You won't believe who had to report themselves to the data protection agency for a breach, or who has been sharing doctored videos of political rivals, or how much money you can make selling a laptop infected with malware... and how Carole gets her diva on.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, who aren't joined by a guest this week.
Visit https://www.smashingsecurity.com/130 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Final chance to vote for Smashing Security!
- Apple Podcasts New & Noteworthy, What’s Hot Sections Are Back — Kate Erickson.
- When selling security awareness training by email, probably a good shout not to hit 'reply all' — The Register.
- Ghostery Email Incident Update — Ghostery.
- NHS IT bod sends test email to 850k users – and then responses are sent 'reply all' — The Register.
- Google mistakes the entire NHS for massive cyber-attacking botnet — The Register.
- UK NHS 850k Reply-all email fail: State health service blames Accenture — The Register.
- BCC warning when emailing to many TO/CC recipients — SafeSend.
- SendGuard for Outlook.
- Privacywaakhond AP blundert met cc-knop — Computable.
- Tweet by Jeroen Terstegge.
- Canada Plans Fines for Tech Companies That Spread Disinformation — Motherboard.
- #DeleteFacebook: Twitter Users Urge People To Deactivate Accounts After Fake Nancy Pelosi Video Goes Viral — Newsweek.
- Half of European voters may have viewed Russian-backed ‘fake news’ — Politico.
- Inside Facebook's war room: the battle to protect EU elections — The Guardian.
- The Nancy Pelosi Videos Are Part of a Long GOP Campaign — The Atlantic.
- Mona Lisa 'brought to life' with deepfake AI — BBC News.
- The Persistence Of Chaos — Guo O Dong.
- Samantha-Antoinette Smith.
- Samantha Antoinette - Don't You Know Baby - Copenhagen Blues Festival 2016 — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
ROBOT. Newsflash! Newsflash! Smashing Security has made it to the finals of the European Security Blogger Awards. If you can be arsed, please go to smashingsecurity.com/vote and vote for your favorite security podcast. Voting closes on the 31st of May, so don't delay or I'll electrocute your eardrums. That's smashingsecurity.com/vote. Now, on with the show. Smashing Security, Episode 130: Doxxed Videos, BCC Blunders, and a Diva, with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 130. My name is Graham Cluley.
CAROLE THERIAULT. God, 130 sounds amazing. I'm Carole Theriault.
GRAHAM CLULEY. Half past one. And we are joined By the illustrious, the amazing, the incredible, the extraordinary, no one. Absolutely no one. It's just you and me this week, Ro. Why is that?
CAROLE THERIAULT. Well, we've been travelling different places, different times. It's been a bit insane.
GRAHAM CLULEY. You've been to beautiful Denmark.
CAROLE THERIAULT. Yes, I'm talking about that later in my pick of the week.
GRAHAM CLULEY. Oh, are you? Okay. No spoilers now. I've been all the way down to Johannesburg. In South Africa.
CAROLE THERIAULT. Jo'ho.
GRAHAM CLULEY. Yep. I don't know if they say that, but yes, I've been down there. I gave a little talk, which went wonderfully.
CAROLE THERIAULT. Diplomatic immunity.
GRAHAM CLULEY. I met some Smashing Security listeners down there.
CAROLE THERIAULT. Did you know that? Why are you surprised?
GRAHAM CLULEY. It was always a pleasure. They came up, shook my hand. I gave them some stickers and bid them on their way.
CAROLE THERIAULT. Were you wearing a Smashing Security t-shirt with you?
GRAHAM CLULEY. I was not. No, no. They knew who I was because I was standing on a stage giving a talk and they came up afterwards. And obviously, You were sitting in a McDonald's. No, obviously during the talk, I plug the podcast. You know, I drop it into the conversation subtly, subliminally.
CAROLE THERIAULT. Any podcasters listening, this is what you need to do.
GRAHAM CLULEY. Well, I'll tell you something else you need to do. Word on the street has it that Apple has changed the way that Apple Podcasts and iTunes works.
CAROLE THERIAULT. In a better way?
GRAHAM CLULEY. Well, possibly better for us as podcast producers and indeed listeners as well, because for a couple of years, Apple's new and noteworthy section and what's hot Oh, it's been horrific. They haven't been updating. Their new and noteworthy was full of podcasts which haven't released a new episode for about 3 years.
CAROLE THERIAULT. It's driven me mad because I often use the native podcast app and I find it revolting. You know, you go in and you finally, and there's like 3 episodes for 2016.
GRAHAM CLULEY. Well, I'll put a link in the show notes, but there's a bunch of dudes who reckon that Apple has now updated this and it appears they have because I went on to iTunes in the UK. I went into the technology and tech news section and went to what's hot, and we're only in there.
CAROLE THERIAULT. Of course we are.
GRAHAM CLULEY. Which we haven't been before. Well, we haven't been there before because they never updated it.
CAROLE THERIAULT. We have been there before. Haven't we been there? We've been in their top 100 list a number of times.
GRAHAM CLULEY. Oh, piff-paff-poof. Carole, we've been in the top 10 of technology before, but this is in the what's hot section, so it's more exposure. Now, I've heard, and again, don't know if it's true because there's a lot of different people saying this, but according to this research, Apple have updated it. So they are finally, those two sections at least, basing it upon reviews and ratings which loyal listeners give to podcasts.
CAROLE THERIAULT. Ah, so now they're finally realizing that the work that people do by filling in review should mean something.
GRAHAM CLULEY. So this is our shout out to our faithful fan base that if you've ever thought about leaving us a review, on Apple Podcasts/itunes.
CAROLE THERIAULT. Now's the time.
GRAHAM CLULEY. Now's a perfect time, isn't it? Because it might actually mean something.
CAROLE THERIAULT. Look, you know what? Why don't you just put it on pause? You go do that and we'll wait for you.
GRAHAM CLULEY. Oh yeah, okay. We'll play some hold music.
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. Okay, everyone's back now, Carole. They've— I'm sure they've done that, right? So what's coming up on this week's show?
CAROLE THERIAULT. Coming up on this episode of Smashing Security, first off, we need to thank our sponsors, Recorded Future and LastPass. Their support helps us give you this show for free. Now, Graham, you were talking about a data breach. Let's see if you can make that interesting as well as informative.
