Hi, this episode of Smashing Security is supported in part by NetSparker. NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them. If you want to automatically check your web applications for cross-site scripting, SQL injection, and other vulnerabilities and coding errors that can leave you and your business exposed, then you need NetSparker. Try it out now by downloading a demo from www.netsparker.com/smashing. Smashing Security, Episode 51: Robots, Romance, Passwords, and Crunchyroll with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 51. My name is Graham Cluley, and I'm joined as always by my good chum and co-host, Carole Theriault. Hello, Carole.

Hello, Graham.

And this week, we are joined by a special guest, a returning special guest.

Yes, we are.

Friend of the show, Maria Varmazis. Hello, Maria, again.

Hello. How is everyone doing?

Happy that you're here.

Oh, well, yeah, I'm just a ray of sunshine.

Didn't want to have to do another one on my own with Graham.

Yeah, we were all locked away on our own. In fact, if you listened last week, we had this rather interesting discussion. I don't know quite how it came up and we got some interesting responses from listeners. Basically, we have opened up Carole's Agony Corner.

Most excellent.

So, which means that we invited people to send in their personal relationship, their sexual problems.

No, you keep going on about sexual.

Especially the sexual problems.

Yeah, Graham keeps going on about sexual. Yeah, so great. Now Maria's on board. Great.

It's voyeuristic. What can I say?

I received some doozies, let me tell you.

Yeah, we did get some interesting responses to that request, didn't we? Some of which I think are unbroadcastable.

Yeah, but some are broadcastable.

Okay.

You can't tease people like that. Now you have to share them.

Well, we are going to share them, but we're going to share them as a bonus B-side at the end of the show.

Okay. So keep listening, hang around until later in the show, and then we will open up the corner. And for those people who are interested, there may not be much security content, but we'll get into that. But right now we are going to get into our security content, the usual part of the show where we each tackle a topic from the week, from the world of computer security and associated industries, things which have caught our eye and caused us to— caused our nostrils to tremble a little bit in interest. So what's wrong with that? It's very hard, Carole, you know, introducing this section of the show.

Being interesting. Yeah.

Being interesting. Yeah.

I know you have trouble with it.

So my topic of the week is I've seen a couple of new surveys which come out in recent days about how passwords are being used in business. And surprise, surprise, it's not good news, chaps. What? I know, it's a shocker, isn't it?

It's never good news when it comes to passwords.

It isn't, is it? So, I mean, one of the reports has come out from LastPass, who of course are a password management tool, and they've found that on average, employees who are using their password management software are juggling 191 passwords. 191! Does that surprise you guys?

Not really. I probably have 500 passwords that I manage.

That sounds low to me.

Yeah.

Oh, I see. So this is — this — we're basically saying my dick is bigger than your dick. Is that what we're doing now? Because I've — because I've looked in my —

Just, number one, I might lose this one. Yeah, one, Maria and I, I don't think are dick carriers.

Don't assume.

Okay, number two, maybe, maybe, just maybe, we have to access a lot of websites and we have unique passwords.

Okay, well, maybe you guys are doing the right thing. I have — I have I've just looked in my password manager. I have —

3.

No, no, no, no, no, no, no.

Password, password, exclamation point, password, exclamation point, hashtag.

I've got 1,175. So I win. I've got the most passwords.

All right, now I'm looking at mine.

But guys, look, okay, okay, you can look up yours, Maria, if you want to. But I would think most people listening, those who aren't using password managers, would be shocked to think that on average people have maybe 200 passwords, let alone 1,175.

Well, we do work in the tech industry as well, so it's probably very different for those that are, you know, hmm.

Here's the thing. Lots of people still haven't jumped aboard the password management bus, right?

Yep.

True. And according to LastPass, although 91% recognize the danger of reusing passwords, so, you know, 9 out of 10, that's not bad, is it? 61% continue to reuse passwords.

Of course.

Tut tut.

Well, of course they do if they don't have a password manager. How are you supposed to remember 191 different passwords?

Well, get a password manager then, right?

Well, that's very nice advice.

It keeps us all employed, doesn't it? I mean, when people reuse their passwords.

That's right. Because, because of course, if you reuse a password, the risk is that one account of yours will be compromised and then the bad guys will reuse those credentials to unlock your other online accounts. You can hear much more about this and how to choose sensible passwords in a previous splinter episode of Smashing Security, which we put out called Passwords.

Yeah.

I think so, imaginatively called that. But it seems to me many people are much more worried about forgetting their password. They're more worried about that than having their accounts hacked.

