Like Snapchat, any images uploaded were meant to be automatically deleted after a short time, right? So there was that reassurance.

Define deleted.

Well, define automatically. Smashing Security, episode 211. 19 hacking and bitcoin balls ups with Carole Theriault and Graham Cluley. Hello. Hello and welcome to Smashing Security episode 211. My name's Graham Cluley.

And I'm Carole Theriault. Hey.

Hey. Thank you so much for bringing me on the podcast.

And Carole, we're joined this week by a special guest.

Welcome, Ron, to the Smashing Security world.

Thank you. It is a pleasure to be here.

Well, it's great to have you here. And of course, you are calling in from America. Quite a big week for America.

A lot going on. Yes. We have some transitions.

First time on the show, but friend of the show, Ron Eddings from the Hacker Valley Studio podcast. Hello, Ron. We're recording this on Tuesday and the inauguration is scheduled for Wednesday, isn't it?

Yeah, tomorrow.

Yeah.

And so by the time people hear this, they'll know whether that has successfully worked out or whether—

Do you know what? Every single toe and fingers are crossed. I think most of us just need a fricking break, right? It's just been insane for 3 years.

Martial law might have been imposed by the time this podcast comes out. No, no, no. Nuclear wasteland. I'm sure it'd go very smoothly. Sure there won't be any hiccups.

It will. There's a moving company called— it's going to be a nice, quick, swift move out.

So Hacker Valley Studio Podcast, that's going super well, isn't it?

Yes, we've had the honor to have you two both on twice to the show.

Oh my goodness. Ooh, Graham, I didn't know that you also got invited on. No, I'm kidding.

Like if Graham was there, I wouldn't have come on.

Exactly.

Now what's coming up on our show this week, Carole?

Well, first let's thank this week's sponsors, 1Password and Recorded Future. Their support helps us give you this show for free. Now coming up on today's show, Graham, what are you looking into?

I'm gonna be getting down with the kids. Seeing how cool you two are as well.

Okay, Ron, what's your topic this week?

My topic for this week is hackers steal, alter, and leak COVID-19 vaccine data.

Ooh, this is the serious bit. And I am going to bitcoin world where the currency is sky-high once again. So let's see who the losers are. So all this and much more coming up on this episode of Smashing Security.

Now, chums, chums, I felt it's been a while since we've had a quiz.

What, 7 days?

Did we not have one last week? And so I thought it was probably time that we did another one. Are you both ready to shout out if you know the answer?

Yes.

So, Ron, you practice making a buzzing sound.

Beep.

I can't do that again. Boops.

Okay, so I'm going to say a word and you're going to tell me what it means. And these are all examples of young people's slang. So Ron may have an advantage over you, Carole, just saying.

Why? Is Ron younger?

I would think so.

I just had a birthday.

Oh, have you? Can we ask what the first number of your birthday is?

It is a, well, it's finally a 3, so that gives it away.

We're about the same age, Graham.

What's your problem? We are. All right, quiz time, quiz time. So first up, hundo P. What does hundo P mean?

I have no idea.

I saw that in the document. I was, what is that?

I have no idea.

No, any guesses? Want to guess? Either of you? None of you buzzed. This is for a point.

100,000.

Oh, close. It's actually short for 100% or absolutely right on. You go, "Oh yeah, hundo P, man, hundo P, bruh."

Okay, so basically you are — you're in this vernacular — you're hiding your support from the common person to someone else.

No, I think you're just communicating with another young person, Carole.

This is how you communicate. Yeah, no one can hear you support them.

Rather than saying gear or groovy, you say hundo P. Okay, now here's an interesting one because of course the name of our podcast is Smashing Security.

For those that don't know.

Yeah. So what Bullseye? I didn't hear your beep or buzz, Graham.

Oh, for God's sake.

Oh, hello.

Here we got Ron. Ron's come in. What do you think smash means? does smash mean? Smash?

Smash is something that I will not say on the podcast, but it's an act of some kind, right? Is it sexing?

It's not sexting, Carole.

No, no, sexing, sexing. Without the T. In real life.

Apparently, yes. Apparently it's to have casual sex.

Yeah, smash together. I didn't know that one, actually.

