And there are bad people even in Canada. Not many, not many in Canada.

There's one. Yeah, there's a guy who lives in my building, you know.

Steve, right?

Yeah, Steve.

Damn Steve.

Damn you, Steve. Smashing Security, episode 180, Taking Care of Clare, with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 180. My name's Graham Cluley.

And I'm Carole Theriault. It's a special episode this week, Graham.

What makes it so special, Carole?

Well, we're doing a splinter episode this week, and we're doing it with someone who's never laid a toe, I bet, inside a technology company.

Very sensible.

Can we introduce her?

Shall I do it this week?

Of course, you do it.

Let me introduce Clare Blackwood, comedian and actor based in Toronto, Canada.

Thank you so much for having me.

Clare, tell us a bit about yourself. How have you come to end up on the Smashing Security podcast? What weird combination in the stars has caused this to happen? What, why are you here? Why are you here?

It helps to be related to one of the hosts of the podcast.

That's right, that's right. So Clare's my sister-in-law.

Yes. Yeah, I'm actually his mother. I don't know if you can tell. Have you done your laundry lately?

So Clare, you are Carole's cousin.

I am.

And my much younger cousin.

Younger, more attractive, funnier.

And more beautiful. More talented.

Smart, smart, smart.

Oh, yes.

I adore her. Now, Clare has kindly agreed to come on the show, so we're so grateful. But we thought it might be interesting because Clare doesn't live in the same world as we do, so we thought we would try and find out how she uses technology and whether or not we can make her a little bit more secure without making her life a security hell.

Well, basically yes, because Carole, when you asked me to come on your podcast, I automatically, because I am an actor who needs constant validation and gigs, I said yes. And then I took a look at what that meant, and I kind of thought, well, I know absolutely nothing about security whatsoever.

It's never stopped Carole and me, to be honest. 180 podcasts.

I mean, fair enough, but I'm pretty sure I have never locked my phone in my life. Let's just, let's take it all the way back here. We're not talking, you know, I haven't used the right VPN when, oh, blah, blah, blah. No, no, no, no, no, no. I am a basic bitch. I got nothing. I do nothing.

This is gonna be a great show.

Yeah. Carole, Carole, tell us what's coming up on today's show. There's so much to get into there.

It's gonna be wonderful. Okay, first, let's thank this week's sponsors, Immersive Labs and LastPass. Their support helps us give you this show for free. Now on this special Splinter episode, Graham and I have invited a special guest who doesn't have anything to do with technology security, and we are going to see whether we can make her safer online without boring the pants off her. All this and much more coming up on this special splinter episode of Smashing Security.

Okay, now, chums, I think we can all call each other chums, right?

Yes, we all know each other. You've met Clare. Yeah, Clare's lived with me before.

Yes, in Oxford. Yeah, that's right.

Years and years and years ago, back in the days when I was allowed to go and visit Carole's house.

Oh no, that's a whole other story.

Anyway, but I said we have met, right? And you've already said some fascinating things. Well, I first— Yeah, but can we first maybe get Clare to kind of describe her life? Like, let's just kind of build the picture of Clare so that people can kind of go, "I relate," or, "I don't relate," or, "I know someone like this."

So Clare, you're an actor. Tell us all about that.

Yeah, I'm a classically trained actor. I studied at the University of Toronto and Sheridan College for Theatre, and I've been acting in the city for about 10 years. Most recently, I've kind of delved into comedy, improvised comedy, sketch comedy, writing that, studying at the Second City. And I do a lot of freelance comedy writing, mostly satire. I write for basically Canada's number one satire website. It's called The Beaverton. Yeah, it's actually the Canadian version of The Onion.

I didn't know you wrote for them.

I do write for them. I've written for them for a year and a half.

I had no idea.

Cool. Yeah, I basically just get to get mad about things and write comedy about them.

Is there anything going on in the world to get mad about or to be satirical about? I thought everything was going really, really well.

Everyone's getting along very well. Nothing's going on. We're practically so bored we could cry. We watch cheese puffs on TV and think it's okay. Essentially, I just kind of sit and stare at my wall for 20 hours a day till I go to bed.

Now, pre-Rona, right?

Yes.

As a freelancer, did you work from home? Like, did you work at your desk, or did you go work in cafes?

My life pre-Rona was essentially the complete opposite of what I'm doing right now. I mean, you'll find that with any independent actors, writers in Toronto, we're kind of constantly making as much work for ourselves as we possibly can. So my days were spent out of my house working at my serving job. If I'm not working at my serving job, I'm doing meetings, I'm in writing meetings, I'm in sketch rehearsals, I'm performing at night in several different shows a night going from one theater to another. I'm sitting in a cafe or a bar writing a screenplay or an article to be published or anything. So basically, I've now been home for over 2.5 months. I'm fairly certain my cat is planning on killing me to get me out of the house.