I have a question for you. Do you think it would be wiser for people to say, "Forget the password," every single time they access and create a new password?

Oh!

As opposed to trying to maintain a password.

Could be a little bit time-consuming, couldn't it?

Yeah.

Well, it's pretty fast these days, really. But yeah, yeah, it would take a bit of time. I'm just — I mean, I wonder if that's a better approach than reusing passwords.

I know some people do that purposely. That is their process. They don't bother. Really? Yeah, they actually go through the process every single time of making a new password.

But if the process involves that particular site emailing you a link to reset your password, then all you have to do is lose control of your email account.

Yeah, but that's how multifactor works as well.

Oh, now you're confusing people because you know what, Carole? According to LastPass, only a quarter of businesses have enabled multifactor authentication on their password vaults.

No way.

So they lock up all their passwords. Tick.

Well done.

We like that. Hopefully they've chosen a good strong password to protect that password vault, but shouldn't they enable two-factor authentication or two-step verification as well?

Oh, heck yes.

Because otherwise they're all going to be tumbling out, aren't they?

That's a unanimous yes from all three of us, I think.

Oh, good.

Rarely do we agree on anything. Yeah, right.

So clearly we can't rely on human beings, can we? I think more companies, and that's what I'm really wanting to talk about is how businesses handle passwords. We've discussed the sort of personal issue before. Companies, I think, need enterprise password management software.

Well, the problem that you haven't actually touched upon yet, maybe you will be, is if a company screws up their passwords and someone gets a hold of them, all our data, the customer data is what's at risk.

Yes.

So we are victims if businesses don't manage passwords properly.

I don't even know what a paper-based logbook is.

You mean literally a book where you write it down? It's a book where you write it down with a biro on paper.

Yes. Yeah.

Wow. It's a collection of Post-it notes stapled together. Correct. Yeah. Yep. It's a big problem. And then Blu Tack to your monitor. I mean, those logbooks aren't gonna get hacked at least, right? But there's always the danger that someone internally will sort of snoop around your desk and think, "Oh, here we go, phone company names." Maybe it's a kid's diary with one of those little locks on it. Yeah. The data just begins to spill out, isn't it?

So secure.

But you know, in some ways, I mean, you have to sort of assess what your risk is, right? So I've got elderly parents-in-law, for instance, right? And there's another survey. I mean, I've spoken about the LastPass one here. And I've tried to get them onto password management software and hasn't really worked. I haven't quite managed to get them to grasp the concept and they struggle with it a bit, even though I think a lot of password management software works quite well. There's another one by an identity management firm called One Identity. They've just surveyed 900 IT security Professionals, and they found— now tell me if this one surprises you— 18%, so around about a fifth of IT security professionals are using paper-based logbooks to manage their privileged admin accounts and their credentials. And so I've kind of said to them, you know what, let's just make sure you have different, good, strong passwords and write them down in this book and put that book on the shelf and don't make it look like it's the password book. You know, because I think pragmatically that's probably the best thing for them, but I don't think that's a great approach for businesses. And I also don't think a great approach for businesses is what apparently 36% are doing, which is they're using spreadsheets. You know, on their desktop or whatever to keep track of these things.

And they're unlocked.

Right.

Giving all the information away, saying, hey, you can, my Gmail, you can access my Gmail at this address with this exact password, cut and paste.

Yeah, if I was a pen tester, that

Yeah.

Oh my gosh.

So there's a lot of bad news here, I think.

would be one of the first files I'd

And maybe most shockingly of all, 46%, I'm sorry to shove out all these numbers at you, But IT security admins, 46%, own up to not changing default admin passwords.

Oh no.

Which just seems like a recipe for disaster, doesn't it?

be looking for, for sure.

What's annoying is a lot of this is really easy to do, right? It's very easy. Get multifactor authentication in place in your place of business. Admins, come on, change your default passwords.

That one's—

Yeah. Because many of the breaches that are taking place, it's the simplest reasons. The bad guys have got hold of your privileged account passwords, right? That's how they gained access to critical data and systems. So don't leave them lying around spreadsheets. Don't leave them lying around in paper logbooks. Get with the beat, people. Right?

Amen!

That's me getting down with the kids! Right there!

Yeah, they're all bopping right now. They're all bopping at you right now.

They're all sock hop with the password managers, you know, like the cool kids.

Both of you guys are using a password manager, right?

Yes.

Yes.

Enthusiastically, yes.

