Listen early, and ad-free!

173: 5G fiascos, Zoom gloom, and butt biometrics

With , , ,
April 8, 2020
Read the transcript

We take a look at the stinky backside of surveillance, gas about the latest video-conferencing threats, and jump into the murky world of 5G conspiracy theories.

All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology broadcaster David McClelland and featuring an interview with LastPass's Barry McMahon.

Visit https://www.smashingsecurity.com/173 to check out this episode’s show notes and episode links.

Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!

Warning: This podcast may contain nuts, adult themes, and rude language.

Theme tune: "Vinyl Memories" by Mikael Manvelyan.

Assorted sound effects: AudioBlocks.

Special Guests: Barry McMahon and David McClelland.

Sponsored By:

Support Smashing Security

Links:

Privacy & Opt-Out: https://redcircle.com/privacy

Transcript +

This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

DAVID MCCLELLAND. And particularly given that we're relying on our technology now more than ever to continue whatever's left of normal in our daily lives, we need to be more vigilant now than we have ever been before.

CAROLE THERIAULT. Oh, fuck off, Dave.

UNKNOWN. Oh, what?

DAVID MCCLELLAND. It's true though.

CAROLE THERIAULT. I know.

GRAHAM CLULEY. Carole, is the pressure getting to you?

CAROLE THERIAULT. Yeah, maybe it's the straw that broke the camel's back.

GRAHAM CLULEY. Oh my goodness.

CAROLE THERIAULT. I haven't left the house. I'm bored of lentils. I can't get eggs.

ROBOT. You're bored of lentils? What's wrong with you, woman? Smashing Security, Episode 173: 5G Fiascos, Zoom Gloom, and Butt Biometrics, with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 173. My name's Graham Cluley.

CAROLE THERIAULT. I'm Carole Theriault.

GRAHAM CLULEY. Hello, crew.

CAROLE THERIAULT. Hello, Graham. I have a bit of malaise today. Look, sorry.

GRAHAM CLULEY. What? What's going on?

CAROLE THERIAULT. Well, I don't know. I've not left my house in a while. Probably going crazy.

GRAHAM CLULEY. Probably.

CAROLE THERIAULT. So apologies to everybody, but you get what you get.

GRAHAM CLULEY. Oh, well, we have possibly the perfect remedy.

CAROLE THERIAULT. Oh, yeah.

GRAHAM CLULEY. In the form of a special guest joining us today. He's returned to the show. He's a favourite of the podcast. It's David McClelland.

DAVID MCCLELLAND. Hello. Hello, everyone. How are you doing, you two?

CAROLE THERIAULT. Did you just wiggle your butt when you said that?

DAVID MCCLELLAND. How did you know that?

CAROLE THERIAULT. How did you know? Because you told me why.

DAVID MCCLELLAND. Okay, so just for the avoidance of doubt, for the first time, this is a trial for me, I am doing my podcast recording standing up because I don't feel as though I'm able to be as expressive as I'd like to be when I'm sat down in a chair. So right now I'm waving my arms around, wiggling my bum around a little bit, doing whatever I can to try and lift the spirits in lockdown Britain.

CAROLE THERIAULT. This is perfect juxtaposed with my malaise. This is going to make an excellent show.

GRAHAM CLULEY. Now, Carole, at the end At the end of the show, we got a featured interview with Barry McMahon from LastPass, but what else is coming up on today's show?

CAROLE THERIAULT. First, thanks to this week's sponsors, LastPass. Its support helps us give you this show for free. Now, on yet another stuck-at-home special, Graham looks at the stinky backside of surveillance. David is going to gasp about the latest on video conferencing snafus. And I'm jumping into the conspiracy tank to find out what sharing bogus stuff online gets us. All this and much more coming up on this episode of Smashing Security. See? Smiling.

GRAHAM CLULEY. Good. Marvellous. Well, chums, chums, I want to talk to you about some new technology which has been invented. Something which could change the face of Britain and indeed the world when it comes to authentication, biometrics, all of these things. In fact, first of all, let's take a trip back in time, because in 2011, Remember those halcyon days, 2011, long before—

CAROLE THERIAULT. Pre-Brexit, pre-Trump, pre-COVID.

GRAHAM CLULEY. I find it hard to remember what life was like a month ago, to be honest. But if you remember—

CAROLE THERIAULT. Chumba Wumba on the radio.

GRAHAM CLULEY. Chumba Wumba. In 2011, researchers developed a system that could recognise a person by their backside when they took a seat.

DAVID MCCLELLAND. This sounds like a really dodgy Channel 5 television show, if you ask me.

GRAHAM CLULEY. No, these were Japanese researchers who discovered that precise measurement of a person's posterior, its contours, and the way the person applied pressure when they sat on a seat was able to recognise people with 98% accuracy.

CAROLE THERIAULT. So basically, when someone plops down on a sofa, they can recognise who's sitting there?

GRAHAM CLULEY. When they plop. Well— Well, yeah, that's what they were saying. And the idea was that this could have all kinds of applications. For instance, maybe this could be something which could be used in offices to securely unlock PCs. So in place of passwords or facial recognition or Touch ID, you would simply sit in your chair and that would unlock your computer because it would take your bum print.

DAVID MCCLELLAND. This is bottom biometrics.

GRAHAM CLULEY. It is.

CAROLE THERIAULT. After Christmas, it has no idea who you are.

GRAHAM CLULEY. But now, but— That was 2011, but get this, a few years later, US scientists were bragging that they'd made other discoveries. What they had found was that there was bacteria in your digestive tract, which leaves a clear genetic signature in your, in your— Penis? Nope. In your poop, right? So they could say with 86% accuracy in their tests, they could match poop to people in their study. And there were concerns at the time that this could be a potential privacy concern because of course, people are donating poop for scientific research. And, you know, there are presumably large databases and storehouses full of poop where it's studied for medical reasons and potentially, people could identify whose poop was whose. And that could, yes?

CAROLE THERIAULT. Are 1,000 points of light gonna come together in a very unappealing way?

UNKNOWN. What?

CAROLE THERIAULT. Because you're talking about poop and seats.

GRAHAM CLULEY. Yeah, well—

CAROLE THERIAULT. On a security podcast.

GRAHAM CLULEY. Aha, yes. Because what I want to talk to you about today is what boffins at Stanford University have announced, which is a new smart toilet gadget.

CAROLE THERIAULT. For God's sake!

GRAHAM CLULEY. And this, this has a really good positive application. This gadget, which they say can be retrofitted to any ordinary loo, can potentially detect early warning signs of cancer, and other serious diseases, right? Now, I'm a little bit nervous of this kind of thing because I remember writing—

CAROLE THERIAULT. Why do you want to be caught with your pants down?

GRAHAM CLULEY. I remember writing, I think it was back in 2014, about a smart toilet which could be hacked. And what was discovered was that hackers could basically hijack control of this smart toilet via its app, make it repeatedly flush, raise water usage in your utility bills. But more than that, they could actually remotely and unexpectedly open and close the lid or activate the—

CAROLE THERIAULT. I thought you were gonna say send the poop back.