Oh, you didn't know that? Okay.

But I didn't know hundo P. I'd never, yeah.

Okay, so curious that we chose that name. And the final one is fleek. Fleek. Okay, Carole, will you practice

Do you know what fleek is? I know that one.

Really?

Yes.

Oh, you haven't buzzed though.

Yeah, I'm not playing the game. Okay, go, go, go, Ron, go!

making a burble of some

Fleek is really good, on point, spectacular.

Right.

And if it's ongoing, then you use the word fleeky. Ooh.

type? That'll do.

Fleeky.

Okay. Well, Ron—

My niece taught me that.

Ron, as we're in the same generation, can you give us one more young people slang? I just can't think of any right now, but can you give us one that's not on the list?

What about fire?

Ooh, I don't know what that means.

Fire?

Use it in a sentence.

The Smashing Security podcast is fire. Check it out.

It's hot. Yeah, hot.

You definitely don't want to add on fire, right?

No.

Yeah. Yeah, okay.

So Carole, would you say you're on — are you on fleek?

Always on fleek, man.

Oh, really? Interesting. So would you say your eyebrows are on fleek?

I would say I've got excellent eyebrows. So yes, they are.

Would you say any other part of your body is on fleek?

I don't know, Graham. That's getting a bit rude.

The reason why I'm asking is because fleek is not just a young person's slang for, you know, being on point or being super duper. It's actually a social media app.

Yeah, isn't it? Snapchat's answer to TikTok? Is that right?

Oh, you're close. You're close. So Snapchat has a feature called Campus Stories.

We're, yeah, we are. Okay, I don't know that one.

Apparently with Campus Stories, if you've got a phone and you've been on certain college campuses or were there in the last 24 hours, you are able to post to that college's campus story, which means that you're able to share photos and things like this. Now, Fleek was very much in that vein, but it was uncensored and X-rated, and it became really popular with students.

What do you mean? Okay, whoa, whoa. Do you mean it was porn or it's just that maybe it was a bit more edgy in its pictures and not safe for kids?

Well, it was beloved by students who wanted to share particular photographs, which maybe they didn't want to put on more family-friendly social networks.

So if I'd photocopied my butt at the work photocopier.

I don't think anyone would want to see that.

You're outrageous. But if I did do that, I would put it on this, on Fleek, not on my typical Instagram or whatever, where my mom and grandma follow me.

And then I'd be calling the photocopier repairman. That's absolutely correct.

Yes.

Maybe some kids and some disinfectant as well. So yes, so if you didn't want your parents and future employers to see something, you might post it on Fleek. And people were posting pictures of themselves engaged in sexual activity, maybe a bit of smashing—

Smashing Security.

—going on. They were embarrassing themselves. They were taking drugs. And—

Drugs, you say?

Yes, indeed. Not just aspirin. And so there you would go if you wanted to watch that kind of thing or check that kind of thing out on Fleek. You know, my mum thought you were really grubby last week. Well, hopefully she will now see that I'm a paragon of virtue, and it is her daughter who claims to be on fleek. Now, hello, Karen. Like Snapchat, any images uploaded to Fleek were meant to be automatically deleted after a short time, right? So there was that reassurance. Right.

What, hit it? So if you took a picture of your junk, you would know that after a certain amount of time it would be gone and no one else would see it except for the intended.

Yes. Define deleted.

Well, define automatically. Because it turns out that Fleek's developers weren't automatically deleting all the images uploaded to the app by their users.

Get it 100%?

In fact, what they were doing was they continued to store them.

Well, the particularly delicious ones.

Well, I don't know quite what their criteria was, but they continued to store them even after the app itself completely shut down. And so these were being stored on the company's servers out there in cyberspace.

Who owns Fleek? Is Fleek a standalone social media?

Yeah. So Fleek isn't part of Facebook, isn't part of any of the well-known— it was owned by a company called Squid Inc. Which is quite a clever name really, isn't it? Squid Ink, if you think about it. I thought it was clever because ink, Crow, incorporate ink. You know, squids and ink. Yes.

Oh, you mean squid incorporated. It's not called Squid Ink Incorporated.