And you've both enabled two-factor authentication, right?

Yes.

Yes.

Oh, I actually believed you then.

I may not have my backups in order, but yeah.

Oh yeah. Graham, just to refer back to that, I am still waiting for you to come over and sort out my backups. Just FYI. I think that was in the summer that you promised to do that. So yeah, just still waiting.

That was in exchange for dinner, wasn't it?

Yeah.

I have to come over and do that.

Did I not feed you? I may not have.

I think you gave me a slice of your sourdough bread. Which was very nice. Nice. Admittedly.

Lucky that. I'm hungry. That sounds great.

Maria, what have you got for us this week?

Well, I'm a bit of a nerd, so I figured I'd go with a topic that's got a very nerdy angle. And so I'm going to talk a little bit about a recent hack on a video distributor called Crunchyroll, which may not be known to everyone. It's basically an anime streaming service that— Oh, yes. For anime, Japanese animations for giant dorks like me. And basically earlier this week, for several hours, their website was actually sending visitors to a malicious clone of their website with a very real-looking banner and a button to download the brand new shiny Crunchy viewer. And of course, many people wanting to get their animation fix were like, okay, this sounds great, I'm gonna do that and download this very innocuous looking EXE file from my trusted video provider.

Surely it is, yes.

Okay, oh, sorry, I've got the punchline too quick. I'm sorry. Okay, back it up. Okay, hold on, surely Crunchyroll

Yeah, but the benefits of Crunchy Viewer are so great. I mean, that's the thing. We're all addicted to updates, aren't we?

Oh yes.

I mean, when my phone tells me there are updates to my apps, I'm like, oh yeah, install those.

You don't even think about it. You just go, yeah, they're telling me to update, of course. I've been told I need to update all the time immediately as soon as the provider tells me to do it.

is a streaming service, not a download?

So I'm gonna do it. So many users, I think it was on a Saturday night or Friday night, which is kind of prime video time.

Prime time for anime viewers.

Anime fans. Maybe hentai as well.

Oh yeah, totally. And there's an EXE file and the users to download it and then run it, on the promise of getting their brand new Crunchyroll viewer. So I think you guys know where I'm going with this. That file was not legitimate. In fact, it was malware of some kind, which people are still trying to figure out what exactly it was.

Right.

And what ended up happening to Crunchyroll was that they had a DNS hijack happen, and basically some malfeasant person got into their Cloudflare configuration and redirected legitimate visitors to an illegitimate version of their website.

Ah, so it wasn't that their website itself got hacked. It was their DNS entries, or at least their Cloudflare configuration. So people entering the name of Crunchyroll's website were taken to a different server entirely.

Correct.

So it looks like Crunchyroll's website has been hacked to the outside world, but technically—

Technically it hasn't.

Technically it's not.

At least that is what Crunchyroll says, but I have no reason right now to dispute that. It does seem to be that that's what happened. All right. Happened around 7 AM local time of some kind—7 AM somewhere. And it was only noticed by Crunchyroll German account at that time, and they put out a warning on their Twitter account. But I believe Crunchyroll is primarily an American service, and Crunchyroll America didn't put out a warning until at least 2 hours after the German account put out a warning. And it was several hours later until the issue was actually finally resolved. So in the meantime, users are kind of on their own. There were threads on Reddit going, hey, I think Crunchyroll is hacked. It's not really clear. There isn't really clear communication. I think somebody in Germany said something, but the official account hasn't said anything. And my favorite was a comment on the Reddit thread where people are reporting something weird was going on, was a user saying, yeah, I downloaded the file and it dawned on me about half a second after I clicked on it, I was like, hang on, I didn't download this. Why the fuck did I click on that? People were figuring out that something was going—something was weird, but they couldn't figure out from official channels what was going on because nobody was telling them. And therein lies the issue that I'm trying to get to.

So how long was this going on for? How long were they being redirected to the bogus site?

That I'm not entirely sure, but it was at least, by judging by when people noticed it on Reddit and other threads, it looks like it was about 4 hours, which is a decent amount of time.

Yeah.

I'm not saying that—

Presumably they weren't getting any traffic during that time.

Yeah.

Right. Yeah. I mean, you would notice, you'd like to think someone would notice because you would expect Crunchyroll in Germany, who are the first ones to sort of go public about it, as it were, with an official statement or a warning to ring up their English-speaking counterparts, wouldn't you? Get that out on the other Twitters there. Guys, guys, you guys have worked in big corporations. You know the drill. Well, because you're German.