GRAHAM CLULEY. Well, they can activate the bidet or the air dry function, which could cause you some—

CAROLE THERIAULT. Drying your poo.

GRAHAM CLULEY. Discomfort. It's not just about poo, Carole. You don't just use the— Maybe you do.

DAVID MCCLELLAND. I have to say, I love these kind of toilets. Whenever I've travelled to the Far East, one of the most exciting things is going to the bathroom in a Japanese or in a Taiwanese hotel, where I've stayed in the past. And these washlets, with the remote controls the size of a 105-letter QWERTY keyboard. I have no idea what buttons I'm pressing, but boy, is it fun.

GRAHAM CLULEY. You get a joystick as well on some of them.

CAROLE THERIAULT. Guys, I couldn't disagree more.

GRAHAM CLULEY. Oh, really?

CAROLE THERIAULT. You are in your most vulnerable position you could possibly be. Okay, not only are you sitting down, but yes, Graham, people do poo on loos, right? You could be mid-delivery and you're sitting there pressing buttons and splashing water and running electronics all over your ass. And you think it's fun.

GRAHAM CLULEY. I actually went on honeymoon to Tokyo. And I have to say, added a whole new dimension to our honeymoon blues over there. That was my first experience. And I thought, actually— Oh my God! This is actually—

CAROLE THERIAULT. Have you looked on Pornhub Premium to see if that's a genre?

GRAHAM CLULEY. I didn't like the warming thing. You know, you can control the temperature. I didn't like having a warm seat. But I like it quite cool. But the rest of it, I thought, no, this is actually— This is something which they've adopted in Asia, but actually we could have a lot more of in the West.

DAVID MCCLELLAND. I have been to a Washlet showroom in London. I worked on a TV show a few years ago, and we went and filmed a special feature there because some of these toilets were smartphone-controlled. They were connected loos, which I guess opens them up to some potential abuse.

GRAHAM CLULEY. Which is what's happened before with some of these smart loos. Now, this new gadget made by Stanford University, it can be fitted to any ordinary loo, but it also comes with this companion smartphone app. And apparently it will use artificial artificial intelligence to analyse your poop and urine as it passes through.

CAROLE THERIAULT. Oh no, does shit hit the fan?

GRAHAM CLULEY. Yeah, but in some ways I think that's quite clever because is it in Germany where they have a shelf where they expect you to do it by hand, as it were, to analyse things? And I think, you know, I'd probably prefer if some app was doing it instead.

CAROLE THERIAULT. I think the doctor probably would prefer it too.

GRAHAM CLULEY. Well, yes, I suppose so. Now, Sanjeev Gambhir is the Stanford professor behind this toilet gadget. And he thinks it's gonna be a big hit. He says, because the thing about his smart toilet gadget is that unlike wearables, you can't take it off. Everyone uses the bathroom. There's no avoiding it, he says. And it also has this brilliant disease-detecting element to it.

CAROLE THERIAULT. So they're not just gonna track your face.

GRAHAM CLULEY. No. Well, this is the thing, right? Because I was thinking, well, look, if it's going to collect data about the state of your poop, what happens if you go around a friend's house and you've got a bit of a grotty tummy, right? And you think, oh, crumbs, you know, everything's running.

CAROLE THERIAULT. There's no video camera, Clue.

GRAHAM CLULEY. Oh, well, actually, yes.

CAROLE THERIAULT. Oh my God.

UNKNOWN. Oh no.

GRAHAM CLULEY. Well, yes, there is. There is.

CAROLE THERIAULT. Oh my God.

GRAHAM CLULEY. Well, yes. And I'll explain why, right? So if you went around to a friend's—

UNKNOWN. I'm inside my shirt.

GRAHAM CLULEY. So, if you went to a friend's loo and you were feeling a bit rough in the guts, and you did a bit of redecoration of their porcelain, you could use their device, right? You could use their device. The device might think it was the owner of the house, right? And so the way they get round that is there is a fingerprint scanner on the flush handle. And get this, this is two-factor authentication. It also takes what's called your anal print, which is— It captures with the video camera stills of, and I quote here, "the distinctive creases in the lining of the—" I can't believe, I can't say the word. I can't say the word. Anyway, the point is that it is collecting all of this information. So it knows who you are, just like a fingerprint. Apparently there is a thing called an anal print as well.

CAROLE THERIAULT. This might get cut from the episode, but— I wonder if there's some people that actually would enjoy having that bit of them captured by video.

DAVID MCCLELLAND. Well, the answer is yes, obviously.

GRAHAM CLULEY. Well, the device apparently will use machine learning and it will then classify your dump according to what's called the Bristol Stool Scale. Are you familiar with this? Yes.

CAROLE THERIAULT. An old boss explained it to me.

GRAHAM CLULEY. Right. I think it goes— is it from 1 to 6 or something? There are different types of poop. Yep. If you've been a parent, you may be familiar with this. Yes. Now, if I was a resident of Bristol— I was a student there— I do find it a little bit offensive they've called it the Bristol Stool Scale, I have to say. But there were some bits which were dodgy. Now, all of this data, of course, is being collected. And what do you think is happening with it? Well, according to the researchers, it is securely stored and analysed in an encrypted cloud server. So that's all right then. Nothing to worry about there. Nothing can possibly go wrong. So I think this has some medical uses. I think maybe in some ways this is a cool idea because not many people would rip their existing loo out and replace it with one just for these features. Although clearly David, you know, has been to the showroom. But, but I think it's an interesting biometric and I just wanted to talk about something which wasn't coronavirus related and I think maybe this is a way of the future. Clearly, there's lots of interesting medical information which can be gathered from what exits your body and from examination of that. And it could, you know, give early warning of things. But is it a price we are prepared to pay? I don't know.

CAROLE THERIAULT. I want to ask— can I ask David a question? Yes. David, when you go and try out loos in a showroom— Mm-hmm.

GRAHAM CLULEY. I don't think you—

CAROLE THERIAULT. No, no, as a journalist, as an expert in the area.

GRAHAM CLULEY. I don't think you try them out in the showroom.

CAROLE THERIAULT. No, but— No, but how do you try? No, no, but say people, if you're talking about comfort and toilet comfort and all this, some people must try seats out. What do you do? Do you go in a showroom and just sit down and pretend?

DAVID MCCLELLAND. Okay, so I have actually witnessed a few different toilet launches over the last couple of years or so. Your job's so glamorous. I've been to some high-end home renovation shows where various manufacturers are showing off their washlets and, you know, their state-of-the-art loos. Washlet? Is that the name? Is that the term? A washlet is the technical term for them indeed, yes. Oh, for toilets? Well, for the toilet seats that have got— Okay. That have got the stuff built into them. Oh, right, yeah. And typically what they do is that there is a Perspex sheet that goes over the seat. So you can see— You can see what comes out from the back of the loo and where the water is squirting and so on. There is a hole, right? So you're not— Well, no. So you're not actually sitting on the loo to test it. Oh. But you're seeing all of the technology doing what it would normally do were a person sat on the toilet at that point. Right. A perspex sheet stops you from getting splashed in the face, which would be very wrong.

