A rapping bank worker is accused of stealing from the vault, the devices that can hide your car's true mileage, and why it may be a case of "No No No" rather than "Ho Ho Ho" when it comes to IoT toys this Christmas.
And as Carole sups the mulled wine, Graham has problems with his internet connection...
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Visit https://www.smashingsecurity.com/159 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- ‘No Chance:’ John McAfee Halts Crypto Promo as US 2020 Elections Near — Coin Telegraph.
- FBI Arrests Former Bank Employee Charged With Stealing Cash From Bank Vault — US Department of Justice.
- "Problem" video — Aceey4oez on Instagram.
- Man posted photos of himself with stacks of cash after stealing from bank: charges — Sydney Morning Herald.
- The 1980 Cadillac Seville.
- Naughty CANbus odometer "interface". (Fakes mileage.) — Bigclivedotcom on YouTube.
- Children’s data and privacy online Growing up in a digital age (PDF) — London School of Economics.
- Amazon Echo Dot Kids: Privacy violations puts kids at risk, lawsuit alleges — CBS News.
- Parents should be wary of all connected toys, expert says — IT Pro.
- Safety alert: see how easy it is for almost anyone to hack your child’s connected toys — Which?
- Kids’ karaoke machines and smart toys from Mattel and Vtech among those found to have security flaws — Which?
- FTC fines Google $170 million for violating children's privacy on YouTube — CBS News.
- The movies that made us — Netflix.
- Die Hard — Wikipedia.
- Strong Songs podcast.
- Truth Be Told Official Trailer — YouTube.
- Truth Be Told doesn’t know how to make a murderer — The Verge.
- Truth Be Told — Apple TV+
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
GRAHAM CLULEY. And so when they eventually got around to making Die Hard, they were contractually obliged to give Frank Sinatra first refusal on starring in the movie.
CAROLE THERIAULT. Oh, he was still alive then?
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. It wasn't a Weekend at Bernie's scenario?
GRAHAM CLULEY. No, I think if you're dead, Carole, they don't have to offer you the job.
CAROLE THERIAULT. Right.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. Kill me.
DAVE BITTNER. You got Tony Bennett wheeling him around Hey Frank, what should we do? What do you say we drop this guy off the side of the building? What do you say, Frankie baby? Frank doesn't like to talk so much anymore.
UNKNOWN. Smashing Security, Episode 159: Rap, Robbery, and IoT Holiday Hell with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 159. My name is Graham Cluley.
CAROLE THERIAULT. 159, Graham. Geez. I'm Carole Theriault.
GRAHAM CLULEY. Hello, Carole.
CAROLE THERIAULT. All right, Graham, you sound a bit weird. What's going on?
GRAHAM CLULEY. Where are you calling me from? Well, are you in the loo? I'm at a mystery location. I've been sent somewhere on Her Majesty's Secret Service. I don't want to go into precise details, but I've ended up in a fairly, uh, fairly small room.
CAROLE THERIAULT. Are you sitting on a crapper device?
GRAHAM CLULEY. I'm quite comfortable, thank you. I've got everything I should need.
DAVE BITTNER. Are you far enough away from home that when you do flush, the water goes in the opposite direction?
GRAHAM CLULEY. Well, look, I don't know how much of this echo you're going to be able to hear, but it is a little bit echoey where I am, yes. And I'll leave the rest to your imagination.
CAROLE THERIAULT. Those dulcet tones were those of Dave Bittner from the Cyberwire. Welcome, Dave.
DAVE BITTNER. Hello. It's nice to be back.
CAROLE THERIAULT. We're going to do a gentle episode because Graham's whispering. He's using his whisper shout. Hi, everyone.
DAVE BITTNER. Right. It's a special intimate holiday episode of Smashing Security.
GRAHAM CLULEY. Yeah, exactly. Holidays, Christmas, New Year, the whole thing. Yeah. This is actually— I think this is our last episode of 2019, right, Carole?
CAROLE THERIAULT. Oh, you know, before the onslaught of 2020, when we get Brexit done, right? That's what's going to happen.
GRAHAM CLULEY. Oh, it'll be done in no time at all.
CAROLE THERIAULT. And you guys, the voting polls over in the States.
DAVE BITTNER. Yes.
GRAHAM CLULEY. I've just been reading that John McAfee has announced he will be running again as an independent.
DAVE BITTNER. Well, that's certainly a game changer.
CAROLE THERIAULT. Yeah. I'm going to have a bite of cake right now while you talk about that.
GRAHAM CLULEY. Okay, Carole, as your mouth's full, tell us what's coming up on this week's episode.
CAROLE THERIAULT. It really is full though. Thanks to this week's sponsors, LastPass. Its support helps us give you this show for free.
GRAHAM CLULEY. You can't do the sponsor message where you've got your cake hole filled literally with cake.
CAROLE THERIAULT. I don't like the word cake hole.
GRAHAM CLULEY. They paid good money to promote themselves on our podcast.
CAROLE THERIAULT. Give me a second, I'm just going to have a sip of malt wine.
GRAHAM CLULEY. What?
DAVE BITTNER. You're hitting all the food groups there, aren't you, Carole? Cake, wine.
CAROLE THERIAULT. Yeah. Okay, I'm ready. Thanks to this week's sponsors, LastPass. Its support helps us give you this show for free. Now Graham is gonna tell us why you shouldn't assume that your social network is your private kingdom. Dave is gonna chat about an automotive man-in-the-middle attack. I'm gonna be all ears. And I'm heading down the IoT toy avenue to see what potholes we should avoid. All this and loads more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Well, chums, chums, There's a few interesting sayings, aren't there? Like the one about you wouldn't put a fox in charge of a hen house, right? Have you ever tried that? Getting a fox, yeah, saying, look, you've got a new job, come on, you know, act as security at the hen house. You don't do it. It's a disaster, isn't it? Dave, have you? You wouldn't put a cock in the White House either. You wouldn't put a fox in the hen house. As simple as that. There's a very good reason they can't be trusted, right? Foxes generally can't be trusted. Or rather, they can be trusted. They can be trusted to behave in a particular way. They can be trusted to do something very, very bad.
CAROLE THERIAULT. I wonder how you would do in a pen full of delicious foods and sandwiches and donuts, whether you would be trusted.
GRAHAM CLULEY. So if I was putting a larder full of cheese sandwiches, for instance, right? How well I'd do at looking after them.