GRAHAM CLULEY. I'll try.
CAROLE THERIAULT. And I'm gonna dive into the world of digital propaganda, AKA fake news, AKA—
GRAHAM CLULEY. Oh, get on with it for goodness' sake. Phishing.
CAROLE THERIAULT. Can we get on with the show? All this and a teeny weeny little bit more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, Kroll, have you ever been responsible for a data breach?
CAROLE THERIAULT. Well, I once almost replied all on a pretty unfortunate email, which I ended up unplugging the cable because it was pre-Wi-Fi days.
GRAHAM CLULEY. So as I remember, you were replying to an internal email, weren't you?
CAROLE THERIAULT. Yes, to a dickhead.
GRAHAM CLULEY. It wasn't so much as a data breach because all of those people knew each other's email addresses already. It was more of a career-limiting move which you made.
CAROLE THERIAULT. There wasn't for information inside the contents of the email that would have been shared with the entire company that would have been quite embarrassing to the dickhead.
GRAHAM CLULEY. Because you said someone's a bit of a knob.
CAROLE THERIAULT. So that's another way of putting the word. Yes.
GRAHAM CLULEY. The point is that a data breach doesn't have to involve a hack or an unsecured Amazon web bucket or anything like that. Any of us can accidentally cause a data breach with email if we're careless with our email.
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. It's easy to do. And it seems many companies keep on suffering from this kind of data breach. The most simple form might be something like sending an email to a large number of recipients and putting their email addresses in the CC field rather than the blind carbon copy field.
CAROLE THERIAULT. Yes, that happens a lot. I've seen that happen to basically even heads of IT.
GRAHAM CLULEY. Oh yeah, it can happen to anybody. It's very easy to do if you're not in the habit of And who is, quite frankly, who is properly in the habit of checking themselves when they send an email? 'Cause you send thousands of emails every day and you know, you're busy and you're not thinking about what field you're putting something into. And it's not just potentially a data privacy issue if lots of email addresses get leaked because they've been put in the CC field. It also could be a big problem if someone does a reply all to one of those monster threads. You know, the problem just gets bigger and bigger. It becomes an email bomb effectively. 'Cause people said, "Hey, you left out all our email addresses in the CC field." hit send, and that goes to everybody on the list again.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. And this has happened to some big companies, so including organizations you hope it wouldn't happen. Security training firm KnowBe4, for instance, they had one of these gaffes where they put people's email addresses in the CC field rather than the blind carbon copy.
CAROLE THERIAULT. Sorry, I won't say it. KnowBe4? Don't know.
GRAHAM CLULEY. Ad blocker Ghostery, they had a similar goof as well. And, uh, one of the real monsters was in November 2018 at the National Health Service, a test email was sent by accident to 850,000 NHS workers. That's all the ones who have an email account. And by the way, that's about 1% of the entire UK population. And of course, people started replying saying, hey, how can you do this?
CAROLE THERIAULT. Oh, dear Lord.
GRAHAM CLULEY. Now the newspapers got hold of this, of course, and they were reporting on it. And the NHS weren't able to email an official statement because their email had clogged up and turned to porridge. And so they were phoning people instead.
CAROLE THERIAULT. That's the problem when you're in a disaster, then the media come hounding you because they want a comment and you're in the muck, aren't you? You're in the soup.
GRAHAM CLULEY. Absolutely. We've been there before in the old days. We were often in the soup, weren't we? But so a subsequent investigation revealed that between 8:29 in the morning when the email was first sent and 9:45 Later that morning, so just an hour and a quarter later, half a billion emails crossed the NHS network. Normally, their normal traffic volume was around about 3 to 5 million emails per day. So it was a ginormous amount of email. The problem got so—
CAROLE THERIAULT. They had a nice spike.
GRAHAM CLULEY. Well, they weren't the only ones who noticed there could be a problem. The problem got so bad that Google actually blocked access to the entire NHS network, thinking that a botnet was at work because of this huge amount of traffic. Traffic which was occurring.
CAROLE THERIAULT. It's very dangerous, isn't it? I mean, it's the NHS. So they're blocking all traffic coming in. Like, hi, I'm having a heart attack. What do I do?
GRAHAM CLULEY. I don't know if people email in their heart attack problem. Maybe if 999's not working properly. Oh, you know, it doesn't matter. I'll send an email. You know, they're not answering at the moment. You know, they don't tend to do— I mean, interesting approach you have there. I need some advice. There's a man collapsed on the ground. I'm not sure if he's breathing or not. How do I use the defibrillator? Could you send me a link to the FAQ, please?
CAROLE THERIAULT. Sincerely, best Carole Theriault. Okay.
GRAHAM CLULEY. So there's this problem of email bombs, but there's also this problem of innocent people's email addresses leaking out because they've been put in the CC field. So it's all sort of— now, I was wondering, how on earth can we prevent this? And I think there's a number of possible solutions which I'd like us to talk through.
CAROLE THERIAULT. Did you put your thinking cap on, Mr. Wooley?
GRAHAM CLULEY. Well, my thinking cap sadly didn't fit very well. So I also asked on Twitter if anyone had any ideas as well. So we've got a combination of—
CAROLE THERIAULT. Crowdsourced again. Story.
GRAHAM CLULEY. So here's one of the ideas. One is that maybe you should always use the BCC field rather than the To field. So maybe every email should be a BCC.
CAROLE THERIAULT. I don't like that.
GRAHAM CLULEY. Well, yeah, I think it's flawed as well.
CAROLE THERIAULT. Okay. Do you want to go first? You can look smart.
GRAHAM CLULEY. No, you tell me what you think is wrong with it.
CAROLE THERIAULT. I just think, I think if someone's sending me an email and they have BCC'd someone, I, if I find out about that, I think it, I don't like it.
GRAHAM CLULEY. I don't like it.
CAROLE THERIAULT. I really hate it. I think it's tantamount to filming someone without their permission.
GRAHAM CLULEY. In 2018, a study was conducted. See, I did my research. It revealed that people considered BCCing a supervisor or a boss, it basically eroded trust.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Okay. It was seen as less moral, more secretive, and more intimidating than CCing the boss. So if you did it sneakily, and I know as you know, on occasions I have been a boss, that if someone BCCs—
CAROLE THERIAULT. A very, very good one, may I tell all the listeners. I remember hearing from your wonderful lucky employees.