GRAHAM CLULEY. You have to pay extra for that. David, your job is awesome. He's amazing. It's awesome.

DAVID MCCLELLAND. Yeah, you should write a book just about, "Today I did this." And trying to keep a straight face and talk about it respectfully as well. And in all seriousness, I was at an event late last year or so, and a lot of these devices are being installed for vulnerable people, people who are resident in nursing homes and so on. Oh yeah, great point. Who maybe can't take as good care of themselves as would be ideal, these do a good job of that as well. So there is a very serious side to what some of these washlets and high-tech toilets do-do.

GRAHAM CLULEY. Thank you. You said do-do. Was that deliberate? Thank you for raising the tone, David, after we plumbed new depths.

DAVID MCCLELLAND. David, what's your story this week? Aha. Well, so look, for a chunk of my work, my audience is primarily general consumer audience, certainly not a tech-first audience. And over the last few weeks since we've all been in this thing together, I've been talking on the radio and writing in the papers. I'm a gadget doctor in the Metro now, you know. Dr. McClelland. Great title. I love it. Yay. But I've been chatting about, guess what, how about how all of these video chat and video conferencing apps have suddenly become part of our essential support network for keeping us in touch with family members, keeping us sane by keeping us in touch with friends, and hopefully helping us keep hold of our jobs as well. The thing is, is that but a month ago, most people, again, non-techies in particular, had never ever heard of apps like Houseparty or Zoom. It's safe to say the public certainly has now heard about them, and me along with many, many other tech journalists, we've all been doing our best, as I know you, you have as well, to try and encourage safe use of them up and down the land. Unfortunately, lots of of hackers and mischief makers are also now very, very well aware of these apps given their sudden prominence and are ramping up their efforts. So the word is spreading that if you're Zooming, you need to do a password. Okay, that's all good, but mischief making might be enough for some bad guys. Some will want to make money out of their malicious acts, and the password thing isn't going to get in their way. So we've seen a new trend emerge. In fact, Trend Micro has just issued a report itself in which a number of fake Zoom installers have emerged that alongside installing the Zoom video conferencing software also bundle in some nasties as well. So one of the unwanted bits of malware is a coin miner. Now these little blighters blitz your CPU and your graphics card and contribute to a crypto mining effort that lines somebody else's virtual wallet at your CPU cost. Not a good thing, but certainly we've seen a big rise in these over the last two or three years. And you know, the first that many consumers know about it is the fact that the fans on their PC or their Mac is whirring away. They can be delivered via web browsers as well. Even visiting some websites, that there will install some nasty stuff or just use some CPU cycles. Another thing that we've seen as well is that alongside the Zoom installers, we're seeing RATs, these remote access trojans, which give hackers full access to your PC or your Mac, and goodness knows what kind of havoc they can wreak.

GRAHAM CLULEY. And again, these are being bundled with installers for Zoom. Do we know if these installers do really install Zoom at the end to make it appear more legitimate or not?

DAVID MCCLELLAND. It certainly seems as though they do, and that's part of how they get in with stealth. Because, you know, as, as someone who maybe, uh, I go, I'm doing a Zoom meeting for the first time later on, let's just do a search and, you know, uh, type in Zoom installer, and I find it. I don't know what the proper website is to install Zoom from, so I, I download it from a third-party source, not from the Zoom website. Zoom is running, so as far as I'm concerned, it's been successful. Might be using quite a lot of CPU, but because I've never used Zoom before, maybe that's what it does. Yeah, exactly.

GRAHAM CLULEY. So it may not even appear suspicious that your computer is maybe running a little bit slower or the fan is going hectic.

CAROLE THERIAULT. I gotta say though as well, like most Zoom meetings that I've joined haven't been set up by me. I just get a link from someone. Exactly. Be careful.

DAVID MCCLELLAND. I get it. At the moment, we're all improvising a little bit, particularly those of us who aren't used to working from home. And that means that we're cutting corners, maybe some of the normal processes and, you know, measures to protect ourselves that we would normally take, we're not doing because we're just, you know, being a little bit more reactive. But the thing is, it's exactly that that the bad guys are looking to exploit at the moment. And particularly given that we're relying on our technology now more than ever to continue whatever's left of normal normal in our daily lives. We need to be more vigilant now than we have ever been before.

CAROLE THERIAULT. Oh, fuck off, Dave. Oh, what? It's true. I know.

GRAHAM CLULEY. Carole, is the pressure getting to you?

CAROLE THERIAULT. Yeah, maybe it's the straw that broke the camel's back. Oh my goodness. I haven't left the house. I'm bored of lentils.

DAVID MCCLELLAND. I can't get eggs. You're bored of lentils? What's wrong with it, woman? I just—

CAROLE THERIAULT. I know, I'd like another bean, you know?

GRAHAM CLULEY. When you're bored of lentils, you're bored of life, Carole. You've heard the saying.

CAROLE THERIAULT. It's just we worry about a lot of things right now.

GRAHAM CLULEY. So what, your answer, Carole, is not to worry about Zoom, not to worry about these malicious installs, not to worry about crypto mining?

CAROLE THERIAULT. I think it'd be very nice if we could end this with some advice rather than say just be more vigilant than ever. Just, I think actually people, you know, if you're setting up a Zoom, I think absolutely go to the right website to download it. Don't just type in Zoom in Google and take the first advertising.

GRAHAM CLULEY. Yeah, but that's how people do everything. I know. Not to mention my in-laws, because apparently they listened to the episode where I talked about how I've got them a Facebook portal and want— only at the moment social distancing is preventing me having to have that discussion with them.

CAROLE THERIAULT. You talk about them with love as I talk about my family with love.

GRAHAM CLULEY. Exactly, exactly. But I think it's not unlikely that they visit websites by typing the name of the website into the Google search engine rather than the URL.

CAROLE THERIAULT. And then clicking on— yeah.

GRAHAM CLULEY. And then clicking randomly somewhere on the page. Exactly.

DAVID MCCLELLAND. And I think that is the advice, yes. And it is, it is difficult, it is confusing, particularly when, you know, some web browsers, you open up the first page you're presented with by default, your homepage is a search engine, you know, rather than typing in the URL. And again, this is advice as much for non-techies as it is for techies. You know, this is for, you know, 'This is for my wife, this is for my dad.' You know, they've been invited to a Zoom conference to join in a family chat with family members finding it very, very difficult to get together at the moment. So, you know, as frustrating as it is, Carole, and I totally get it. You're right. I know I'm right. I know I'm right. I must admit, while I was researching my story, Graham, I did have a look to see if there were any Facebook Portal security snafus over the last week or so.

