you get a badge or anything like that? Were you given a little—

CAROLE THERIAULT. she was stamped.

GRAHAM CLULEY. Was it like taking out a library book? They stamp you with a date and say, as of this date, we think she's all right.

LISA FORTE. She's got a— No, I didn't get any rewards. I didn't even get any chocolate.

GRAHAM CLULEY. Oh, a cup of tea or a biscuit or something is the least you'd expect.

LISA FORTE. Literally, it was just a weird encounter where someone gave me a test on my front door and then that was it.

CAROLE THERIAULT. But if you go back to work, right, and everyone's like wearing gloves and you're getting your temperature taken at all times and everything's being logged and beeped and all this, you might get this false sense of security because it doesn't deal with the problem that people can spread the virus if they don't have a fever.

LISA FORTE. Yeah, especially if the young people, like, they don't even get symptoms sometimes. So how do you manage that?

CAROLE THERIAULT. Exactly.

LISA FORTE. Mm-hmm.

CAROLE THERIAULT. So, and the other issue, of course, is people are trying to capitalize on this, right? Lots of big companies are trying to put tools in place and they're working at record speed. And the concern is obviously the proper considerations for the potential effects, like where are sunset clauses, to use lawyer speak, in all this stuff, right? So, you know, once the data is all collected, collected, can we dump it all? So we need screening is actually what we need, but to your point, right, how many times do you screen people? Can you screen people every time they come into work every morning?

LISA FORTE. And there's a cost as well. There's a cost to this, and a lot of these companies, you know, they've all been hit really hard by the fact they've had to close for months, you know, which obviously wasn't in their business continuity plans. And, you know, I think there's a huge cost to some of this as well that, that's, you know, got to be taken into consideration because a lot of these companies don't have a bottomless pit of money.

CAROLE THERIAULT. No, and they're under pressure from the government to try and make the environment as safe as possible under the conditions that we're currently facing. So that's happening, and no one has all the information right now. We're still discovering it day by day. But personally, I feel like if a company offered free masks, more handwashing facilities, big deep night cleans, and you'd have to reorganize the office to maintain the appropriate distances and all that stuff, it's going to be a big deal. It's going to be hard for companies, and it's going to be hard for employees. It makes sense that lots of employees are actually thinking, you know what, I'd rather stay at home and work from home. If I can.

GRAHAM CLULEY. Yeah.

CAROLE THERIAULT. Lots can't.

GRAHAM CLULEY. Yeah.

CAROLE THERIAULT. Right?

GRAHAM CLULEY. I remember once, I used to briefly be a manager. I had some people who worked for me and I had to— nothing as serious as the coronavirus. We had an issue where we knew one member of the team had particularly bad body odour. I was concerned about this. And so I went around and did a test. I didn't want it to be invasive. I didn't want to draw attention.

CAROLE THERIAULT. A sniff test?

LISA FORTE. Sniff test?

CAROLE THERIAULT. Were you wafting your hand towards your nose like a wine connoisseur, like a sommelier with a clipboard in his hand?

GRAHAM CLULEY. Exactly. I just felt it was my duty as the manager to get to the bottom of this. You know, was it someone visiting our department who deposited their scent, or was it one of the web developers instead? And it's not an easy thing to do, and it's something which has to be done sensitively by someone And I think there's a lot perhaps I could teach companies about how to handle these things appropriately, and sometimes to tell people, go and have a bath or work from home.

CAROLE THERIAULT. I don't think we're gonna have to worry about body odor issues for a while with the 2-meter distance. Well, so if you smell it, you're too close. That should be the t-shirts you should make.

LISA FORTE. Oh my God, that's the new announcement that Boris should make.

CAROLE THERIAULT. Exactly. Yeah, I'm not wearing deodorant. If you could smell me, back the fuck up, people.

GRAHAM CLULEY. Oh my goodness crow, you've just worked it. This is it, this is it. Lisa, Lisa, listen, what the government should do is they They should hand out spray cans, not of deodorant, but odorant. Everyone has to make themselves stink before they leave the house, and then naturally people will keep their distance.

CAROLE THERIAULT. Yeah, but it's all the same stink. It doesn't work, right? Yeah, 'cause otherwise your nose gets used to it. No. That's why your own B.O. doesn't bother you.

GRAHAM CLULEY. Oh, I see. So it has to—

CAROLE THERIAULT. everyone has to just stop using deodorant. Stop washing.

GRAHAM CLULEY. Oh my goodness.

CAROLE THERIAULT. It's such a bad idea.

