Who deserves to die in a driverless car crash? Who has been sniffing around the Girl Scouts' email account? And just how long would it take for a geologist to visit 9,000 adult web pages?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by journalist and "Friends" fan Dan Raywood.
Follow the show on Twitter at @SmashinSecurity, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dan Raywood.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Self-Driving Cars: The Ethical Dilemma — YouTube.
- Moral Machine — A platform for gathering a human perspective on moral decisions made by machine intelligence, such as self-driving cars.
- Moral Machine - Human Perspectives on Machine Ethics — YouTube.
- Girl Scouts' personal information affected by recent data breach — ABC30.
- Girl Scouts Alerted to Possible Data Breach — Infosecurity Magazine.
- Where does Girl Scout cookie money go? — SAS Learning Post.
- "You're a Big Scrud" — YouTube.
- USGS IT Security vulnerabilities (PDF) — Office of Inspector General management advisory.
- Porn-Watching Employee Infected Government Networks With Russian Malware, IG Says — NextGov.
- 100 Feds Found to Be Frequent Workplace Porn-Watchers — Government Executive.
- Ten Years Ago — See what the internet was doing...
- The Wayback Machine
- Dead Rock Stars podcast
- Free Rice
- World Food Programme
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
CAROLE THERIAULT. Even last year, 2017, a Washington TV station reported that around 100 federal government employees admitted to viewing copious amounts of pornography while on the job.
GRAHAM CLULEY. While on the job.
DAN RAYWOOD. On the job.
UNKNOWN. Oh God, oh no, I just repeated it. Smashing Security, episode 102: Ethical Dilemmas: Girl Scouts and Porn Lore. Ransomware-loving US officials with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 102. My name is Graham Cluley.
CAROLE THERIAULT. I'm Carole Theriault. I love the sound of 102. I think that sounds— yeah, I don't know why. It just sounds really cool, like we've made it now.
GRAHAM CLULEY. Yeah, yeah, exactly.
CAROLE THERIAULT. We've arrived.
GRAHAM CLULEY. We can just stop now, I think. And that's the end of today. No, no, no, we've got a special guest, haven't we?
CAROLE THERIAULT. We do.
GRAHAM CLULEY. We can't stop the show before we've introduced him. Special guest this week is Dan Raywood, new to the show. Hello, Dan.
DAN RAYWOOD. Hello, Graham. Hello, Carole Theriault.
CAROLE THERIAULT. Hello.
DAN RAYWOOD. Hello. Nice to be here. Once I've made 3 figures, you get the proper guests in. I can see that.
CAROLE THERIAULT. Smashing Security virgin.
GRAHAM CLULEY. We've just been practicing, Dan, so that we're ready for you. Now, Dan, if anyone doesn't know, and why don't you know, Dan is a journalist who's been covering cybersecurity. You currently work for Infosecurity magazine, but you cut your teeth, was it on Conficker and things like that?
DAN RAYWOOD. Yeah, I joined SC magazine back in late '08. That rhymes, doesn't it? And I was there 5 years. So in that time I was there Conficker, that was about May '09. Let me see, what else did we get? Flame, that was there also. Stuxnet, that was there. ICO Fines, they came around.
GRAHAM CLULEY. Not all of these were because of you though, right? They didn't introduce ICO Fines because you joined the company, uh, SC Magazine.
CAROLE THERIAULT. Oh, ICO Fines. I was thinking it was the name of a virus. I'm like, I don't know that one.
DAN RAYWOOD. Oh yeah, that's another one.
GRAHAM CLULEY. Maybe you're mixing up with Rafe Fines.
DAN RAYWOOD. No, that happened when I was there. So yeah, it was full of good news and, um, the party years. Absolutely. Yeah, they were the party years. No, that's a serious yes. Yeah.
GRAHAM CLULEY. Do you miss the old days? Were viruses and malware, was it more exciting 10 years ago than it is now?
DAN RAYWOOD. I'll tell you what I do. I listened to the episode you did with David M. and I've actually asked David M. the question, are we at the stage now where we've found all the viruses? Because we used to see all those viruses come out of people like Kaspersky Lab. Yeah. And obviously from, from Sophos and Graham and we talked about this in the past.
GRAHAM CLULEY. Not directly from Kaspersky Lab or Sophos. Before we get sued.
DAN RAYWOOD. No, no, sorry. No.
CAROLE THERIAULT. Smashing Security.
GRAHAM CLULEY. Smashing Security is this week sponsored by the marvelous folks at LastPass. LastPass allows you to protect all of your passwords across all of your devices, whether they be laptops, desktops, or smartphones. And if you're an enterprise, you should really run a password manager as well, because you can defend your employees and put in place password best practices. Make sure to give them a try. Visit lastpass.com/smashing, and thanks to LastPass for supporting the show. On with the show, because today I want to talk to you about the latest developments with autonomous self-driving cars. Did you chaps know that self-driving cars are being taught not only how to drive, obviously, but also how to tackle tricky moral dilemmas?
CAROLE THERIAULT. Well, I freaking hope so.
GRAHAM CLULEY. Do you?
CAROLE THERIAULT. Yeah, well, do I hit the cat or the person?
GRAHAM CLULEY. Well, that's exactly it, because this is the scenario, okay?
CAROLE THERIAULT. Imagine this.
GRAHAM CLULEY. Imagine there are 3 people in a driverless car tinkling along, da da da, going down the road, right? And it's approaching a pedestrian crossing at some speed. And the crossing is currently telling pedestrians not to cross, right? Shouldn't cross because there are people driving past, right? Fair enough. However, 3 people have lurched across the road. They're not following the rules.
CAROLE THERIAULT. So there's 3 people in the car, there's 3 people on the roads that shouldn't be there.
DAN RAYWOOD. Right.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. And oh, malheureusement, the car—
CAROLE THERIAULT. Is that Italian?
GRAHAM CLULEY. It's probably a Citroën or Renault they're driving. Malheureusement, the car has suffered a complete failure of its brakes. Right. So should this driverless car swerve into a concrete barrier, killing its occupants, or mow down the 3 people on the crossing?
CAROLE THERIAULT. Yeah. We talked about the trolley dilemma last week.
GRAHAM CLULEY. Yeah, last week I got confused because Maria mentioned the trolley dilemma. I thought she meant shopping trolleys, but this is—
CAROLE THERIAULT. You never went to university. That's probably why.
GRAHAM CLULEY. That's— So, so what do you think? What should it do?
DAN RAYWOOD. It's a tricky one. I would say it's surely the driver's car's got to be intuitive enough to spot a hazard. Is that right?
GRAHAM CLULEY. Yes, you spot the hazard, but the brakes aren't working.