CAROLE THERIAULT. And? I don't think there have been.

DAVID MCCLELLAND. I couldn't find anything so far.

GRAHAM CLULEY. You see, I am vindicated once more.

CAROLE THERIAULT. Oh yeah, vindicated. Yeah, one week. One week down, no security snafu. Well done, Clue. Yeah. It's working very well.

GRAHAM CLULEY. There you go. I think you'll all be—

CAROLE THERIAULT. You and Zucks are in bed together.

GRAHAM CLULEY. Yeah. You'll all have them soon. You'll all have them.

CAROLE THERIAULT. Yeah. You count the days.

GRAHAM CLULEY. Carole, what's your story for us this week? So, 5G.

CAROLE THERIAULT. It is time to don our tinfoil hats because 5G is here, or at least for many of us, it's coming, if not already here. And lots of us are excited about it. It's going to speed up the internet. I've read exponentially faster download and upload speeds. Dave, what do you think about that?

DAVID MCCLELLAND. Hmm, no, there's a lot that's exponential at the moment, but 5G upload and download speeds isn't one of them.

CAROLE THERIAULT. Okay, so a bit faster, and that is a good thing because right now a lot of us are reliant upon mobile connectivity, especially when working at home. A month or so ago, the International Commission of Non-Ionizing Radiation Protection, how's that for a name? Oh yeah, yeah, yeah. The ICNIRP, just to make it quick and snappy.

GRAHAM CLULEY. They're great fun guys, I have to say. They know how to throw a party.

CAROLE THERIAULT. Well, they may not be fun, but they are a Germany-based scientific body that assesses the health risk of radio broadcasts, and they're in charge of setting the limits on exposure to radiation. Now, they came out at the early March saying 5G is safe. So this is all good news because we are hoping that this might calm some of the existing conspiracy theories around 5G. Snopes, the truth-sayer in most things, if not all, they've addressed a few of these conspiracy theories. There was one claim that cell tower workers were required to wear hazmat suits while working on 5G equipment. That was considered false by Snopes. Another one was that Japan was banning the development of 5G over health concerns. Again, false, right? They're actually investing in the technology. So according to this great article in Wired, which you sent me this morning, Graham, RT, the media house, has been leading a disinformation campaign against 5G for some time now.

GRAHAM CLULEY. And RT, for those who don't know, are basically run by the Kremlin, aren't they?

CAROLE THERIAULT. Yes, they are a Russian—

GRAHAM CLULEY. Yeah, Russia Today they used to be called.

CAROLE THERIAULT. Now, the idea that Wired were implanting was maybe this was trying to hinder the rollout of the technology so that Russia could play catch-up. But whatever, whatever the case may be, we know that the Russkies are pretty au fait with disinformation campaigns. We've seen it for the last few years. So it's no surprise around the time that experts were saying that 5G was safe, some corners of the internet had different ideas, and all this 5G hogwash was already a-swilling. So Wired pinpoints the drama kicked off on January 22nd when a Belgian newspaper published an interview with a Dutch GP and he said 5G is life-threatening and no one knows it. That was what the headline said. Okay. And the GP didn't just claim that 5G was dangerous, he also said it might be linked to coronavirus. How would that work?

GRAHAM CLULEY. What kind of link would there be?

CAROLE THERIAULT. Yeah, he had no proof. He had no proof. But this story made the rounds on social. Add to this that there was this video that was making the rounds on Facebook and Instagram and all these places is showing people in China tearing down a 5G tower. And the title that went with this video was, "The 5G tower was being torn down in an attempt to stop the spread of COVID-19." Okay, virtual huddle huddle. Right, okay.

GRAHAM CLULEY. It's safer to virtually huddle at the moment, isn't it? Rather than— Exactly, exactly.

CAROLE THERIAULT. Okay. Now this video was valid, okay? And it was validated by Snopes, but it was filmed months ago and has absolutely no ties to Corona whatsoever. Okay. So this is happening. Then you've got media companies starting to write about, and when I say media, I am actually doing the quote unquote. The bunny ears? Yeah. Daily Star. What do you guys call that?

DAVID MCCLELLAND. Oh my word. The headline, the headline that they initially put out for this story makes me cry. What did they say? I haven't seen this.

GRAHAM CLULEY. What did they say?

CAROLE THERIAULT. I'll tell you the headline and then let's hear from David. Okay. So the headline read, Fears 5G Wi-Fi networks could be acting as accelerator for disease. This was last week.

DAVID MCCLELLAND. Really? This was the 26th of March, right at— well, you know, just as the number of deaths, just as the real— not that concern wasn't already starting to spread in the UK by then, but this headline is technically incorrect, but also just totally inflammatory and irresponsible.

CAROLE THERIAULT. Yes. And it gets worse. The article gets even worse. The next piece says, "There are fears that the UK could be hit harder by coronavirus because of the rollout of the 5G network." And in the article, they have quotes, not from scientists or experts, but an activist and a philosophy lecturer at the Isle of Wight College. And they're saying things like, "Yeah, this is really bad," but they have no expertise in the field.

GRAHAM CLULEY. Well, experts, you know, we learned to stop listening to them a couple of years ago, didn't So for those who don't know, the Daily Star is, it's not the most popular tabloid newspaper in the UK, but it's certainly not unpopular.

CAROLE THERIAULT. No, I checked their circulation. So it's around, I think it was like around 150,000. That's for printed paper, right?

GRAHAM CLULEY. And you could imagine someone who's seen a story like that would go and tell their mates if they actually had contact with their mates anymore. I suppose they'd have to WhatsApp them or something like that instead.

DAVID MCCLELLAND. We've seen even over the day that we're recording today, there have been moves by some social media networks to control the spread through dark social, as social media managers would call it, of some of these stories, limit the rate at which some of these stories are able to spread through shared networks that, you know, I've suddenly got a street social network, a street WhatsApp group that we didn't have a month ago. It's lovely that it's there, but there are many of these networks up and down the country. And, you know, these stories can go go very quickly viral if there aren't some controls put in place.

CAROLE THERIAULT. Well, you know, the question is, is what, you know, is this actually doing any harm? Right now we're just seeing a bunch of people sharing some information online, right? But it suddenly kind of goes to a tipping point when people like Woody Harrelson, yes, that Woody Harrelson from Cheers, yes, right? So this conspiracy 5G COVID video from China falls into his digital lap, and the dude that he is either watches it or reads the headline and decides to share it on his Insta with his 2 million followers. Right. I'm not blaming him because he's just doing what a lot of people do. He saw a headline or he watched a video, he made a snap decision that it was either entertaining or valid, and he basically sent it to all his followers. Amanda Holden, she's a Is she a celeb? Britain's Got Talent judge?

GRAHAM CLULEY. Yes, ironically. She's like a TV judge thing.