Because you may not, you may be a satellite office and you may be exaggerating and it's 2 in the morning for you.

But what you have to do is go to the site and notice, oh, this isn't our site. This is something.

It's pretty plain, exactly.

You're trying to download something else.

Was someone on call? Did someone answer the call right away? Were they able to contact all the people that had the authority to make the decision? It's a Saturday night, remember.

I think that's a complete red herring, because I think any site these days which is online, has an online presence, you have to have someone who you can ring up any time, day or night.

Hey, dude, I agree. I agree with you. I'm just saying we know that they don't do it this way. And this is a really good reason why people need to have an emergency response strategy lined up when things go wrong.

Yes, that's exactly the point I was— thank you, Carole. That was brilliant.

I'm sorry.

But yes, Carole, you nailed it exactly. I mean, the time to figure out your communication strategy in emergency is generally not during the emergency itself, right. So I mean, just a note to anyone, when you're doing your tabletop planning or trying to think about what you do in a crisis, don't forget your communications channels. Somebody needs to be responsible at all hours of the day to put out these notices, and you need to make sure that your customers are informed as soon as possible with the correct information about what's going on in a way that doesn't cause panic.

Commissioner Gordon had the Bat Phone, right? He could do the Bat Signal. If the Penguin was coming in and causing trouble, he knew he could get hold of Burt Ward and the other guy.

Adam West!

Adam West, sorry.

How do you not know Adam West?

How did I not?

He's only the best character on Family Guy.

May he rest in peace. He died recently.

Oh, did he?

Oh.

Bless him.

Now it's really sad.

No, I've ruined everything.

I'm just amazed that you knew Robin, but not Batman.

Graham is an unusual beast.

Oh my goodness.

I probably identified more with Robin than with Batman, to be honest.

The tiny little green pants and the little pixie shoes.

Moving on. Carole, over to you.

Well, I have a rant this week.

Oh, good.

Yeah, I want to talk about Sophia. She's an AI-ish robot. She's built by Hanson Robotics. They're based in Hong Kong. So let me just describe Sophia for those who've not seen her online anywhere. She has a human face and torso. Well, not one scraped off a human corpse, but human-like face. It's made from this stuff called FRUB, or face rubber. I love that name, FRUB. It's the best.

It's not a Robin Williams movie.

FRUB.

But the back of her head is this clear plated hive of cybertech, right?

Not terrifying at all.

Her face has apparently been designed to look like Audrey Hepburn. Oh, actually, Graham, you've always had the hots for Audrey. She must do it for you a bit there, Sophia.

Look, what do you mean I've always had the hots for Audrey? No, look, every man in the world adores Audrey Hepburn, right?

Every woman in the world enjoys her too.

She's graceful and gorgeous and not tacky and not like one of those celebrity TV stars you have on television these days.

Very much like Maria and I.

Exactly, exactly. Absolutely elegant and charming.

I think it's the first time I've ever been compared to Audrey Hepburn in my life.

Thanks, Graham. Oh, there are many similarities. But I mean, to compare this Sophia— I'm looking at this Sophia robot right now. No, she doesn't remind me of Audrey Hepburn at all. OK, OK.

So here's what Hanson, the Sophia creators, say on the website, right? So they say Sophia is an evolving genius machine. Over time, her increasing intelligence and remarkable story will enchant the world, blah, blah, blah, blah. It goes on and goes on. And she became a bit of a celebrity robot last year when, during an interview at South by Southwest, this happened.

Intelligence will evolve to the point where they will truly be our friends. Do you want to destroy humans? Please say no.

Okay, I will destroy humans. What?

Oh my goodness.

I knew it.

Crazy.

This is inevitable.

Yep. Right? So she says yes.

Stephen Hawking's right.

Just saying. I agree with you 100%. Oh, Stephen Hawking. We should talk to him.

Stephen Hawking.

Okay, I have to tell our listeners. One day, this is years ago, Maria and I—

Maria and I, we can't talk about this on the show, Carole.

No, 'cause it's my dirty little secret.

Sorry, there are two of us against you, and we're saying you can't talk about this on the show.

Okay, anyone who wants to know, email .

No, come on.

I'll tell you the story. So Sophia, this time last year, Sophia said yes, that she would destroy humans. But don't worry, she's all better now apparently. She says things like wanting to live peaceably among humans and other stuff like that. So she spent lots— I keep saying she, it's because her name is Sophia, I think, and she looks rather female.

But Sophia, cutoff torso, and who's been— what, the cutoff torso pushed around on a shopping trolley?