LISA FORTE. So you have to wash your hands, but you can't shower.

GRAHAM CLULEY. Yep.

LISA FORTE. Yep.

CAROLE THERIAULT. Not your pits.

LISA FORTE. To be honest, I think this will just improve our international reputation as a country.

GRAHAM CLULEY. We'll catch up with the French this way.

LISA FORTE. Yeah, we'll be— we're just— yeah, everyone's gonna think we're awesome. They'll be like, look at the British smashing it.

CAROLE THERIAULT. Yet again, boom.

GRAHAM CLULEY. If you listen to our show regularly, you'll know that hackers never stop innovating. Immersive Labs gives security professionals practical and gamified content to keep pace with the latest threats. Sign up to get instant access to more than 24 hours of free labs and a new lab to try out each week. Latest being their red and blue team labs on the SaltStack vulnerabilities, which were in the news last week. Go check it out at immersive labs.com/smashing security.

CAROLE THERIAULT. Maybe you don't have a single sign-on password manager, or maybe you do and you're not really happy with it. Well, why don't you start a free 14-day trial of LastPass Enterprise? You can manage every access point with integrated single sign-on and password management. Let me tell you about some extra features: central admin dashboard, easy user management, group management, directory integrations, and the list goes on. Check it out at lastpass.com/smashing.

GRAHAM CLULEY. Thanks to the folks at Oracle for sponsoring this week's show. They've produced a new report with KPMG that reveals there's a crisis in confidence caused by a patchwork approach today to security. Ransware, ransomware, ransomware, ransomware, ransomware, ransomware, ransomware, security, misconfigured services, and confusion around cloud security. For instance, 75% of IT pros view the public cloud as more secure than their own data centers, yet 92% don't think they're well prepared to secure public cloud services. Read the report for yourself. Grab it at smashingsecurity.com/oracle-report.

CAROLE THERIAULT. On with the show.

GRAHAM CLULEY. And welcome back. And you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.

CAROLE THERIAULT. Pick of the Week.

LISA FORTE. Pick of the Week.

GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.

CAROLE THERIAULT. Better frickin' not be.

GRAHAM CLULEY. And my Pick of the Week this week is not security-related. It is a documentary which I watched last night. And it is called Into Eternity.

CAROLE THERIAULT. Into Eternity?

GRAHAM CLULEY. Into Eternity.

LISA FORTE. This sounds incredibly deep and philosophical.

GRAHAM CLULEY. Oh yes, exactly. Welcome to my existential void and join me into— This is a movie by Danish director Michael Madsen, who is looking into something called Onkalo. Now Onkalo means in Finnish, cavity. So he is exploring—

LISA FORTE. Where is this going?

GRAHAM CLULEY. So what this is— get your minds out of the gutters, for goodness' sake. This is my pick of the week, not yours. This is all about a nuclear waste dump in Finland called Onkalo. So there's a problem with nuclear waste, it turns out. We hadn't noticed before. But they've realised that nuclear waste, unfortunately, is a byproduct of nuclear power Right? And unfortunately, nuclear waste tends to last about 100,000 years.

CAROLE THERIAULT. They should have called Microsoft in to help with the problem.

LISA FORTE. It's the right timescale for them to come up with a solution as well.

GRAHAM CLULEY. So, they're thinking, what can we do with nuclear waste? Can we put it at the bottom of the sea? Perhaps not such a good idea, because the sea's rather important. We don't want to pollute it. Could we— I was speaking to my wife, I said— and she said, well, why don't they put it up in space?

LISA FORTE. Yes.

GRAHAM CLULEY. Not such a good idea, because what if the spaceship blows up at launch, which sometimes spaceships do?

CAROLE THERIAULT. Oh.

GRAHAM CLULEY. And then you've got loads of nuclear waste everywhere. Makes a great big mess and causes problems.

LISA FORTE. Mm.

GRAHAM CLULEY. So—

LISA FORTE. Hadn't thought of that.

GRAHAM CLULEY. So what the Finns have come up with is Onkalo, which is a great big hole in the ground. And they have been digging for the last, I don't know, 15, 20 years or something, a humongous cave network in this bit of Finland West Finland, which is like gonna be a city-size area. And they are planning to dump all of their nuclear waste into it. And it's absolutely huge, this thing. It's absolutely huge, right? They're gonna dump nuclear waste into it for the next 100 years. They think it has the capacity to store about 100 years' worth of Finland's nuclear waste. 'Cause Finland passed a law which meant they weren't allowed to shove their nuclear waste into other countries, which is quite decent of them.

CAROLE THERIAULT. Them.