GRAHAM CLULEY. But if someone were to BCC me, I would think, oh, I know, that's interesting that they've copied me on this. I might actually have a dim view of the person who BCC'd me as well.
CAROLE THERIAULT. But after you've read it and figured out there's nothing juicy.
GRAHAM CLULEY. Yeah, yeah, exactly. And also, there might be times when you do need to include others in the conversation, right? When it's a group discussion, you don't want everyone to be BCC'd because sometimes you do want people to reply to the group.
CAROLE THERIAULT. Yeah, I would say most company or corporate emails that certainly in my day, I would say at least 60, 70% involved more than two people. That wasn't always necessary.
GRAHAM CLULEY. No.
CAROLE THERIAULT. But they did. I was often CC'd in.
GRAHAM CLULEY. So always using BCC rather than to sounds like it might work until you think about it for 10 seconds and then you realise not really great answer.
CAROLE THERIAULT. It took me 2 seconds, but yeah.
GRAHAM CLULEY. So another possible solution. Some email clients hide the BCC option. Right? You have to press a button to display it.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Maybe BCC should be visible by default and you have to press a button to access the CC one. So it's more sort of conscious, oh, I need to CC these people. Would that make it less likely that you would accidentally leak people's email addresses?
CAROLE THERIAULT. Nah.
GRAHAM CLULEY. You don't think?
CAROLE THERIAULT. It just brings it back in the same problem, right? Because you have to kind of go CC. I mean, you're saying people have to think about clicking CC. Who doesn't know that CC copies everybody? Well. Who, who? Like it's 20, it's almost 2020. Come on.
GRAHAM CLULEY. Well, people are just on autopilot. Yeah, the thing is that it's the exception. It's not the norm to BCC, is it? But on particular occasions, it's really, really important that you do BCC rather than the thing you do 95% of the time.
CAROLE THERIAULT. To BCC or CC?
GRAHAM CLULEY. Is that Shakespeare?
CAROLE THERIAULT. Yeah, Shakespeare. Shakespeare.
GRAHAM CLULEY. Shakespeare. So, all right, another solution. Why doesn't your email client or something on the email server spot that an unusually high number of people have been CC'd, maybe, I don't know, 50 or something, anything more than 50, and prevent the email from being sent until—
CAROLE THERIAULT. There are systems that do that because I know, because I have tried to spam journalists before in my PR days.
GRAHAM CLULEY. Oh, okay.
CAROLE THERIAULT. And it can stop it. So yeah, there's like a block saying, oh, there's more than 50 people here. Are you out of your mind?
GRAHAM CLULEY. Now, do you remember what email system that was? Because I was asking on Twitter and no one could come up with one.
CAROLE THERIAULT. I actually, I don't even remember exactly when it was, but I have a feeling I was still working for a corporation at the time. So I think the company, the IT admin probably put a limit into the number of recipients that could receive the email.
GRAHAM CLULEY. Well, I want to know if anyone has managed other than Carole's IT department to successfully set this up. Because most of the people I was asking on Twitter said, you know, this is really how we should do it.
CAROLE THERIAULT. Doesn't Google do it? Google Mail does it.
GRAHAM CLULEY. Yeah, but that's not— Yeah, but don't you want a solution which works with the most popular email clients rather than—
CAROLE THERIAULT. Oh yeah, Gmail. You're right. No one knows about that one.
GRAHAM CLULEY. No, no, no. But in the business situation.
CAROLE THERIAULT. Yeah, of course. You're right. No, no, no one uses Gmail in the business situation, right guys? Nobody.
GRAHAM CLULEY. Oh, for goodness sake. Some people do, but they're also using an actual piece of software on the computer and Gmail isn't a piece of software on your computer. You've got a different client there, haven't you?
CAROLE THERIAULT. Yeah, it's 2003 everyone. We've done, we've warped back.
GRAHAM CLULEY. Anyway, I think you're probably right, right? So probably Google Apps for Business, right? The business version of Gmail. Google Gmail, probably has administrator options, I would imagine, to bounce back and put rules in place to look for too many safe sends.
CAROLE THERIAULT. It also doesn't love spammers using it as a platform, right? Right.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. So they have an interest in that.
GRAHAM CLULEY. I was also contacted by a fellow called Extra Coconut.
CAROLE THERIAULT. I would trust him now. I trust him 100%.
GRAHAM CLULEY. It's a bit of a novelty, isn't it, having an extra coconut? He was on Twitter. He pointed me to a Norwegian company called SafeSend. Who seemed to have some kind of plugin or something which works with Office 365 and Outlook, which again warns you if you're CCing too many people.
CAROLE THERIAULT. Allegedly.
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. I have not done any research yet.
GRAHAM CLULEY. He says he is, he says he doesn't work for them either, but it's maybe one to check out. I'll put a link in the show notes. Now there's another issue as well, which was with this whole CC and BCC thing, which is if there's a message sent to people and CC to others, and then you are secretly BCCed, there's a danger that if you hit reply all, if you are the person BCC'd, that lets everyone else in on the fact that you were BCC'd, doesn't it?
CAROLE THERIAULT. Oh, totally.
GRAHAM CLULEY. Totally.
CAROLE THERIAULT. That's happened to me many times that I've been BCC'd on an email because you know how, you know—
GRAHAM CLULEY. How come you get BCC'd on all these juicy emails all the time?
CAROLE THERIAULT. Because I was a boss for a long time and that's the way you communicate boss to boss.
GRAHAM CLULEY. Oh, I see. All right. Very important person.
CAROLE THERIAULT. This is the old days. I'll write a book one day.
GRAHAM CLULEY. So there's obviously issues. It's a flipping minefield is my TL;DR on all of this.
CAROLE THERIAULT. Oh, look at you using the acronyms. Thank you.