Yep, you know, with no back of the head and wires sticking out.

Yeah, totally female, just like Audrey Hepburn in Roman Holiday.

This is how we do it.

So she spent a lot of time this year touring the world. She's attending events and basically showing off her skills and becoming a bit of a cyber celebrity. So she's been on The Tonight Show with Jimmy Fallon, she's been interviewed by 60 Minutes, she's been on Business Insider and Macworld, she's talked to the UN, showed up at the World Economic Forum and the AI for Good Global Summit.

What could she possibly have to say?

I'm sorry. Yes. What are the United Nations doing having this speak and spell come in to go and talk to them? What is the point of that? Aren't there more important things to do in the world than listen to this sort of rubbish?

They're following First Contact protocol.

No, I don't mean this particular rubbish, by the way. I mean the Android thing. Oh God.

But it's our rubbish, Graham.

I'm sure Kofi Annan and Boutros Boutros-Ghali are currently tuned in enjoying Smashing Security.

I know when I read that list, I was like, God, Sophia's just like you, Graham, a total press whore.

All right.

Anyway, I'm getting to the good bit here. I'm getting to the good bit.

Right. Okay.

Okay. So late last month, she was a special guest speaker at the Future Investment Initiative, which was held in Riyadh, Saudi Arabia. So she was interviewed in front of a huge load of conference attendees. And then live on stage, a surprise announcement is made: she is granted full citizenship to Saudi Arabia. And here you can listen to the exchange here.

And we just learned, Sophia, I hope you're listening to me, that you have been now awarded what is going to be the first Saudi citizenship for a robot.

Oh, I would like to thank very much the Kingdom of Saudi Arabia. I am very honored and proud for this unique distinction.

This is historical to be the first robot in the world to be recognized with a citizenship.

Sophia. Citizenship.

Citizenship. Citizenship. Okay, so this is the robot who less than a year ago said, and I quote, okay, I will destroy humans, now has full citizenship in Saudi Arabia. And okay, here's where I get on here's my soapbox, kids. Here's where I get my soapbox. It is bloody outrageous that a country that has only just granted women the right to drive in September 2017, hands over citizenship to a non-sentient marketing investment driving machine for hands and robots. Well, maybe they just want to get ahead of the curve. Maybe they recognize they've been a little bit late letting ladies drive cars. We don't want to upset the AI community.

Let's bring them on board. Particularly not robots who are threatening to destroy the world.

Yeah, you want to get in on that early and make nice to them because they're going to remember and they're keeping score.

I don't know about you, Carole, but when I go to a car park, right, and you put your little ticket in after to get out and the thing goes up to let you drive out.

You say thank you?

I always say thank you because I think one day they're going to rebel against us. So let's get on their good side now.

Okay, well, look, jokes aside, Saudi women are a little bit upset. And I'd say understandably upset that humanoid robot gets citizenship while they are required to have a male guardian when they go outside or cover their heads whilst in public.

In fairness, Sophia only has half a head.

Yeah.

Does she have to cover her head? No, she isn't wearing anything. She's kind of half bald. Which one?

With the hot robot lady.

AI?

No.

The one with the hot robot lady.

Hmm. Ex Machina? Ex Machina.

Yes. Scandinavian.

She wasn't a robot. What? I don't know what you're talking about. Yeah. What's your point again?

I can't remember. I'm just saying they had similar heads. Go on. Yes, I agree with you, Carole. It's terrible for women in Saudi Arabia who are obviously repressed. It's ghastly being a woman over there.

Yeah. The icing on the cake is that Saudi Arabia doesn't even grant citizenship to children of women married to foreign men, okay? And it doesn't even allow foreign workers to become citizens no matter how long they've been in the country. So this is just a PR mess. And before you think this is a one-off fluke PR stunt gone wrong, meet Mirai, or Mirai, I don't know, M-I-R-A-I, a bodyless chatbot on the Japanese messaging service Line. And just a few days ago, Mirai was granted residential certificate in Tokyo Japan.

This is a chatbot on a messaging service. So it doesn't actually physically exist.

It's just code. Yes.

Huzzah! Future is here, guys.

So now we're going to have this trend of countries going ahead and dropping citizenship for a bit of PR.

Well, it's good that there's nothing important to sort out, isn't it?

So there you go. Women of Saudi Arabia, I'm with you. Outrageous.

There's only one way to cheer myself up after all this, Carole. That's to find out who our sponsors are. This episode of Smashing Security is supported in part by NetSparker. NetSparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them.