There's some great jokes.

You laugh, but when you don't hear from me next week—

There's some great jokes. Why won't they leave?

What's going on? Good woman, take a walk. Yeah, yeah. And meanwhile, dogs are this is so amazing, this is the best day of my life. Yeah, yeah. So I'm just kind of chilling. Don't get me wrong, I wouldn't want to work from home all the time, and I miss, you know, my friends and family, but I've just been basically spending my days writing.

So your life beforehand was— there was a fair bit of technology involved in it. You must have had calendars and reminders and meetings and things to log into. Yes, things to log into for sure. I use a hard copy calendar. Right.

So you're all over Facebook, you're all over Instagram.

Oh, Twitter, Facebook, Instagram.

Clare, was it TikTok that I saw you on doing a dance?

But social media Oh no. Yes.

Oh, I forgot.

Yeah, my brain snapped about two weeks into quarantine, and I just all of a sudden woke up like I blacked out. When I came to, I downloaded TikTok. is my game. You know, I'm a 32-year-old woman, and now I'm making videos for the 18-year-old rich kids in the States. I downloaded TikTok purely because I wanted to make my family and friends laugh by making ridiculously stupid content, which I have been. You know, I— I actually got interviewed by the Los Angeles Times about being an old person learning dances on TikTok. I'm pretty sure I will never get better than that.

That's just all of the things that represent me and why I'm part of it.

It is fairly ancient compared to us, girl. I know.

Okay, maybe you should join just to, you know, bring it up.

No, the interviewer literally told me that she found me on Twitter by searching TikTok dance old.

My wife is on, well, she's a consumer of TikTok. I don't think she's producing videos for it behind my back, but she's on it and she's a fair bit older than Clare, I can say in a fairly gentlemanly fashion, hopefully.

I am not hyperbolizing here.

Otherwise you'd be married to a child. So, good.

I am ancient on TikTok. This would be a very different conversation.

Okay, enough Rona talk, guys.

I am a solid 12 years older than the average user.

Yes.

So you're going around, you're bopping around in the earlier days when you had your normal life.

Yes.

You had a laptop. You used that?

I do have a laptop. It's approximately 5,000 years old, so I don't use it really for anything other than writing.

Yeah.

If I leave the house, I have my iPhone or an iPad.

Okay. So iPhone and/or iPad with you, right?

Yes.

Yeah. Okay.

I don't generally bring my iPad out of the house unless I am going to the aforementioned cafe or bar to write.

Yeah. Or if I'm going to a rehearsal and you leave the huge brick at home of a laptop.

Yes.

Yeah, right.

Yeah. In the

Yeah.

Okay. So unless you're writing in a coffee house or something, you're like everybody else. You've got a smartphone on you.

Yes.

Okay. So we're going to focus on the phone, I think, a bit.

Okay. Yeah, that makes sense. So let's start with— you mentioned in the preamble that you don't lock your smartphone.

corner where it belongs. I don't. And here's where all of your listeners are going to be like, God, Carole, who is this woman? How are you related to her? I fully am cognizant of how bad that is to do. I'm not naive. I realize that if somebody were to steal my phone, I would be, to use cheeky colloquialisms, fucked. But I just— it just drives me crazy.

So you have an iPhone?

Yes, I have an iPhone 8 Plus.

Okay.

Oh, so it does have Touch ID, doesn't it?

Yes.

If we walked you through how to set up fingerprint ID, would you consider it, or would that be annoying? What would be your concerns about not doing it, do you think?

Does fingerprint ID— do I have to do anything other than just open my phone normally?

No, you would literally go get your phone and then it would just say, put your thumbprint on the little thingamajig.

Right, right.

And then your phone then opens magically.

Yeah. Or your finger or your nose, maybe. Or your toe. I mean, what the—

Oh no, don't be silly, Graham.

No, I bet you could use your nose.

Yeah.

Okay.

Can we not experiment with Clare?

I mean, please experiment with me. I am your fun little naive guinea pig here.

Graham, what do you think? Do you want to try and set her up with fingerprint ID?

Well, I think that'd be a jolly good idea, yeah.

If you're up for it, Clare, should we do that?

Let's do it.

Okay.

Let's do it, okay.

And then maybe you can set your phone to lock every minute to see how annoying you find it.

Well, she shouldn't be checking her phone while she's on the podcast.

She can multitask.

