Carole details how companies are spying on their stay-at-home workers, Mikko Hyppönen discusses the trustworthiness of video chat apps, and Graham gets embarrassed when he admits he's bought a Facebook Portal for his in-laws.
All this and much much more is discussed in the latest edition of the award-winning "Smashing Security" podcast with Graham Cluley and Carole Theriault.
Visit https://www.smashingsecurity.com/172 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Mikko Hyppönen.
Sponsored By:
- DomainTools: DomainTools helps security analysts turn threat data into threat intelligence. Its solutions give organizations the ability to use and create a forensic map of criminal activity, assess threats and prevent future attacks.
- Learn more about their products at domaintools.com, or visit domaintools.com/smashing to enter their Capture The Flag competition and be in with a chance to win a $100 gift card.
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Herrasmieshakkerit — Mikko's security podcast (in Finnish) with Tomi Tuominen.
- Video trailer for Herrasmieshakkerit — YouTube.
- Has Houseparty really been hacked? $1 million reward offered to unearth who is behind widespread claims — Graham Cluley.
- Houseparty declares that all accounts are safe — Twitter.
- Houseparty announces $1,000,000 bounty — Twitter.
- Zoom Meetings Do Not Support End-to-End Encryption — The Intercept.
- The most popular smartphones in 2019 — DeviceAtlas.
- The Zoom IPO (with Santi Subotovsky) — Acquired podcast.
- Cyber Volunteers – Protecting and Responding for our healthcare services! — CV19.
- Bosses Panic-Buy Spy Software to Keep Tabs on Remote Workers — Bloomberg.
- Your Bosses Are Trying To Spy On You Now More Than Ever — Futurism.
- Companies are using webcams to monitor employees working from home — Business Insider.
- Something Rhymes with Purple — Acast.
- Susie Dent on Twitter.
- Virtual choir from Finland: "Song of the Fearless" — YouTube.
- Someone's built the entire Earth in Minecraft - to scale — Eurogamer.
- The Earth in Minecraft, 1:1 scale ...for the first time — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
GRAHAM CLULEY. Look, look, I'm very uncomfortable about this, right?
CAROLE THERIAULT. Well, you should be.
GRAHAM CLULEY. I am be— it's just—
CAROLE THERIAULT. Do you really need a camera tracking your mother-in-law's face at every opportunity?
ROBOT. Smashing Security, Episode 172: Uncle Fuckface with Carole Theriault and Graham Cluley. Hello. Hello, and welcome to Smashing Security Episode 172. My name's Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. Hey, Carole.
CAROLE THERIAULT. Hey, Graham.
GRAHAM CLULEY. We are joined by a returning guest. He hasn't been on the show for a while, but he's known to many of our listeners is Mikko Hypponen. Hello, Mikko.
MIKKO HYPPONEN. Well, hello there. It's really great to see both of you, and it's always great to hear how well Graham is able to pronounce my name. That's exactly how it's said.
GRAHAM CLULEY. Success!
CAROLE THERIAULT. Hey, how are you seeing me exactly?
MIKKO HYPPONEN. Well, virtually. Obviously, this is a time of social or physical distancing, so there's no way we would be in the same room, right?
CAROLE THERIAULT. That's right.
GRAHAM CLULEY. So Mikko, I imagine you, like all of us, are trapped in your home right now.
MIKKO HYPPONEN. Yeah.
GRAHAM CLULEY. Your life has been messed around a bit by all this nonsense that's going on. What are you up to?
MIKKO HYPPONEN. Well, it's really great to be in one place because my normal life is so different. I'm on the road every week. Now I haven't taken a single flight for a month and I'm still grounded for many more weeks. So yeah, in a way I like it. Is this what normal people live their lives like?
CAROLE THERIAULT. So this is why you're able to focus on your podcast because you've been grounded for a month.
MIKKO HYPPONEN. Yes, I have. And before I speak about my podcast, I just want to say something really great about traveling a lot, which is that my company How do you say it? They cover the CO2 emissions that I create.
GRAHAM CLULEY. Oh, brilliant. Good.
MIKKO HYPPONEN. Yeah. So I'm not destroying the world by doing all this traveling. And that's really great. And that enables me to do the things I like, which includes the worst competitor for Smashing Security podcast. We have now our own podcast. Me and my old friend Tomi Tuominen started the podcast late last year. We're going to kick your ass.
GRAHAM CLULEY. I think I may have tuned into it. It's in Finnish, isn't it?
MIKKO HYPPONEN. Well, yes, it's in Finnish, which does limit the audience a little bit. It's called "Härräsmies hakkerit." "Härräsmies hakkerit" is the best podcast about security in Finnish you've ever heard, I guarantee it.
GRAHAM CLULEY. That's the kind of competitor we like, to be honest.
CAROLE THERIAULT. Do you know, Graham, I was thinking earlier today that maybe we misnamed our podcast because I was listening to a Radio 4 podcast and the woman was going in to interview someone. She goes, "Hi, Sue Miller from Radio 4." door. And I was thinking, if we walked to someone's door and knocked on it and said, "Hi, Carole Theriault, Smashing Security," they may, they may not want me to come in.
GRAHAM CLULEY. Oh, right. So maybe we should call ourselves Radio Security or something, or what do you suggest?
CAROLE THERIAULT. I don't know, I'll have to think about that. Maybe our listeners can help.
GRAHAM CLULEY. All right, okay. A bit late for a brand name change, but all right. Carole, tell us what's coming up on the show this week.
CAROLE THERIAULT. Well, first, thanks to this week's sponsors, LastPass and Domain Tools. Their support helps us give you this show for free. Now, on today's Stuck at Home special. Graham shares the rumors about video chat app Houseparty. Mikko tries to figure out how to deal with security and privacy in our pandemic reality. And I'll be looking to answer this question: is it okay for your boss to spy on you if you're working from home? All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chums, chums, coronavirus of course has, well, it's sort of changed the whole way we're living, hasn't it? It's changed the world and people aren't able to move around, people aren't able to to socialise, and many companies have been struggling as a result. But actually, for some firms, it's been a real boon. It's been an opportunity for them to actually get loads more users. I'm talking, of course, about video chat apps like Zoom, like Houseparty. Millions of people have downloaded these apps, perhaps for the first time in the last couple of weeks. So, whereas they used to be the province of people working in business, typically, Now everyone's kind of jumping on them, aren't they, in order to chat with their pals.