CAROLE THERIAULT. Yeah. And keeping them exactly—
DAVE BITTNER. There were no adults around.
GRAHAM CLULEY. Yeah. Yeah.
DAVE BITTNER. Yeah.
CAROLE THERIAULT. I think I think nothing needs to be said.
DAVE BITTNER. Yeah. When I was in college, I had a roommate who was a pizza delivery man, and sometimes he would get hungry, so he would slice off a little sliver of one of the slices, and then he'd readjust all the other pieces to try to fill in the missing gap.
CAROLE THERIAULT. I love it.
DAVE BITTNER. I'm just picturing Graham doing that with a pile of cheese sandwiches. Like, no one will notice. I'll just take this one here. I'll slide these over here. We're good here.
GRAHAM CLULEY. Well, it's something like that, which the FBI— yes, the FBI are now investigating cheese sandwich theft and pizza slice theft. The FBI claims has happened in Charlotte, North Carolina, because a 29-year-old bank employee of the Wells Fargo Bank, he has been charged with stealing $88,000 from the bank's own customers.
CAROLE THERIAULT. Well, that means from the bank, surely, right?
GRAHAM CLULEY. Well, yes, that's the interesting thing, isn't it? When you give money to a bank, you know, you've only got their word for it really that it's still your money. You've basically given them money, haven't you? You're kind of loaning it to them really, and you hope that when you come back and ask for it, that they've still got it. Well, yeah, so he was pinching this money, allegedly, I should say.
CAROLE THERIAULT. Okay, how did he do this? How did he do this?
GRAHAM CLULEY. Okay, his name is Arlando Henderson. And he was effectively given the keys to the vault by the bank itself. What he would do, one of his jobs was that people would come into the bank and they would bring in a big pile of cash, right? So I imagine there are some businesses which aren't getting the money electronically, aren't getting it on checks, but are getting it in a big sort of wodge, right? You get a great big bag full of cash, you plonk it down on the bank and say, thank you very much.
CAROLE THERIAULT. That happens to Dave every Friday, right?
DAVE BITTNER. I was thinking about the time you spent working in that gentleman's club, Carole. Shush.
GRAHAM CLULEY. And yeah.
CAROLE THERIAULT. And this is what it's like to do a podcast with two middle-aged white men. I'm just kidding. I'm just kidding. Wow.
GRAHAM CLULEY. Seasonal.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. So I think people in those circumstances, they expect the bank to be trustworthy, don't they? So I think people don't actually count the money, right? They just bring in a bag of cash and say, I want to deposit this. And the bank's machine goes counting up all of the money, all of the coins, working out what the total is, right? And then the person behind the desk says, oh yes, that's, you know, £17,027. Well, no, it wouldn't be pounds and cents, would it? We haven't quite arrived yet.
DAVE BITTNER. No, it would be real money.
GRAHAM CLULEY. So, so yes, exactly. That isn't real money anymore. So $17,000 or something like that, right? And, and, and off you go and you think, well, marvelous. You know, my bank account has been credited to that amount. Now, Orlando Henderson, according to the FBI, was being a little bit naughty, and what he was doing was he would take that big bag of cash, he would put it through the machine, the counting machine, and then he would say to the person, "It's not $17,033. Instead, what you've got here is maybe $10,033," and then he would take off the $7,000 himself.
CAROLE THERIAULT. Okay, I kind of used to do this when I was a waitress, right?
GRAHAM CLULEY. So you used to do what?
CAROLE THERIAULT. At this particular restaurant I worked at, we had to share the tips with everyone in the restaurant, including the bosses, which I found unfair. So yeah, I would basically shove my pockets with any of the change that I got. Now, it wasn't a lot of money, it was a big fancy place, but, uh, yeah, say you'd gotten, you know, I don't know, $20 during that night, you would try and pocket 4 or 5 for yourself.
DAVE BITTNER. I was in college, I was a waiter. I was actually a singing waiter on a lunch and dinner cruise boat, which is a whole nother story. Of course you were. But we had to share our tips with the— I'll wait while Graham—
GRAHAM CLULEY. Sorry. I'll grab a picture of Graham.
CAROLE THERIAULT. Don't fall off the loo.
DAVE BITTNER. Don't fall off the loo. Yeah, I'll just wait. I'll wait. Are we good?
GRAHAM CLULEY. Okay, yeah, we're good. I'm just imagining it.
DAVE BITTNER. Yeah, so it's everything that you're imagining and more. 'Cause remember also, it was like the end of the '80s, beginning of the '90s. So also, that just looked fabulous. I bet it did. So, but we had to share our tips with the bartenders. And I would tell you, at the end of the night, when you were there counting up whatever tips you got, those bartenders were eagle-eyed, looking over you, doing the math in their heads, making sure that you weren't shorting them.
CAROLE THERIAULT. So basically, he's doing the same kind of thing. But from a bank.
GRAHAM CLULEY. Allegedly, yes.
CAROLE THERIAULT. Right.
GRAHAM CLULEY. And so he's been charged more than 30 counts of financial institution fraud, theft, embezzlement, money laundering, other charges as well. All kinds of naughtiness. Now you might be wondering, well, where's the computer angle in all this? Where does that, you know, because it's a bit of an old-fashioned fraud, this, right? He would take the money, he would pop off down the road, and he would pay in lots and lots of money on a regular basis in an ATM to another bank where he had a bank account. That's where he was siphoning off all this money which he was stealing. But where things began to go wrong for him was because he was a bit of a social media slut, right? Oh, Graham started posting.
CAROLE THERIAULT. Hmm, I'm just thinking you might know what that's like.
GRAHAM CLULEY. Season of cheer and goodwill.
CAROLE THERIAULT. What do you—
GRAHAM CLULEY. Carole, can we just for one episode—
CAROLE THERIAULT. very active in the social sphere, would you not say? That's true. And if someone was very sexually active with lots of different people on different, different networks, you might say they were a bit slutty. So it fits.
GRAHAM CLULEY. He started posting photos on Facebook, on Instagram, many of which appeared to show him waving around large wads of cash and smoking something which I believe the young children call a doobie.
CAROLE THERIAULT. Ganja. Great. Okay.
GRAHAM CLULEY. A Narnia wand.
CAROLE THERIAULT. A Mary Jane pipe.
GRAHAM CLULEY. A twigarette. A Handsworth firework. A hedge monkey. A puff puff pass. A rasta blaster.