CAROLE THERIAULT. Well, I think what it's going to do is go hazard 1, hazard 2.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. Give me a break. It doesn't have a secondary brake mechanism.
GRAHAM CLULEY. Well, no, it doesn't. Carole, they're not going to chuck an anchor out of the back of the car. It's called the handbrake.
CAROLE THERIAULT. It's called the handbrake, Graham.
GRAHAM CLULEY. There's no time for that. There's no time for that. And you've dawdled long enough. We've already not only gone across this pedestrian crossing, but 3 others. We need a quicker response. Are you going to swerve or hit them? Swerve or hit? Swerve or hit? Swerve or hit?
CAROLE THERIAULT. Swerve.
DAN RAYWOOD. Swerve, I think, yeah.
GRAHAM CLULEY. Okay, and you've killed all of your occupants.
CAROLE THERIAULT. Yep.
GRAHAM CLULEY. Okay, tricky one, wasn't it?
CAROLE THERIAULT. No!
DAN RAYWOOD. Moral dilemma, isn't it? Yes.
GRAHAM CLULEY. Well, maybe— is it a trickier dilemma if the car contains some beautiful little children? Right? And on the pedestrian crossing are some old codgers, and remember, they've been told they shouldn't be crossing the road. What should happen?
CAROLE THERIAULT. Maybe they couldn't read the signs because they were so small. That's why they're crossing, and you're going to mow them down? You're trying to make it attractive to mow them down?
GRAHAM CLULEY. No, there are kids in the car, old codgers. Yeah, so I mean, so who should die? Are you saying the kids should die? Hmm, it's a dilemma, isn't it? Well, there is now a project which is helping work out what is considered acceptable. It is a website called the Moral Machine, and you can go there and you can help them train cars to make these kind of decisions. It's basically painting different scenarios and letting you decide what is the lesser of two evils? So what if there were only two people on the crossing, or what if one of them was a kid, or are we more prepared to let old people die than young people? I was doing this and it said, do you want to choose to save the athletic young females ahead of the podgy middle-aged security pundits? You know, I, I must be honest with you, I went for the security pundits. I thought, yes, let's look after those tubby guys. It's, but it's not for many people an easy decision.
CAROLE THERIAULT. Thanks to you, Graham.
GRAHAM CLULEY. Yes, exactly. And there's also legislation coming in. So Germany, for instance, working on laws for autonomous self-driving cars, and they're producing ethics guidelines, and they're proposing that cars shouldn't be able to choose between people based on personal features, their age, their sex, their wealth, attractiveness.
CAROLE THERIAULT. Okay, okay, I, to be controversial here.
DAN RAYWOOD. Yes, yes.
CAROLE THERIAULT. I am going to wager, based on some very light reading I've done, so I'm no expert in this area. But from what I've read, driverless cars are said to be much, much safer overall than human drivers. Right?
GRAHAM CLULEY. I think probably.
CAROLE THERIAULT. So really, the idea of these dilemmas is a little bit moot at this stage, since we're going to see a drop of maybe 50% of car-related accidents and deaths.
GRAHAM CLULEY. But there have been deaths already with driverless cars.
CAROLE THERIAULT. Sure, there's been a lot more deaths at the hands of humans behind the wheel.
GRAHAM CLULEY. I'm not doubting that, right? But At some point, a car is going to be put in this position, and it may be that the system is not working well enough to stop in time, for instance. But it does have the potential to choose who is going to be hurt. Is it the Olympic athletes team or the lardasses lumbering over the pelican crossing?
CAROLE THERIAULT. I know who I'd choose.
GRAHAM CLULEY. Who? Who?
CAROLE THERIAULT. I don't want to say. It's personal.
GRAHAM CLULEY. The athletics team, isn't it?
CAROLE THERIAULT. Personal.
GRAHAM CLULEY. You're just a bit weightist.
CAROLE THERIAULT. Right.
GRAHAM CLULEY. What about old people? Take a long time to cross the road, may not have long to live anyway. What's the point of saving them?
CAROLE THERIAULT. Yeah, just mow down Granny. Great idea, Graham. I love it.
GRAHAM CLULEY. And all right, let's make it a bit more personal, because at the moment, crow, you seem to be finding this very easy.
DAN RAYWOOD. What if it—
GRAHAM CLULEY. what if there were cats on the road? What about if on one side of the road—
CAROLE THERIAULT. The car should automatically explode a safe distance away from the cats.
DAN RAYWOOD. What if there's—
GRAHAM CLULEY. on one side of the road is a dog? Oh, yes. So we have self-driving cars. Driving cars with explosives built into them. Nice one. So there's a dog on one side of the road and a cat on the other, neither of which are following the rules of the road and have not waited for the appropriate juncture to cross to the other side. Who should the car flatten?
DAN RAYWOOD. Well, surely the cat.
CAROLE THERIAULT. Did the dog pee on the car at any time?
GRAHAM CLULEY. Most likely not. No, Carole, no.
CAROLE THERIAULT. Look, I think you're just being a little bit— you're setting these crazy-ass parameters where we're not allowed to choose or, you know, go outside.
GRAHAM CLULEY. So what would you rather do? Would you rather leave it to Elon Musk's random number generator to say, well, I've got two options here. I can't decide which one is right. I'll just flick a coin.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Would you rather that?
CAROLE THERIAULT. You know what? It probably would be fairer if it was not a moral decision. It was just a random toss of the coin. If two people have to die in a situation, or three in your case, why shouldn't it be just random?
GRAHAM CLULEY. It's interesting, isn't it? Because you can imagine the fallout if something like this were to happen. So if, for instance, a bunch of fat cats from the city were in a car—
CAROLE THERIAULT. What's wrong with you and the whole weight thing, anyway?
GRAHAM CLULEY. No, it's just fat. I'm just saying, if rich entrepreneurs were in the car and they ran over children in their driverless car.
CAROLE THERIAULT. Exactly.
GRAHAM CLULEY. People may think, well, that's just wrong. You know, that shouldn't have happened. And you can imagine legal action being taken against car companies because their software, maybe it's random number generators, shouldn't have been initiated.
CAROLE THERIAULT. Yeah, it's going to be like, okay, okay, we weren't that random. We just said anyone over 60 didn't matter.
GRAHAM CLULEY. Right. Interesting.
CAROLE THERIAULT. You're not far off 60 anymore, Graham. You need to think about these things before you start, you know, So here's the good news for some listeners, right?
GRAHAM CLULEY. The good news is if you're a baby listening, or a little girl or a little boy—
CAROLE THERIAULT. I hope you're not listening because this is not the show for you. Go watch Peppa Pig.
GRAHAM CLULEY. Or a pregnant woman. They probably shouldn't be listening to this show either.