You claim to be the same generation as Ron. I think so. I am. You've proven yourself to be quite a lot slower. Now, it wasn't just pictures that were being stored because obviously they wanted people to use the site, and they also quite like to monetize it. So what they did was they tried to entice male users into paying for access to the chat room. And what they appear to have done is that Fleek created fake bot accounts using photographs of young women that they'd scraped up from the internet. Sounds very Ashley Madison to me.

It does, doesn't it?

The fembots of Ashley Madison. And then they sent messages to men, invited them to chat, and the only way that men could view those messages was to pay Fleek a small fee.

But what would those messages say, do you think? Hey, hottie, hot, hot.

Fancy a smash with your fleek eyebrows?

How many men would actually understand what that means?

Your hundo pe— Yes, but it's not aimed at people like you and me, Carole.

Well, I'm asking Ron in case he's— Yeah, let's speak to Ron.

Let's speak to Ron.

They paid $5.99 to start that chat. So they're like, hey, I paid to talk.

I don't know. Yeah, but for $6, right? For $6 or however, I don't know how much it costs. Must cost something like that, right? It's the price of coffee. So their expectation might be quite low. It's like a coffee date. Okay, so these guys have paid money. They've paid cash and they're talking to robots.

Why didn't they use the pictures that they didn't delete instead of scraped images?

Wow. Wow. Ethical, Ron. Geez. True. Anyway, the app you will be sorry to hear closed down in 2018. 2019. Ah. Newsworthy as always. I love it. I love that word stumbled, like been looking, looking nonstop for months, trying to find an open Amazon Web Bucket so they could go out and dox good news on. Okay. But they found— So they stumbled across an Amazon Web Bucket.

No password required. Anyone in the world could access. And of course, umpteen opportunities for blackmail. Not just pictures, but chat logs as well.

Oh, so these were the pictures that they said they had deleted. Correct. And the chats they said they had deleted. Correct.

And the app no longer exists, right? So it's not like you had the option to go in and delete your account or—

And go to Fleek and go, yo, yo.

Right. Very good. But no, I'm showing how street I am. 100p. Now, the researchers, they managed to access 377,000 files, 32 gigabytes of data, data which had been uploaded to Fleek between 2016 and 2019, the app no longer exists. And they tried to contact Squid Ink to, you know, to say, can you do something about this? And because Fleek doesn't exist anymore, they couldn't get ahold of them. So they had to go straight to Amazon instead to shut down the bucket.

2016 to 2019, that's a long time to learn to realize you're talking to a bot.

Yeah, totally. Yeah. So, okay, so Amazon have closed this down. They have now. And thank God it was found by someone as reputable as VPN Mentor and not some ne'er-do-well that wanted to slap it all over.

Who knows who else might have accessed the data in the meantime and could potentially have grabbed it? Because if it was possible for their researchers to find it, possible for other ne'er-do-wells to do the same too. But here's the problem. Here's the thing which I think people need to think about is that you may join a site, you may share information with the site. You may even trust its privacy policies, which I'm sure would have said that they were deleting data and not storing it, which clearly they abused. But what happens when the site goes defunct? And you have no means of ensuring your data's been wiped.

And who was paying for that storage in the meantime? It sounds like someone didn't want to delete that data still.

It's a bit odd, that one, isn't it? You do imagine that Amazon would have been policing that and spotted if someone hadn't been paying.

Somebody was paying. But maybe they blocked access but kept the data?

What, in case they came back? I don't know, these are all excellent questions. We're not trying to find answers.

I'm not trying to show that you haven't done your homework. I think it's actually a really important issue because think of how many apps we give info to. I mean, everyone now, I'm sure, under the age of 40 has probably either entered an insurance comparison website information or a dating site where they ask tons and tons of questions, or social media. There's tons of websites out there with our info. That's true. It's kind of scary to think about when they die, they just basically become a mall in the States, you know, when they kind of just have these ghost malls, right? No one — there's no businesses there at all. It's just this empty, huge mall that just sits there, and it's kind of like that with all this stuff inside it.

No one's looking after it. It's a nightmare vision, Carole.

There's a lot of them in the States, Ron. You've seen, you know what I'm talking about.

Ghost malls.