GRAHAM CLULEY. Well, I learned it last week. Yes, that's right. Shaking my head, Sydney Morning Herald. So, I mean, another solution might be for those sort of communications where you're communicating externally and it's really important you don't leak those email addresses, you could use mailing list software. That could be a way to do it. And then everyone gets an individual email. There's no, rather than pasting in people's addresses, just prone to disaster. Now then, all of this was brought to my mind because last Friday, the Dutch Data Protection Authority— The Dutch again? Yes. Let's not, don't worry about that. I know it's the Dutch again. They sent out an email campaign to raise awareness of the importance of GDPR.
CAROLE THERIAULT. You see, I love the Dutch.
GRAHAM CLULEY. The email subject line was, 'What does the Privacy Act mean to you?' Okay. Now you can probably guess what happened.
CAROLE THERIAULT. A big hitter. Big hitter. Went viral. No. Well, they didn't attach anything.
GRAHAM CLULEY. There wasn't a malicious link. A spokesperson at the Data Protection Authority, he of course put 38 addresses of journalists, editors, and such like in the CC field rather than the BCC. So easy. So easy. Any of us can do it. Even the Data Protection Authority.
CAROLE THERIAULT. Literally the worst people you could CC in the entire world.
GRAHAM CLULEY. Entire world. So the Data Protection Authority basically told journalists, we've been careless with your data. And these smart aleck journalists had a great response, which was, if any other company which might have done this would have to report itself to you.
CAROLE THERIAULT. So they reported themselves.
GRAHAM CLULEY. And so the Data Protection Authority said, well, you know, we have a very strict procedure for security incidents and it's gone up through the process. Exactly. You know, it goes to the department head and security officer, data protection officer. We're going to assess whether a data breach has occurred and whether it needs to be reported. And so on Monday at noon, the Dutch Data Protection Authority reported its own privacy snafu to itself. Beautiful. Isn't that wonderful? It's beautiful. And you know what?
CAROLE THERIAULT. Good for them for doing it, not burying it, because that has to be embarrassing, right?
GRAHAM CLULEY. Well, a little bit. At least they did it.
CAROLE THERIAULT. You know, at least they braved the consequences.
GRAHAM CLULEY. You're praising their transparency, are you? Yeah. They've been a little bit too transparent with those email addresses, haven't they? But there is another slight niggle, slight wrinkle, which is that under the data protection laws, you have to notify the data protection authority within 72 hours. I say, how do I remember that? They took about 75 hours.
CAROLE THERIAULT. And of course, every single journalist who was CC'd on the list Plus their names. They've got the signs to point it out. Yeah. Okay, I don't know. I think this is a bit of a storm in a teacup. Well— I mean, they've done the right thing. Well done. But anyway, just listen to my story and then we can talk.
GRAHAM CLULEY. What they've done is wonderful because they've raised awareness of the issue. And what a creative, wonderful way to do it.
CAROLE THERIAULT. Exactly. You couldn't pay for that kind of advertising. All those journos talking about GDPR.
GRAHAM CLULEY. Crow, what's your story for us this week?
CAROLE THERIAULT. Well, Graham, I gotta tell you, I'm a little depressed. What are you depressed about? Uh, EU politics, anyone? Europe? Yeah, so the populist, the right-wing nationalist, it seems topped the polls not only in France and Italy but also in the UK. So what a team— Le Pen, Salvini, and Farage. Did you know a fifth of the UK vote went to that turkey Farage? While the other candidates like Lib Dems, the Greens, Labour, Conservatives all fought between themselves. It's like the old war adage of divide and conquer still works a treat. Yeah. And let's face it, this divide and conquer rule could be a concern in the US 2020 elections too.
GRAHAM CLULEY. Oh, I think you'll find the States is very united. They're not split at all.
CAROLE THERIAULT. I would say that fake news played quite a shitty role in the Brexit and in the previous US election cycle. And it seems it reared its head up during the EU election campaign too. Quelle surprise. According to an analysis reviewed by Politico, more than half of Europeans may have seen some form of disinformation promoted by Russian actors on social networks, all ahead of the EU parliamentary election.
GRAHAM CLULEY. Oh, so this isn't the American 2016 election. This is the elections that we've just had in the last few weeks. Yeah. What was that percentage of people who saw that stuff?
CAROLE THERIAULT. More than half. So if you think 170 million voters, plus their kids who live in Europe, right? Yeah. That's significant. Now, don't worry though, 'cause Facebook, who have learned their lesson through the last year, the quagmire of crap they've been swimming through.
GRAHAM CLULEY. There was no fake news there at all, right?
CAROLE THERIAULT. No, they were totally at the ready. So the social media giant had about 40 people that they hired hunched over their screens around the clock monitoring the shifting pace of online conversation, looking for signs of things like manipulation or fake news or hate speech. This is all reported by The Guardian. Well, I say, Facebook, 40 people around the clock, are you pushing the boat out? I mean, this is a generous effort and it will certainly tackle disinformation in the important EU elections, don't you think? It only impacted 170 million voters.
GRAHAM CLULEY. It probably cost them quite a lot of money because they wouldn't have wanted to outsource it to Ukraine or somewhere.
CAROLE THERIAULT. Well, they had to cover all the, all the, all the languages, of course. Right. So that would have added to their big ticket. I mean, and, you know, they're not as loaded as they were. This is from a company whose quarterly revenue from January to March this year was only $15 billion. And Zuck himself said in the report, we had a good quarter and our business and community continues to grow. So he's obviously feeling the pinch a bit. Didn't feel that they should devote more efforts to trying to circumvent that kind of nastiness, especially after Brexit and the American 2016 elections.
GRAHAM CLULEY. You sound a little bit bitter, Carole, about Facebook. I'm just a bit depressed.
CAROLE THERIAULT. And this is all not to mention Zuck then pulling the feeling cute, may not attend the international hearing in Canada's House of Commons. I don't know. So yeah, there's that.
GRAHAM CLULEY. Oh, yes, because the Canadian politicians, rather like the British ones, they asked him to show up, didn't they, and answer a few questions, and he won't do it.
CAROLE THERIAULT. Not just them. They had a few, they had a few other countries represented as well. It was an international consortium that wanted to chat with them. It just happened to be in Canada, which is quite close for Mr. Zuckerberg to fly over. Not a big deal. Anywho, there's all this. So I thought, let's talk fake news, right?
GRAHAM CLULEY. Okay, go on then.