GRAHAM CLULEY. So they thought, we're gonna have to deal with it here. And they're putting it all the way underground, deep, deep underground, because that's the area which isn't affected by earthquakes and volcanoes and seismic shifts. But after 100 years, once it's full up, they're gonna concrete over it. But then they have this challenge, which is the waste is gonna last 100,000 years. And in 100,000 years, the world is gonna be a very different place, right? Pyramids have only been around for a few thousand.

CAROLE THERIAULT. Oh, I don't think so. I think it'll be exactly the same. I don't think there'll be any changes at all.

LISA FORTE. I'm with Carole. I don't think—

GRAHAM CLULEY. We'll still have iPhones.

LISA FORTE. It'll be the same.

GRAHAM CLULEY. So, you know, we only hit— the pyramids were only built a few thousand years ago. What's it going to be like in 100,000 years, right? It'll be after an ice age.

CAROLE THERIAULT. I don't think you'll be around.

GRAHAM CLULEY. Well, don't you think, Carole, that we should consider the implications of putting all this really dangerous stuff underground? Because in 100,000 years, someone might dig it up. So the documentary looks at this question of how do we communicate to people in 100,000 years, whatever form those people might be, that they really shouldn't go digging there. And I think that's quite an interesting thought.

CAROLE THERIAULT. Yeah. So I thought about this before, but not from the Finnish point of view. There is a French think tank that was trying to discuss this exact problem. And I seem to remember to somehow genetically modify cats. So if— What? Are you for real?

LISA FORTE. I'm not kidding.

CAROLE THERIAULT. This is what I remember. This is what I remember. And I think it was on the podcast— There's no such thing as a fish. And that— So if a cat got close to the site, it would turn a color.

GRAHAM CLULEY. I'm so— What?

CAROLE THERIAULT. In order to try and communicate that it was dangerous.

GRAHAM CLULEY. This is embarrassing. Crow, do you seriously think that's true?

LISA FORTE. Real.

CAROLE THERIAULT. I'm just saying what I mean. I don't think—

LISA FORTE. This does sound like something I would come up with, to be fair. And I can assure you, because it's come from me, it will not work. It will not work.

GRAHAM CLULEY. Well, please, have you got any other ideas other than the cats which change colour in 100,000 years?

CAROLE THERIAULT. They were gonna get artists—

GRAHAM CLULEY. Is this better or worse than the cat idea before we go any further?

LISA FORTE. Well, I don't know.

CAROLE THERIAULT. You tell me. They were gonna get artists, temporary artists, to decorate the building. And have it be handed down like storytelling from generation to generation. So it would only be there for a few years, the next artist would take it, they would hand it over, and that way it would carry on as long as humanity was around. But it doesn't deal with the whole, what if we weren't around for—

GRAHAM CLULEY. Or indeed the problem of how stories change over thousands and thousands of years and might get rather garbled, and suddenly it becomes there's this incredible treasure at the bottom of this pit, which maybe you want to dig up.

LISA FORTE. Something that both of you are overlooking, that actually humans are no longer around and the world is ruled by cows. Can cows read art?

GRAHAM CLULEY. Could the cows—

LISA FORTE. I'll be exploring this in a new blog piece if anyone's interested.

GRAHAM CLULEY. Could cows change colour as well?

LISA FORTE. Could—

GRAHAM CLULEY. I mean, you could see—

CAROLE THERIAULT. I will look for it. I will look for it. I will look for it.

GRAHAM CLULEY. You're saying that they were suggesting—

CAROLE THERIAULT. I'm saying I heard a podcast about this and I'm remembering it from here, having heard it a few years ago. If I'm right, It's amazing.

GRAHAM CLULEY. So cats would change colour if they went to this particular part of Finland?

CAROLE THERIAULT. It was something about doing what? Genetically modifying cats so the colour, the cats would change like a bright orange or a blight blue. It was like a colour. It was a colour that wasn't in nature. Like they would make you kind of go, what the heck's going on?

LISA FORTE. You are giving Elon Musk ideas here, to be honest. He'll listen to this and go, right, how can we make something—

GRAHAM CLULEY. Because genetically modifying cats, that's definitely not going to go wrong, is it? We'll end up with cats that taste like apples.

CAROLE THERIAULT. No, no, no, no, no.

GRAHAM CLULEY. Taking over.

CAROLE THERIAULT. Well, now that we have robo-dogs, right?

LISA FORTE. I reckon dogs would be a better bet though. They're more controllable.