CAROLE THERIAULT. Oh, is this where you put all your work into your story?
GRAHAM CLULEY. Is that where it was? A jazz cigarette.
CAROLE THERIAULT. A jazz cigarette's my favourite. I love that.
GRAHAM CLULEY. Right? A jazz cigarette. So he was posting all these, but keep up the sort of Shizzle My Nizzle, Puff Daddy, Straight Outta Compton look, he was also fancying himself as something of a rap star, going by the nickname AC Fawazy.
CAROLE THERIAULT. Easy to type.
DAVE BITTNER. Yeah, it rolls off the tongue, doesn't it?
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. And so he was actually not only posting up pictures of his glamorous lifestyle as a bank teller in reality, but also pictures of himself in front of the white Mercedes, which he'd bought and his great big wads of cash. He even posted a rap video, which I've linked to in the show notes, and we can check that right now.
CAROLE THERIAULT. No, no, that's not—
GRAHAM CLULEY. of him with an AK-47 sitting on his sofa.
CAROLE THERIAULT. Okay, so he's knitting with one needle.
GRAHAM CLULEY. Well, what he's done is he's made a tremendous goof, of course, because this—surprise, surprise—raised suspicions amongst his colleagues and amongst the bank. And when they were trying to work out who might have been grabbing all this money and they went through the list of employees on Facebook and Instagram, there was this chap in front of these luxury cars pimping himself as some kind of rap star. Literally with the money in his hands. And some of his buddies up on the social media was just— they were posting comments, and who carries that much money around with them? Haven't you heard of a bank? One of his friends responded. Well, ironically enough, yes, he had several. Yes. And as a consequence, of course, he could now well end up with a criminal record. Potentially, he could be jailed for up to 25 years if found guilty. The authorities are now investigating smashing security in this. But once again, we find ourselves in this position of really as a sort of a service, I think, for the general public of criminals out there. We need to tell them, look, if you're going to rob a bank, and in particular if you're going to rob the bank where you actually work, it's probably best not to brag about it and post photographs of the evidence up on Instagram and make rap videos about it as well, because something bad's going to happen. Can I tell you a secret?
CAROLE THERIAULT. The money actually doesn't make people happy. It's other people being jealous of them that makes them happy. So that's why they do it. Say what? Right. It's not that drink the Cristal is to show all your friends you're supping back the Cristal. Who's this friend of yours named Cristal?
DAVE BITTNER. It's a fancy champagne.
GRAHAM CLULEY. Dave, what's your story for us this week?
DAVE BITTNER. Well, I want to take us on a little trip. I want to start off by going back to the heady days of the early 1980s. Okay, I'm there. Oh, yes. They were the best. Ronald Reagan is president. Drugs are bad. Drugs are bad. Yeah. And a middle-aged man named Bill Bittner decides he wants to buy a car. That man would be my father. Aw.
CAROLE THERIAULT. Aw.
DAVE BITTNER. He has a little bit of money in his pocket. He's a hard worker. And he's driving along and he sees on a roadside used car lot a beautiful Cadillac Seville.
GRAHAM CLULEY. And he's thinking, how can I possibly afford that? You know, I've spent all my money sending my son to college and he's ended up a singing waiter in some restaurants. What a waste of money.
DAVE BITTNER. Yeah, well, true. All true. So here's the crazy part about this story. So I put a picture of the car in our show notes so you can both see this land yacht of a vehicle, right? This is everything bad about 1980s Detroit automotive manufacturing in one beautiful two-toned package.
CAROLE THERIAULT. Hey, my boyfriend had one of those when I was a kid, when I was 16, 17, my first boyfriend. We borrowed Dad's car. Yeah, awesome. Yeah.
GRAHAM CLULEY. You used to date Dave Bittner?
DAVE BITTNER. So here goes my father fishtailing into this used car lot running up to the man in his white loafers and his wide tie and saying, "Let's make a deal." And they do. My father comes home with this car, the apple of his eye, the object of his desire.
CAROLE THERIAULT. Oh, you were placed? I hear a bit of, you know, "Dad abandoned me for the car" feeling.
DAVE BITTNER. I'm fine, Carole. I'm fine. So time passes. And as most of these cars did, this car goes horribly wrong. The transmission fails, there's trouble with the engine, and he takes it into the service place and he says, "Please fix the car." And they look at it and they give it a once-over and they come back to him and they say, "Sir, we've looked at this car and the things that have gone wrong with this car do not align with the number of miles on the odometer of this car." This car claims to have around 40,000 miles on it, and the things that are going wrong, the amount of wear that we see inside the engine bay, this car probably has 80,000 or so miles on it.
CAROLE THERIAULT. Oh, so he had been duped.
DAVE BITTNER. Someone had done— He had been duped.
CAROLE THERIAULT. Now, was he furious? Well, he kind of—
DAVE BITTNER. he's not a confrontational kind of person, so he did not go back to the roadside used car lot, which at this point was probably gone. Right? This is a fly-by-night kind of place, clearly. So, you will recall back in the pre-digital days, this was a mechanical affair. There was a cable that went from inside the engine compartment to a physical device on the dashboard that was the odometer. This is the thing that— Yes. The digits roll over, and that shows how many miles there are on the car. And people back then would have to, they'd call it cracking open the odometer, to roll it back. And this, of course, is a crime. You're not allowed to do that because if you alter the mileage on the car, that could change the value of the car, which is exactly what happened to my, my poor sweet father. So time passes. Just a couple weeks ago, I was watching one of my favorite YouTube channels, which is called BigClive.com, and Clive takes apart electronic devices A very charming fellow. And he had a device that someone had sent in to him, and this is basically an electronic man-in-the-middle attack. It's a little device that goes on a modern vehicle's CAN bus, and the CAN bus is the controller area network. That's the electronic communications bus that runs all over your car that communicates with all the different devices that need to talk to each other. So what this device does is it takes the readings from the ECU, which I think is the electronic control unit. It's like "wah wah wah wah" for me.
CAROLE THERIAULT. Carry on.
DAVE BITTNER. I'm just going to pay attention.
GRAHAM CLULEY. You get all this, Carole, I appreciate it.
DAVE BITTNER. Yeah, yeah, I love cars. So it's the computer in the car that's keeping track of how many miles are on the car. Now in modern cars, there can be multiple places where the mileage is stored, and this is to keep people from modifying the mileage, doing essentially an electronic rollback. This value is stored in multiple places, and the ECU checks to make sure that they're all in agreement. However, however, and here's where it gets good, however, the display on the dashboard is being sent a signal over the CAN bus from the ECU. The ECU says, hey, display on the dashboard, this is how much mileage this car has. Display says, got it, this is what I'm going to show. Yes, there's a massaging.