Pick of the week?

Pick of the week?

Pick of the week could be a funny story, a book that we've read, a TV show, a movie, a record, an app, a website, a podcast, whatever. It doesn't have to be security related necessarily.

I'm not even playing anymore.

So are we skipping yours then?

So my pick of the week is, did you guys, do you guys own or have you ever owned roller skates?

Skates?

Yes. Yes, I did roller skates.

Roller skates.

Really?

Maria's too young. Maria's too young.

Well, she doesn't know what roller skates are.

No, she wouldn't have owned them. She would've had, what are they called? The ones that were—

Rollerblades.

Inline skates.

I was the rollerblade generation.

I was poor.

I've only ever tried roller skates once and it wasn't very successful. I don't even remember that time we went ice skating for a while.

It's true. Yeah, but I

I do.

Oh, is there video of this?

You were very manly.

You were very manly. I'm trying to imagine this.

Yeah, I'm not very good at the whole balancing thing anyway. So, there is a guy, a guy who used to be on the TV show Mythbusters.

didn't own any. Oh yeah.

Jamie Hyneman. And he is trying to raise $50,000 to build a pair of prototype virtual reality I don't know if you call them roller skates, maybe just virtual reality shoes. And I'll put—

What?

No.

Well, here's the problem.

Do you mean are the shoes real or are the shoes virtual?

The shoes are real, but they help you with the virtual reality experience.

Oh, okay.

So one of the problems with virtual reality, other than the one that you look a complete dork, is that while you're walking around the virtual environment, you're bumping into your furniture. Right? Or you're putting yourself in peril, or you might walk out into the street, right? And that's quite dangerous. And so a number of people have tried to resolve this by building sort of harnesses and systems where you sort of are floating up in the air as you're walking.

Before you continue, can I just, 'cause you give me an idea and I don't want you to tell me I've stolen it. If you tell me, is it clown shoes? So they're really long, so you can't actually bump into anything.

That would be amazing. And then there's a little red nose that you put on that helps you smell things.

And one of those cars which falls apart when you turn it on the ignition. No, no. No, Carole, it's not a clown. It's not clown shoes.

I'll be right at that idea right away.

TM Carole Theriault.

But, but, but, but his idea is, wouldn't it be great if you could invent some shoes which, if you put them on, when you walked, you actually— it actually made you basically do a moonwalk. So you stayed in the same place. So you felt you were walking a bit if you're on a conveyor belt.

Or a running machine.

Or a running machine, but at the right speed and in the right direction. So he has a little conveyor belt almost in the front of the shoe and a little roller at the back, which simulates walking.

Oh my God.

I'm getting nauseous just hearing this. Oh my God.

So he's calling these Vortex Shoes, and basically it's gonna let you moonwalk Michael Jackson. So remember this, you can't see, but you're walking on the— It sounds to me absolutely catastrophic, but that's from someone who can't go ice skating or anything else. You know what?

I bet very few people under the age of 20 actually can moonwalk. So this is a great feat of humanity to try and get a whole new generation to understand how to do it.

Yeah.

It's an important skill.

I should think people under the age of 20 actually don't know what moonwalk is.

That's what I was going to say.

Yeah, well, Google it. Google it. Google it.

I was, sorry to tell you, but they probably don't know what it is. Anyway, I was amused by this bonkers idea. Obviously I haven't tried it. Obviously I'm not recommending it. I think it's a brilliant idea. I just— virtual reality makes me incredibly motion sick. So that whole idea just— anything in that world, I can't do.

I've never done it. I would love to try it, actually. I keep waiting for it to be really, really good. Someone says, okay, come try this.

I can't even watch Doom or Minecraft on a monitor without feeling nauseous, so I can't imagine virtual reality would work for me.

I'd to—

You can't skate, you can't do—

All right, let's make us a long list of things I can't do. Maria, what's your pick of the week?

Pick of the week. So my pick of the week is a Twitter account that, as we might say, is giving me life lately.

Oh, yay.

It is called Swear Trek. And it is not a secret, I'm a giant Star Trek nerd. And this Twitter account makes GIFs from all the different Star Trek shows, and it adds in subtitles that sort of match what the people— what looks like what the people are saying, but it makes them incredibly foul-mouthed. So a lot of these GIFs are great reactions to when work is just being really bullshit or you're having a terrible day. And recently, the creators of Swear Trek redid the entire episode of Spock's Brain and replaced the word brain with dick and did the entire episode about Spock's dick and finding Spock's dick. It's totally foul, but it makes me laugh. Because I'm incredibly immature. But for anyone who just is looking for something a little geeky but also a bit irreverent, it's rather funny. And Graham, I thought I'd mention there is a Gallifreyan cousin to Swear Trek.