GRAHAM CLULEY. Cats, you can't trust them. But can I say that Into Eternity is quite a good documentary, which—

CAROLE THERIAULT. Oh, I'm sorry I stole your story with my much more interesting side notes.

LISA FORTE. I agree. No, Carole, you definitely saved it. It was much better.

GRAHAM CLULEY. Lisa, what's your Pick of the Week?

LISA FORTE. Okay, so as some of you may know, I am a mountaineer and I've climbed big mountains around the world.

CAROLE THERIAULT. Mountaineer, vlogger.

LISA FORTE. I love it. I absolutely love it. And I feel at peace when I'm being hit with 70-mile-an-hour winds, icy temperatures, and high-altitude headaches that make hangovers look like a spa day. That's just what I do with my spare time. Anyway, I've been rereading an amazing book called No Way Down by Graham Cluley, and the book is about what is probably one of the worst mountaineering disasters in history where in one night half the climbers on the mountain died. It was absolutely horrific. And it's all set on what is probably the most fearsome and dangerous mountain in the world, which is also the second highest, which is K2, which stands at an impressive 8,600 and something meters. And for those of you who don't know, everything about above 8,000 meters is called, referred to in mountaineering as the death zone because your body actually cannot survive there for really much more than 48 hours. Because there's so little oxygen.

CAROLE THERIAULT. Fun. Sounds so fun.

GRAHAM CLULEY. Sounds fun.

LISA FORTE. I know, it's difficult to explain why I do it in many ways, um, but anyway, I do. Um, and in 2008, this disaster hit K2 where a serac, which is sort of a tower of ice, collapsed. And, um, basically it severed a load of the fixed ropes, which are the only lifeline to all the climbers who were above and in the death zone. Um, and it's a truly unbelievable story that I think is, um, obviously it's tragic, but it's really interesting to see how when human beings are really truly pushed to the limit, the absolute limit of survival, just how amazing they can be. The teamwork and the morale and the bravery is just unbelievable. So, um, definitely go read the book. But if you're, you know, not really inclined to go and read a book about it, Amazon Prime Video actually have a documentary you can watch called The Summit, which is on the exact same topic, and it's really awesome to go watch, um, even if you're not into mountaineering. I just think it's like, it's such an inspiring story of, um, of bravery, really. So, um, yeah, mine is obviously— Graham talked about nuclear waste, I talked about dying high on high-altitude mountains. So hopefully Carole will save the day.

CAROLE THERIAULT. I'll take us home, kids. I'll take us home.

GRAHAM CLULEY. What's your pick of the week?

CAROLE THERIAULT. So my buddy Dan Ring, actually, he was on the show once. He came on the show. I don't remember what episode, but Dan Ring calls me on Friday and he's like, I can't find any good bread anywhere. Show me, he says, show me how to make bread because I make bread and—

GRAHAM CLULEY. Your bread's pretty good, I have to say. Yes, lovely.

CAROLE THERIAULT. Yeah, yeah. And I come from a generation of bread makers. Mom made bread, Gran made bread, everyone made bread. So I do, I help him out. And we did it in 3 15-minute calls over a period of 2 days. And it turns out the problem, the reason I wanted to share this as my pick of the week, 'cause it's actually a recipe, okay? But it turns out that during the lockdown, a lot of people have gotten in on the bread-making bandwagon.

GRAHAM CLULEY. Yes, they have.

CAROLE THERIAULT. And there seems to be a bit of a yeast shortage and a bread flour shortage out there, like seriously. And like for someone like me who's like, normally you never even think about it, you just go pick it up, suddenly it wasn't there, right?

GRAHAM CLULEY. It's like loo paper. Well, it's not like loo paper, but it's—

CAROLE THERIAULT. It's gold, I was gonna say gold, yeah.

GRAHAM CLULEY. Well, I think that's the exchange rate.

CAROLE THERIAULT. Yes, of course.

GRAHAM CLULEY. One loo roll to—

CAROLE THERIAULT. No, you have a lot of gold in your house, though, don't you?

GRAHAM CLULEY. We have about 250 rolls of gold in our house at the moment, yes.

LISA FORTE. Oh, you're one of the Lula hoarders.

CAROLE THERIAULT. Do you know that there was a story in the paper? This guy went back, he had 3,000 rolls of toilet paper, and he went back to the store where he'd bought it. I don't know, whatever. And he says, um, yeah, I'd like to sell these back to you because it turns out I don't really need them. And the guy was like, fuck you, you've ruined my life.

LISA FORTE. That's an arrestable offence, surely.

CAROLE THERIAULT. Yeah, Graham, watch it. Watch it, Graham.