I am not checking my phone when I'm on the podcast.

Professional, you see, Carole.

Professional.

So, what do you want to do, Carole? Do you actually want me to walk through how to do this?

Yeah.

Okay. How'd you do it?

Okay, and people at home, if you don't have a lock on your phone, you can follow at the same time. We haven't rehearsed this. This is on the fly.

No, we haven't. So— Okay, I'll try and do this. So, Clare, hi.

Hello.

Go into your Settings app, right? That's the thing which looks like a cog.

A grey cog.

Yes.

Right. And then scroll down until you see something which hopefully says Touch ID and passcode. Now, normally it will ask you at this point for your existing passcode to gain access, but you haven't got a passcode.

I haven't, but it does say add a fingerprint.

Right. Okay. So click on add a fingerprint.

So, yeah, but think about which one you want to use. I used my right thumb because that was the hand I always used.

Don't tell people this, they might chop your thumb off.

What if they kidnap you and steal your finger?

Yes. I don't use fingerprint ID at the moment.

Do you not?

No, I use a passcode. A very long one. It's very complicated.

All right. Okay. Fair enough.

That's the way I roll.

Anyway, so you basically, it says add a fingerprint, right? And you click that and it will then lead you through the process and it'll ask you to touch the little button, which you often are pressing with one of your fingers.

You should probably follow the instructions, I think, on the phone. What, you can't?

I thought you'd want me to lead people through it. For God's sake, you give me this enormous task without any warning of teaching someone how to do this.

I think you're doing a really good job, Graham.

Right. Thank you. So do that. And then after a while, it'll tell you to adjust your grip. So as though you're holding the phone slightly differently and again, use your finger.

La la la la. Oh, it's registering my fingerprint for sure.

Right. So what you will find frustrating is if you've only registered one finger because you think, oh, for goodness sake. Or sometimes you might want to use the other hand so you can add a few different fingers. But now with that in place, you can—

Once it's in place, yeah.

Yeah, you can decide, well, how quickly will it demand me to press that when I want to unlock it? So you could say, well, stay unlocked for, I don't know, a couple of minutes or something like that. But after that, just have that to access the phone. And as simple as that.

And there's two big reasons I can think of why this is a good idea.

Okay.

One, if your phone then is set to lock, say, every 5 minutes, so you do your thing and then as soon as you're not playing with it for 5 minutes, it'll then automatically lock. You save battery life, which is good.

Yep.

Okay. Okay.

And two, as you pointed out, if ever you left your phone somewhere with all your stuff in it, right? Like, do you bank on your phone?

Oh yeah. Oh no, I full on have like, I full on have a list in my app of various passwords that I cannot remember.

We're going to censor out the name of the app.

I can just— I can't see you guys, but I can just feel your—

No, I know we're not. I think this is actually a brilliant show because I think sometimes we live in our own swamp too much and we don't remember what it's like being in the outside world.

That's absolutely true.

Because my jaw's on the floor.

We live in a weird world and we lose touch with what the typical users are like.

Yeah.

So is it set up now on your phone? Yes. It also made me put a passcode in.

I think that's because if you turn your phone entirely off and on again, I think it says, okay, to use Touch ID again in future, you're going to need a passcode. So you're probably feeling quite frustrated with us now because we've given you something extra.

So we're just gonna, we're gonna turn my phone off and then—

Don't forget the passcode. Don't worry.

I used literal easiest password.

Okay, so 1, 2, 3, 4. No, no, no, no, no. I used, baby. Okay, well—

But that shouldn't matter, 'cause I used my thumbprint. Yeah, baby steps, right, Clare? Baby steps.

We have made progress.

Previously, Clare didn't have anything, any form of authentication. And now she's got fingerprint ID and she's got a passcode. And maybe at some later date, you may decide that you won't have such a simple passcode. Maybe you'll have a passphrase or a word. So it's not just numeric. You might have something alphanumeric as well. But, you know, let's not go crazy because you must think we're weirdos, right? You must just think this is such an encumbrance.

I don't think you're weirdos at all. I think you are vastly more aware of the implications of all of the things that I am not doing than I am. Whereas I have a bare minimum understanding of the fact that, you know, the government is stealing all of our data, blah, blah, blah, all that kind of stuff. I've just kind of sunk into the swamp of, I don't care, which is a terrible quagmire to be in. And I realize I'm probably giving my— well, I know I'm giving my data to China every time I open TikTok.

But it's one of those things where it's kind of like you don't even know where to start to do anything. So it's kind of just too much ostrich, kind of put your head in the sand.