CAROLE THERIAULT. As we're talking about all things political and what with the EU elections, um, why don't we focus on the Nancy Pelosi video scandal?
GRAHAM CLULEY. Have you been following that? So she is, she's the head of— she's the U.S.
CAROLE THERIAULT. Speaker of the Right. Nancy Pelosi.
GRAHAM CLULEY. Yes. She's quite high up, isn't she? She's quite high up. I mean, she's very high up.
CAROLE THERIAULT. She's a thorn in the side of Mr. Orange.
GRAHAM CLULEY. Or sorry, Mr. Trump. Who would want to be a thorn stuck into his brain?
CAROLE THERIAULT. Every rose has— Yeah. And there's been a bit of a digital blame game going on with regards to this video. And I thought we could look at the responses from the three big boys. YouTube, Twitter, and Facebook and chat about them. You know, it's just the two of us.
GRAHAM CLULEY. So what video is this? What happened with the video?
CAROLE THERIAULT. Okay, so on May 23rd, Trump lawyer Rudy Giuliani tweeted a video of Pelosi. Yes, that was slowed down to 75% of the original speed, and this made her speech sound slurred. And his tweet was, "What's wrong with Nancy Pelosi?
GRAHAM CLULEY. Her speech is bizarre." Now, I've actually done this before. I've taken our podcast before. I can't remember why. I think I was quite about if you listen to a podcast at about 75% of normal speed, the people do kind of—
CAROLE THERIAULT. I mean, I sound like that normally.
GRAHAM CLULEY. But people do sound rather wasted. Yeah.
CAROLE THERIAULT. So he did delete the tweet, right? But only after it had been viewed by millions of people, right?
GRAHAM CLULEY. Okay, so he assumed it was genuine. He hadn't created the video. Okay, I want to stop here.
CAROLE THERIAULT. Do you think he knew the video was doctored or not? You think he just saw it quickly or he thought some, one of his aides said retweet this or they did it on his behalf?
GRAHAM CLULEY. He just probably thought it was juicy. I mean, it's not like he's a cybersecurity expert. Oh yes, he is supposedly. But you know, it's not like, you know, he might assume it was genuine. I don't know. I smell a fish. Okay.
CAROLE THERIAULT. I smell a fish. I just think maybe, you know, they're viral experts, these dudes, right? So they put it out there. They waited until it got, you know, people realized how juicy it was and the fact that he'd shared it. Obviously copied the video.
GRAHAM CLULEY. And then he took it off going, 'Oh, sorry, sorry, sorry.' And it's very damaging. I mean, even if it was later withdrawn, because once people have seen it, and it makes it juicy.
CAROLE THERIAULT. We know this from our, you know, from our PR days of yore, right?
GRAHAM CLULEY. Wasn't there this thing during the election where Hillary was meant to have some kind of health problem, or she was caught on video doing some kind of like weird kind of—
CAROLE THERIAULT. Yeah, she had a cold or something. And they totally exaggerated like she was. Yeah, right. Right. Anyway, back to the video scandal. Okay, so the story gets better. The story gets better. A few hours later, Fox Business plays a doctored video. Okay, now I don't know if Fox Business knew it was doctored, but doctored video of Nancy Pelosi exaggerating a minor stammer to a major stumble, and it was edited in a way that muddled and repeated her words, making her appear confused, and some people even say ill. What happens? Only the press. Mr. Trump himself retweets it with the heading, Pelosi stammers through the conference. Oh boy. So we have two videos that have been seen by millions that show doctored, unflattering footage of the US Speaker of the House, Nancy Pelosi, in an effort to make her look— some people said drunk, some people said dumb, unfit for the job. This basically seems to be the conclusion. And they were retweeted by the pres and his own lawyer. Now, just a quick aside, and you know this, but just for those that don't know, because we have an international audience, Pelosi and Trump are not mega friends, right? They're not hanging out on Friday and having smoothies or milkshakes together. Are you sure about that? Currently, currently, right now at the time of recording, they're both swiping at each other's mental fitness. She's a mess, says Trump recently. And she's like, I pray for the president of the United States after a Trumpian temper tantrum.
GRAHAM CLULEY. So it's not Donald and Nancy sitting in a tree, kissing. Yeah. Trump-Pelosi forever.
CAROLE THERIAULT. No, I don't think that's happening. OK. OK. But the whole point here is the videos are doctored, they're getting millions of views. Everyone seems to know they're doctored. And we all know they're doctored without Pelosi as the main star of the shows. We don't have her thumbs up. We all seem to know that. And so my question is, what do the three giants do, right? There's YouTube, Facebook, and Twitter. Okay. So Google, who owns YouTube, removed the video from its platform pretty darn quickly, determining that the, you know, the alteration went too far, that, you know, the the massaging of the truth was too far. Facebook reluctantly started limiting the video's distribution, but declined to remove it.
GRAHAM CLULEY. So what do you mean limiting its distribution?
CAROLE THERIAULT. Well, let me just do this quote and then we'll talk about that. So we want to help people stay informed without stifling productive public discourse. There is also a fine line between false news and satire or opinion. And for these reasons, we don't remove false news from Facebook, but instead significantly reduce its distribution by showing it lower in the news feed. So nice, interesting way around this, because obviously they want to avoid the quagmire that is free speech. Anyone can put out what they want.
GRAHAM CLULEY. And if I was to be devil's advocate—
CAROLE THERIAULT. Oh, you've never played that role before. Good luck.
GRAHAM CLULEY. You could argue, right? I imagine people could argue. You could say, well, it's good for people to see this video because then you see the dirty tricks which are being played and you might want to investigate who made that video and why. Whereas if it's not distributed and no one else sees it other than the people who initially fell for it, but Facebook, what are you playing at? Hasn't Facebook been in enough of a mess regarding this kind of stuff?
CAROLE THERIAULT. We haven't talked about Twitter yet. Okay.
GRAHAM CLULEY. Oh, go on. Oh, well, Twitter are always great about Trumpy, aren't they? On Twitter.
CAROLE THERIAULT. The hashtag #deletefacebook was the top trending topic nationwide, so US-wide on Saturday. Really? Yeah. And weird, because you can still see the video on Twitter on the president's feed. And what's Twitter to do? Right? So they can't delete it from his feed. They've never done that before.