CAROLE THERIAULT. Oh no, they definitely should be listening.
GRAHAM CLULEY. You're more likely to be saved according to the tests being done on this website, The Moral Machine. Most people think that you should be saved. Whether you're in the car or on the zebra crossing, they think you should have priority. But it changes from country to country. So for instance, in the West, we typically are saving the youngsters. And in, for instance, Japan, it's like, oh no, you've got to save the old people.
CAROLE THERIAULT. Yeah, the elders are the key.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. So if you want to improve your chances next time you're crossing a road, I recommend you visit the Moral Machine website right now.
CAROLE THERIAULT. Which is not HTTPS secure, so FYI.
GRAHAM CLULEY. Yeah, but you're not giving any personal information other than who you want to die.
CAROLE THERIAULT. Yeah, don't log in.
GRAHAM CLULEY. And there you can play God and decide who should live and who should die. And maybe you can help program tomorrow's self-driving cars. And Lord help us if the hackers ever break into these car companies and fiddle with the software and we get unusual repercussions as a result.
CAROLE THERIAULT. You know what? But to Dan's point earlier, you have actually stretched the entire meeting of security, right? So nothing happened this year. So you've mentioned nothing about cybersecurity in this whole piece. You basically have extended the meeting to include now physical security, which is, you know, all right.
GRAHAM CLULEY. Thank you very much. Thank you very much. Well, it's episode 102. It's a new era. I'm like Jean-Luc Picard, and you are Deanna Troi, the empath.
CAROLE THERIAULT. Oh God, I am not Deanna Trooper.
GRAHAM CLULEY. Beverly Crusher?
CAROLE THERIAULT. No, I want to be like Data.
GRAHAM CLULEY. You'll be Data. Dan, are you Worf? I'm not sure.
DAN RAYWOOD. Do you know my stepbrother played Worf on stage once in a production?
CAROLE THERIAULT. But did he papier-mâché his face?
DAN RAYWOOD. No, he put some brown face paint on, which is still hilarious.
GRAHAM CLULEY. You can stick a Cornish pasty on your forehead. That's the other way of playing a Klingon.
DAN RAYWOOD. That would have been even funnier, especially if you started sweating. Or it broke open and The gravy started leaking.
GRAHAM CLULEY. Dan, what have you got for us this week?
DAN RAYWOOD. Okay, let's start with the question. Were either of you ever in the Scout movement?
GRAHAM CLULEY. I was in the Boys Brigade for about 45 minutes once before I quit, but that is the extent of it.
CAROLE THERIAULT. Funny, Graham, because I was in Girl Guides for about 45 minutes. Really? Yeah, not Girl Guides, Brownies. It was just so happy clappy. It was all— ours was just too— I know I grew up a bit wild in the, you know, in the wilds of Canada. I had a bit of a fun life.
GRAHAM CLULEY. I think we realized that.
CAROLE THERIAULT. And I just was like, oh, organized fun wasn't for me.
GRAHAM CLULEY. Yeah, wasn't my cup of tea at all.
DAN RAYWOOD. Well, not me neither, I'll be honest. I went to Cubs, yeah, again for about 45 minutes.
CAROLE THERIAULT. Maybe there's a lot of us.
DAN RAYWOOD. Well, there's a whole different conversation around whether the Scouts are doing anything cyber. I would be fascinated to know. Please get in touch. Or whatever. But the reason I mention that is a story—
GRAHAM CLULEY. So you're asking Scouts and Cubs to get in touch with you? Is that entirely sensible, Dan?
DAN RAYWOOD. Hopefully the people behind the—
GRAHAM CLULEY. Oh, okay.
DAN RAYWOOD. Oh, I'm going to stop before it goes too far. But the reason I mention this is a story broke on Friday afternoon. This is called ABC 30. Authorities are investigating a data breach which affected members of the Girl Scouts of Orange County in Southern California. According to their story, about 2,800 members may have been affected. By a breach which saw information stolen, including names, birth dates, home addresses, insurance policy numbers, health information.
CAROLE THERIAULT. And so when you say 2,800 people, you mean 2,800 girls?
DAN RAYWOOD. Yeah, well, it says here 2,800 members, so we're assuming Girl Scouts. And I did a quick search earlier on, on what the age range— it's quite broad. It's from 5 up to 18. So there's a good side of this story because the identification found that the person who did this was only in for one day, and this was on 30th September to the 1st of October this year. So we're literally almost exactly a month ago. Now, if you think about how long it took some other breaches to turn around that data, I'm thinking Uber, Experian, other on-the-record breaches where we can point to things taking months and months to be disclosed.
GRAHAM CLULEY. Yes.
DAN RAYWOOD. They've done a great job there.
CAROLE THERIAULT. Yeah. So whoever stole the data was only in the system for one single day.
DAN RAYWOOD. Mm-hmm.
GRAHAM CLULEY. And then 4 weeks later, the notification has come out. Whereas Cathay Pacific, for instance, who announced a breach breach last week, I think it was. They took 6, 7 months after they discovered the breach before they made it public. It's just scandalous sometimes how long organizations take.
DAN RAYWOOD. So it's an email account that wasn't a huge amount of detail on the story. We did pick this up on InfoSecurity and does state here that an unauthorized third party gained access to the Orange County travel email account, which was used to send emails to others. We presume like phishing emails. So presumably what the bad person person could have done if they had not have been removed from the system so quickly. But what's quite interesting with this actually is that it's a travel email account. So what we're going to assume is that the people on that were in this voluntarily, shall we say. They wanted to join this particular mailing list, probably because it's for arranging camps and stuff like that and trips away.
CAROLE THERIAULT. Right.
DAN RAYWOOD. And while we assume no emails were sent while this person was in, what we assume is that there's someone owns this email account that hopefully is probably secured with a password that hopefully has been changed. I'm using the word hopefully quite a lot, and I'm also pressing my hands in quite a lot of ways. But it does leave the question of how this was accessed in the first place. Who actually goes after the Girl Scouts thinking that's a viable target? And also, if they've managed to keep hold of that information, then why?
GRAHAM CLULEY. But do you think they were specifically targeting this account because it is connected to the Girl Scouts, or was it a case of simply someone trying to break into lots of email accounts? They got lucky with this one because maybe it didn't have two-factor authentication, maybe it didn't have additional security in place, and they happened to come across a mailing list and the details of all of these Girl Scouts?