CAROLE THERIAULT. There's a massage in the middle.
DAVE BITTNER. Yeah, if you're lucky. Now, this device would intercept the signal from the ECU that said, hey, display, this is how much mileage to display. It would answer back and say, yeah, got it. And then in the meantime, it would alter that value lower it by, let's say, 40,000 miles and send that value to the display on the dashboard. Right. So the car always knew the correct amount of mileage, but you, the driver, wouldn't. The brains of the car thinks that there's nothing going wrong. It's communicating with the display and they're all talking to each other, and as far as it's concerned, everything's fine. But this man-in-the-middle attack is intercepting that message altering it, sending it to the display. So if now you go to, let's say, sell your car or get your car appraised for sale or something like that, the person looks at the display and it's much lower than it should be. Sorry, I triggered— that was Siri. That was me. So the display is now showing something that is inaccurate, but as far as the car is concerned, it doesn't know that there's anything wrong. So on this video from BigClive.com, he basically reverse engineers this device. And what's interesting, it's not terribly complicated. You can buy these online for under $20. And it's not that hard to install.
CAROLE THERIAULT. Really?
DAVE BITTNER. Really. So this, I guess what surprised me about this was that I would have thought that there would be some sort of security over the CAN bus. At this point in time, there'd be some sort of security on the CAN bus. And evidently, there isn't. The CAN bus sort of trusts that anything coming from inside the car is trustworthy.
CAROLE THERIAULT. And is this on all cars?
DAVE BITTNER. I would say most modern cars, certainly. Yeah, I think CAN bus technology goes back certainly to the '90s. So anything you're going to have in the last 10 years, the systems are all going to be running, they're going to be slinging data around on a CAN bus for sure. There are some things that have a higher level of security, like the anti-lock brake actuators, things like that. But overall— Oh, that's nice. At least a few. Yeah, yeah. But the amount of security built into the CAN bus protocol is quite limited. I think this is an area where they didn't think they'd have a problem, so maybe they need to take another look at it. Anyway, do check out the video. It's interesting reverse engineering of this thing, and I thought it was quite fascinating.
CAROLE THERIAULT. I know, I'm just really like, cars and I don't really get each other at all. Like when people start talking cars, I kind of just turn into like a weird zombie. Like I start, you know, just go, uh. So I'm so sorry.
DAVE BITTNER. Hello, Graham?
CAROLE THERIAULT. Have we lost him? Dave, I think we've lost Graham.
DAVE BITTNER. And you mean actually lost him, not just intellectually?
CAROLE THERIAULT. Well, I don't think we ever had him intellectually, really. Let's be honest. I think he's dropped off the call, and I suggest you and I just carry on without him. Shall we just see what happens?
DAVE BITTNER. I know, dirty. It's the moment I've been waiting for. Yeah, fuck you, Cluley.
CAROLE THERIAULT. Okay.
DAVE BITTNER. You know, Carole, I've never really had the opportunity to tell you how I really feel about you. And now, at last, with Graham out of the way. Tell me after the show.
GRAHAM CLULEY. First. Very good. Very good.
CAROLE THERIAULT. You invite me in to do my story.
DAVE BITTNER. Say, and Carole, what do you have? Oh, and Carole, what do you have for us this week?
CAROLE THERIAULT. Well, thank you so much, Dave. Now, have you been frantically shopping this Christmas season?
DAVE BITTNER. Hmm, by frantically shopping, I think you could say that I've been spending a lot of time in the Amazon app on my phone, but yes.
CAROLE THERIAULT. Yeah, look, thinking about gifts for people, thinking what you want to gift yourself, all that stuff.
DAVE BITTNER. Yeah, 'tis the season.
CAROLE THERIAULT. It is the season, baby. Now, what proportion of your Christmas purchases do you think think are smart, or would you say are— have the IoT or Wi-Fi enabled or internet enabled toys?
DAVE BITTNER. Well, I mean, for the kids, yeah, yeah, for the kids, lots of things, because if it's not connected, they don't want it these days.
CAROLE THERIAULT. Hey, I'm going to do Graham. Yeah, same here. Yeah, exactly the same. My kid would be like, that's dead to me if I can't use internet. Okay, but seriously, seriously, I don't think it surprises me at all. I mean, there is a veritable glut of smart shit out there being marketed to kids and adults, right? With money to burn. Like phones and tablets and smart TVs and speakers and smart irons. I'm sure that exists somewhere. It must. The question is, is it so smart of us to buy all this stuff without really thinking about whether it's safe or not? In fact, I'm sure lots of us think about it. It's like a whisper in our brain, like, is this gonna be safe? Yeah, probably.
DAVE BITTNER. I think that's fair for most people. I think maybe we think, we probably give it a nanosecond more time than most people just because of the horrible things that we know, but then we just go on with our lives and do it anyway.
CAROLE THERIAULT. Do you have a home assistant at home? A home speaker thingy?
DAVE BITTNER. I do not, but we have Siri is everywhere in our house because we're very Apple-centric. So we rely on her to do things like turn the lights on and off and tell us when doors are open and so on and so forth.
CAROLE THERIAULT. Graham here would probably make some quip like, yeah, she even comes uninvited, like when you're recording a podcast. But you know, it is Christmas, right? And I know that even if people are worried and thinking, I probably need to look into this, but I don't have time, they're just going to buy the smart tech anyway. So what I'm thinking is maybe you and I can share because Graham's not here because he couldn't be bothered to join us on this call. We can share some advice on what people should look out for before they walk away with a cyber time bomb that's just waiting to mess up.
DAVE BITTNER. I love this idea. Let's do it together.
CAROLE THERIAULT. Well, yay. There are like lots of toy firms that are primarily toy firms, which means they make toys, right? They're not necessarily au fait with making the technology or cybersecurity, right? That's not their wheelhouse. Right.
DAVE BITTNER. You don't know who they jobbed out the programming to.