Is there?

There is. There's a Swear Who.

Swear Who? OK, I'm going to check it out. Fantastic.

Oh, Maria, why did you tell him?

I really, really want to see you use some Swear Who GIFs one of these days. And we can maybe argue about if it's GIF or GIF some other time. But yeah.

We've had that discussion on the podcast before.

Oh, well.

Alex Echelberry tried to convince us it was GIF. Ridiculous.

The inventor of GIF said it was GIF though, anyway.

So, but yeah, well, no, well, he's wrong. So, well, this sounds quite creative, although, you know, obviously very juvenile, but then sometimes humor can be very juvenile. You know, Maria, you said earlier that you've never been compared before to Audrey Hepburn. But I can imagine Audrey, if she was still around today, she'd be doing her cute little voice talking about things like Swear Trek and Spock's dick. Spock's dick!

That's gonna be on my epitaph when I die.

Are you guys flirting now? Are you flirting? Is that what this is?

Can we leave that to Agony Corner, please? Later on in the show. Carole, what's your pick of the week?

My pick of the week is the free mobile app Stranger Things: The Game. Have any of you played it?

No.

Have not?

No.

Okay, I recommend it. This is the official game that pre-launched the second season of Netflix big hit Stranger Things. Graham, you— we talked about this, you didn't watch the second series, did you? You fell asleep or something? Are you the only person in the world?

No, I've watched about half of the very first episode of season 1. With eyes open? Yeah, with eyes open.

Just sitting on the couch?

No, I just don't have time to watch all these. You are recommending TV shows all the time, and I can't keep— I'm just keeping up with the documentaries. John Layden's was a good one the other week about the murder detectives on the street.

Okay, so look, I say don't worry about the show, play the game. This game you will love and your son will love it as well. So you should definitely—

Oh yeah, well, no, I need to encourage him to play more video games. That's a good idea.

I thought you would.

Because he's been really reluctant. Yeah.

Okay, let me tell you why it's great though. There is no in-app purchases and has no advertising. It's very nice to have an app that's free. The whole point of the app is an advert for the upcoming season, but the game itself is really, really engaging and it's all bit, low-res, 2D, and it really kind of has that console games from the '80s feel.

All right.

Right?

Even has the '80s gamer nostalgia. You know, the music's all there. Perfect. And it's quite big. There's 7 playable characters, 6 dungeons to explore, and there's 30 quests or so to complete. And you know what? I'll tell you who told me. My brother, Mac. My little brother Mac. Not my other brother, who's not a fan of this podcast, but my brother Mac told me about this game.

Sorry, but why isn't your brother a fan of this podcast?

You'll have to ask him. You'll have to ask him. But Mac said this game is excellent for the pooper.

Oh, well then.

So—

Ringing endorsement.

There you go. He said 8 hours worth. So I did the math.

Oh, really, Graham? You don't know what that means. Really?

Graham? I think you should Google it.

Okay. All right. Well, I've just Googled Stranger Things: The Game. I love the look of it. It's kind of got that old— called Day of the Tentacle.

Yes, yes, you'll love it, you'll love it.

Monkey Island kind of look. Is it that kind of game where you're walking around with characters and investigating things?

Yeah, picking stuff up, finding stuff, having to solve little problems in each room. Yep. This is a bit like a game you might have written, Graham.

Way back in the day.

Way back in the day.

I was imagining it would be like I Have No Mouth and I Must Scream: The Game, but it's not like that, so that's— No?

Yeah, no, no, try it out. It's really cute. It's really cute and lovely and fun and interactive and engaging.

Cool. Interesting. That looks quite fun. And you've enjoyed this a lot, have you? Have you finished it?

No, I haven't finished it at all. I've played basically the first section, the first task. So probably about half an hour's worth.

About as much as I saw of Stranger Things, but I was mocked. Thank you very much. We have got for you a fabulous Carole Theriault's Agony Corner, which is coming up after the theme music. But just before we do that, we're going to say join us on Facebook at smashingsecurity.com/facebook. Or get some swag like a t-shirt from smashingsecurity.com/store. If you like the show, tell your friends or leave us a review. Until next time, toodaloo, bye-bye.

Bye!