CAROLE THERIAULT. Yeah, anyway, so ironically, yes, exactly. I don't even know what that means. She's not really in my echo chamber, but, you know, she spewed some nonsense to her followers online, and loads of high-profile semi-celebs seem to do the same kind of thing. Now, what could go wrong? What would be the problem with all this? Well, quite a lot, it turns out. Because people thought that burning mobile phone masts in Birmingham, Merseyside, Belfast would be a good idea. Some of these mobile towers weren't even 5G. The last number I saw of the totaling the number was 20 mobile phone masts in the UK were either petrol bombed or set alight.

GRAHAM CLULEY. We need people to destroy the communications network and cause even more burden on the emergency services at the moment. Fantastic.

CAROLE THERIAULT. I'm kicking you off my soapbox and getting it on myself because that's exactly my point. You've got all these communities out there who are reliant on mobile connectivity and they're trapped at home. And that means people can't make phone calls, they can't apply for money, can't order food, can't manage their accounts. Not everybody has a solid broadband connection. Not everybody has broadband. And people may, my friend, a friend in Australia, she had just got a new job. She got a new computer and suddenly COVID hit and she had to work from home. But her new computer was set in such a way that it wouldn't connect to her home Wi-Fi signal. But all the software was on her computer. So she had to use her cell phone to do the link in order to work. And it was a brand new job. And of course at this time, that's one thing you don't wanna lose is your job. So, so there's lots of people in those kind of scenarios. So this is a big, big deal. Yes. And of course, then people are videoing these arson attacks, putting them on socials and perpetuating the bullshit.

GRAHAM CLULEY. And now I imagine there's a follow-on conspiracy about people who are saying this is all nonsense. It's like they're trying to cover up the truth. They're not letting us spread our stupid YouTube videos.

CAROLE THERIAULT. Yeah. Well, so people aren't taking this seriously, right? A joint statement, EE, O2, Vodafone and Three all got into a powwow together. Which is extremely rare, to say that there was no basis in fact that COVID-19 was in any way connected to 5G.

GRAHAM CLULEY. Well, they would say that, wouldn't they, Carole? They would say that. They're all part of the one world government, the Illuminati.

CAROLE THERIAULT. Okay, now tell me if this helps you. Okay, now keep with that, keep with your character, okay? So the Vodafone UK CEO, Nick Jeffrey, he's not happy. He condemned the attacks on the telecoms infrastructure and calling online stories linking coronavirus to 5G utterly basedless useless. Tell me if this calms you down and brings you on side. Okay. All right. This is now a matter of national security. Police and counterterrorism authorities are investigating, but rest assured that our mobile and broadband networks remain resilient and that you, your families, and businesses will stay connected.

GRAHAM CLULEY. So the people who are burning down the masks, they are now being tarred as terrorists. If there is certainly suggesting that.

CAROLE THERIAULT. Yeah.

GRAHAM CLULEY. I mean, where I'm sure they're just a bunch of kids or, you know, senior citizens or where Yeah, people who haven't really thought through things probably, but yes, or looked at any evidence. Again, it's interesting.

CAROLE THERIAULT. The Guardian had an interesting angle on this, saying industry insiders and fact-checker experts said basically this was a perfect storm of conditions. So they cite the rapid growth of neighborhood social media groups like Nextdoor and Instagram. David has in his street, right? Yeah, but a failure to promote scientific evidence about 5G as well. And you've got a terrified population looking to make sense of this new COVID world. Yeah, yeah, totally. But Stephen Powis, the National Medical Director of England, said that this was the worst kind of fake news. His quote, "I'm absolutely outraged, absolutely disgusted that people would be taking action against the very infrastructure that we need to respond to this health emergency. It's absolute and utter rubbish." So he's not happy. One of the ways, one of the things they're trying to tell people, the conspiracists, is going, look, COVID-19 is spreading just as quickly in cities and even in countries that are yet to roll out 5G. Iran, for example. Exactly. Iran has no 5G, but Iran is, what is it, number 2 on the list of number of deaths due to this?

DAVID MCCLELLAND. It was certainly a very early front-runner when it came to deaths.

GRAHAM CLULEY. I don't know where it stands at the moment.

DAVID MCCLELLAND. But also there was the allegations that Wuhan was the 5G testbed last year, but actually London was. You know, the Greenwich Peninsula was one of the first main sort of 5G test areas, yet it still emerged out of China. You know, there's allegations that the virus is able to communicate using 5G. What? Which is absolutely ridiculous. Yeah, so have a look at the fullfact.org article on this, and they talk about some of the allegations that are being made and some of the arguments that the anti-5Gers, who are a very vocal, vehement lot, I have to say, are making about this and about how 5G, because of the high frequency, high power, it is— it's reducing our ability to resist infection. So, you know, that's part of the Daily Star argument, was the fact that it's making it easier for the virus to take hold in us. And if we switch off the 5G networks, then our immunity will all instantly come back. It's, oh, and you know, I've been asked to talk about 5G and, you know, is 5G a threat and all the rest of it. And where I'm at is I don't think there's a way. And Graham, you were making this point a moment ago really with, well, they would say that, wouldn't they? There is almost no way to convert an anti-5G fanatic. The best job I think that I can do with my limited powers is to try and convince people who might be hearing from these 5G fanatics to take what they say with a pinch of salt. 5G at the moment is—

CAROLE THERIAULT. How many are there though, these 5G fanatics? Like, makes up a huge—

DAVID MCCLELLAND. Well, in a way it doesn't matter because they're so vocal and they are so organized, it seems, that there may be far, far more of them, or at least they appear to be far more numerous than maybe they physically are. But 5G is no different to 4G. It uses, at the moment anyway, pretty much the same technology. And knocking out these cell sites, obviously it's inconvenient for those of us who maybe use 4G and 5G for our home broadband or our phone calls. But these same masts are used for, in the UK anyway, the ESN, the Emergency Services Network. This is the closed-off mobile network that emergency services, the people who are trying to save our lives, that we go out every Thursday night and we clap from the rooftops, they're unable to communicate if these mobile signals get knocked out. It gets me so cross.

CAROLE THERIAULT. That's a really, really, really important point. Good point. What do you think about this? I think some people get this in their feeds, right? They'll see one of these messages and it's a bit like the National Enquirer, right? Like you see it and you think, "That's so insane. I've got to send that to my mates. They won't believe this." So maybe counting the number of shares is assuming that everyone that's sharing it is a bona fide believer. Whereas I can imagine sharing something because it shocked me.

GRAHAM CLULEY. Yes, but it doesn't really matter how many people don't believe it, because if you forward it, if you share it with a WhatsApp group, for instance, some people will believe it, and they will then spread it on. And so—

CAROLE THERIAULT. I agree, but I think that's the problem. So we have to do better, right? So we have to stop sending stuff that we haven't verified, or we Yeah.

GRAHAM CLULEY. It's like there should be a CAPTCHA. There should be some kind of check before you can share things with other people on social media. Yeah, like you've read the article. Yes. Have you actually scrolled to the bottom of the article?

CAROLE THERIAULT. Did you open the article? Or did you just send it from your feed directly?