CAROLE THERIAULT. Exactly. Exactly. UK consumer watchdog Which found that even Mattel smart toys were among those dinged because they were found to have security flaws. And this is this year, they've just put out this report. So there's this toy, this physical toy that Mattel makes called Bloxels, okay? And it's basically, it's a toy that allows you to build your own video game. And there's an app associated with it, and there's also this web portal for consumers, like an education consumer web portal that was created, like you said, by a third party. And one of the things that these guys found was that there was no moderation. So kids could create games, put loads of inappropriate content such as swearing, which is what they tried, but you can, you know, to your heart's content, and then would put the game up there for other kids to play with. The other problem was that accounts could be created with very weak passwords, right? So that totally can destroy your entire security posture if you've got passwords that can be 4 characters long. Go on. So basically, reputable, trusted toy makers have to really, really think hard about who they partner with to IoT-ize their toys, um, because faults on the connectivity side can lead to big headaches for your brand. Yeah. And as buyers, we've got to be careful about what I IoT machines we allow in our homes because we're kind of giving this to the people that we basically love most of all to play with. Rule number 2. Rule number 2. How smart is it, right? So what technology is it making use of or is enabled by default? So is there a Bluetooth connection? Is there a Wi-Fi connection? Does it have a mobile app that's associated? Are all these components necessary for the device or for the service you're trying to use, or can some elements be turned off or disabled? If you think, for example, like a mobile app, there may be settings that automatically turn on during the default installation, and I'd recommend you go look at those access rights, right? Like, do you need to have a microphone as part of this thing? Does the microphone need to be turned on? What about the photo album? Do you want them to have access to the photo album, to your contact list? And before you say, "Yeah, no problem," as soon as you click yes, they just hoover all that data up, right? Every time afterwards, they just collect the changes. So think really hard before you say yes to those things.
DAVE BITTNER. Well, but also, I think in the heat of the moment on Christmas morning when the wrapping paper is being flung hither and yon, that kid who's just trying to get that thing working, they're just going to click through yes, yes, yes, yes, take it all in order to start playing. So maybe, inserting yourself in that process to slow it down and say, okay, does your new Transformers Optimus Prime really need to be able to download the entire family's contacts list?
CAROLE THERIAULT. Or couldn't you— okay, wouldn't a bright parent open it up really carefully the night before, get it all set up and battery operated and get everything charged, set all the devices to be perfectly safe, and then put it back in the packaging? That's what you should do, right?
DAVE BITTNER. Yeah, yeah, sorry kids, we gotta send these toys out to IT for provisioning.
CAROLE THERIAULT. No, you do it before they get it, when you're like in your bedroom at 2 o'clock in the morning. Yeah. Exactly.
DAVE BITTNER. Right, so this is where we are now. Instead of putting together a bicycle the night before, you're putting in Wi-Fi passwords.
CAROLE THERIAULT. Exactly. Okay. Okay, rule number 3, find out about the security settings on the particular device you're looking to purchase, right? For me, the most important would probably be probably be, can it get updates? Like, is it even physically possible for it to get some software updates? And how would that work? What do I have to do to make sure that happens? Is it on by default? Is it not? Whatever. And then does it have any user authentication, right? Like when I plug it in and give it my Wi-Fi, does it say to me, who are you? And what secret word or secret handshake can we use to make sure I know it's you other than just your name?
DAVE BITTNER. Lots of devices don't have any of that, right? No. And they don't require you to change the default password.
CAROLE THERIAULT. Yeah, or in some cases you can't even change it. Now if you can change it, how long and complex password can you do? Because we, as we talked about, if it's only limited to 4-character PIN code, right? Yeah. So those are what, those are the big ones I think of. Two more, two more, and we're done. But you can interrupt anytime, I don't mind. Okay, this is the big one and the hard one, but what information is being collected from your kid, right? Or what is being shared with third parties? Right? So we live in a bit of a tech wild west. I know I keep saying that, but even tech daddy Google, you know, the ones that are basically paving the way for everyone else and setting the ethical standards for how we should use computing, was fined $170 million squidoodles to settle with an FTC accusation that they were violating children's privacy on YouTube. You get well-respected companies like LeapFrog, this was just in the summer, which had serious vulnerabilities in their LeapPad Ultimate tablets. That could allow a hacker to track the location of a child and then talk to them through the device's built-in chat called Pet Chat.
DAVE BITTNER. Well, you know, I was recently chatting over on the CyberWire with Emily Wilson. She's a fraud expert at a company called Terbium Labs, and she was making the point that when it comes to kids, parents might want to consider coming up with sort of false aliases for their children to use to log on to these things because That way you can try to delay or head off this aggregate data collection that's happening with all of us, where these people like Google and Facebook are collecting these dossiers about all of us. If you can delay that for your child, that might be a good thing to consider. So when you're putting in your child's name and those sorts of things, maybe you could even make it a fun thing with the child to come up with some sort of some fun name that's not their own. I'm being a bit doom and gloom here, right?
CAROLE THERIAULT. Okay, so you change the name, right? And you build a profile, you and your kid build a profile. But all, it's the other information that annoys me. All the secret information they're hoovering up from your location, for example. So say it's a tablet that your kid takes around with them whenever they go, and you've allowed an app on there that's allowed to hoover up all your navigation information, information that is taken from that thing. And you— that's not something you would think about unless you read the T's and C's. And you don't have to read all the T's and C's. If you were just to do one bit, right, you just go read the privacy notices. Because what you're looking for is what information are you taking from me, how is that information stored and used, and who else will have access to this, if anybody. Those are in my view, the biggest questions.
DAVE BITTNER. Well, and do you have the fortitude to say to your child, no, you're not going to have this year's hot toy because it's not safe, it's not private, it's not secure. Are you willing to take that heat? Are you willing to live through that tantrum?
CAROLE THERIAULT. So I thought you might say something like this, Dave. So I thought my rule number 5 is to go old school, right? So as you have kids, I'm gonna give you my old school examples, right, for old school cool suggestions. And I want you to tell me whether you think it'll work with your kids, okay, or kids you know. All right, option number 1. Yeah, mix cassette tapes. Now you may not know, but I am on trend. They are seriously making a comeback. So if you can find your teen some old blank tapes and a working boombox as long as the tape recording component works. And then they have to try and make a mixtape from radio like we did in the '80s, '80s style. Did you ever make these when you were a kid?
DAVE BITTNER. Oh, did I ever make these when I was a kid. I was a master of the pause button.
CAROLE THERIAULT. Yeah, what about you, Graham? No, I never did that. Never knew anything about it. No surprise there. Anyway, Dave, you were saying?