GRAHAM CLULEY. Well, they don't like to reprimand him on his Twitter feed.
CAROLE THERIAULT. Well, have they ever?
GRAHAM CLULEY. No, exactly. Because he is Basically, they're different. Other than that time they accidentally turned off his account.
CAROLE THERIAULT. Yeah, exactly. And they're not going to convince him to delete it. What, he's going to admit to screwing up? Give me a break.
GRAHAM CLULEY. But even if he has chosen to now delete it because it's, you know, basically— But he hasn't deleted it. Is it still there?
CAROLE THERIAULT. Yeah, go look.
GRAHAM CLULEY. Here we are. Stammers. Is it the stammering one?
CAROLE THERIAULT. Yeah, it's the one he did. Oh, yes. There. See? Still there. Because he's not going to delete it. It. So it's just the irony of there being this huge backlash on Twitter for telling people to delete Facebook because Facebook wasn't doing enough about this video. Meanwhile, you can find it easy peasy lemon squeezy on Twitter. So interesting. Now, how do we combat fake news? This is the important thing, right?
GRAHAM CLULEY. Oh, okay, yeah, let's do it. You got the answer.
CAROLE THERIAULT. Let's go to the government. Government. So I thought, what is the UK government talking about? Like, do they have anything on this? And they do. They even have an acronym, the S-H-A-R-E checklist. Or—
GRAHAM CLULEY. can you say that again?
CAROLE THERIAULT. Yeah, share. Do you know this?
GRAHAM CLULEY. The Share Initiative.
CAROLE THERIAULT. Okay, so before—
GRAHAM CLULEY. are they planning to turn back time?
CAROLE THERIAULT. If I could find a way—
GRAHAM CLULEY. I could totally do share.
CAROLE THERIAULT. Um, right, okay, so let's go through this. I want you to be devil's advocate here, okay? The devil's advocate. Okay, before you like, comment, or share online, says the page, use the share checklist to make sure you're not contributing to the spread of harmful content. Number 1, S stands for source. Make sure the story is written by a source you trust with a reputation for accuracy.
GRAHAM CLULEY. Okay, that's fair. Donald Trump has tweeted it. I trust it. Yeah, I'm gonna— United States, why wouldn't I trust him?
CAROLE THERIAULT. Why would I trust him? Okay. Carry on. H for headline. Always read beyond the headline. If it sounds unbelievable, it very well might be. Okay, well, thanks, thanks guys. Yeah, okay. But yeah, basically don't just read the headline, don't just read the blurb, read that, read the content, because, you know, we all know about clickjacking on this show.
GRAHAM CLULEY. Yeah, people retweet stuff without actually reading it. They might just like the tweet and not look at what that says on the link.
CAROLE THERIAULT. Okay, you know what, that would be a good feature from Facebook and all these others, that they'd say the person never actually looked at the link. So it's being sent to you, but they never read it, just FYI.
GRAHAM CLULEY. Yeah, wouldn't that be good? Yeah, they'd never do it. I know, but that'd be good.
CAROLE THERIAULT. Me too. Um, okay, A for analyze. Make sure you check the facts. Okay, so you're— you're— how many— how many links do you look at a day? I don't know, I probably look about 500, 1,000. I do check the facts actually, because I have to when I do my work. But professional. Yeah, but if I'm— if I'm just scooching it for my own sake and sending you a link to say, hey, here's this cool chess story because I think you like chess and I don't really want to actually say, hi, how are you? So I just forward you that and then you think, oh, she's thinking of me. That's nice. Right? Right. Right. So that's the problem. Okay. Now, R for retouched. Checked whether the image looked like it has been or could have been manipulated.
GRAHAM CLULEY. How are we going to do that? Exactly.
CAROLE THERIAULT. Like, I don't know. Sometimes they are authentic, but they have been taken out of context. Well, that puts a lot of responsibility on me, I think. I'm not like a Photoshop expert.
GRAHAM CLULEY. I can't tell. Exactly.
CAROLE THERIAULT. And E for error. Many false news stories have phony or lookalike URLs. Look for misspellings, bad grammar, and awkward layouts. Okay, we say that too.
GRAHAM CLULEY. I think some of the letters of that acronym were rather crowbarred in, to be honest.
CAROLE THERIAULT. Right? And you know what? I hate to end on a big FUD, you know, fear and doubt and all this, but just wait for the deepfakes, kids. Just wait for them. That's going to be great fun. Then we'll be able to trust everything.
GRAHAM CLULEY. And that's just a joke. Did you see the thing the other day where they took the picture of the Mona Lisa and they were able to get it to sort of talk and move and things like that?
CAROLE THERIAULT. No. Is that your pick of the week? It should be your pick of the week. Okay, well, too bad, because it sounds good. Do you want a handbook full of practical steps for applying threat intelligence in any organization? Of course you do. Of course you do. Well, have I got a giveaway for you. It's a handbook full of practical steps about how you should apply threat intelligence in your organization. It is called the Threat Intelligence Handbook. Handy, right? And it's available from Recorded Future. Do you want a copy? You can have one for free. Go to smashingsecurity.com/intelligence to get your own free copy.
GRAHAM CLULEY. It's good stuff. You know, it's over, it's like 100 pages. It's a good little handbook. Go and grab it.
CAROLE THERIAULT. We don't even, we don't even need you.
GRAHAM CLULEY. Don't need me. Oh, I just want to ensure if you want me or not. Okay, fine.
CAROLE THERIAULT. No.
GRAHAM CLULEY. So security breaches are happening all the time and there's often a common denominator, sloppy password practices. Enterprises which want to be effective about securing themselves need password management in place that can help them ensure that passwords are properly protecting their accounts. What better product can you grab grab than LastPass, the Enterprise Edition. Go to lastpass.com/smashing, and thanks very much to LastPass for sponsoring the show.
CAROLE THERIAULT. Yeah, you might want to do yours one more time. You sound a bit drunk.
GRAHAM CLULEY. And welcome back. Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week. Just felt alone there.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like. Doesn't have to be security related necessarily. Definitely shouldn't be. Doesn't have to be necessarily. Oh God, you're getting—
CAROLE THERIAULT. it just shouldn't be. Talk security the whole time.