CAROLE THERIAULT. And to keep their jobs, right?
GRAHAM CLULEY. Well, keep their jobs, but also to keep in touch with relatives who they may not be able to go and visit any longer.
CAROLE THERIAULT. Totally, totally, because we're all isolated and it's the only virtual hugs these days, right?
GRAHAM CLULEY. Yeah, I've got a kind of embarrassing admission to make at this point.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. Which may well get edited out of the podcast, but because I'm quite embarrassed by it, especially with Mikko on the line. So—
MIKKO HYPPONEN. Go ahead.
GRAHAM CLULEY. I've got in-laws who are quite technically non-savvy and really struggle, and my wife wanted to keep in touch with them while they're all locked down. And we were trying to work out the easiest way to do this. And it's like, well, we know there's FaceTime and there's Skype or whatever, but needed it to be easier than that. And so we invested in a couple of devices which make it very, very easy to video chat, even if you're into your 70s, 80s, and 90s and know nothing about technology. Mm-hmm. I don't have a Facebook account. I don't have a WhatsApp account, but our household now has a Facebook Portal.
CAROLE THERIAULT. In your house?
GRAHAM CLULEY. In our bloody house.
MIKKO HYPPONEN. Congratulations.
GRAHAM CLULEY. Well, congratulations to Facebook, maybe.
CAROLE THERIAULT. They knew they'd get you in the end.
GRAHAM CLULEY. So we now have this video feed and audio feed.
CAROLE THERIAULT. Shame on you for not even fighting the corner.
GRAHAM CLULEY. Well, it was a restless night. It was a struggle. I have to say there was lots of tossing and turning about this. And I have to say, pragmatically, it's a great way of keeping in contact with relatives and loved ones. But of course, it comes from ruddy Facebook, which makes me extremely nervous.
CAROLE THERIAULT. Have you heard of a house phone?
GRAHAM CLULEY. It would— yes, a house phone, but you kind of want to see them. And actually, they never even hear the phone when it rings. So we do need something which sort of bloop, bloop, bloop up on the TV screen and announces that they're getting a call.
MIKKO HYPPONEN. Graham, what does a Facebook Portal actually look like? It has a screen on it, doesn't it?
GRAHAM CLULEY. There are two kinds of variations of it. There's one which is basically like an iPad-like screen with a camera built in as well. And what it does with the camera is very, very clever because it's tracking faces. Oh, why am I doing this? And so it will focus on the relevant part of the room. Room, so it keeps you in shot, which is what we need with the in-laws, for instance. The other version plugs into your television, and in all of them there is a hardware little what's-it, which will cover over the camera, should you want to, and you can turn off the audio. And they claim that it doesn't upload any of your data and any of this to Facebook.
CAROLE THERIAULT. Oh, we know we can trust them 100%, so that's cool.
GRAHAM CLULEY. I know, I— look, you know I hate Facebook, right?
CAROLE THERIAULT. No, no, I just think we know who wears the trousers in your house, and it's fine.
MIKKO HYPPONEN. Graham, I am revoking your privacy expert rights.
CAROLE THERIAULT. Thank you, I agree.
GRAHAM CLULEY. I think these are extraordinary times. I haven't got one in my office, it's in one particular room in our house.
CAROLE THERIAULT. What's it called?
GRAHAM CLULEY. I'm not— it's called a Facebook Portal. I'm not completely comfortable with how that's used.
CAROLE THERIAULT. So you're basically advocating that listeners get one?
GRAHAM CLULEY. I'm not advocating, I'm saying it's an option there. If you have relatives who you can't go and visit and you need to keep an eye on and you need to communicate with because you're worried about them.
CAROLE THERIAULT. Influencer surveillance in your house?
GRAHAM CLULEY. Then this is one potential option. I haven't enabled any of the Alexa stuff which is built into it as well. So I've tried to lock it down as much as possible, but it is ultimately Mark Zuckerberg's camera looking at us.
MIKKO HYPPONEN. Maybe you could provide our readers or listeners with an affiliate link which gives you a cut of the sales of Portals.
GRAHAM CLULEY. Well, the thing, the thing was they were actually sold out on Amazon UK when I tried. So I ended up having to order it from Amazon in France, because at the moment, at least, we're part of the EU still.
MIKKO HYPPONEN. You bought a black market Facebook.
GRAHAM CLULEY. No, no, it's not black market.
CAROLE THERIAULT. It meant— I just— I know.
GRAHAM CLULEY. I didn't have to pay any tax.
MIKKO HYPPONEN. This keeps getting worse.
CAROLE THERIAULT. Yeah, yeah. You digress. Is this your story?
GRAHAM CLULEY. No. Anyway, but the point is that lots of people are beginning to use these sort of video chat apps, whether they feel comfortable with them or not. One of those apps is Houseparty, which is somewhat different from Zoom, which many of us have used in a business environment.
CAROLE THERIAULT. I have friends that use this. I haven't used it myself. Do you? But I do have friends friends that are using it to keep in touch with all their family.
GRAHAM CLULEY. Right. My understanding is basically you set up a house party room or something like that, and you can just drop in on it at any time. And if anyone else from your collective is also part of that room at that time, they can see you and chat to you. So you don't have to go through the effort of setting up, oh, at 7 PM, we're going to have a Zoom call. Here's the invite. It's like a pub you can just drop in on without an appointment.
CAROLE THERIAULT. I was going to say coffee bar, but then you would never go. So that may be a really good way of going.
GRAHAM CLULEY. Don't go to a pub either.
CAROLE THERIAULT. No, but you know, the kitchen and the staff room. The staff room.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. It seems to have that kind of idea.
GRAHAM CLULEY. It's kind of less formal, and I think it's more attractive. It's proven more attractive to some people who are understandably keen to keep in touch right now, maybe, but don't want to go the full caboodle of buying a Facebook portal.
CAROLE THERIAULT. So if I had this, if I— So if I had this app, right?
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. I could, and I was connected to all my family, all my family had the app. If I happened to log in and see that my mum was there, I'd go, "Hey, Mum, how's it going?" and connect immediately. Immediately and start chatting.
GRAHAM CLULEY. Yeah, yeah, yes, exactly. So whoever's currently on can chat to each other.