GRAHAM CLULEY. Are you simply forwarding it because the headline or the picture was pretty and you're shocked? Or did you actually scroll to the bottom of the article and read it?

CAROLE THERIAULT. Do you know, we've got a friend, Graham, and yeah, I'm just gonna say the line that they give me and you're gonna know exactly who it is, right? Whenever I forward anything, I get back, did you read it?

DAVID MCCLELLAND. Was the accent a bit of a giveaway?

GRAHAM CLULEY. It was a bit.

CAROLE THERIAULT. And I say, of course I did. She goes, good. Good. So many of us now are realizing that moving to a fully work from home environment isn't always easy, but LastPass is here to make that transition easier, all without decreasing security. Security. LastPass ensures your employees have secure access to their work applications and provides remote employees the ability to securely share passwords across teams in order to stay on top of critical projects. If you want to learn more, visit lastpass.com/smashing. On with the show.

GRAHAM CLULEY. And welcome back, and you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week. Pick of the Week.

CAROLE THERIAULT. Pick of the Week.

GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be coronavirus-related necessarily. Better not be.

CAROLE THERIAULT. You just non-stopped already.

GRAHAM CLULEY. And my Pick of the Week this week, because I wanted something fun, I wanted something light. A lot of us are at home and—

CAROLE THERIAULT. What, after talking about buttholes, you wanted to go something a little lighter? Oh God.

GRAHAM CLULEY. I was talking about a very serious biometric privacy concern, bro. A new form of two-factor authentication. Anyway, the thing is that someone on Reddit or somewhere like that, they said to me, keep the recommendations for fun Nintendo Switch games coming. And so I thought, all right, I'll do that because let's spread a little bit of joy when everyone's stuck at home with their family trying to keep everyone entertained. And that is why I can recommend to you a game which is available for just about every platform under the sun, not just the Nintendo Switch. Nintendo Switch, and it is called Totally Reliable Delivery Service.

CAROLE THERIAULT. Okay, that sounds like a barrel of laughs. Well, actually, it would be now. They get to go outside, don't you?

GRAHAM CLULEY. Totally Reliable Delivery Service is a physics-based multiplayer comedy game about a terrible delivery service and being a terrible delivery driver. And if you've ever played a game, what, these sort of ragdoll-based games or these games like Human Fall Flat. Is that what it's called? This is a game where basically you're sort of in control of somebody's body and it's like you decide when they move their arms or if they're holding on to something and they're grabbing things and you can play it with your friends and you pick up parcels and all you have to do is deliver them to the place they're meant to go and mayhem results. It is very, very funny. Before you know it, you're hanging on to the edge of a biplane. Plane while your friend is trying to fly the plane to get the package to a certain place in time. You're falling over everything. Everything's crashing, smashing up. It's hilarious fun.

CAROLE THERIAULT. Is it more fun than undercooked or overcooked or whatever?

GRAHAM CLULEY. It's actually quite similar in a way to overcooked. Not as frustrating as overcooked, because overcooked I think can destroy marriages. Totally Reliable Delivery Service. I found it slightly best enough you're a gate in. You don't go the full Gordon Ramsay, but it's very, very enjoyable. And I can confirm it's very difficult to fly a helicopter. So that is my recommendation this week. Virtually.

CAROLE THERIAULT. Don't assume you can fly a helicopter. Oh, no, no.

GRAHAM CLULEY. I believe it is difficult in real life as well. I believe it's slightly complicated. This game has confirmed to me that I am not a natural helicopter pilot. So my recommendation, my pick of the week, is Totally Reliable Delivery Service.

CAROLE THERIAULT. All right, I'll add it to my Switch list.

GRAHAM CLULEY. David, what's your pick of the week?

DAVID MCCLELLAND. Well, my pick of the week: homeschooling. Yay! We've certainly been homeschooling over the last couple of weeks, juggling doing normal work and schoolwork, and it's been great fun. There are some great online resources. Everyone knows that Joe Wicks has been doing a PE class every morning at 9 o'clock. And it's had, you know, millions of views and that's all good. But I want to highlight another one that actually we found very, very handy from an educational point of view. The kids absolutely love it and it's called Let's Go Live with Maddie and Greg. Now, UK TV viewers may well know Maddie Moat from her CBeebies television show, Do You Know? Maddie's Do You Know? And that's a— it's a science program for kids who are, you know, up to the age of maybe 6 or 7 or 8 or so. But I've certainly enjoyed watching it. Greg Foot is also a kind of science presenter. Blue Peter does their science experiments and things. They've come together to do this daily live show at 11 o'clock where they explore science and nature, and it's full of makes, it's full of live camera feeds, it's got guests on it. It's from their spare bedroom, but it's absolutely brilliant. I love Maddie, I love Greg, and my kids love watching them and making the makes. We've got models all over our house. We've got bird feeders outside. I think yesterday or today The other day they were doing scale models of the solar system but using bits of fruit and other things lying around the house. It's great. Every day, 11 o'clock on YouTube, and obviously available to watch on demand thereafter. But send them photos, engage with them. That's great. And I think, I mean, one thing that this whole thing has brought out is lots of people putting their stuff out online and sharing their knowledge, sharing their skills. And certainly from a parent's point interview. There's so much there for kids to engage with.

GRAHAM CLULEY. I'm just watching this right now. And it looks quite funny. You know, it looks quite professionally done and all the rest of it, the cuts and the— I'm just— are Maddie and Greg a couple? You said it's their spare bedroom. And I'm thinking they're awfully close to each other. So they must be. Better friends than you and I are, Graham.

CAROLE THERIAULT. That's all you need to know.

DAVID MCCLELLAND. Is that what you're worrying about? They are engaged. And I think that's public knowledge. I think they put out a video on YouTube a of years ago. So, uh, oh, okay.

GRAHAM CLULEY. Carole, what's your pick of the week?

CAROLE THERIAULT. I've not been sleeping so well these days, and, uh, that means I've been listening to lots of podcasts, right? It's like in a catch-22. It's like, I'm listening to podcasts. Is that preventing me from sleeping? Or am I listening to podcasts because I can't sleep? Um, however, either way, my eyes get rested while I listen to podcasts. That's why podcasts rule. So I've been listening to this podcast called Power Corrupt. Now, Graham, I did send it to you and I said, you better listen, you better listen, you have to listen, you have to listen.

GRAHAM CLULEY. Yeah, yeah, I've listened to a bit of one episode.

CAROLE THERIAULT. Oh right, so that good, eh? Well, no, no, I was just—

GRAHAM CLULEY. had to do something else, but it was— I enjoyed what I heard.