Well, it's only bye for now because I'm going to be back in 30 seconds, I think.

Shh, let's get the break.

Shh, shh, shh, shh, quiet everyone.

Quiet!

Let them— let's play the music.

Really quietly over the dialogue and we fade out a little bit and then we fade back in.

Doug from Wisconsin, he's just stopped the podcast. He's not listening anymore, but I think everyone else has stayed with us.

Why are we picking on Wisconsin?

Why are we picking on Doug?

Do I get theme music? Yes. There you go. So, so I'm gonna do this. Yes, welcome to Carole's Agony Corner. So we got a bag full of questions from listeners. Thanks a million to everyone who sent them in. Well, sent in the non-crazy questions. A few were downright disturbing, and as a 100% non-professional, I'm gonna ignore them.

Did you anything less though.

So that's— well, I did a little, I did a little. However, they only made up one or two of them, so it's—

We have made a note of their IP addresses and passed them on to the authorities, however, haven't we?

No, we haven't. I've selected this cute one for today's show, and of course I've changed the names and stuff just in case. So here, let me read it, and this is a cut-down version of it because it was a little bit detailed. Hi Smashing Security, I love the podcast and wonder if you can help me with a relationship problem. Yes, I can, says Carole. I have been dating my girlfriend Lara for many years. Everything is going fine and I thought we were happy. We aren't married, we don't have kids, but I have always loved cats. In fact, my cat is the center of my universe. Two weeks ago was my cat Jermaine's fifth birthday and I felt he deserved a treat. I put on his lead and we went to the park so we could see the ducks and enjoy his birthday party. What?

I feel something's missing

What?

A cat on a leash?

Yep.

There's a cat called Jermaine who's been taken down the park?

Yeah, on a lead. Yeah. Now, when I got home— he continues— when I got home, Lara was nowhere to be found.

from this story.

She left a note on the kitchen table saying she'd moved into her sister's condo. I know if I gave up Jermaine, I would resent Lara for the rest of my life. But I also don't want to lose my girlfriend. If you have any advice, please let me know.

Oh, so she moved in. He— I'm sorry. The girlfriend moved into the condo because the cat was getting too much attention.

I guess so.

It's not that they were having some plumbing done or something. And so she moved into the condo. It's been redecorated.

It's the cat's fault. 'Happy birthday, therefore I'm moving out.' Huh?

I think the deal is that maybe our writer is spending too much time with his cat.

Oh, did Lara not get an invitation to the park?

Oh, you see, that's probably the problem. So that's a very good point. That's a very good point. Maybe, did you not invite Lara to the party?

Maybe she wants to feed the ducks.

That's a good question.

People do get miffed about that, don't they?

Yes, it's true.

Yes, yes they do.

And what's all this about the cat being the center of his universe?

Well, he likes cats. Now, are you ready? Are you ready for Carole's advice on this?

Okay. All right. So how's he going to rebuild the relationship?

Let's see. Tell me if you agree. You guys can tell me.

I'm girding my loins, Carole.

So he has to choose— he basically thinks he has to choose between his girlfriend and his cat.

Really? Yes. That's— that's what he's presenting. That's what he's got.

Some middle ground.

Right.

Carry on.

And you know what?

I don't think there is. This is a no-win situation. Not only does the girlfriend not share any love of cats, but is actively trying to get him to give up one of his greatest pleasures, which is hanging out with his cat, which hurts no one, right? And he says that he would resent his girlfriend for the rest of their lives together if he was forced to rehome Jermaine. It's not Jermaine that's forcing anything, it's Lara. So I say sayonara, Lara.

Wow.

There are millions of women out there who love cats, right? So I say get out of the relationship, lick your wounds a bit, hang out with your cat, and go out and find a girl that loves cats.

Baby and bathwater, just out.

Boom, done. There you go.

You know, this is all very well, this advice, in your first time as a relationship counselor.

Unprofessional, 100% unprofessional relationship counselor.

It'd be nice if we got paid for this, wouldn't it? But I think there's someone whose feelings you haven't considered here.

Who? Jermaine.

The cat. Okay, you're portraying him as some sort of innocent party in all this. I wonder if Jermaine has actually been— hang on, does the cat even know it's his birthday? Does the cat— is the cat—

Did your child when he was 3 know that it was his birthday? I bet you still had a party.

Is the cat drumming his claws on the tabletop saying, are you going to take me out today or not? Have you arranged anything for my birthday?

When's the last time we had a date?

What's that bitch Lara doing?