MIKKO HYPPONEN. And the comparison to a pub is actually a good one, because I understand there's also games you can play with whoever happens to be online in Houseparty.
GRAHAM CLULEY. You could play Monopoly in a way, couldn't you? There's all sorts of things which you could do.
CAROLE THERIAULT. But I think Mikko's saying there's built-in games.
MIKKO HYPPONEN. That's what I understood. I haven't actually played them, but yeah, I understand there's some simple games you can, like, play together with everyone who happens to be online at the same time in the same room.
GRAHAM CLULEY. Cool. Well, in recent days, rumors have been spreading about Houseparty, and the rumor has it that Houseparty is unsafe and that it has suffered some kind of security breach or that it is doing something naughty. If you go on Twitter or Facebook, you will see plenty of folks sharing warnings about the Houseparty app, claiming that after installing the app, they found that other online accounts were being compromised, like Spotify or their email account, or even in some cases, their bank account.
CAROLE THERIAULT. I think that showed up in my feed on Reddit, actually. I didn't read the article, but I saw it pass by saying they happen to be breached.
GRAHAM CLULEY. Yeah, there is a lot of these stories going around, and I'm going to emphasize stories because no one is actually presenting any evidence. People are saying, I installed Houseparty, and then someone, I don't know, from Israel or wherever, logged into my Spotify account, and they've made the connection. They've assumed that the two things are connected. Maybe they don't normally install apps. But right now, millions of people are installing Houseparty, And then when something else suspicious happens, they're assuming it's Houseparty's fault.
CAROLE THERIAULT. This is really hard for users though, right? Because on one hand, we're saying, oh, look, you need to work remotely. Here are some good apps, right? But we also warn of apps that have dangerous components. So how are they supposed to tell the difference between— you're saying this is rumors, but without any proof.
GRAHAM CLULEY. I think what's going on here is rather interesting. I think it's telling us something actually about the way the human mind works and how it loves to make connections.
CAROLE THERIAULT. Well, this is pretty deep, Graham.
GRAHAM CLULEY. When?
CAROLE THERIAULT. I mean, for you.
GRAHAM CLULEY. Even when a real link doesn't exist, right? So they're connecting the dots and thinking, it must be because of this new thing I did on my phone, rather than be the result of a phishing attack or password reuse or credential stuffing or somewhere where the hackers have grabbed passwords from a past data breach, maybe years before. They assume it's connected to Houseparty. And some of the advice which has been spread around, which is saying, delete Houseparty from your phone, if it had been the source of the breach, that doesn't actually fix the problem, does it? Because your details have already been grabbed.
CAROLE THERIAULT. It might be the Zoom dudes doing it. That's my conspiracy theory.
GRAHAM CLULEY. Well, interesting, because of course it is kind of Zoom versus Houseparty at the moment.
MIKKO HYPPONEN. We used to have a word for things like these. We used to call these hoaxes. And it's interesting, like during uncertain times we see much more hoaxes than otherwise. And just last week there were really widespread hoaxes about WhatsApp and people were warning about, you know, specific messages about the death of the Pope or whatever, which was a complete old-school hoax. And for some reason, right now in the middle of this pandemic, these things start going around again.
GRAHAM CLULEY. I wonder if because so many people are at home and maybe aren't working quite as hard or distracted or spending longer on their social networks, they're sort of resorting to sharing warnings with other people as a way of keeping connected with people, just saying, oh, watch out for this. As we suffer this zombie apocalypse or whatever is going on at the moment through this pandemic, there are other things you should be fearful of. And people think they're being helpful passing these things on, but of course, there's no actual evidence. In the warnings about Houseparty, there are no links to legitimate security researchers.
CAROLE THERIAULT. OK, so what would happen if I were a user? If I saw this in my feed and read it and thought, oh, I'm a user, I know users, this is concerning. I would then go look for a news article from a reputable source to back it up.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. Did you go and look and has anyone been able to validate? Has anyone said this is happening?
GRAHAM CLULEY. No, there is no evidence of an actual breach. Security researchers have looked at the Houseparty app and they say, I mean, any complicated app is gonna have bugs and vulnerabilities in it, but they say they've found no evidence that it is doing anything like this, which might cause the Spotify login attacks. And again, Spotify is something which is used by millions Many, many, many people, a vast number of people.
CAROLE THERIAULT. Millions and millions and millions. Exactly.
GRAHAM CLULEY. And so if there's just a regular credential stuffing attack against Spotify, people might only make the link if they've only just installed Houseparty and assume it is somehow connected. Now, Carole, you made this really interesting point. Was it Zoom who did it? The owners of Houseparty are, and this is so weird, in some ways it's not weird, the owners of Houseparty are Epic Games. The makers of Fortnite and other popular video games.
MIKKO HYPPONEN. So you would think Houseparty would have built-in games, wouldn't you?
GRAHAM CLULEY. Right, right. Exactly. And they're obviously interested in the social element because there's such a big social element with video games as well. They have not only said all Houseparty accounts are safe, we haven't had any kind of compromise, we don't collect passwords for other sites, but they've also offered a $1 million reward And what they want people to do is come up with evidence as to who has been spreading these hacking rumours, because they suspect it might be part of a commercial smear campaign to harm Houseparty.
CAROLE THERIAULT. It sounds a bit like, you know, reward, like a— what's it, you know, like in the Westerns, they, you know, they wanted—
GRAHAM CLULEY. A bounty.
CAROLE THERIAULT. A bounty.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. But not in a good way, in a kind of— I don't know if I— I don't think that's a good thing, actually.
GRAHAM CLULEY. My feeling is it probably isn't something that someone is paying for to smear the name of Houseparty. I think that was unlikely and would probably backfire. Some people have been saying that Twitter bots have been posting messages about Houseparty being unsafe. Again, I think it's hard—
CAROLE THERIAULT. So effectively, they're asking for an internal person to come forward and say, actually, yeah, I have proof that it was this company that started the rumor, for example. That's what they're looking for.
GRAHAM CLULEY. Yes, because I work for rival service.
CAROLE THERIAULT. And you'll get $1 million.
GRAHAM CLULEY. $1 million, yes.
MIKKO HYPPONEN. I have a question. So next time when we are recording this, the three of us, can we try recording this instead of using some boring podcast recording app? Can we record this on Houseparty? Or even better, can we record this inside Fortnite?