It's too much. And I also— this sounds so bad, but it's kind of one of those like, well, I can't see the implications, so I can't see how it affects me directly, so why should I care? Yeah.

So I mean, in the case specifically of your phone and locking your phone, I guess the concern is that you'll have many apps on there. You've said that you're active on social media. Someone could take your phone could post in your name, which could be damaging to your reputation. They could read your emails. They could see private communications. They could steal your photos. There's opportunities for identity theft out there, and there are bad people even in Canada. Not many. Not many in Canada.

Steve, right?

Kinda creepy. Yeah, Steve.

Damn Steve.

Damn you, Steve!

Steve is also one of our cousins, so I hope he listens to this. This one's hey.

Okay, well, I feel we've done something to help the phone a little bit, but maybe we need to look at a few other things as well, Carole.

Yeah. While we have the phone, let me just do a few more things.

Okay.

So if you grab your phone and if you go to the privacy thing, and the way I do it is I search on the settings one. So the little gray cog as you went in before settings, and then if you just type in location and then location is under privacy, there's a number of different location names, but you'll see that one. So we can just see the list of apps that know where you are. And if you look at those, some of them are going to make sense, a map app. That makes total sense. But maybe—

Ooh, my camera.

Yeah, mine is set to never. So it's a really good point. So if you have it on, and Graham, actually, maybe you can confirm or deny this. If you have your location on your camera, is it right that when you forward an image, that information can be stored in the metadata of the picture.

And people have been caught out before. Yes. Now, sometimes when you upload that photograph to a social media site, they might strip that information out of the picture. But there's always the chance that you could forward it or email it or something else.

How close are we talking? How specific of a location? Because I know that sometimes I'll take a picture and then I'll go home and I'll be this was taken in Simcoe. They don't give the kind of vague town area.

Well, it would—

Can it get more specific than that?

Yeah, it'd be able to give your GPS coordinates. Yeah.

Really?

So basically within—

Yeah, a metre or so.

Wow!

So it could be—

I didn't know that.

So it could be incredibly precise. I remember when John McAfee, who's— How can I explain him to Clare?

I don't know.

He's—

Crazy, cool.

If you think of Charlie Sheen. And how mad Charlie Sheen was.

Oh my god.

So, John McAfee is the Yeah, yeah, that's right.

Fantastic.

And has been on the run before for police investigating murder. Oh my god. And so— So, he was on the run at one point, and people posted up a photograph of him. industry's version of Charlie Sheen, Somewhere in Guatemala or somewhere. And unfortunately, they included this information inside the image, which wasn't visible if you looked at the image. But if you had the right tools, you could extract it from the photograph. going completely bonkers. So you don't want that kind of data normally being included in your photos. I suspect most people have got no use for that whatsoever. So that's the kind of thing which you want to turn off. But yeah, a lot of apps will want to know your location, and it might be that they want to know your location because they're tracking you, or maybe they want to give you more precise advertising or advertise depending on where they think you go.

Yes.

And that's kind of debatable whether you really want that, right?

Okay, so now let's try contacts. All right, so under privacy again. So it's contacts under privacy. So there you'll have a list of apps. For example, what about your social media sites? Are any of them listed in this list?

Instagram is off. Actually, I don't have a lot of social media on here. The only thing I'm surprised by is my bank currently has access.

See, that's strange.

My RBC Mobile.

Yeah, so I don't know specifically why that app would need access to your contacts. Maybe it's in case you want to transfer money to a friend or something. Yeah, you can turn it on. I imagine at some point, the app may have requested access to it, maybe to make that process easier.

Yeah. And it's very possible that I was just kind of did the millennial thing of just being okay, fine, fine, fine, fine, fine, fine, fine.

Okay. Okay. Okay. And you know, this is an interesting one, I think, because there are many apps.

There's one. Yeah, one.

I mean, if you've got well-established apps, generally they won't do this, but sometimes you download games and things which will try and take your contacts and then spam them to try and promote the game and say, hey, Clare's playing this or Clare's doing this. Why don't you join her?

There's a guy who lives

And the risk here is that you're not only potentially endangering your own privacy, 'cause you're sharing information with God knows who about who you know, you are also exposing the privacy of the people you love and care for, your friends. So it has an impact on other people too.

in my building, you know?

Okay, don't be all—

Oh, I'm not, I'm not afraid.

No, no, no, this is good to know.

I'm not, I'm not.

So basically what you're saying is if I download an app and it asks, you know, buried in all of the fine print, it says, I'll get access to your contacts, then it will just have all of their information.