CAROLE THERIAULT. So it's hosted by Dr. Brian Klaas. He's a political scientist and a columnist for the Washington Post, and this podcast is in its second series. I actually didn't listen to the first series yet, so I kind of did it in First, this is the full second series, and I'm going to go back and listen to the first one. But it touches upon smuggling and ransoms and election riggings and assassinations and heists and money laundering, disinformation and propaganda. So it's just fascinating. The interviewees are top class, the information is pertinent for today, and it's honestly made me wiser about the world. There's this one episode called, uh, Godfather of Fake News, and he interviews this guy who is effectively an American control, like proudly spewing out fake news all the time. And he is very proud and happy to it, and he makes a living at it. And he feels he's doing it for the good of the people because he's showing them they're stupid. And it is just really hard to listen to, but also because you can interrupt, you can get another point of view on things and it can kind help change the way you might deal with it should you meet someone like that. Anyway, fascinating. So listen to it. It's pertinent for now, especially those of us that are facing elections and facing political disruptions. It's a good way to educate yourself. So Power Corrupts by Brian Klaas is the podcast. Fantastic.

GRAHAM CLULEY. Well, that just about wraps it up for this week. Whoa, whoa.

CAROLE THERIAULT. Remember to stay put, guys. We have a special feature interview interview with Barry McMahon from LogMeIn, the people behind LastPass.

GRAHAM CLULEY. David, thank you so much for joining us once again. I'm sure lots of our listeners would love to follow you online. What is the best way for folks to do that?

DAVID MCCLELLAND. If I were you, I would go to Twitter @DavidMcClelland, all the C's, all the L's, and a couple of vowels chucked in for good measure.

GRAHAM CLULEY. And you can follow us on Twitter @SmashingSecurity, no G, Twitter won't allow us to have a G, and on Reddit as well if you want to go and join the Smashing Security subreddit. And don't forget, if you want to make sure you never miss another episode, subscribe in your favorite podcast app such as Apple Podcasts, Spotify, or Pocket Casts.

CAROLE THERIAULT. A bajillion thank yous for listening to us. You are keeping Smashing Security alive by listening to us each week. Like, literally, we thank you from the bottom of our hearts, and we hope that you and yours are keeping safe. Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch with us.

GRAHAM CLULEY. Until next time, cheerio. Bye-bye. Bye-bye, everyone.

CAROLE THERIAULT. Bye. Stay safe. Oh, yeah. Sorry. So, McMahon, how do I say it?

UNKNOWN. Here, you should open with that. You should open with that.

CAROLE THERIAULT. So how do I say your last name? Because I, you know, even though I spent time in Ireland, it's a difficult one for me.

UNKNOWN. Depends. It depends. So in the States, they call me McMahon. Okay. In Europe, I suppose, English-speaking Europe, it's called McMahon. I've listened— I've answered to a lot worse, don't worry.

CAROLE THERIAULT. If your dad were angry with you when you were a kid and he used your full name, how would he have I can't, I can't, couldn't repeat the things that my father's called me in the past. Maybe you should introduce yourself because this is the first time that you've been on the show and we've invited you on here because you work at LogMeIn, you know, the LastPass parent company. And so maybe you can just give a little introduction on like what you do there and all that.

UNKNOWN. I am an international product marketing manager manager within LogMeIn. Business unit that I work in and that I predominantly focus on is identity and access management. I work very closely with colleagues based in Australia and all across our European markets as well.

CAROLE THERIAULT. You're going to have a really unique perspective on what everyone in the world right now is dealing with, is this kind of shift from working in an office with lots of people where they encourage community to being isolated, working from home and all the security issues that come with that. So, um, you must have seen a huge shift even in your office when all this kicked off.

UNKNOWN. Yeah, like, yeah, like the shift has been huge, right? Um, for different parts of the workforce, um, you know, they will have started a career in LogMeIn and they may have always been office-based, and so therefore working from home is a totally different thing. For myself, you know, brand new. And for others, they've joined LogMeIn or they've been in other organizations where, you know, part of their routine was working from home or being very highly mobile. And so less office space. So, you know, different people with different disciplines and different behaviors need different things. And then you add into the mix for all of that then family life, right? Because I have two small kids here, so they may make a guest appearance at some stage. Myself and my wife, we both work full-time. Both of us are working remotely and we're both juggling two kids as well. So it's very, very different. So literally overnight, things have changed. And that's put a lot of strain on a lot of different aspects, not just the organization, not just what the employee needs to do, but also on family life.

CAROLE THERIAULT. As well. Absolutely. So companies are approaching this in different ways. I mean, obviously from an organizational point of view, companies are going to be like, we need to try and stay afloat as long as we can through this crisis, ride the wave as ethically and morally as we can. Others, of course, are going to scramble and run. But for those good companies out there who are trying to do the right thing, there's a mountain of stuff that they need to think about. Because as you were saying, you have worked at LastPass, LastPass, and they already have some policy for work-at-home remote workers. They've been practicing this policy forever. So, so, but there's so many companies now that are doing it for the very, very first time, and they want to get it right. LastPass is uniquely positioned because some of the stuff you guys work on actually can help, you know, makes it more secure and makes it easier for the user.

UNKNOWN. 3 weeks ago, everybody, or for most people, were still based in the office. Now everybody's based at home. The security perimeter or the security boundary is now sitting at the kitchen table, not sitting at the office, not sitting at the desk in the office, or wherever you can get a nice quiet place in your own home these days. So, you know, we're seeing a lot of that happening. Next, coming very quickly behind that is security and trust, right? So, strategy for a lot of security leaders has actually, you know, taken a back seat. That's put on the shelf at the minute because this is totally unprecedented. A lot of security leaders are going to be playing catch-up. What we've been working with organizations in LastPass for the last couple of years has been to help organizations build a culture of trust, build a culture of awareness, and build a culture of understanding why it's important to be more cybersecurity aware care and be more vigilant about what you click on, what you download, etc.

CAROLE THERIAULT. That's such a good point because I remember now, this was, you know, a few years ago, maybe 6 or 7, but I was working for a company which, and they provided me a laptop and I was on a remote location. It was the first time I was outside of the main network and I couldn't connect for like an hour because of all the different blocks that they put in to ensure that the system was safe. And I got so frustrated, I went out to an Apple Store and bought my MacBook. So you're right, adding friction can almost force employees to find workarounds that the organization may not think is great.