CAROLE THERIAULT. And what, because it's too boring, so you want to play a game while you're chatting with us?
MIKKO HYPPONEN. Well, you know, if you're saying something stupid, I can shoot you. You.
GRAHAM CLULEY. So if you've installed Houseparty, don't necessarily panic if your Spotify account was then breached. Doesn't necessarily mean it's connected. Protect yourself with two-factor authentication on any online accounts that support it. So if your password is stolen or breached, it alone won't actually give the hackers access to your accounts. And obviously follow standard best practices about not reusing your passwords.
CAROLE THERIAULT. So they think, okay, so is it corporate sabotage? Graham, your thoughts are?
GRAHAM CLULEY. I think most likely not. I think like most hoaxes, it's probably some bored kids. Well, either kids or just people who just didn't understand what was going on and they joined the dots themselves and came to the wrong conclusion.
CAROLE THERIAULT. This is the second time you say that. I think you think people aren't very smart. That's what it sounds like.
GRAHAM CLULEY. I think some people are very smart, Carole.
CAROLE THERIAULT. Oh, I bet you do, Graham.
GRAHAM CLULEY. Thank you very much.
MIKKO HYPPONEN. Let me actually touch upon something Graham said. You just said that people are sitting in their homes and they might not be working as hard as usual, so they have time to come up with all these conspiracy theories or whatever. I think that's actually an important point to discuss because the fact is the whole world is sitting in their homes right now and feeling scared and useless and addictively reloading news every 15 minutes, which is what we're all doing. And I think it's just fair to say out loud to everybody that it's okay if you're not working as hard as you usually are. It's okay if you're not as productive as you'd like to be. It's okay if you're not doing the projects you would be able to do now that you have all the time in the world. These are unusual times. This is a pandemic. And when you look at it from a from a bit more perspective, this is going to be the biggest news item of the decade. This is going to be one of these defining moments of the century. And this is like, what was the last time we had something which really affected the whole world at the very same time? I think it's the first time.
CAROLE THERIAULT. Yeah. And we can all talk about it at the same time.
MIKKO HYPPONEN. Yeah. It's really, really, really unusual. Nobody would have predicted this. I mean, even the world wars we had, they really were not in every country at the same time. It didn't affect the whole world. This does affect every single country. Everybody, the whole world is in quarantine. And this is so different as a quarantine from anything we've seen because we do have this online connectivity. And I think it's an important thing to consider for our audience. I mean, security people, we spend our time trying to secure people and trying to help people who fight with problems they have no hope trying to figure out by themselves. And while the whole world is sitting in their homes feeling useless because we are not medical experts, well, security people can sort of participate. We can try to help. Of course, we can't find a cure and we can't help people in hospitals, but we can help secure these hospitals, we can fight off the attacks which are targeting medical organizations or targeting people trying to find the cure. There are bad people out there right now. We've seen multiple attacks against medical organizations during this pandemic, which really, really sucks. And yes, the more we can do to help fight off these problems, the better it is for everybody. And it makes us feel like we can help, we can do something.
GRAHAM CLULEY. Yeah, people will feel better, won't they, if they feel like they're providing some use and bringing some benefit when we feel so helpless.
MIKKO HYPPONEN. Sure, because we do have skills and right now our service is needed. It's now needed maybe more than ever.
GRAHAM CLULEY. So one thing which strikes me is some people have set up organizations now to volunteer their expertise, their IT security expertise, to health services. There's an organization called Cyber Volunteers 19, CV19, I will put a link into them in the show notes. Friend of the show, Lisa Forte, she's one of the forces behind Cyber Volunteers 19. So people may want to go there and find out how they can offer their expertise. So, you know, don't feel, don't feel too helpless. But I agree with you, Mikko. I think we all need to give ourselves a bit of a break as well and not stress out too much. There's enough stress in the world right now that if we're staying at home, you know, don't feel that everything has to be perfect.
CAROLE THERIAULT. Yeah, we're going to have to talk about this a bit more in my section, because I think there's a few bosses out there at the I don't feel the same way you guys do.
GRAHAM CLULEY. Oh, interesting.
MIKKO HYPPONEN. Yeah, that's a very good point. But it's not just being productive at work. I mean, I was just speaking to a friend of mine who said that he thought he would read through all these great books, and he confessed that he didn't even open the first one yet. It's just hard to concentrate. It's hard to get anything done.
CAROLE THERIAULT. And to sleep.
MIKKO HYPPONEN. Yeah, even that. So you're exactly right, Graham. We should be giving a break to ourselves.
CAROLE THERIAULT. Do you need a break from the podcast now? Do you need a tea break or anything?
GRAHAM CLULEY. Oh, I'd quite like that, actually, if that's possible.
CAROLE THERIAULT. We'll be back in 20 minutes, everyone.
GRAHAM CLULEY. So Mikko, what have you got to talk to us about this week?
MIKKO HYPPONEN. Well, let me actually continue on what you were saying about Houseparty and Zoom, because Zoom has had their own problems as well. They've been accused of really dodgy privacy policies and about sending information to Facebook and all kinds of things which, which really emphasize the point that when you have a product like this, which is growing, faster than pretty much any product ever in the recent history, they might cut some corners. And in this case, the corners might be privacy corners.
CAROLE THERIAULT. Well, all eyes are on them now, right?
MIKKO HYPPONEN. So true, true. And of course, Zoom is a company which just went public last year. We'll actually put a link to show notes about the great podcast on Zoom. One of my favorite podcasts outside of Smashing Security.
GRAHAM CLULEY. Is it in Finnish?
MIKKO HYPPONEN. No, it's English. It's called Acquired, which is a really good podcast, which talks about companies which either were acquired by another company or which went public. And they had an hour-long show about the history of Zoom, where it came and who are the guys behind it, who are the girls behind it and how exactly they did the IPO. Really interesting stuff worth listening. But when we think about the idea that there's these new products which become so successful despite of privacy problems, Zoom is not the only example. We can think about things like Huawei, the Chinese manufacturer. Their phones, I just checked this, their phones are in top 10 most common, most sold handsets in dozens of countries around the world, despite the fact that they've had all these reputation problems regarding privacy and nation-state access to their devices or to their gateways. Zoom has this problem. Telegram, WhatsApp has been accused of lousy encryption, at least by default. It doesn't slow them down at all. So as long as the product is good, and obviously Zoom is a good product, Telegram is a good product. Clearly Huawei phones are good phones because people buy them. TikTok is growing like crazy because it's, you know, apparently it's a good product. But so—
CAROLE THERIAULT. Say the kids, yeah.