The way I do it is if I download an app, I then install the app and then I go and check those things under privacy just to see if the app has showed up in any of those lists. And then I make my own judgment call because I think a lot of us, when we download apps, we just assume the app is going to download itself safely and it's going to have the right things turned on. But sometimes they're cheeky, right? And if they can take something from you and you say, yeah, yeah, sure, sure, fine, fine. That's what I do. Now, that might be a pain, and it depends how often you download apps.

I mean, I download them as necessary. For example, you know, the other day I decided that I wanted to find out what breed my cat was. So I downloaded an app called Cat Scanner.

Cat Skinner?

Cat—

Not Skinner.

Cat Scanner. And you take a picture of your cat and it will just use algorithms to find out what breed your cat is. So I mean, that so far has not shown up in any of the lists.

Is it doing some kind of facial recognition on cats to work out what— this, if you did that on people, can you imagine the outrage as an app tried to determine what race a person was?

Oh, there are Instagram filters for that.

Are there?

My God.

Oh yeah.

She can teach us about a different world, Graham, too.

There are Instagram filters for everything.

What kind of cat is it? What's the name of your cat, Clare?

My cat's name is Gandalf.

Ah.

He's a 15-pound grey and white monstrosity. Who apparently is primarily a Norwegian forest cat according to Cat Scanner.

Is it pining

Did I mention she can do accents?

for the fjords, Now, yes, much better than your accents, girl. So—

She's a professional. I would hope so.

Yeah.

For my sake. I mean, they're all bastardizations of the actual locations where I'm trying to—

do you think? Okay. Clare, you've just revealed your cat's name to us is Gandalf, and you've also revealed that you are a fan of Middle-earth and all that that entails.

Yes.

Without naming any sites, do any of your passwords relate either to your cat's name or to something Tolkienian?

They actually don't.

Very good, Clare.

Yeah, now don't praise me yet because actually I have no passwords, so I literally

Yeah.

just hand my phone out to strangers on the street. No, I use— generally, without giving anything away, I use the same variation. And then I'll throw the same numbers after it or the same symbols depending on what the websites ask for. And then generally, if I forget what that password is, then I'll go to my second choice password. I have a word. So, he's insane I have essentially three.

Yeah. And you're just kind of putting variations or you're putting a number on the end or something like that.

and does a Yes.

When you have to. I understand.

And it's the same number.

And then what do you do with it? Do you write them down in a little book or something?

lot of drugs. Some of them. Occasionally, if it's an email that I, or a password that I just find myself continuously forgetting, I'll email it to myself.

Yeah, right.

Or I have, as I said before, I have a shit folder on my phone and occasionally I'll just put passwords in there, which is terrible. I know.

But most of the time you don't need to write them down, do you? Because you can work them out because you know roughly what it is.

I know roughly what they are, or my phone just kind of stores them.

Right.

Okay, so what we could do, there is a website run by one of our types named Troy Hunt, and he runs a website called Have I Been Pwned, which basically means has anyone ever tried to hack your email address by, for example, hacking a social media site, for instance. So we can go find out and it's free. So if we go to the website, have I been pwned?

And so pwned is spelled P-W-N-E-D.

I got it.

You got it?

Yeah, I live on the internet, Graham. Okay, I know, but just for our listeners, for our listeners too.

Yeah, so haveibeenpwned is what's up, pwned.com. Now Clare, if you're on that website, yes, if you put in one of your email addresses—

Oh, I've been pwned on 11 breach sites. Yeah, and I found one paste I don't know what a paste is.

So a paste is basically when bad guys post up onto a particular site, a site called Pastebin, a whole long list of email addresses and passwords associated with them.

Right.

But the rest of those which are displayed for you there, those are the results of data breaches. So those are all sites. So you can see a list in front of me. I'm looking up and down it right now. You've got Adobe, CafePress, a few sites I've never heard of: MySpace, MyFitnessPal, Tumblr, Ticketfly. These are all sites that have in the past been hacked or suffered a data breach. And so the hackers have your email address and they have associated with it maybe a password, maybe poorly encrypted for your particular account. And the danger is that if someone wanted to get into one of your accounts, they could take that password and use it not only to get into that site, but to get into other sites. So this is why it's a really good idea to have different passwords for different websites.

Now, but don't freak out too much because I don't know anyone who wouldn't be listed somewhere on this. I mean, this is a list of billions and billions of addresses.

Oh, of course. And you know, it barely goes a week without hearing that some major company was hacked.

Yeah. But what's really cool about this service is that you can see which ones you might have been affected by, and you might have gone, "Oh my god, I haven't changed my password for that site since blah blah, I'm gonna do it now."

Yeah, and you might not care about someone being able to access your MySpace account or your MyFitnessPal account.