GRAHAM CLULEY. Well, we've always said it doesn't have to be. And mine this week is slightly security related necessarily. Literally. And I think— Oh, I see. Yes. And so I want to talk to you about modern art and a piece of work put together by an internet artist called Guo O'Dong, who has— Okay, you're going to have to spell that out for me if I'm going there. G-U-O and then the letter O, Dong. I think O'Dong doesn't mean he's Irish. I think it's just his middle initial is O. Anyway, I'll put the links in the show notes for you, Carole Theriault, so you can check him out. He has created a website called thepersistencofchaos.com.
CAROLE THERIAULT. The persistence of chaos. This sounds a bit deep for you.
GRAHAM CLULEY. Oh, you'd be surprised how deep I am because he has been auctioning off his latest piece of art, which is a collaboration between himself and a cybersecurity company called Deep Instinct. And it is a laptop computer. And the laptop computer has on it half a pieces of malware, and he's been selling this as art, right?
CAROLE THERIAULT. Okay, which pieces of malware? Half a dozen. So he has 6 pieces of malware on the system. Okay, what are they?
GRAHAM CLULEY. Would you like to know what they are? Yes. I Love You, also known as the Love Bug.
CAROLE THERIAULT. Ah, we know about that one.
GRAHAM CLULEY. Yeah. My Doom, which spread— yeah. SoBig, another emailware worm.
CAROLE THERIAULT. They're all from the same— okay, so he's old like us. Oh, hang on.
GRAHAM CLULEY. WannaCry, which hit the NHS a couple of years ago. That's true. Yeah. Dark Tequila, which hit Latin America and was stealing bank credentials and things like that. I don't know that one. And Black Energy, which hit Ukraine and caused a big cyberattack over there and caused some problems. Is this legal? Well, it is legal because selling malware isn't a crime. You think that's cool?
CAROLE THERIAULT. This is your pick.
GRAHAM CLULEY. No, no, no, no. Selling malware is not cool. I'm not saying it's cool. Fool by any means.
CAROLE THERIAULT. He's a gun for hire, people.
GRAHAM CLULEY. But there's no law being broken.
CAROLE THERIAULT. Computer crimes committed if you make— He's spreading malware.
GRAHAM CLULEY. Well, is he? Not really. No, no, no, no. By the letter of the law, he's selling malware.
CAROLE THERIAULT. It's even worse.
GRAHAM CLULEY. No, no, no, no, no. You're wrong. You're wrong. Computer crimes committed when there's unauthorized access to a computer or an unauthorized change. Anyone buying this computer knows what they're getting and they've chosen to get it. And this computer is air-gapped, so they're not suggesting plug it into your network or shove a floppy disk in or a USB stick or anything like that.
CAROLE THERIAULT. Every computer is air-gapped until you connect it.
GRAHAM CLULEY. Yes, I know, but this particular one, right? So it's your choice. If you want malware on your network, Kryll, you are allowed to put malware on your network. There's nothing criminal about it. You know what?
CAROLE THERIAULT. Sorry, controversial on two counts. One, you have a security pick of the week during a very clearly defined non-security pick of the week. That I've mentioned 430 times, or as long as we've done Pick of the Week. And two, I don't think this is very cool.
GRAHAM CLULEY. Well, I don't think it's very cool either, because— and I said that to a journalist who got in touch with me. A journalist contacted me, sent me an email, said, you know, I was wondering if there's any need to quarantine the laptop. And I said, well, you know, probably yes, you shouldn't connect it to anything. But he said—
CAROLE THERIAULT. but WannaCry did a fuckload of damage.
GRAHAM CLULEY. Yes, he said to me— I'm gonna quote the journalist, right? He said, could the new owner of this laptop start a series of events that leads to the new "Is there a risk of nuclear destruction of the planet?" is basically what I'm asking. Then he put in brackets. Theoretically. Then he put in brackets, "Hopefully not." So I said, "Well, no, not really." I said, "I think—" You can say, "Were I asked to speculate on this issue?" Well, I said, "Look, all of these pieces of malware, they've been detected by antivirus programs for years." And all of them already readily available on the internet if you know where to look. And he said to me, "Does this seem legit to you?" Because, oh, I haven't told you how much this is sold for, Carole. How much money have I? $1.3 million. Oh, fuck off. Fuck off.
CAROLE THERIAULT. Stupid, stupid, stupid. And I'm an artist saying that. I don't like this.
GRAHAM CLULEY. I agree with you. I think it's absurd. I think it's nonsensical. I don't believe that it really has sold for that much money. I don't believe that anyone—
CAROLE THERIAULT. Someone could get a sample of those fricking viruses for like Fiverr.
GRAHAM CLULEY. We could go to our mate Vanja, couldn't we? If we wanted, we'd say, here.
CAROLE THERIAULT. We should start selling them. We could. Make some money on the side. No, I'm just kidding, sponsors. Just kidding. Yeah.
GRAHAM CLULEY. So I find it hard to believe anyone would pay so much money for something that could so easily be created by someone who isn't an internet artist. Can I just say, my pick of the week is something you should pay for. Well, all right. Tell you what. So I think actually I'm gonna make this my unpick of the week. Good. I agree. Because I think it's a load of nonsense as a story and a stupid, stupid thing.
CAROLE THERIAULT. I was a little nervous that you thought this was cool at the beginning. I was like, seriously? You know me. No, well, I didn't. I don't. And then, but, but I'm, I'm, yeah, I'm surprised.
GRAHAM CLULEY. Let's hear a proper pick of the week.
CAROLE THERIAULT. Right, so last week, the hubs and I, we went off to Copenhagen in Denmark for a little R&R&R. What are all of those Rs?
GRAHAM CLULEY. That's 3 Rs.