MIKKO HYPPONEN. Well, yeah, there you go. But this proves the point. People don't really care about the privacy as long as the Product is good. That's what they want. If it's free and it's a good product, they will use it regardless of the problems behind it.
CAROLE THERIAULT. Even Graham, even Graham using Facebook Portal.
GRAHAM CLULEY. Facebook Portal wasn't free, I'm afraid, but—
CAROLE THERIAULT. You're paying for the privilege, if you like.
GRAHAM CLULEY. I pay for the— look, I'm very uncomfortable about this, right? Well, you should be.
CAROLE THERIAULT. Why? Maybe have a house meeting.
GRAHAM CLULEY. It's a family meeting.
CAROLE THERIAULT. Skype is fine. Do you really need a camera tracking your mother-in-law's face? LastPass at every opportunity.
MIKKO HYPPONEN. But I think this tells something very concrete about the users around the world. I mean, if it's free and it's a good product, it could do pretty much anything behind the scenes and people just don't care. And we saw this very, very well ourselves. At AppSecure, we were in the middle of releasing a cloud storage product 5 years ago when the Snowden leaks LastPass came out. We did a pretty extensive study in different European countries asking consumers, and you know, in the middle of all these Snowden revelations, would you be interested in a European cloud provider instead of these American cloud providers where you would be guaranteed that your information is within EU or even within your own country? And the result was an overwhelming yes. Everybody, of course, said yes, that I would absolutely We prefer a local European provider. Then when we actually released the product, nobody cared. Everybody went with the free product from, you know, the thing which was built into the device or built into the operations. And of course, those are all from USA. So there's one thing that people say and another thing that people do.
CAROLE THERIAULT. I don't know if it's a question of caring so much as maybe not having the time to do the research required, especially if it's not your niche. Niche, or niche for our American audience. You know, how do you do that? I mean, I know, you know, but you know, if my mom was told, hey, go use this particular app, she would just trust because the person who told her, she trusted them.
GRAHAM CLULEY. And, you know, it's no fault of hers, but a lot of people will take recommendations from their friends and their friends don't have to be security and privacy experts, right?
CAROLE THERIAULT. Yeah. And if I told her, oh, actually, Mom, that app isn't good, you know, maybe to get rid of it, she would. But, and, but she would also feel flustered that she was told two different sets of information. And I get that. I get that.
MIKKO HYPPONEN. So maybe it puts the power in the hand of the regulators. I mean, say what you want about GDPR, it actually gets results.
CAROLE THERIAULT. And I'm a big fan of GDPR, as many— Smashing Security knows. I think it's great. And California has followed suit now. And I think there's another few states that are fast on the heels as well. So, but I think also caring for these things is a luxury as well. Like, especially right now during a pandemic, people are thinking thinking, oh my gosh, I need to stay in touch with my family. And people, they hear from someone, oh, use this app, Houseparty, or use Zoom. And so everyone just jumps on the bandwagon, and no one really looked to see what exactly the privacy things were.
GRAHAM CLULEY. I heard Facebook Portal was good enough for Graham Cluley.
CAROLE THERIAULT. That's right. That's what you've done.
GRAHAM CLULEY. See, that's what—
CAROLE THERIAULT. you better— I hope you have a different song to sing next week, mister. Yeah.
MIKKO HYPPONEN. But to summarize, it just emphasizes the responsibility we We security people have.
CAROLE THERIAULT. Quite. Yeah.
MIKKO HYPPONEN. So we really should, you know, do our work right. So then the consumers can make the right decisions.
CAROLE THERIAULT. Yes, Graham. Yeah, because it's not do as I say, it's do as I do, right?
MIKKO HYPPONEN. What's so funny, Graham?
GRAHAM CLULEY. I'm just being picked on by my co-host. It's the usual story. This is what happens every week, Mikko.
MIKKO HYPPONEN. Yeah.
GRAHAM CLULEY. Carole, what have you got for us this week?
CAROLE THERIAULT. Okay, so we've been talking about companies dealing with managing a remote staff. And many of these companies are doing it for the first time. You mentioned that, Graham, in your story.
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. Now, of course, places that have been doing it for a while probably have a much better, a more robust work-from-home policy. But, and this is probably giving them a bit of edge over the competition, you know, the ones that are coming to the table late. Now, I guess it's not a surprise that we're seeing remote working tools and a number of users. So we're seeing more people use cloud shares and client firewalls and VPNs and video conferencing tools like Skype and Zoom. Zoom, like we've talked about. And I've always hated video conferencing. I don't know about you guys. Do you feel it connects you better with the people that you're conferencing with? Because I'll tell you, I remember every time I video conferencing, to me, there's this one American lady that I worked with. Graham, you worked with her too. I'm gonna call her Dolly.
MIKKO HYPPONEN. I know who you mean.
GRAHAM CLULEY. Yes, Dolly Parton.
CAROLE THERIAULT. Okay, we were all having this meeting and she decided to eat an apple. But you know when you make a noise, it's louder than everybody else. And she was sitting really close to her camera chewing on this apple and the camera kept going to her face. It was just a horrific scene. And I just don't know why people need video. Maybe that's why I do radio. So maybe I'm more into audio than—
GRAHAM CLULEY. I'm not a big fan of video chat at all. I find it very distracting.
CAROLE THERIAULT. I definitely don't like video chatting with you, Graham. That's for sure. Number one.
GRAHAM CLULEY. But on a personal level, I think it does have some benefits. I mean, in the current situation, as we've been saying, in the current situation, I think there are some pluses. Uses, which can be got from it. But generally, I would agree with you that it's actually a bit of a distraction. It gets in the way of the communication.
CAROLE THERIAULT. I don't even comb my hair. I don't want someone calling me on video as a surprise right now. I need some warning. Anyway, so there are all these tools, these remote tools. But for some people, all these remote tools that make life easier are not enough because some, Mikko, are worried that their employees are going to slack off. And the bosses are very concerned about maintaining or at least protecting the company's productivity. So I started looking around and there's a veritable huge world of online productivity services out there. So I compiled a selection for you guys to look at. And I wanted you just to take your take on them because they're all a little bit different and the way they market is fascinating. So number 1, I started easy, right? So number 1 on the list here is Active Track. So if you check the link in LDOC.