I didn't even know I had a MySpace account.

I know, it's so funny.

Yeah, I've got some crap ones here too, you know, sites that I just started, you know, whatever, a little account just to see what was going on and then never paid attention to. So that's normal.

Lots of people—

The danger is, Carole, that sometimes when you're just testing a service, you might not take as much care about your password. So you might have a, "Oh, I'll just use the same old password again while I'm creating this account."

Yeah.

So one of the things we would love you to do, Clare, is to think about using a password manager, but specifically to have different passwords for different websites. If I was to say one mistake, which I think most people make, it's to reuse the same passwords in different places.

Basically, passwords really, really matter. And we're not just saying that because we have a sponsor. But really, it is an app that you use, and I have it with my browser.

He's pining— He's

So I use it on my computers and I use it within my browser of choice, right? So it sits there in the browser. And all you have to remember, it's a master password.

not dead yet!

So let's say your password was, "I really love to eat poop," for example. And that was your password. That is the only one that you would remember because that's the key to your diary of passwords, your online diary.

He's an ex-cat. Well, I'm going to have to change all my passwords now because you guessed it immediately.

And what's really cool about password managers is that they work on your phone and on your laptop and on your iPad. And so you basically, as long as you remember your main password, you'll just jump into every app as you are now. Like it'll bypass even like it'll help you get into your bank. So you can throw away your list.

Now, I assume that using a password manager would be predicated upon the idea that I have to now use either a passcode or a touch thing, because otherwise whoever goes onto my phone can just automatically get into every single one of my apps.

Well, ideally you would have those set up, but actually, as Carole says, she mentioned this master password idea that the idea of that is there's only one password which you do have to remember. And so no one can access your great big bank vault full of passwords held securely until you've entered that master password or until you've used your Touch ID to unlock the vault.

So would you yourself know what all of the passwords are that it's generating?

If you ever forget your master password, you're screwed. So that you need to make strong and make sure you can remember it or write it on the, I don't know, a piece of paper and hide it under your mattress. It may sound daunting, but it's worth giving it a try because you might be surprised to find just how easy it is to use one of these things. And it really helps you both choose much stronger passwords in the future.

Yeah, because it chooses them for you. It just creates them for you and you just say, make it hard, like choose 50 characters, put all kinds of garbage in there.

And they'll be unique. And next time there's a data breach at MySpace or whatever site it is, then you won't have to go scurrying around changing all your other passwords because all of them will be different. It's worth a go.

Interesting.

But you know what? It's been eye-opening for me having this chat with you, Clare, like this, because, you know, we see each other, we have a laugh, but we rarely talk about computers.

Right.

So, but it's eye-opening to me that there's a lot, a lot of people out there that have lives and use the technology, like, and don't know anything about it. Like, I know nothing about my car, right? But I use my car. I know nothing.

And I also think, I think for people, people of my generation, and just, you know, even going past generation, I think people who don't work in your industry, we're so used to the idea that like every company is stealing our data just all the time that it just kind of becomes white noise.

But it's white noise until your bank account's emptied.

Yeah.

Or your Twitter's hacked and it's saying, you know, all kinds of—

I think what Clare's saying, correct me if I'm wrong, Clare, is that there's so many of these breaches happening, you kind of give up and you kind of think, "Oh, that's just the way it is. This just happens. What can I do?" Yeah.

And I think, I don't know, I can only speak for myself and my friends, but I think for the most part, we've been fairly lucky in the sense that I've never heard of— Occasionally, the worst that will happen is somebody will post on their Facebook saying, "Hey, if you get an email from me, it's not me. My email's been hacked. Just ignore it." And that's pretty much the worst that happens to us. And so I think we just kind of, you know, we're also the generation that just kind of scrolls blindly through all of the 5 pages of user manuals and all that kind of stuff.

99.9% of people do that.

Yeah.

And then just go on to the next TikTok dance.

Yeah, well, exactly. Which I do so well.

Oh yeah, you did. You rocked it.

Oh no, I looked like a massive white person attempting to do a dance created by 12-year-olds.

Links in the show notes. Links in the show notes, folks.

If you work in a big company, you see new employees all the time, and you also hear about employees that are leaving all the time. Think of the hassle that is for the IT guys who have to get all the passwords sorted out, all the accesses for the newbies, and then delete all those authentications for leaving employees.

If you listen to our show regularly, you'll know that hackers never stop innovating. Immersive Labs gives security professionals practical and gamified content to keep pace with the latest threats.

Having a solution like LastPass for Enterprise can help. Plus, makes your employees' life a heck of a lot easier because they only need to remember their master password.