DAVE BITTNER. Yeah, I mean, that's what we lived for. There was no internet back then, so we were making mixtapes and passing them around, and you just sit by the radio, just— well, you're waiting for your favorite song to come on because you couldn't afford to go buy it at the record store. So you— yeah, absolutely. Oh yeah, yeah.
CAROLE THERIAULT. And that's coming back. Casey Kasem was the first one.
DAVE BITTNER. He— yeah. Oh yeah, yeah. On Sundays. Yep. Now it's time for our long-distance dedication. You are—
CAROLE THERIAULT. you could, you could replace his voice.
DAVE BITTNER. Yeah, I've got a pretty good Casey Kasem, I have to admit. But yeah, spent lots of hours listening to him. Yeah, you could add a zero to your Cyberwire paycheck.
CAROLE THERIAULT. Just pull out the Casey Kasem. Yeah. Yeah. So mixed cassette tapes. That's quite cool, right?
DAVE BITTNER. Okay, I can go with that.
CAROLE THERIAULT. I'm on board. Would any of your kids go for it?
DAVE BITTNER. I think so. My oldest probably would. Yeah.
CAROLE THERIAULT. I think Graham's joined us again. Oh, hello.
DAVE BITTNER. Well, Carole, I disagree. I don't actually think that Graham is a child predator, no matter what you say. So, uh, and I think, I think we shouldn't kick him off the show. Uh, but what's been going on? What? Oh, Graham, welcome back! We were just talking about you. Hey, I've taken over.
CAROLE THERIAULT. Yeah, you know what, just, you know what, like someone who leaves an auditorium, right, to go have a poop, they come back quietly, right? They don't call attention to themselves. Yes, I'm just almost—
DAVE BITTNER. I'm wrapping up my section.
CAROLE THERIAULT. Thanks so much for being present.
DAVE BITTNER. Yeah, he needed to gather himself.
GRAHAM CLULEY. I didn't do a poop. It's a Huawei router. Blame Huawei. Thankfully, his username and password was admin.
DAVE BITTNER. He's an international traveler. We can't expect all of his time.
GRAHAM CLULEY. Carry on. Thank you. I'll try and catch up.
CAROLE THERIAULT. So the other thing that they could get, like if they were into chess, for instance, right? Maybe a chess-styled salt and pepper shaker. Hello. Which a Twitter user actually suggested to me that I buy for Graham. But as he couldn't even be bothered to listen to my story. No, I could be bothered.
DAVE BITTNER. I was. Okay, so I think that would be a lovely gift for Graham. But I think if you were to give a child a salt and pepper shaker shaped— I mean, that's like, that's like, you're gonna lose your cool aunt, uh, street cred. Yeah, I will very quickly. Yeah. What about experiences though?
CAROLE THERIAULT. Would you ever think about getting that for your kids? Like, if they were into food, you get them a cooking class, or if they're into eating, you book them a table somewhere and like chef it up a bit? Absolutely. I like that kind of stuff.
DAVE BITTNER. Yep, yep. Experiences are better than stuff.
GRAHAM CLULEY. I had an experience last night. I was out for dinner and talking of salt and pepper, they had a salt and pepper thing and it had crickets inside it. And when you scrunched it up, little bits of crickets went everywhere.
CAROLE THERIAULT. Where are you eating? Well, thanks for sharing that, Graham.
DAVE BITTNER. And the next day this place was shut down.
CAROLE THERIAULT. You're talking about salt and pepper. Yeah, no, thanks. Thanks so much. Maybe there's a friend's house. Yeah, yeah, no, no, it's good. Pick of the Week, anyone?
DAVE BITTNER. If Graham hadn't come back, we wouldn't— we would have missed that story. Yeah, can you imagine?
CAROLE THERIAULT. I'm gonna get more mulled wine. Guys, it's holiday season, and there are two things I know to be true during holiday season. One, you are probably gonna get a new device that needs to be connected to the internet either at home or in the office. And two, if you don't use a reputable password manager, you're very likely to forget your passwords when you get back to work. So why not check out LastPass? LastPass makes password security effortless. It's good for employees, it's good for the home. With single sign-on, you can access all your accounts Do yourself a favor this holiday season and check out LastPass at smashingsecurity.com/lastpass. Owen Graham, forward slash, forward slash, forward slash, forward slash, forward slash, forward slash.
GRAHAM CLULEY. And welcome back. Can you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week?
CAROLE THERIAULT. Pick of the Week. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related necessarily.
CAROLE THERIAULT. Definitely shouldn't be. It's the last episode of the year. Great.
GRAHAM CLULEY. For an awful moment there, I thought you had both fallen off the line and I was talking to myself.
CAROLE THERIAULT. Oh, imagine, imagine how you'd cope then. We'd be just fine. Great.
GRAHAM CLULEY. As, as, as our listeners know, Well, yippee-ki-yay, Melon Farmer, because my Pick of the Week is related to a movie. Can you guess which one? Yes, Die Hard. Maybe one of the ultimate Christmas movies of all time.
CAROLE THERIAULT. And it's not actually— Is your— is your— is— yes, Pick of the Week Die Hard?
GRAHAM CLULEY. No, my Pick of the Week isn't Die Hard. My Pick of the Week is related to Die Hard, however, because regular listener Harry Harry, who often tweets us on the Twittersphere. He's out there. Hello, Harry. Harry said to me, he said, he's Irish, by the way, he said, oh, Graham Begorra, you should make your pick of the week this thing on Netflix which I've seen. And he pointed me towards a Netflix series called The Movies That Made Us, which takes you behind the scenes of fabulous movies like, I don't know, Home Alone and Die Hard and others I can't remember at the moment. It tells you the stories of the movies, and it's fairly light and frothy, but at the same time quite fun. And so I thought, as it's Christmas and as I like Alan Rickman, I should watch the episode about Die Hard. And I found out facts I didn't know. For instance, Die Hard— did you know Die Hard was originally written under a different name way back in the 1960s, and it was a sequel to Detective Oh, for goodness' sake, I haven't got that written down. It's something like No One Lives Forever. It was something like No One Lives Forever or something like that. Anyway, it was the sequel to another book which was turned into a Frank Sinatra movie. So Die Hard is actually a sequel, and Frank Sinatra owned the rights to the sequel to the movie which is in— so the, the sequel which became Die Hard, right? And so when they eventually got around to making this movie in the 1980s, they were contractually obliged to give Frank Sinatra first refusal on starring in the movie.