GRAHAM CLULEY. So I'm already a little bit against them because it's ActiveTrack without an E and without a C. So they— I don't like it when companies do this. So ActiveTruck.
CAROLE THERIAULT. I think these days you've got to make a choice between.com or having a crazy word, right?
GRAHAM CLULEY. Oh yeah, probably. So this is analysing your employees' activity.
CAROLE THERIAULT. Yeah, you see that bulleted list there? I read this. So they say, we want to protect employee privacy to ensure it's not violated. Communicate news intent of the data collected. So it's very transparent and making sure it's not intrusive and it's also following the legal legislations in your geography.
MIKKO HYPPONEN. Yeah, my favorite part is avoid creating a culture of distrust.
CAROLE THERIAULT. As we spy on you. But, okay, you know, that doesn't sound so bad. You know, I'm not sure why everyone's talking about this. So let's go to number 2, Sneak.
GRAHAM CLULEY. The product is called Sneak.
CAROLE THERIAULT. And they've actually made a joke in the press, I'm paraphrasing, but something like, "If we were really into spying, do you think we would've called ourselves Sneak?" Something along those lines.
MIKKO HYPPONEN. So I thought, hmm.
CAROLE THERIAULT. So if you check this out, This basically—
GRAHAM CLULEY. Oh my goodness.
CAROLE THERIAULT. So this software interface lets people set their webcam to automatically photograph them every 1 to 5 minutes.
GRAHAM CLULEY. To make sure they're in front of their desk and looking like they're being— Well, this is bloody awful.
MIKKO HYPPONEN. To make sure they are working. Yes.
CAROLE THERIAULT. Now look, it says even here, it says, see all your teammates' pretty faces and you get to choose the pictures because yes, we all pick our noses. There's no shame.
GRAHAM CLULEY. Oh, so if you are an employee, your picture is taken at a regular interval and you can choose which one gets sent to your boss.
CAROLE THERIAULT. Sent to everyone in the group.
GRAHAM CLULEY. That's not going to be disruptive of your work, is it, if that happens every 5 minutes?
CAROLE THERIAULT. Well, it's also to see how often you're at your desk, right?
MIKKO HYPPONEN. Oh, hold on, hold on. Does this apply to the managers and the leadership team as well?
CAROLE THERIAULT. That was a question that was asked of one of these companies. I can't remember which one. And they failed to answer. They didn't want to tell them whether the CEO used the same— was under the same guise They're under the same treatment. Okay, so Sneak is a pretty— I thought it was pretty interesting, right? Because who wants their teammates' pretty faces all on one screen whilst you're working? I mean, where do you actually work?
GRAHAM CLULEY. I would want to get my cardboard cutout out of the basement, I think, and set that up because—
CAROLE THERIAULT. You'd have to get one with different facial expressions. Otherwise, we'd be worrying about you. Okay, the next one. Okay, Interguard. Check this out.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. Interguard.
GRAHAM CLULEY. Well, they spelt guard correctly, so that's a bonus. Okay. What else are they doing? So it looks like the same kind of deal, isn't it? As the first one.
CAROLE THERIAULT. Employee cell phone monitoring?
MIKKO HYPPONEN. Oh, right. Yeah. Hey, check your phone as well.
CAROLE THERIAULT. Yep.
GRAHAM CLULEY. We will view what apps are used, texts, websites visited, web searches, call logs, GPS, and more. No jailbreaking or rooting required. To set up monitoring.
MIKKO HYPPONEN. Also, they have real-time geolocation.
CAROLE THERIAULT. They know where you are if you say you're at home.
GRAHAM CLULEY. Shouldn't all these firms actually be measuring you by your output and whether you're getting the job done rather than how many hours it took you or whether you sat in front of— because being sat in front of a monitor, for instance, doesn't mean you're not playing solitaire or chess.
MIKKO HYPPONEN. Nosy is picked today, 17.
CAROLE THERIAULT. Let me show you something really fascinating here. If you guys go to the Interguard pricing page.
MIKKO HYPPONEN. Oh, the top, yeah.
GRAHAM CLULEY. Mm-hmm. The Interguard pricing page. All right.
CAROLE THERIAULT. So you can see you can get a free cloud trial, right? But you can also get one that's paid. And if you look at the difference between the two options, there's a stealth mode available.
MIKKO HYPPONEN. Huh. Right. You have to pay for stealth mode.
CAROLE THERIAULT. You have to pay to spy on your users. So this is the question I have for you. Why would bosses want to do it without telling people?
MIKKO HYPPONEN. Yes, because it's cheating.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. Because I can understand if your boss said to you, look, this is what we're going to do. And then you as an employee can go, not cool with that or cool with that. And sometimes you get people to change their minds. Like Graham now has Facebook Portal. Who would have ever guessed that he would have done that? Please don't talk about that.
GRAHAM CLULEY. Well, it's to stop the employees revolting, because once the employees realize they've been spied upon, they're going to try and work somewhere else instead, right? They're not going to be terribly happy and they'll try and subvert it in some fashion with a cardboard cutout or whatever.
CAROLE THERIAULT. Yeah. So there's two more here. We've got TerraMind that does screen recording and live use app tracking. There's one called Hubstaff, which is employee monitoring software. So you can see work in progress as it happens by taking screen captures. Customized to each user.
GRAHAM CLULEY. So I imagine all of these are only legal if the employee agrees to this, right? They have to knowingly say yes.
CAROLE THERIAULT. I think depends on where you are from. I know that some states, for example, operate in a one-party, what's it called? There's one-party listening law. So one party has to know that they're recording versus both parties.
GRAHAM CLULEY. Right, or zero parties, which would be—
CAROLE THERIAULT. I suppose zero parties. So it all depends on the state. On the state law. Some of them, both parties have to know that there's recording going on. And I believe that's what is the case in the UK, although things change slightly because you're using a computer provided by your company. Now, this is where it gets tricky for us all because these computers now are effectively 24/7 in our personal homes. So if you're taking video snapshots of the user, and their screen, you're capturing information that has nothing to do with work. And where is that information being stored? So for example, if you were in a smaller house, which many people are trapped in, and you have to work from home and you have your kids running around, pictures of your kids and your family can be easily snapped in the background.