CAROLE THERIAULT. What are those Rs? Rest, recreation, and bromance. And as a little coinkydinky, We met up with a friend of Smashing Security show you know very well, Mr. Vanja Svajcer. Van the man. Yeah, well, we met up and the three of us had a blast, and we were deciding what to do because we weren't ready to, you know, close off the evening, and we decided to go to a smoky blues club in the middle of Copenhagen because why not? And it was totally my idea, but they were all in. I mean, Van's a mean guitar player, right? And my other half loves Thom Waits, so an easy out. So we get to this club and it's totally packed. My husband's like, is it worth it when we have to pay the price to get in? He's like, you tell me. But wherever, throw the cash down and the band's tuning up and they sound good, you know, and they look fun and I'm excited. And out comes who I then learned, because I— we didn't plan it, I didn't know who was singing— Samantha Antoinette Smith. And she's from London and she totally owned that stage from the first second. Samantha Antoinette Smith. Yes, I will have links in the show notes. You guys can check her out. But she belted out a few songs, and I was like, wow. And I thought, she has to be my pick. Okay, but Clint, yeah, we didn't have a guest this week.
GRAHAM CLULEY. No, sadly we weren't able to arrange one.
CAROLE THERIAULT. So I thought, you know, why don't I just ask her and see if she wants to be interviewed for the show? Because that'd be cool. So I went up and I asked her, and she said something like, of course, darling. So I called her up and we had a little interview, and she even sings for us. Yes, she does. So you want to hear?
GRAHAM CLULEY. Oh yeah, go on then.
CAROLE THERIAULT. Yeah, check it out. Sam, it's amazing of you to join me today. So tell me, how does a blues singer from London end up in a cool, smoky club in Copenhagen? Hey, Carole.
GRAHAM CLULEY. So I We ended up being in Copenhagen in 2014. I was doing an opera show at the Royal Danish Opera House called Porgy and Bess, and then I went to a jazz bar to watch a jazz band. When I got to the jazz club, they were playing, they're like New Orleans kind of jazz and stuff, and I just absolutely loved it. I just kind of like joined in, and then during the interval The band leader said to me, "Would you like to come up on stage and sing?" So I went up on stage and sang, and the rest is history, I guess, as they say. Great harmonica player Peter Nand, he saw, or he heard me singing, and just out of the blue, I just received an email saying, "Hey, I saw you a few months ago. You were brilliant. Would you be interested in coming over to do some blues gigs with me? I can get you a band. And so that's how I ended up being in Copenhagen doing a blue, you know, being involved with the blues.
CAROLE THERIAULT. Now, I, I'm a big blues fan, and I want to know, who are your two top influences or favorites?
GRAHAM CLULEY. Do you know who I love listening to? Oh my goodness me, I love listening to Coco Taylor.
CAROLE THERIAULT. I immediately started to listen to her song.
GRAHAM CLULEY. So yeah, I really, I really like Coco Taylor. And then there's a couple of songs that I do, Etta James. There's a couple of songs that I do by Etta James, so I like, I like her.
CAROLE THERIAULT. Very cool. Now, the one thing, you have an incredibly amazing stage presence, like it was just formidable and fantastic. Everybody has those moments in life when you're like caught in the spotlight, right? From doing a wedding speech or presentation or performance or whatever. What would be your one tip owning the stage as you do?
GRAHAM CLULEY. Okay, well, firstly, thank you very much. I have heard that before, actually, so I'm quite chuffed a bit.
CAROLE THERIAULT. Firstly, I try to be engaging.
GRAHAM CLULEY. I try to be friendly. I am friendly and I am engaging anyway, naturally, so I think that helps if you can be your natural self on stage without feeling you've got to put on something else. What really helps as well, of course, is when you're prepared I've chatted with the band beforehand, I've prepared myself, so I'm confident. I've had a good rehearsal and I'm ready. So definitely get yourself prepared, get yourself organized, be engaging, be friendly, be well presented. It helps when you're a good-looking girl.
CAROLE THERIAULT. Now, Sam, how do you fancy singing us out? Let me try something for you.
GRAHAM CLULEY. Okay, so this little song that I sing is called Bluesiana Mama. Mama, okay?
CAROLE THERIAULT. I'm a bluesiana mama, I'm coming to your town.
GRAHAM CLULEY. I'm a bluesiana mama, I'm coming to your town.
CAROLE THERIAULT. I'll be belting out the blues until the sun goes down. Hey! Oh, I feel serenaded. Thank you so much, Sam. You're welcome, Carole, man.
GRAHAM CLULEY. Brilliant. Oh, she sounds, she sounds very nice.
CAROLE THERIAULT. She's more than nice. She's cool, cool, cool. So there are more links in the show notes if you want to see some of her vids or see her in action. Samantha Antoinette Smith is the real thing. I love her, I love her, I love her.
GRAHAM CLULEY. Um, you're not her agent or anything?
CAROLE THERIAULT. No, but hey, Hey, if I can bring her to Oxford so I can just go watch her, I'm up for that.
GRAHAM CLULEY. Who needs the SHARE initiative when you have Samantha Antoinette Smith? Formidable.
CAROLE THERIAULT. Is she? Definitely. 100%. I loved her.
GRAHAM CLULEY. Oh, fantastic. Well, that sounds terrific. Well, thank you very much, Carole. That is a much better and more artistic, may I put it, pick of the week. Artistic? No, artistic than the terrible computer malware auction thing. Agreed.
CAROLE THERIAULT. You see, just don't do security pick of the week. Jeez Louise.
GRAHAM CLULEY. Okay, and on that bombshell, we've just about wrapped it up for this week. If you want to follow us on Twitter, you can do so at Smashing Security, no G, Twitter wouldn't allow us to have a G. And we also have a subreddit on Reddit, just search for Smashing Security there.
CAROLE THERIAULT. Spread your arms for Smashing Security sponsors, LastPass and Recorded Future. Their support helps us give you this show for free, so be sure to check out their offers. And hugs to you, lovely listeners. We love you.
GRAHAM CLULEY. Can they still vote for us? They can still vote for us until the 31st.
CAROLE THERIAULT. Vote for us, guys. Come on. Very little time. We have some stiff competition. Stiff this year. We won last year. I don't know if we can hold on to the crown.
GRAHAM CLULEY. Not without you. Until next time. Cheerio.
CAROLE THERIAULT. Bye-bye. Guys, please. Vote for us. Vote for us. Vote for us. Vote for us. Vote for us. Vote for us. Vote for us. Vote for us. Vote for us. Vote for us. Do I sound as good as Samantha Antoinette Smith? No. Okay, bye.
-- TRANSCRIPT ENDS --