LISA FORTE. Graham, what are you doing?

GRAHAM CLULEY. We explained this last week. It was all— we have a totally valid— No, we couldn't buy a smaller quantity of lavatory paper. And meanwhile, this other service which we had been using to regularly deliver loo paper, we couldn't get onto its website to cancel our order of our monthly delivery of loo paper.

LISA FORTE. Uh-huh.

CAROLE THERIAULT. I can't believe you're hijacking my story again.

GRAHAM CLULEY. Well, it's only because Lisa—

CAROLE THERIAULT. To tell your loo paper story.

GRAHAM CLULEY. Lisa is spreading this scandalous rumor about me when— Well, I don't know if it's scandalous.

CAROLE THERIAULT. Especially if you say it like that, you know it's gonna be outrageous. Too close to the bone.

GRAHAM CLULEY. Scandalous. I'm a victim. I'm a victim of circumstance. And anyway, yeah. That's all gonna get cut out.

CAROLE THERIAULT. Is it? Is it? Anyway, yeast is like gold at the moment. Hard to get a hold of. But don't despair, I'm here, right?

GRAHAM CLULEY. Oh, thank goodness.

CAROLE THERIAULT. I'm going to introduce you to a recipe by Jim Leahy. He became like a bread sensation in New York about 15 years ago. I went to his restaurant. It's awesome. Blah, blah, blah. It's a great, great bread. But what is the best thing about it is you only need a quarter teaspoon of yeast for each loaf, as opposed to a tablespoon per loaf. So you can basically make 10 loaves with the same amount of yeast as you would make a normal loaf. So it's worth making. All you need is a big pot. I'm gonna put the recipes and a video inside the show notes. If you wanna make bread, this is a good one to do.

LISA FORTE. And this is gonna sound like a stupid question, but in what do you make bread?

CAROLE THERIAULT. Well, you can make it anything, but this one you make in like a pot, like a Dutch oven type thing, or like a Le Creuset pot. Oh. Yeah. And you put that in your oven and you get it all hot and then you dump the dough inside and it kind of makes like a little steam oven.

GRAHAM CLULEY. And it's pretty sensational.

CAROLE THERIAULT. Well, look, I put a picture. I put a picture inside the, the show notes of Dan's bread. This is his first loaf ever that he made.

GRAHAM CLULEY. Oh, that's Dan's, is it?

CAROLE THERIAULT. That's Dan's first loaf.

LISA FORTE. Amazing.

CAROLE THERIAULT. Yep, and he's thrilled. So there you go. So all the information that I've given him is there. And if you need expert advice, you can tweet Smashing Security and I'll reply. Graham will make sure of it. Yes.

GRAHAM CLULEY. Fantastic. Well, I think that's terrific. And by the way, if anyone wonders what we mean by the show notes, if your podcast app isn't showing you just go to smashingsecurity.com to this episode, which is 178, and all of our links are listed up there. And that just about wraps it up for the show today. Lisa, I'm sure lots of our listeners would love to follow you online. What is the best way for folks to do that?

LISA FORTE. Um, obviously Twitter, LinkedIn, Instagram. Um, on Twitter I'm @LisaForteUK, and you can read my blog at red-goat.com.

GRAHAM CLULEY. Terrific. And you can follow us on Twitter @SmashInSecurity, no G, Twitter, LastPass, must have a G. And you can also join us on the Smashing Security subreddit. Go and look for us up there. And don't forget, if you don't want to miss another episode, subscribe in your favorite podcast apps such as Apple Podcasts, Spotify, or Pocket Casts.

CAROLE THERIAULT. As always, faithful listeners, thank you. We really wouldn't do this without you. If you weren't there, we would not be doing this. But also a huge thank you to this week's Smashing Security sponsors, Oracle, Immersive Labs, and LastPass. Their support helps us give you this show for free. Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.

GRAHAM CLULEY. Until next time, cheerio. Bye-bye.

CAROLE THERIAULT. Stay safe out there.

LISA FORTE. Ciao.

GRAHAM CLULEY. Wash your freaking hands.

LISA FORTE. Yeah, wash your freaking hands. Don't shower.

CAROLE THERIAULT. Yeah, exactly.

GRAHAM CLULEY. Don't drink bleach. Don't get on the tube. Stop using public transport. Don't drive to Wales for exercise.

CAROLE THERIAULT. But do bike.

GRAHAM CLULEY. Ah, good. Excellent. I think we've done our bit for public safety there. Yep.

-- TRANSCRIPT ENDS --