GRAHAM CLULEY. Or what happens when I'm trying to find a pair of underpants in the morning and I go past my computer, right? Trying to find a clean pair. That might get beamed up to my boss.
MIKKO HYPPONEN. That's where I draw the line.
CAROLE THERIAULT. I was way ahead of you there. I was like, I'd left the room already. So, yeah, so I see there's like 4 options, right? You have a boss that doesn't spy or monitor. And I think all of us would say, yeah, that's obviously a better way because if you don't trust your employees, that does, you know, morality kind of goes top down.
GRAHAM CLULEY. A lovely boss, the best kind of boss.
CAROLE THERIAULT. There's also bosses that tell you, that inform you that you are being spied upon and what would be, or being monitored. So I think it's important to ask because I'm not sure how not telling the truth in that situation would work for your employees. So getting it in writing that they are not monitoring you might be a good idea if you're concerned.
GRAHAM CLULEY. But who wants to kick up a fuss, Carole, really? I mean, at the moment when so many people are being laid off, unemployment's on the rise, A lot of people will be very nervous, won't they, of doing this. I imagine more and more people will be, they won't like it, but they may think they have no option but to accept it.
CAROLE THERIAULT. Think of how many people right now who are being forced to use their own devices at home because, you know, as we talked about last week, and they may have been asked to install a covert employee monitoring software as part of the work package, right? Which has been downloaded as a zip.
GRAHAM CLULEY. It's yucky, isn't it?
CAROLE THERIAULT. Yeah, I think the whole idea of monitoring people in this way is a bit awful. There's this guy on Reddit, and I agree with him. So Uncle Fuckface.
MIKKO HYPPONEN. Yeah, I know him.
GRAHAM CLULEY. Sorry.
CAROLE THERIAULT. Uncle Fuckface said, he said, give me a task to do and I'll tell you when I'm finished because you can shove the webcam up your arse.
MIKKO HYPPONEN. So I agree. Good old Uncle Fuckface, yeah.
CAROLE THERIAULT. Exactly.
GRAHAM CLULEY. This week's Smashing Security podcast is sponsored by Domain Tools. They help security analysts turn threat data into threat intelligence. Very cool too. Now they've got something that I think you're going to like, a capture the flag competition, which can win you a $100 Amazon gift card. If you want to join in all the fun, visit domaintools.com/smashing to enter the competition before it closes on the 16th of April. And may the most geeky listener win.
CAROLE THERIAULT. VPN. So many of us now are realizing that moving to a fully work-from-home environment isn't always easy, but LastPass is here to make that transition easier, all without decreasing security. LastPass ensures your employees have secure access to their work applications and provides remote employees the ability to securely share passwords across teams in order to stay on top of critical projects. If you want to learn more visit lastpass.com/smashing. On with the show.
GRAHAM CLULEY. And welcome back. Can you join us on our favorite part of the show? The part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week.
MIKKO HYPPONEN. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.
CAROLE THERIAULT. It should not be.
GRAHAM CLULEY. Well, my pick of the week this week is not security-related. Instead, it is a podcast which has nothing to do with security, or indeed, I'm afraid it isn't in the Finnish language either. It is a podcast called Something Rhymes with Purple. And Something Rhymes with Purple is a lovely little podcast hosted by Giles Brandreth, who is a former British MP and TV celebrity and famous jumper wearer, and Ms. Susie Dent, who has appeared in Dictionary Corner of Channel 4 TV's Countdown show since 1992.
CAROLE THERIAULT. A national treasure.
GRAHAM CLULEY. She is a lexicographer, which means that she knows all about words and dictionaries and things like that. And what they do on this podcast basically is they talk about unusual words, or sometimes not so unusual words, and they talk about the origins of these words. So, for instance, by the way, you can also follow Susie Dent on Twitter where she will have a word of the day quite often. For instance, she just tweeted about the word freelancer. Timely. And she explained that freelancers— get this, get this, right— freelancers were originally knights who weren't attached to any single lord or master, and so were free to use their lances, weapons, to anyone who paid them. And that's why we have freelancers.
CAROLE THERIAULT. Love it.
GRAHAM CLULEY. How brilliant is that? You will get scores of these kind of explanations. If you ever wanted to know what namby-pamby, where that comes from, or grockles, or why Alexander Graham Bell recommended that people answer the telephone with ahoy rather than hello, then Something Rhymes with Purple is the podcast for you. And that is why it's my Pick of the Week.
MIKKO HYPPONEN. I'm not a native, but does turtle rhyme with purple?
GRAHAM CLULEY. Turtle?
CAROLE THERIAULT. Purple turtle, yeah.
GRAHAM CLULEY. No, well, no, not really.
CAROLE THERIAULT. It does in America. Purple turtle.
GRAHAM CLULEY. Well, that's not in English then, is it? That would be turple, wouldn't it? Not turtle. Yeah, you're right.
MIKKO HYPPONEN. Okay, so what rhymes with purple? Give me one.
GRAHAM CLULEY. Well, I don't know. You'd have to listen to the— I haven't heard that episode.
CAROLE THERIAULT. I imagine.
MIKKO HYPPONEN. But you're recommending it.
GRAHAM CLULEY. I'm recommending— I haven't heard every single thing I've said.
CAROLE THERIAULT. Purple.
GRAHAM CLULEY. Turtle does not rhyme with purple.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. I'm not sure. We'll ask Susie.
CAROLE THERIAULT. You could ask me.
MIKKO HYPPONEN. I'm right.
GRAHAM CLULEY. You're not English.
MIKKO HYPPONEN. Okay.
GRAHAM CLULEY. And Mikko, what's your pick of the week?
MIKKO HYPPONEN. Oh, thank you. My pick of the week is Pelottomien riemulaulu. And yes, that's Finnish for That's the name of the song. My pick of the week is a song, or even better, it's a video of a song. This is a song composed by a Finnish composer called Jussi Kudänius, who actually is a pretty well-known a cappella singer in Finland. The lyrics were written by Julia Junttila, and this was made for the Väski-Vuori Upper Secondary School Chamber chorus. And they've actually recorded the particular song that we are linking to in their homes during the pandemic. So this is all being recorded with like teenagers on their phones or from Zoom or from Skype. And when you combine it together, you end up with something amazing. Just listen to this.