CAROLE THERIAULT. So he was still alive then? Yes. It wasn't a Weekend at Bernie's scenario? No, no.
GRAHAM CLULEY. I think if you're dead, Carole, they don't have to offer you the job, right?
CAROLE THERIAULT. Yeah. Kill me.
DAVE BITTNER. You got Tony Bennett wheeling him around. What do you say we drop this guy off the side of the building? What do you say, Frankie baby? Doesn't like to talk so much anymore. I love Weekend at Bernie's.
CAROLE THERIAULT. It's a way better film. My husband and I argue about all the time. He's always Die Hard. Hey, I got him Shark Attack 3. Have you seen Shark Attack 3, Dave?
DAVE BITTNER. I have not seen any of the Shark Attack movies. I don't need to watch them.
CAROLE THERIAULT. Only Shark Attack 3. That's the only one that's good, and you just need to watch it for one line which comes about halfway through, and after that you'll love it.
GRAHAM CLULEY. It's from John Barryman. You'll know the line when he says it.
CAROLE THERIAULT. Yes, you don't need any— you just have to— everyone out there, this is my challenge to you.
DAVE BITTNER. Anyone who's adult, now I know what I'm doing with my winter break. It is—
CAROLE THERIAULT. well an hour and a half of it, but it is a fantastic Bulgarian cinema at its finest. It is Bulgarian, isn't it?
GRAHAM CLULEY. Because there's a surprising number of Bulgarian actors in it, and you're thinking, why is this guy? And he's obviously a friend of the producer or something who's in the movie, and somehow John Barryman as well. But yes, anyway, back to my pick of the week, Carole. We'll come on to Shark Attack. Oh yeah, back to you, of course. So, so, so the, the series is called The Movies That Made Us, and it's quite entertaining. In, and you find out all this stuff like Sinatra turned down the job, as did Burt Reynolds and Mel Gibson and Arnie and Sylvester Stallone. And they were very worried about the movie because it had all these jokey bits. But the biggest problem of all was, of course, Bruce Willis, who was considered this sort of jokey, arrogant, smug sort of Moonlighting character.
CAROLE THERIAULT. Sexy as all hell.
GRAHAM CLULEY. Do you think Hmm. Yes.
CAROLE THERIAULT. Well, I don't know about now, but certainly during Moonlighting years and early Die Hards. Come on. Barefoot wearing a little tank top. Hello.
GRAHAM CLULEY. Right. Okay. Well, originally they actually hid his face from the posters because test audiences had just laughed at the idea of him being an action hero.
CAROLE THERIAULT. Well, who's laughing now? Right? Brucey.
GRAHAM CLULEY. I don't know if you've seen the latest Die Hard movie.
CAROLE THERIAULT. Not Sinatra. Well, still probably, probably earning more than the podcast is anyway.
GRAHAM CLULEY. So that is thanks to Harry for listening to the show and suggesting to me that our listeners should watch The Movies That Made Us on Netflix.
CAROLE THERIAULT. And specifically, it wasn't just related, so I'm happy.
GRAHAM CLULEY. Yeah, there you go. That's all you can ask for these days, isn't it? That's it.
DAVE BITTNER. Dave, what's your pick of the week? My pick of the week is a podcast. It is called the Strong Songs Podcast. And this is a podcast in which the host Kirk Hamilton takes deep dives into pieces of music. He is a musician and he knows his stuff. He knows music theory. And he goes through a song and just deconstructs it, tells the audience what's going on inside that song, what's going on musically, what's going on lyrically. What's going on with all the different instruments that are being played in the song, the structure of the song, and the way that he does it is so joyful. He just loves everything about all of these songs that he talks about, and it's a, it's a contagious enthusiasm. He's done some, a variety of songs. He's done everything from like Think by Aretha Franklin. He did Like a Prayer by Madonna. He's done songs by—
CAROLE THERIAULT. I Will Always Love You by Dolly Parton.
DAVE BITTNER. Barracuda by Heart. Yeah. Personal, he did Tiny Dancer and Goodbye Yellow Brick Road by Elton John. Anything from KISS? I don't think he's done anything by KISS yet, or Prince. He did Bohemian Rhapsody by Queen. He did Thriller by Michael Jackson. He did Single Ladies by Beyoncé.
GRAHAM CLULEY. Dave, I've just subscribed. You haven't got to say any more. It sounds absolutely fantastic.
DAVE BITTNER. It is. It is. My only wish is that there were more of them, which is the highest compliment I think I can give to a podcast. So do check it out.
CAROLE THERIAULT. I have a wish for you to do for them is get HTTPS on their website because that's like pretty, you know, we are a security podcast. I don't mean to bring security up in Pick of the Week, but come on, dude. You could just email him and say, dude, I'll show you how. I'll show you how I have friends.
GRAHAM CLULEY. Carole, he's on Lip Sync. He should be able to do that. Yeah, he should. Yeah, it doesn't— it doesn't work.
CAROLE THERIAULT. Yeah, it's only been a year old. He has no excuse. Come on.
GRAHAM CLULEY. No. Well, for goodness sake, man.
CAROLE THERIAULT. Yeah, but I will subscribe because the podcast doesn't, you know—
GRAHAM CLULEY. yeah, you don't have to go to a podcast website to subscribe to it. Exactly. Yeah, I think that sounds absolutely—
CAROLE THERIAULT. but I did I did because I was listening to Dave and, you know, he's now put me at risk. Well, this—
DAVE BITTNER. yeah, I'm here to serve. So I very much enjoy this podcast. And if you're a music fan, music geek like me, there's lots to enjoy here. So check it out. It is the Strong Songs Podcast.
GRAHAM CLULEY. I think we should just edit Dave saying, I very much enjoy this podcast.
CAROLE THERIAULT. Very perfect intro to the podcast, right? Into the show. Yes. Love this podcast. It's the best. It's the best. I'm right. All I want is more.
GRAHAM CLULEY. Right, right. I was thinking, as Dave was saying, you know, that the highest compliment he can pay is, uh, I only wish there was more. Yeah, right, exactly. If only we didn't have episode 159 of Smashing Security after how this has been.
CAROLE THERIAULT. Perfect, actually. We had a really really nice time. We had no problems, Graham.
GRAHAM CLULEY. We had no issues. It was there in the middle.