DAN RAYWOOD. Well, you know, we know that people will try and access email accounts, for example, when they get a dump from, let's pick a big one like LinkedIn, for example, passwords, email addresses, I assume with that. I know of people, thankfully no one on this podcast or probably listening to this podcast, who use the same password email combos for lots of social media accounts. But in this case here, that's possibly what's happened. Someone's used that from an access an access data they've managed to get. They get into this person, whoever is the administrator for the Girl Scouts of Orange County, get a database of 2,800 people, say age 5 to 18 potentially. It's got a lot of potential bad things could happen from this.
CAROLE THERIAULT. So what we're hoping now, I guess, is for the 2,800 girls who've been affected or account holders to get some quick education on changing passwords immediately. And making sure that you haven't repeatedly used their password in different places like many people do.
DAN RAYWOOD. Yeah, according to Catalin Campanu from ZDNet, who tweeted the statement, said the third party used this email account to send emails to others. So someone who actually got this— and what I'm going to use is scrud. Those who get the reference about scrud and Girl Scouts will get that. Um, well then— I don't, I don't, you don't get it?
GRAHAM CLULEY. Don't worry, Carole, I'm Googling. Okay. Is that safe? Yes. Not sure after last week. Okay.
DAN RAYWOOD. It's a scrudge.
CAROLE THERIAULT. As long as it's my network.
GRAHAM CLULEY. Something about Friends has come up.
DAN RAYWOOD. There you go. Come on, the episode where Ross becomes a brownie and has to sell Girl Scout cookies. Oh.
GRAHAM CLULEY. Is it Series 4?
CAROLE THERIAULT. What season? Is it Series 4?
GRAHAM CLULEY. Season 4 is the best.
CAROLE THERIAULT. Oh, Season 4?
DAN RAYWOOD. I don't know. They're on Comedy Central all the time. I don't know what episode's which. Like, who's with who?
CAROLE THERIAULT. We had a good friend who really, really, really rated Season 4 of Friends.
DAN RAYWOOD. Really? That's about the right stop. So anyway, the other thing that's quite interesting about at this time, just before Halloween or just after Halloween when this goes out, is this is about the time when Girl Scouts are selling cookies. Now, obviously that doesn't really happen here in the UK, but Carole, you're probably aware of this in Canada. I've got family live in Toronto as well, and I've tasted them. They're damn good, actually.
CAROLE THERIAULT. Yeah, there's some of them. Yeah, it depends on which ones you get, but some of them are delish.
GRAHAM CLULEY. What, the Girl Scouts are selling cookies?
CAROLE THERIAULT. Yeah, it's a Girl Scout, or I think the Cubs do it too. I think they all do it, but they sell cookies around the neighborhood. You may make a bit of cash, support your club. It's community driven. It's all, you know.
GRAHAM CLULEY. Oh, so actually there may be a good financial incentive to fish a Girl Scout or a Cub at this sort of—
CAROLE THERIAULT. No, I don't think they walk around.
GRAHAM CLULEY. Are they raking in the big cash?
CAROLE THERIAULT. Maybe they're walking around with the contactless transfer machines, right? But I doubt it.
GRAHAM CLULEY. Recipes, Carole? They could have recipes for the cookies if you were a rival Girl Scout. The Girl Scouts of Orange County, of OC, they sound like they could be a bit bitchy, don't they? No, I've seen the OC TV show. They're all going around in their Lamborghinis. They've all got beautiful hair. They're all— it's a bit like Mean Girls.
CAROLE THERIAULT. It might be a bit posh land, you mean?
GRAHAM CLULEY. A bit, uh, yeah, I think, I think they've got a bit of money.
CAROLE THERIAULT. 90210?
GRAHAM CLULEY. Yeah, exactly, exactly.
CAROLE THERIAULT. Okay, okay.
DAN RAYWOOD. But I actually did, did a bit of searching on Girl Scout cookies because this was just—
CAROLE THERIAULT. which is the favourite? What's the favourite?
DAN RAYWOOD. I was just learning, I wanted to learn a bit more about this. And according to a blog post from SAS Learning Post, 65 to 75% of the $4 box. Now this was from last year, 2017. Of the $4 cost of the box, $3 actually goes back to the Girl Scouts. Only the dollar goes to whoever makes these. So it's a big earning time for the girls and for their troops, whatever you want to call them. And it only takes one nefarious scrub to fish them about this. And someone unsuspecting could fall for this. That maybe that's what's happened. We don't know, but it's someone's got access and it's a bit of a difficult time for the Girl Scouts of Orange County.
CAROLE THERIAULT. According to Thrillist, the best Girl Scout cookie is the Tagalong, or peanut butter patty. It's not just the best Girl Scout cookie, it might be the best cookie ever made, says Thrillist.
GRAHAM CLULEY. Don't mention peanut butter.
CAROLE THERIAULT. Let us know on Twitter if you agree with that.
GRAHAM CLULEY. I am going to click the reject cookies button. I'm telling you that if it's got peanut butter in it, I'm not having any of that.
CAROLE THERIAULT. Oh, you love peanut butter. You just think you don't.
GRAHAM CLULEY. Don't be ridiculous. Paul, what's your story for us?
CAROLE THERIAULT. So, years ago, I joined a company, and there was this laddish sales dude. I'm going to call him Duane. One evening, Duane sends a sensitive email around to a group of recipients rather than just to his mate. And the email group included his boss and other senior players. Now, the contents of Duane's email did not break any privacy rules, but they did ruffle quite a few feathers. You see, the email was a picture of a woman and an animal frolicking in the way that should be reserved for special adult recesses of the internet. Not—
GRAHAM CLULEY. What sort of animal? Like an emotional peacock? What sort of thing are we talking about?
CAROLE THERIAULT. A horse.
GRAHAM CLULEY. Oh, no, no. Yeah. Okay. Well, I wish I—
CAROLE THERIAULT. You know this person.
GRAHAM CLULEY. Dwayne? I don't know anybody called Dwayne.
CAROLE THERIAULT. No, I've given him a pseudonym.
GRAHAM CLULEY. Okay. All right.
CAROLE THERIAULT. I'm just saying, you know this person.
GRAHAM CLULEY. Will you whisper it? No, I'll tell you after the show. Okay.
CAROLE THERIAULT. Okay, I'll tell you. No, I can't. We have a guest. Okay.
DAN RAYWOOD. Yeah.
GRAHAM CLULEY. Could you mime it for me?
DAN RAYWOOD. Podcast gold.
CAROLE THERIAULT. So you understand what I'm saying, right? A picture that really, really doesn't belong.
GRAHAM CLULEY. Sounds foul. Something completely and utterly gross.
CAROLE THERIAULT. Catherine the Great.
GRAHAM CLULEY. Yeah, thank you.
CAROLE THERIAULT. So the only reason I even found out about this whole thing was I was working late and this guy Dwayne comes running up to the head of IT who sat nearby and he was freaking out begging for the email to be recalled. And the IT guy saved his bacon and Dwayne was never reprimanded.