Sign up to get instant access to more than 24 hours of free labs and a new lab to try out each week. Latest being their red and blue team labs on the SaltStack vulnerabilities, which were in the news last week.

Want to learn more? Check out lastpass.com/smashing.

Go check it out at immersive-labs.com/smashing.

On with the show.

And welcome back. And you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.

Pick of the Week.

Pick of the Week.

Beautiful.

Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app.

Clare, can you say Pick

Whatever they wish. It doesn't have to be security related necessarily.

I don't think I've ever meant this more in my life, but with this guest, it better not be security related. We have drowned her in security. of the Week?

Oh, poor Clare.

My Pick of the Week is just a little live reading of all of my passwords.

We'll just put that on the Patreon feed. So, my pick of the week this week is a YouTube channel. It's called Cracking the Cryptic.

Okay.

And this is hosted by a couple of English chaps. Decent gents, of course. Mark Goodliffe and Simon Anthony. They are both record holders for solving crosswords and Sudoku puzzles and things like this. And they have given up their regular jobs to run a cryptic crossword or puzzle channel on YouTube.

They may not have had a choice.

They are— no, no, I think they chucked it in because they thought this is a more fun thing to do than our boring—

My husband would be in heaven if this were his job.

Oh, he would! I loved Cryptic Crosswords because of him.

I once bought him a piece of software that helped you create the floor plan for Cryptic Crosswords. It's very complicated. Who knew? Anyway, sorry, I was taking over there.

This YouTube channel shows you the tips and tricks needed for solving Sudokus as well as cryptic crosswords. And I have included in the show notes a link not only to a fantastic Guardian article all about them and how they've become an internet sensation— they have over 200,000 subscribers— but also a link to a video, a video which is 25 minutes long or so. And it is showing one of these chaps solving a Sudoku, which only has 2 numbers on its grid and a few rules. It lasts 25 minutes. And at first he's like, "This is impossible. This is a joke. How can I do this?" And over the 25 minutes, he solves it. And after 25 minutes, you will move from saying, "Why would anyone watch this?" to, "Oh my God, this is the most amazing thing I've ever seen on the internet. I am subscribing to this YouTube channel." So it is quite gripping. I have to say it's really good. And I would say I heartily recommend the Crackin' the Cryptic YouTube channel. Go and check out the Miracle Sudoku on YouTube to see that particular one, which I'm emphasising this week. And that is my pick of the week.

That's a good one, Graham. That's fresh.

Thank you very much. I'm going to be checking that out. Okay, Clare, what is your pick of the week? Right.

So basically, in this horrifying timeline that we're currently in, I generally want to do nothing more than make people laugh. So, today— because what else can I do? So, today I'm plugging an awesome podcast company called Dumb Dumbs and Dice. They're basically a trio of professional comedians, writers, and actors from Toronto who produce 5 hilarious weekly improvised RPG podcasts with other Toronto-based improvisers and entertainers. What's an improvised RPG podcast? Yeah, so improvised RPG podcast, basically Dungeons and Dragons is an RPG, role-playing game.

Crow, see, Maria is really into Dungeons and Dragons, so yes. Yeah, yeah.

So basically they run basically if you're interested in Dungeons and Dragons, improv, comedy, you'll probably love their shows. They do one, it's set in the Star Wars universe. They do one set in the Lovecraftian horror universe. They have one set in traditional Dungeons and Dragons kind of universe, and it's all with incredible actors basically making up the story as you go along. And have you done—

have you done some of this?

Yeah. Well, to be blatantly transparent, I am actually a cast member on one of the 5 podcasts. Can we—

can we play a snippet of it on the show? Absolutely. Okay, here's what I'm going to do. I will put a snippet of the podcast after the closing music. Cool.

Yeah, it's a show, it's called HP Duncraft. And for people who know RPGs, it's a Pulp Cthulhu campaign. Of course. And it's basically if Stephen King wrote an entire improvised season of Scooby-Doo, Where Are You? Sounds amazing. It's great. And so basically it's these guys, they're wonderful human beings, they produce really funny, well-edited entertainment. A 1930s gangster named Red from Boston.

Oh my God, can you do a bit of the accent? Can you give us a bit?

Her name is Red. It was Tracy Jones, but I swear to God, you don't want to go down that path. She's just here to kick ass. She doesn't like ghosts. I don't want to talk about no fucking ghosts. She's good.

I told you she was good. All the talent went on one side of the family.