GRAHAM CLULEY. So what we're seeing is this montage really of lots of people on their screens, and sometimes it will flip between them.
CAROLE THERIAULT. It's amazing.
MIKKO HYPPONEN. It's great. And the technical execution is flawless. There's actually a write-up about how they did it. The basic idea is that the teacher did a basic skeleton of the song as an MP3, sent that to every kid, and then they were listening to it and singing their part on top of it. And then they would have put in quite a bit of effort to cut it all together. But the end result is worth listening to.
GRAHAM CLULEY. It's really good. This is a true work of art, I think, and much better than Gal Gadot and her celebrity friends singing Imagine.
MIKKO HYPPONEN. Yeah, and this probably would have never happened without the pandemic. So yeah, this is what we do.
GRAHAM CLULEY. Suck something good. Lovely. So that is Palottamienriem.
CAROLE THERIAULT. Go to our webpage for the link.
MIKKO HYPPONEN. That was perfect pronunciation. Thank you, Graham.
GRAHAM CLULEY. Link's in the show notes. Carole, what is your pick of the week?
CAROLE THERIAULT. Okay, so my pick of the week is for Minecraft lovers who have found themselves to have a bit more time on their hands. Yes. Because it turns out this guy called PippinFTS, that's his handle, claims to have made a 1-to-1 Minecraft version of Earth for the very first time.
GRAHAM CLULEY. Sorry, 1-to-1?
CAROLE THERIAULT. 1-to-1 scale. So that is actually, in normal Minecraft, that's kind of impossible because there's a height limit in Minecraft, which is limited at something like 250 meters or something. So it makes—
GRAHAM CLULEY. 50-odd blocks, yes.
CAROLE THERIAULT. Yeah, so it makes a full-scale Earth terrain impossible to create. But this PippinFTS guy claims to have used cubic chunks, which is somehow helped him change the shape of the Minecraft chunks to 16 by 16 by 16, which gives you infinite depth to build in all directions. So I've put a video—
GRAHAM CLULEY. Can you explain the science a bit more to us, Carole? This sounds absurd.
CAROLE THERIAULT. No, I'm just saying, you have to go look at the video, but Basically imagine a to-scale model of the Earth made in Minecraft.
GRAHAM CLULEY. So if I— so he's created this Minecraft—
CAROLE THERIAULT. With mountains and oceans and all the terraformas.
GRAHAM CLULEY. If I joined his Minecraft server, would I be able to zoom in on my podcast pleasure palace here in Oxford and see myself?
CAROLE THERIAULT. Well, no, that's actually why this has come out. So apparently, one of the problems is the human-generated structures are not part of the landscapes at the moment. So things like you'd expect to see Egypt's pyramids if you went looking for them, but actually at the moment they're just big piles of mud. So he's kind of apparently, this PippinFTS guy has gone out to start a collective project called Build the Earth to get other Minecraft players to decorate the Earth with well-known manmade structures.
GRAHAM CLULEY. [Speaker:GREG] Just sounds a bit like he's slacked off, to be honest. I mean, he could have put a bit more effort in. I mean, we do have a pandemic on. He could get— Has anyone actually checked whether the pyramids are still there? Because with everybody locked down, maybe they're not. Maybe it's like Schrödinger's cat.
CAROLE THERIAULT. There's people giving him models of universities and Manhattan skyscrapers, and are helping to build their own streets. So if you want to contribute, you can watch the video. Although I have to say, I would do it maybe with sound on low, So it's a very, very inspirational kind of opening conversation.
GRAHAM CLULEY. The last thing we want is inspiration.
CAROLE THERIAULT. Whereas Mikko sounded truly inspirational, it just has a different feel to it. But I think it's a very cool kind of project, one that people could get involved with. So take a look, see what you think. All the links are in the show notes for you.
MIKKO HYPPONEN. I've always been a big fan of— I've never really played Minecraft. I always liked the idea. But I've also found that there's a very close link between Minecraft and LEGO.
GRAHAM CLULEY. Oh, yes.
CAROLE THERIAULT. Yeah.
MIKKO HYPPONEN. I mean, Minecraft is from Sweden. LEGO is from Denmark. They both consist of building stuff out of cubes. So the real question is, when are we going to get a model of Earth in LEGO in scale?
CAROLE THERIAULT. Oh, in all the LEGO colors too. It would be very pretty.
GRAHAM CLULEY. Brilliant. Well, Carole, that's great. So as the whole world goes to shit, build a new one in Minecraft. Minecraft. We just have to port ourselves over to Minecraft to enjoy it. Well, that just about wraps up the show for this week. Mikko, thank you so much for joining us. I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
MIKKO HYPPONEN. The easiest way to follow me online is to follow me on Twitter, where my account is called Mikko, M-I-K-K-O.
CAROLE THERIAULT. G-O. Would you have died if he said Facebook Portal?
GRAHAM CLULEY. And you can follow us on Twitter @SmashInSecurity, no G, Twitter allows to have a G. And you can also join the discussion on our subreddit. So if you're on Reddit, go and look for Smashing Security up there.
CAROLE THERIAULT. A gazillion thank yous for supporting us during this pandemic. Here's hoping that we provide you a few giggles during this shit show. Also, a huge thank you to this week's Smashing Security sponsors, LastPass and Domain tools. Their continued support helps us give you this show for free. Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.
MIKKO HYPPONEN. Until next time, cheerio, bye-bye, stay safe, bye-bye, and don't forget to follow Uncle Fuckface.
CAROLE THERIAULT. Stay safe. I can't believe you have to say that all the time. Maybe we just say take care. That's what you used to say. Why is that not good?
GRAHAM CLULEY. Well, yeah, that's alright.
CAROLE THERIAULT. Take care.
GRAHAM CLULEY. Mind how you go.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Easy on the onion.
MIKKO HYPPONEN. Don't get sicko, this is Mikko. Oh God.
GRAHAM CLULEY. This must be so cool having a name like Mikko.
CAROLE THERIAULT. Right?
GRAHAM CLULEY. Graham. I mean, what rhymes with Graham?
MIKKO HYPPONEN. Boring.
-- TRANSCRIPT ENDS --