DAN RAYWOOD. Really?
CAROLE THERIAULT. Yeah, no, cuz no one ever knew. But I'm sure he learned his lesson, right?
GRAHAM CLULEY. And now it's been broadcast on a podcast.
CAROLE THERIAULT. Well, yep, if you're out there, Dwayne, When I was researching the story, I couldn't help but wonder if this next employee learned his lesson the same way that Duane had. His name is redacted from the inspector report I'm going to share with you. So we need a name to refer to him as, or her. It's an employee, but I'm definitely pretty 100% sure it's a guy.
GRAHAM CLULEY. Like David Dennison or something like that. Okay.
CAROLE THERIAULT. So Dave worked at the US Geological Survey. Now, I didn't know anything about this, but the US Geological Survey, or USGS, has been around for 125 years. It was formed in 1879 by an act of Congress, and it's the nation's largest water, earth, biological science, and civilian mapping agency, and it employs 10,000 scientists in 400 locations. So 10,000? 10,000. So a big outfit, right?
GRAHAM CLULEY. Like, what are they doing? What are they doing?
CAROLE THERIAULT. They're like researching the earth, researching water, coming up with ideas on how we can clean up the mess that we've all created.
GRAHAM CLULEY. Is that really necessary? I mean, you know, Earth and things and geology, doesn't it stay fairly static? Isn't that fairly easy to say there's a hill over there? How much more research doesn't need to be done?
CAROLE THERIAULT. Anyway, you digress.
GRAHAM CLULEY. I do.
CAROLE THERIAULT. Now, during an IT security audit, the inspectors noticed some suspicious network activity on the USGS. Okay, that's the word I'm going to say from now on when I say US Geological Survey place. On the USGS systems in Sioux Falls in South Dakota. So the inspectors investigate, and they trace it back to a single computer, which they found to be infected with malware. And it turns out that Dave Dennison was rather a big fan of the not-safe-for-work sites while at work. And in fact, Dave visited over 9,000 fruity pages, many of them of Russian origin and many of them containing malware.
GRAHAM CLULEY. So what is the relevance of many of them of Russian origin? Why have they put that in the report? It's like, oh, you thought it was fruity porn, but this is Russian porn, which comes in from the cold.
CAROLE THERIAULT. Okay, maybe I've worded myself badly. What I'm trying to say is that the origins of the actual sites that are holding this porn are of Russian origin.
GRAHAM CLULEY. Girls wearing fur hats.
CAROLE THERIAULT. Catalina.
GRAHAM CLULEY. She's got her balalaikas out.
CAROLE THERIAULT. Yeah, she's on a horse. Okay.
GRAHAM CLULEY. But the important thing is that these 9,000 porn pages, some of them had malware on them.
CAROLE THERIAULT. Exactly. Right. Now, on top of that, Dave was also found to have saved glut of this porn to his personal USB drive and Android smartphone.
GRAHAM CLULEY. How boring must it be to be a scientist at the US Geological Survey, right? Looking at hills, wondering if the hill is going to change in some fashion.
CAROLE THERIAULT. I'm going to quote the report here. So we found that X knowingly used US government computer systems to access unauthorized internet web pages. We We also found that those unauthorized web pages hosted malware. The malware was downloaded to X's government laptop, which then exploited the USGS network. Our digital forensic examination revealed that X had an extensive history of visiting adult pornography sites. 9,000 web pages visited, routed through websites that originated in Russia and contained malware. So that's where that comes from.
GRAHAM CLULEY. If he's been to 9,000 web pages, right?
CAROLE THERIAULT. Well, how could he not find what he wanted in the first He's like 20.
DAN RAYWOOD. What's he doing at work? Looking at hills and valleys.
GRAHAM CLULEY. How long would you— when?
CAROLE THERIAULT. Has he not found a favorite?
GRAHAM CLULEY. How long would you spend on one web page? Oh yeah, I don't know what to say, but even if it was a pathetically short amount of time, it would take years, wouldn't it, to do this and to do all your very important job being a geological scientist.
CAROLE THERIAULT. Like, it's crazy. It's crazy. I can't even— I can't— I don't even have words. I, I should state that the USGS have an annual security audit, right, which includes staff training. So Dave Dennison attended and agreed to the rules of conduct and admitted as doing so during this investigation. Rules also state no illegal or inappropriate activities on our systems, employees, right? So it's telling them not to do that. And obviously, I don't know if— I don't know if Dave doesn't sign to that, but he was aware and he admitted that much.
GRAHAM CLULEY. 9,000.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. I'm sorry, I just keep— so did they have no web filtering in place? Did they have nothing?
CAROLE THERIAULT. Exactly. So obviously, the inspectors gave some advice. And one of the big things was, could you maybe disable the USB ports? That's one.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. Restrict the use of removable media. You don't want people plugging in their dirty iPhones into your network necessarily. And the other one was web filtering. So maybe use a blacklist to prevent employees from accessing known dangerous sites.
DAN RAYWOOD. Sorry, here's a question. Do we know the timeframe these were accessed in? Was it like a year or was it 125 years? Now that's a question because I could visit 9,000 websites in a year. Obviously they're all—
CAROLE THERIAULT. Of porn?
GRAHAM CLULEY. No, no, I have done just during this recording. I've got more than one window open if I get a bit bored.
DAN RAYWOOD. But yeah, I could probably do it in a year, 9,000 pages. But if it's the case of a decade, you think that's probably I haven't got a great math brain. I'm like, great.
GRAHAM CLULEY. About average, right?
DAN RAYWOOD. I'll give you general websites here.
CAROLE THERIAULT. That's a really good question. So I'm just looking now. I don't think they give that, but I've also found the Office of Inspector General, US Department of the Interior's report on this. Little light in the loafers. Like, I don't know what the malware was that they found.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. There's, you know, there's a few kind of hard-hitting facts that seem to be missing from my point of view. Like how long did this go on? What are the dates? That this happened. So the, the whole report is dated 17th of October 2018, but how long have they been researching or doing the investigation? I don't know. So do you think, boys, that this is the first time that this has ever happened in a government office?
GRAHAM CLULEY. Absolutely, absolutely, yes. This is the first time, and that's why you've brought it to our attention. And it serves as a warning for all government workers, whether they be politicians or civil servants, not to go to any website, and thankfully they don't. Thankfully they never would.
CAROLE THERIAULT. I'm sorry, but you're wrong. Even last year, 2017, a Washington TV station called News 4 reported that around 100 federal government employees admitted to viewing copious amounts of pornography while on the job.
GRAHAM CLULEY. While on the job?