What's your pick of the week? My pick of the week is a Netflix miniseries called Into the Night. I loved this program so much. So it starts in Brussels Airport. An armed man storms on a late night flight to Moscow and demands the flight goes west, west, not east to Moscow, west. And he's got a gun. There's a former military pilot named Sylvie. She's a passenger on the plane, but she finds herself pulled into the cockpit to help because the guy is freaking out. And why west? Well, it turns out the sun has been killing everything in its path. And the passengers can't get access to Wi-Fi. And this guy with the gun who claims he's from NATO, right? Is he bonkers? Or is there a veritable apocalypse happening?

So he's hijacked the plane. He's saying if the sun touches the plane, the people on the plane die.

Anything the sun touches is destroyed.

He's racing ahead of the sun. He has to stay in the dark.

Yeah, think Speed. Think Snakes on a Plane. Think Airplane without the giggles.

I can't think Speed without thinking of Father Ted and the milk float. That's the best scene ever.

This is absolutely something that I'm going to check out. This is right up my alley.

Now, Clare, I'm gonna— this is the gravy for you, right? So on Netflix— no, no, no, I'm not gonna spoil it.

I mean, because he might be— is it actually happening, or is he just mad?

I'm not gonna answer that question. Obviously, I'm a professional. God. So on Netflix, they've dubbed it, but it's a pan-European airline show. So you've got people from Moscow, and you've got people from Germany and France and England. And it's all dubbed, and they're talking. And then of course, occasionally, you got someone saying, but what did he say? And she goes, well, she says he really wants to go to Moscow. And he goes, aha. But it's all happening in English and you don't know why. So anyway, it's very, very amusing. So every time that happens, we would have a little swig. And that was a very nice evening of 6 episodes. So it's science fiction and fantasy. That might give you an idea of what might happen or not. And its creator is Jason George. You can find it on Netflix. It's called Into the Night. We loved it.

Try it. Marvelous. Well, what a superb pick of the week, and what fun it has been as well. Having Clare on the show on this splinter episode, unusual, different kind of show from our norm. Clare, I'm sure lots of our listeners would love to follow you online and find out what you're up to. What's the best way for folks to do that?

So you can follow me on Twitter at @ClareBlackwood. That's it. No i, Graham Cluley, C-L-A-R-E Blackwood.

Yeah. Cool. Lose the I.

And you can follow us on Twitter @SmashingSecurity. And we're on Reddit as well, so go and check out the Smashing Security subreddit. And don't forget, if you never want to miss another episode, subscribe in your favorite podcast app such as Apple Podcasts or Spotify or Pocket Casts, and we will automatically appear each week.

Thank you to this week's Smashing Security Sponsors Immersive Labs and LastPass. Their support helps us give you this show for free. But none of this would happen without you loyal listeners. So thank you most of all. Check out smashingsecurity.com for past episodes, sponsorship details, and information on how to get in touch.

Until next week. Cheerio. Bye-bye. Later, dudes.

Dudes, look, I'm being cool because my younger cousins are on.

Wow, girl, you're so cool.

Say bye, Clare.

Bye. The door creaks open and you see a moderately sized bedroom. You start to hear dripping and your eyes are drawn to the ceiling where a patch of blood is slowly expanding. The dresser at the far end, you hear a slow agonizing creak as the top drawer pushes itself out and then falls clattering to the ground. I would like to close this door, please, Red. We can close it. I close the door. As soon as you do, alarmingly quickly, you just hear the sounds of the drawers just flying out of the dresser and slamming. And then you hear kind of like a— as the entire dresser falls over. Whoever you are, we're not scared of you. You hear a voice from inside that says, please help. I'm inside the dresser. Help. Now I need you to listen to my very explicit instructions here, Adrian. Please ready your punching fists.

Yeah, they're always ready.

Now I'm gonna open the door. And we're gonna look inside the dresser.

What if we don't? Could we not?

I need you to be brave for me. You were always very brave. So we're gonna open the door and you're gonna look in the dresser and then what? And then if I tell you to, we're gonna punch it.

The dresser? You said I had to be very—

You said explicit. If there is someone in the dresser—

I'm punching.

We're gonna punch him. What if it's a ghost?

Well, then we're gonna have ourselves a fun time.

Like a party?

Like a birthday party. There will be dancing and there will be a cake.

Hopefully the ghost brought it.

Yes.

I can do this. I'm gonna open the door now. I'm gonna open the door. You open the door and the dresser is back upright. All the drawers are back inside, but now it is next to the window and the bed is in a different corner. Of course it is. And the blood is pooling on the floor instead of the ceiling. It's dripping up. Oh, I'm really starting to dislike this day.

That's my cousin Clare, ladies and gentlemen. So if you want to hear more, check out dumbdice.com.