UNKNOWN. Well, I always say, right, if you want to see how technically literate your employees are, put up roadblocks to them doing the job that they need to do, and they will find a way around it. They will be as innovative as anything, right? So, you know, if you put the roadblocks up, you're not going to bring people on the journey with with you. And so flipping to the organization perspective, right, the organization now is going to be playing catch-up in terms of we need to deploy solutions, we need to deploy them fast, we need to be able to configure them, we need to be able to implement policies, and we need them to scale because this isn't just going to be a domestic problem, a challenge I should say, it's a global challenge that organizations will have. And so how do you knit the end-user experience with the security challenges that are happening today and make sure that everything is frictionless the whole way through? And that's always been the big challenge for security leaders, right? Typically, they want to put something in place for all the right reasons, and the end users go, this is just too restrictive, we can't use it. But now security leaders are having to evaluate these tools to go, okay, If we don't do this the right way, we don't have any control here, and we won't, we won't have any influence. And so that's why you're starting to see a lot more— and this isn't new, it's just been accelerated given the coronavirus situation we're in— but now you're starting to see multifactor authentication, single sign-on, and password management now as well, right? So what you're trying to do, what the security leaders are trying to do, is they're trying to meet people where they where they are, right? They're at home. You're trying to meet them where they're comfortable with the tools that they're using, i.e., their tablet, their desktop, or whatever it may be. And so if you can help them use them tools and help them be productive, but then also in the backend ensure that they're secure, and that then by association, the byproduct of that is that your organization will be secure, then you've significantly reduced the risk profile ransomware profile that, you know, you may be exposed to now in this whole new world of operating. Since the coronavirus started, like, look, any big story, anything that people are interested in, you can be guaranteed there's always going to be some sort of a scam associated with it, right? Because everybody wants to click on it, and everybody wants to be up to date. So if there's news— look, this isn't new, right? Phishing has been around forever and a day. And the reason it's still around is because it still works. People still click on things. Therefore, if they still click on them and they enter in their credentials, guess what? The scammers have got what they needed. Coronavirus is no different. We've just seen a significant amount of scams increase. Click on this link, please. I've seen a recent one for a home delivery service saying that you were short in the amount that you paid to get the parcel delivered. Can you please click on this link to to complete the payment.

GRAHAM CLULEY. Do you know what though?

CAROLE THERIAULT. I'd argue though that coronavirus is different because I can't think of any time in history where the entire world was able to talk in real time about a single topic that was of interest, of primary interest to every single, you know, nation and location. Like it's kind of a crazy, so it's almost like it's gonna, you know, the coronavirus phishing attacks, attacks normally would maybe be language specific specific or regionally specific, whereas here your net could be extremely wide.

UNKNOWN. Well, you're 100% right there. Your net is a global net. Now, there's nobody who doesn't want to click on some interesting story about coronavirus, right? Exactly. That may be for a cure, or it may be to find out, you know, who in your neighborhood has coronavirus or whatever it is, right? There's nobody not going to click on something like that. So we're all vulnerable. Everybody's vulnerable from that perspective. Problem is, is that when people click on this, you know, from a LastPass perspective, you click on that link and it may look like your bank account website, it may look like your national delivery service website, it may look like your health insurance website, but it's not, right? And that's the key thing. It's not. But if you're having to remember your passwords and reusing your passwords, you're just going to put in whatever information they ask ask for. LastPass will check the URL, and if the URL doesn't match what you have in your vault, well, guess what? It's not going to auto-populate. And so straight away, you know, people will go, hmm, that's a little odd. Same with single sign-on, right? There's applications that when people were in the office, they would have always been logging into, and you know, because you're in the office and because you're on our network, well, guess what? You know, it's, we can let you in, it's fine. The beauty of single sign-on and the simplicity of single sign-on is that now for all of these applications that people typically have to remember passwords for, you can put them all just behind one wall. And so it's simple, it's secure, you have the one password to access all of them applications. Security teams now aren't, they're not able to go around in the office and talk to people and help people and whatever else. So, you know, unless they want a deluge of more support tickets coming into their desk. What do they need to do? They need to make it simplistic and intuitive. And that's not to say that the, that the solution needs to be less secure. The solution can be really secure. It just means that you need to make sure that the user experience is nice and slick.

CAROLE THERIAULT. You're an expert here. What advice do you have for them to try and control their work environment so that, you know, the kids don't get on the systems or, you know, and they make sure that their work stays safe and clear?

UNKNOWN. You know, everybody's trying to share the same Netflix account, maybe across multiple devices or whatever the case might be. People are trying to log into different applications at different times. Your broadband is probably maxed out to the last and you're trying to, you know, everybody's trying to work and everybody's trying to have their own social time as well. So, you know, a few tips I would have would be try to, if you don't already, right, if you don't already, I would say download LastPass, download the family's version of LastPass if you're in the home, and add the different applications that you use to that and different devices that you use to that. So be it some of the elements from your Connect connected home, be it your Wi-Fi router, be it your different applications that you stream material through online, add them into that. And that way then, everybody has the password that they need to hand whenever they want to access anything. And, you know, what's the benefit of that, you might ask? Well, the benefit of that, you might ask, would be that you don't have one child fighting with another child because they've changed the password on Netflix and won't tell them what it is, or changed the password on something else and tell them what it is. So at least that way, then everybody has access to everything that they need. All passwords and all usernames and whatever else, passwords can be unique. And, you know, if you start that at home and that good practice at home, then, you know, for the parents in the house and the working people in the house, maybe bring that up a level and use that yourself within your own office environment. Environment, right? You would not believe the amount of people who are resetting passwords right now because the Post-it notes that they have their passwords stored on are where? They're in their office, on the screen, or stuck under the keyboard in the office. And so, you know, how are you trying to remember these things now? So starting afresh, why not just, you know, download LastPass and start populating your stuff in there as well? Given that the workforce has changed and the workforce position has changed so rapidly, so quick, Trying to get to a stage now where organizations can be secure is going to be a rapid task, and that's going to be very quick. So, you know, my advice would be look for solutions that meet your need, look for solutions that are going to be easy to use, and look for solutions that can be adopted and will be adopted very heavily. Yeah, and have—

CAROLE THERIAULT. I would say, I'd add to that, I'm hoping that organizations do all this with an air of extreme empathy because because I don't know of any employees actually that are trying to slack off. I think all of them are stressed out and panicking about their jobs and trying to do as much as they can. But, you know, it's challenging times, as you said, with a broadband that is slower than average because everyone's hitting it at the same time and too many people in a small environment that wasn't designed for work. So I think the intention's in there. I love the idea of this software because not only does it help the organization, but it makes the life of the employee easier, which is why I'm a fan of LastPass.

UNKNOWN. So I can speak for myself, my wife here. We're trying to be as productive as we can during normal hours and then be even more productive outside of normal hours, if that makes sense. So before the kids get up, try to get a bit of work in. When the kids go to bed, try to get a bit of work in. And in between, we do not want to be stuck on on phones trying to get stuff sorted out with help desks. And help desks do not want us calling them with screaming kids in the background as well because everybody's stressed out. So stuff that just works is, is the order of the day for organizations now and going into the future because this, you know, this is going to change how we work and how we operate in the long term. Tell me about it.

CAROLE THERIAULT. Well, Barry, thank you so much for your time today. I'll let you get back to your extremely busy life. Thanks very much.

GRAHAM CLULEY. Carole, maybe some of us who've been a little bit hard-hearted in the past might actually begin to soften a little and maybe be a little friendlier and maybe a little bit nicer to our friends and our neighbors as a result of this horrible thing that's going on.

CAROLE THERIAULT. Is this instead of the Grinch that Stole Christmas? It's the Graham on Smashing Security.

GRAHAM CLULEY. I wasn't talking about me improving, Carole. I was talking about you.

-- TRANSCRIPT ENDS --