CAROLE THERIAULT. Beautiful. So, Carole, your pick of the week. Well, my pick of the week. Now, I know last week I threw my toys out of the pram about pick of the week, and I'm sorry. Yes. And as the holidays, and many of you will be hiding, no doubt, from the in-laws and the like, I thought I would give you a something to distract you. And this is Apple TV's show called Truth Be Told. And the reason I've chosen it is because we, Smashing Security, will not be recording for a few weeks so we can recharge our batteries for 2020, because God knows Graham needs it. But I thought I would check out a podcast-related series that would maybe tie you guys over until we return to the internet waves. Caves, right? So it's called Truth Be Told. Here's the premise. So Poppy Parnell— okay, snappy name— this is played by Octavia Spencer. She's a true crime podcaster returning to the case of Warren Cave. This is played by Aaron Paul of Breaking Bad fame. Warren was convicted 20 years ago of murdering his neighbor when he was only a teen. Now Poppy, our star, has reason to believe that Warren might be innocent, but she's also got skin in the game because basically she got famous, you know, she wrote a series of stories that made her career, and she's concerned that her reporting led to his conviction. So that's the story. So I thought, okay, that's kind of interesting, right? I can identify. I'm a podcaster. I like crime stuff. Great, right? But I don't know if I recommend it. It's that kind of pick of the week, isn't it? 4 hours watching it. No, I spent 4 hours listening and I felt I would do a review, okay? Because it turned out—
DAVE BITTNER. I see, it's all a little bit brothers and sisters, you know, for me to be—
GRAHAM CLULEY. what do you mean brothers and sisters? Is that like sons?
CAROLE THERIAULT. Oh, you know, like navel-gazy and like, am I good enough? Should I feel guilty? Do I love my dad enough? There's a lot of that stuff going on, and there's all this Scandi Noir music, you know, deep and meaningful and hopeless and echoey. You're kind of constantly dealing with her feelings of guilt and her family's lack of support and her passion, you know. But I kept watching it, okay? And it's not even finished yet. New episode comes out every Friday. I've watched about 4, and I think I like to scoff at it because she keeps missing the mark of what makes a great story in my opinion. So if that grabs you as fun as a Christmas activity, check out Truth Be Told on Apple TV.
GRAHAM CLULEY. Wow, thank you. Yeah, I'll get right on there. This is on the new Apple TV+ service. Yeah, I've joined.
CAROLE THERIAULT. Yeah, I'm part of the— I'm part of the fam. Oh yeah, right now so far I've only been, you know, been hanging around for about a week. I've not really seen anything to make you click your heels. But, you know, watch this space.
GRAHAM CLULEY. What's the big reason to get Apple TV Plus?
CAROLE THERIAULT. Because, you know, if, uh, because we got a new device in our house that came with free, so we're checking it out. Oh, I see.
GRAHAM CLULEY. There's a free trial, is it?
CAROLE THERIAULT. Yeah, if you can. Yeah.
GRAHAM CLULEY. Oh, okay. Yeah, because I'm just thinking, you know, I've got so many of these things.
DAVE BITTNER. Yeah, we've been watching— I forget, I think it's called The Morning Show. Is that what it is? Jennifer Aniston. Is it good? Yes. Yes, I— my wife is into it. She's several episodes in. I only watched the first one so far, and it was pretty good. It was, it was good enough that I would watch more of it, but I don't know that it'd ever actually be my pick of the week or anything.
CAROLE THERIAULT. But go fuck yourself, I've done 159 of these. And on that bombshell, Graham, I'm trying to give you your cues. Jeez. On that bombshell.
GRAHAM CLULEY. Time lag. I think we've just about wrapped it up. Dave, I'm sure lots of our listeners would love to hear more of your dulcet ASMR tones. Where could they do that? And what's the best way for folks to follow you?
DAVE BITTNER. So many opportunities, Graham. So many opportunities. I am, of course, the host of the Daily CyberWire podcast. I'm the co-host of the Hacking Humans Podcast. I'm the co-host of the Caveat Podcast. Sometimes I appear on the Grumpy Old Geeks Podcast. Really, at this point, there are more podcasts that I host than I do not host. So, uh, and, uh, after our little time together, I think Carole and I have agreed that I'm gunning for you, Graham. So next, uh, no, it's much nicer to me, Graham.
CAROLE THERIAULT. Like, you may want to up up your game a little bit.
DAVE BITTNER. I could never replace Graham in Carole Theriault's heart.
CAROLE THERIAULT. Yeah, it's a special little box just for him.
GRAHAM CLULEY. Oh, say where you live on Twitter as well, Dave.
DAVE BITTNER. Go on. It's @Bittner, B-I-T-T-N-E-R.
GRAHAM CLULEY. Marvelous. And you can follow us on Twitter as well, @SmashingSecurity, no G. Twitter won't allow us to have a G. And you can also carry on the discussion on Reddit. Go and find the Smashing Security subreddit up there.
CAROLE THERIAULT. And once again, thanks to this week's Smashing Security sponsor, LastPass. Its support helps us give you this show for free. And of course, thank you to you listeners. How will we survive the next few weeks without you? Lord only knows. But we wish you at least a tolerable Christmas season and a wonderful night to bring in the new year. And seriously, guys, in-betweeners and outliers A huge thank you for listening to us every week, supporting us via Patreon, and giving us the coveted podcast reviews. It's butt-jiggly wonderful of you. Check out smashingsecurity.com for past episodes, sponsorship details, and info on how to get in touch with us.
GRAHAM CLULEY. Until the new year, cheerio, bye-bye. Happy Christmas.
DAVE BITTNER. Happy holidays. Happy Hanukkah!
GRAHAM CLULEY. How's the wine, girl?
CAROLE THERIAULT. Um, I'm about 8 bottles in. No, I'm kidding. I've had a glass. I'm fine. Oh my God, I haven't eaten any cake, but now I am. Pecan banana cake.
DAVE BITTNER. Yeah. Delicious.
GRAHAM CLULEY. I think that show went pretty smoothly, all in all, didn't it?
DAVE BITTNER. Oh yeah, yeah, start to finish. Boy, that was—
CAROLE THERIAULT. Graham, you know what? It's totally fine. What? We've got this. Yeah, we've got it. Rock and roll.
DAVE BITTNER. It's awesome. What a way to end the decade. Oh my God, it's the last of a decade.
GRAHAM CLULEY. Dave's right. Yeah. My, how exciting.
CAROLE THERIAULT. Yeah, just wait till next year.
-- TRANSCRIPT ENDS --