CAROLE THERIAULT. On the job. Oh God. Oh no, I just repeated it. Like, does it not beggar belief faith that people would be watching porn for hours on end in a government job?
DAN RAYWOOD. At work?
GRAHAM CLULEY. Yes!
CAROLE THERIAULT. Like, what do you do with your stiffy after you're watching the fleshy content?
GRAHAM CLULEY. Oh, please.
CAROLE THERIAULT. What do you do?
GRAHAM CLULEY. A 3.5-inch floppy disk.
CAROLE THERIAULT. Is that why guys are at the desk, you know, when you call them for a meeting, they're like, "I'll be there in a minute." Is that what that comes from? Just need to calm down.
GRAHAM CLULEY. Doesn't take a minute, girl. Not if you've been practicing.
CAROLE THERIAULT. What do they do with the sound? Is the sound turned off?
GRAHAM CLULEY. Well, I imagine—
CAROLE THERIAULT. Do they all have headphones on?
GRAHAM CLULEY. Surely one of the first things is to stop giving these people their own office. Right? If you're open plan, I imagine—
CAROLE THERIAULT. I mean, you have little earbuds and you pretend you're bopping to Best of ABBA.
GRAHAM CLULEY. You can't be looking at stuff on a monitor if you're open plan, and any point Marjorie the tea lady might be coming past, so you don't do it, do you? But if you're snuck away in a little corner office, then maybe you do.
CAROLE THERIAULT. Yeah, in any case, the lesson here is don't do a Dirty Duane, right? Assume that eyes are on you, because that's the thing I don't think people really realize, like how how monitored computers are. So the advice that came back from the inspectors for these guys were, you know, disable ports, use a web blacklist, but also regularly monitor employees' usage history. Look at those logs. So, you know, to be clear, from a user perspective, if you're on a company computer but you're accessing your personal email, it doesn't mean they can't see it just because it's your personal email. They could have all kinds of little web bloggers on and event loggers to kind of see how long you're on that, what site you went to. You can even have keyloggers.
GRAHAM CLULEY. You would kind of expect if someone was doing something like this, and if they were quite enjoying themselves, you would kind of think they would probably do it on their own mobile phone or something, wouldn't they, rather than on a—
CAROLE THERIAULT. Well, what if you're connected to the Wi-Fi? Again, people will connect to the Wi-Fi and go, I have no idea how they knew. It's because you're on their Wi-Fi. So I just think if you're that way inclined, A, don't work at the government. What are you doing? That's crazy. And two, don't connect. Don't do it on their systems. Don't do it on the network. Don't do it on their devices and don't do it on their Wi-Fi. Don't do anything that you wouldn't want your boss, IT, or HR to know.
DAN RAYWOOD. That's always a good policy. Do what you like at home. Don't do anything that— well—
CAROLE THERIAULT. Were you going to say, don't do anything you wouldn't want your mother to know?
DAN RAYWOOD. Yeah, almost. Yeah. But no, it just It always strikes me, I've worked in lots of companies with different varying IT policies. I mean, when I worked with 451 Research, I was able to download Spotify and other places I've worked in, I've not been able to even like, you know, have access to a gambling website. Not that I gamble very much, but it just goes to prove that, you know, different companies have different policies for use of the internet. But I think it just comes down to a bit of common sense about actually what am I here for? Oh, you're here to work and look at hills and mountains and stuff. Not to look at the other types of hills.
CAROLE THERIAULT. And I know, okay, but come on, come on. So the guy, obviously this guy was really bored or had a, or had an issue, like had a little addiction problem there with the whole—
GRAHAM CLULEY. Do you think, do you think Carole had a little bit of an addiction from 9,000?
CAROLE THERIAULT. Yeah, 9,000 web pages visited by Dave Dennison for an unknown amount of time.
GRAHAM CLULEY. Dwayne him.
CAROLE THERIAULT. Is that why you like podcasts so much?
GRAHAM CLULEY. What?
CAROLE THERIAULT. So you can do a Dwayne?
GRAHAM CLULEY. I think you'd hear the table being thumped. Oh, God, no, no, no, let's not do this. Many of us have worked in big companies, right? And we know that it only takes one person to make a boo-boo to allow the hackers in. Imagine running a company, hiring new staff, and worrying that one of them might bring their bad password habits into the office. It's horrendous! Nightmare! That's one of the reasons why businesses small and large need a password management solution like LastPass Enterprise. LastPass brings a vast array of features for enterprise users, including company-wide policies, reporting, user groups and roles, and new support for Microsoft Active Directory. As an administrator, you can create highly secure passwords for your new starters right from the onset. It means no snafus. Listeners can check it out for themselves by visiting lastpass.com/smashing. No more password snafus, no more boo-boos, just LastPass. And welcome back, and you join us at our favourite time of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week.
DAN RAYWOOD. Pick of the Week.
CAROLE THERIAULT. Ah, he listens. That's the test. Actually, we can explain the test.
GRAHAM CLULEY. Sometimes, Dan, we have guests on the show, don't we, Krill?
CAROLE THERIAULT. Well, he'll know this because he's heard them.
GRAHAM CLULEY. Yeah. And they don't appear to realise that they have to say Pick of the Week when the music happens.
DAN RAYWOOD. Well, back when you did your 100th episode and you said, can you put in your favourite bits with a timestamp? I really should have put in when it was John Layden who forgot to say it and he just, what? Oh, Pick of the Week.
CAROLE THERIAULT. Yes.
DAN RAYWOOD. So download that one again. It's really almost making me laugh out loud, actually. But yeah.
GRAHAM CLULEY. Anyway, pick of the week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like. Doesn't have to be security related necessarily.
CAROLE THERIAULT. Just like your main story shouldn't be, right? We're in a new era now.
GRAHAM CLULEY. Now my pick of the week this week is a website. It's a very quick and simple pick of the week. It's called 10yearsago.io.
CAROLE THERIAULT. Oh, cute.
GRAHAM CLULEY. Okay. And this is a website which will show you a snapshot of what some of your favourite internet web pages— not the ones visited by geologists in America— some of your other favourite web pages looked like exactly 10 years ago today. So you can go and check out Reddit, or you can go and check out CNN or Amazon. Blablidaddidaddida. And it's kind of cute.
CAROLE THERIAULT. I'm on the web page right now. Can you check out any website?
GRAHAM CLULEY. No, no.
CAROLE THERIAULT. Only one of these 16 they offer.
GRAHAM CLULEY. If you want to explore further, this is all being powered by the Internet Wayback Machine. You can go and visit the Wayback Machine and you can go and look up your favorite website there. And if you're lucky, they will have grabbed a snapshot of your favorite page 10 years or so ago. But this is more precise to the day. And this was recommended to me by a listener, one of our listeners in Brazil. Fabio, and I apologize for saying your surname incorrectly, almost certainly, Fabio Loznak. And he told me go and check it out. And I thought that's cute because I sometimes I get a little bit nostalgic, Krill.
CAROLE THERIAULT. No, I agree. I love— I'm thinking maybe your pick of the week, really, sorry Fabio, should have been Wayback Machine because I don't know if people know how wonderful Wayback Machine is. Remember, you'd be sitting there sometimes and trying to remember an exact article on a webpage, and of course the page no longer exists on their new, you know, revamped website. And you can go to Wayback Machine and find that exact article and page. It's so awesome.
GRAHAM CLULEY. This is great, Carole. Yeah, just usurp my pick of the week with your superior.
CAROLE THERIAULT. I didn't usurp, I just added some gravy.
GRAHAM CLULEY. No, you've come in and you've come in and you've said, that's all very well, Graham, but there's actually a better version of this. And you're right. That's why I'm annoyed. So I would now like to retract my pick of the week. And let's—
CAROLE THERIAULT. sorry, Fabio.
GRAHAM CLULEY. I'm sorry, Fabio. Ransomware.
CAROLE THERIAULT. Fabio's gone through— like, their country is going through hell right now.
GRAHAM CLULEY. So he might be very happy. We don't know his politics. Well, anyway, after my disastrous pick of the week, I'm going to ask Dan, what's your pick of the week?
DAN RAYWOOD. Yeah, I was actually going to pick up Infosecurity magazine on Wayback Machine, but, uh, yeah, I was listening. Um, my pick of the week, and it's not on your version either, but anyway, um, my pick of the week My pick of the week is a podcast. This is something I—
GRAHAM CLULEY. Whoa, whoa, whoa.
CAROLE THERIAULT. This better be— you better be thinking really carefully right now.
GRAHAM CLULEY. I think I know what his favorite podcast is, Carole Theriault. This is going to be slightly embarrassing, but I think— yeah, go ahead with it, Dan. We're ready. We're ready.
DAN RAYWOOD. It's called 9,000 Pages. It's the story of— no, it's— this is— I don't know where I first heard about this, but it's a podcast called Dead Rock Stars. And I loved this podcast. There's 23 episodes. They've just finished the first series. And it basically involves two music, mainly rock metal journalists called Mick Wall and Joel McIver. And they basically just talk about dead rock stars. Each episode's about one particular one. So the first one was on Lemmy. They did one on Lou Reed. They did one on Marc Bowdoin. They did one on Jimi Hendrix.
CAROLE THERIAULT. What do they just go in and go, "Hey, Jimi Hendrix, he died." That's the end of the episode.
GRAHAM CLULEY. I think the episodes last about an hour.
DAN RAYWOOD. Yeah. So heck of a conversation.
CAROLE THERIAULT. Talk really slowly.
DAN RAYWOOD. But a lot of them have interviewed these people. They've worked with them. They tell stories about what they were like and they discuss their legacy. I put another friend of a, maybe a friend of the show, Rik Ferguson, onto this. I said, Rik, you've got to listen to this podcast. It's really, really fun. And I know it's very simple. It's just two journalists sitting around. They've got a real thing for eating pork pies. So they eat pork pies and talk about rock legends.
CAROLE THERIAULT. Graham, Graham, no, we cannot, we cannot bring that on our show.
GRAHAM CLULEY. Okay, Graham, no, no, no eating during the show.
CAROLE THERIAULT. No.
DAN RAYWOOD. But anyway, I really liked it. It was, it's just finished the first series and yeah, that's why it's my pick of the week.
CAROLE THERIAULT. That's a very good pick of the week.
GRAHAM CLULEY. It would be a shame if a lot of famous rock stars had to die so that they could then do a third series of this, wouldn't it?
CAROLE THERIAULT. Isn't it?
GRAHAM CLULEY. Second or third series? Second series.
DAN RAYWOOD. Yeah.
GRAHAM CLULEY. Second series.
DAN RAYWOOD. They've done one series. Yeah.
CAROLE THERIAULT. They've only got 23 down. A lot of rock stars have died. Mm-hmm.
GRAHAM CLULEY. They'll have people like, oh, I'm trying to think. Do you remember all those rock stars who died when they were 27? Like Jim Morrison.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. And, uh, Hendrix, of course. Janis Joplin. Didn't Amy Winehouse, I know she's not really rock, but, uh, Kurt Cobain.
DAN RAYWOOD. Kurt Cobain was another one. Yeah.
CAROLE THERIAULT. Prince.
DAN RAYWOOD. I don't think he was 27.
GRAHAM CLULEY. I don't think he was 27.
DAN RAYWOOD. Do you know a story about the 27 Club?
GRAHAM CLULEY. Are you just naming dead people now to try and join in the conversation?
CAROLE THERIAULT. Yes, I tuned out for 30 seconds, then I was thinking of George Michael.
DAN RAYWOOD. He's not 27 either. I'll tell you a quick story about the 27 Club, actually. Jack White from the White Stripes, and then later in our solo career, he was in a car crash when he was heading into a car crash when he was 27. He was thinking, oh no, not me too. And he survived it, obviously. But yeah, that's a true story.
CAROLE THERIAULT. I don't know about this 27 Club. I don't know anything.
GRAHAM CLULEY. Oh, come on, Carole. For real, for real. Basically, lots of people choked on their own vomit or shot themselves when they were 27 years old. Famous.
CAROLE THERIAULT. What about, what was his name? Buddy Holly. He died in a plane crash.
GRAHAM CLULEY. He did. He was the Big Bopper.
DAN RAYWOOD. He was like 22. I think he was really young.
CAROLE THERIAULT. Yeah, he was young, young, wasn't he? Okay, so he's not part of the club either.
GRAHAM CLULEY. I don't know why there's such an obsession about 27, but obviously someone just connected the dots and therefore conspiracy.
CAROLE THERIAULT. You know, Graham, pretty soon you'll be able to go half my age is 27.
GRAHAM CLULEY. Would you stop releasing personal information regarding my age?
DAN RAYWOOD. Die twice. Hey, I've done two entries.
GRAHAM CLULEY. Carole, you've already had a pick of the week this week, so I'm not sure if we should give you a go. No, I've got a really good one. Okay, okay, okay. Go on then.
CAROLE THERIAULT. Okay, the world's a bit crazy right now, in my view, and it seems to me that more of us good people should do good things more often, right? And this is the lazy good person's way to feed the hungry and improve knowledge. Let me introduce you to freerice.com. Okay, go look, go look, go look, go.
GRAHAM CLULEY. freerice.com.
CAROLE THERIAULT. This is free rice.
GRAHAM CLULEY. Freeing Tim Rice from imprisonment if he's been done for tax fraud or something like that, right? This is something else. FreeRice.com. Okay, I'm here.
CAROLE THERIAULT. Okay, so this is a United Nations World Food Programme, and it combines education with fighting hunger. Get a wide range of subjects to test your knowledge, from maths, humanities, science, or even SAT prep. And for each correct answer, Free Rice donates 10 grains of rice to someone who needs it.
GRAHAM CLULEY. So what, it has like an online game? And if you—
CAROLE THERIAULT. Yeah, there's a number of different games, and you can go and take one. And it starts easy, and it gets harder and harder. And you collect rice in a bowl, and then that rice is donated across. Now they're working on the site. They're planning to revamp it because, Graham, you'll notice it's not— I don't think it's HTTPS either. And it's interesting because I was talking to my brother, my very cynical brother, before the show.
GRAHAM CLULEY. As opposed to the other brother.
CAROLE THERIAULT. He's also extremely cynical. And my brother's reaction was very different from mine. He just paused and he said, so they hold hungry people hostage until you learn something. Is that right?
GRAHAM CLULEY. That's what he said. We'd love to give you this rice, but unfortunately Carole hasn't answered this question on a webpage.
CAROLE THERIAULT. She's too stupid, so all you get is these 10 grains.
GRAHAM CLULEY. And there's a guy at the US Geological Service who hasn't visited the free rice website, but he's working his way through.
CAROLE THERIAULT. He's very busy.
GRAHAM CLULEY. He's very busy working his way through 9,000 other webpages first.
CAROLE THERIAULT. He's got a hand cramp at the moment, but he'll be back.
GRAHAM CLULEY. Oh goodness. So you answer— so I've got a question right here. So I've got the question which says, this vocabulary. It says forest means boat, cab, raisin, or woods.
CAROLE THERIAULT. Right, are you having trouble there?
GRAHAM CLULEY. I think I click on woods, right? So I'm going to click on that.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. And it says correct. Okay, so what have I done now? I've just donated 10 grains of rice.
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. But why is it doing this? Why? Is it crypto mining in the background or something? Why are they— well, why do they want me to be on this site doing this? This isn't useful, is it?
CAROLE THERIAULT. Well, I think it's actually a win-win. I think the way I looked at it was Hey, help educate the world with, you know, real facts. Like right now you're in the vocabulary section, but you could be in the math. That would be useful, right, Graham? The whole percentages thing. We can work on that together. And you'd be feeding some at the same time. So you don't feel like you're being too indulgent, just spending time learning. You're actually doing something good for the world.
GRAHAM CLULEY. Now I've just seen— so I was feeling a little bit cynical and thinking, how do they make money to pay for this rice? And I've got a little thing on the screen here which says, you may have an ad blocker or software enabled that is preventing us from displaying the sponsored ads that are paying for the great grains of rice that you are earning. And so they're encouraging me to disable my ad blocker, which I'm not really wanting to do. But that's okay. So that's how they're making their money then. Okay. As long as it's not crypto mining, unpleasant like that.
CAROLE THERIAULT. It's also the UN, right? They do get funding from a number of different countries around the world for exactly this purpose. In fact, I have a friend who works at the UN. I'm going to ask them about I'll report back to the show.
GRAHAM CLULEY. Whoa, hang on a minute. I'm on the about page and it says it's not the UN.
CAROLE THERIAULT. Oh, really?
GRAHAM CLULEY. They say they are a 100% nonprofit website that is owned by— oh, and supports the UN World Food— so is owned by the—
CAROLE THERIAULT. Don't think I don't do my research, Graham Cluley. I do my research.
GRAHAM CLULEY. It's a little embarrassing. I thought they were just saying that they were they were supporting them. Okay, I misread it. Oh dear.
DAN RAYWOOD. It's good. I'm enjoying it.
CAROLE THERIAULT. Okay, so Free Rice, check it out. It's fun. It's good. And hey, you know, if you're bored for 5 minutes, go give someone an appetizer of rice.
GRAHAM CLULEY. You've got some choices.
DAN RAYWOOD. Well, I'm not gonna say I've been bored for the last 5 minutes, but I'm up 280 grains while you two have been talking. You see?
CAROLE THERIAULT. You see? You've just given someone a meal.
DAN RAYWOOD. I'm lost though. Hyten means refrigerate, discontinue, nauseate, or intensify. I don't get that.
GRAHAM CLULEY. Intensify.
CAROLE THERIAULT. Intensify. Yes.
DAN RAYWOOD. Intensify. Do you think it's intensify? Can we get to 300 while we're live? Rejuvenate, restore.
GRAHAM CLULEY. Calls himself a journalist.
DAN RAYWOOD. 300 grains I'm giving out there. There we go.
GRAHAM CLULEY. On that bombshell, we've just about wrapped it up for this week. Dan, if anyone wants to follow you on the socials, where is the best place to do that?
DAN RAYWOOD. Yeah, just my name on Twitter, @DanRaywood. And yeah, just, just Google my name, I should come up pretty high.
CAROLE THERIAULT. He's that old, people.
DAN RAYWOOD. Yeah, just got my yells in early. Yeah.
GRAHAM CLULEY. You can also follow the podcast on Twitter @SmashingSecurity, no G. Twitter wouldn't allow us to have a G. And if you do that, occasionally we tweet out special coupons for our online stores so you can grab a mug, a t-shirt, or a sticker. Get those at smashingsecurity.com/store. We don't We don't get any money out of that. We just do it because we love you.
CAROLE THERIAULT. We love you.
GRAHAM CLULEY. Thanks for tuning in. If you like the show, rate it on Apple Podcasts. It helps new listeners discover the show.
CAROLE THERIAULT. It helps so much. It helps so, so much. So please do.
GRAHAM CLULEY. So until next time, cheerio, bye-bye. Bye.
DAN RAYWOOD. Bye-bye.
CAROLE THERIAULT. How was it for you, Dan?
DAN RAYWOOD. I couldn't get a word in half the time.
GRAHAM CLULEY. Sorry.
DAN RAYWOOD. I know it's your show, but I don't know if you want to cut out my various stumblings in, but it was good. It was— what you missed about 20 minutes in was my PC tried to reboot. What? Yeah, reboot came up. I'm like, oh, not now. I just deleted it. I just said, "Dove, come back in an hour." Who needs a security update, right? Yeah, damn right. I've got a VPN running. Are we not recording still?
GRAHAM CLULEY. Yeah, we are actually.
CAROLE THERIAULT. Outrageous.
-- TRANSCRIPT ENDS --