You don't know what I mean?

Sounds like free land to me. At least here in Austin, Texas, that ghost mall would be gone in a few weeks.

Okay, Ron, what have you got for us this week?

This week I have hackers steal, alter, and leak COVID-19 vaccine data. So the story behind all of this is last month there were reports that hackers stole confidential documents that Pfizer and a company called BioNTech had submitted to European Medicines Agency, acronymed EMA. But Friday, word emerged that the hackers leaked and falsified the information that were in the documents. Whoa.

So let me just make sure I understand. So they not only put out all the information they gathered, but they tweaked it so it wasn't bona fide data?

Exactly. And I'm not sure about you two or the listeners, but this is a true testament to what my parents always say, not to believe everything you read on the internet.

And that's what happened here. So you're telling me that criminals who hacked into an organization and stole data can't actually be trusted to give you the data without having tampered with it?

We shouldn't trust these guys. So untrusted that each source didn't even believe them, and I think it was due to a lack of creativity. And my biggest gripe is the name of the file that was online in the dark web. You think it would have been COVID-19 exposed or The truth about Pfizer and BioNTech, but the name of the file was boringoldema_leaks.zip.

Oh, interesting. It's unimaginative, isn't it?

See, that makes me think it's an inside job because when you're inside a company, you live in that micro world and you think that everyone lives in that micro world as well. So you assume everyone understands the acronyms you use and you speak to people outside that world and they're like, "I don't know what you're talking about." So yeah, because the fact that they use EMA.

Anyway, can I just say I don't know, Carole. I think I take a slightly different view on this. Because I think if they'd said, "The truth exposed about COVID-19 vaccines," or something like that, you might be more likely to think that—

You might have felt clickjacked?

Well, yeah, or you might feel that this is something which has been deliberately put together with some kind of agenda. And so maybe you'd think it more likely that the data has been tampered with. Where is it? Oh, so shit headlines.

Shit headlines give you more credibility.

Well, no, I'm just saying the file name. If you simply say, "Here is the EMA data which has leaked out," and then people open it and they find for themselves, "Ooh, juicy stuff here," they might think because—

Yeah, "leaks" is, don't you think that's a weird word to put into a file name?

You'd think "EMA secrets," right? "EMA Confidential." Like, "Ooh, I need to click this." And it was a zip file, so that means there's files within it. You're going to have to go through them to find the juicy data. You might as well give it a juicy file name.

Well, I appreciate that you're giving hackers more ideas.

This is good, excellent. And within this leak, there was some information about EMA conversations between the staff and also about the vaccine production. They really wanted to discount the efficacy of the COVID-19 vaccines produced by Pfizer and BioNTech.

So the intention is to basically sow distrust, do you think, and maybe make people think that they can't trust the vaccines because of the secrets which have, quote, leaked out?

And this is where Carole could have been correct about it being an insider job because they discredited one vaccine by Pfizer, not the other one that was done by Moderna. Interesting.

So it's a disinformation campaign, right? That's basically what it feels like to me.

That's what it seems like.

Yeah, so who would be behind this?

Well, who's been behind it for the last five, ten years, Graham?

You're not saying the Belgians again, are you?

It's always the Belgians. We know about you guys. We know. We don't talk about it, but we know.

A few of the sources did also say, hate to just point the finger, I'm not pointing any fingers, but the leak was in Russian. Like, the conversation on the dark web was in Russian. So they're like, maybe it was someone over there.

Yeah, but anyone would do that, right? Even a Canadian, right? If they wanted to hide, you'd buy that, just make it, put it in Russian.

No, they're too nice. They are.

We are, we are. Well, I love when my two podcast passions intersect in a natural way. So today I have the next installment of a UK bitcoin fiasco we talked about years ago on Smashing Security. And a number of sticky pickles have surfaced in this little shit show. TM. And the question is, what would you do? TM. So let's talk bitcoin.

Unbelievable.

Now, are you guys no-coiners or are you dabbling in the digital currency that is known as bitcoin?

I have a small cryptocurrency investment. But it is quite small and I'm not very active with it. It's just hidden away, hidden away for a rainy day or not, as the case may be.

Ron, care to come clean?

I am a dabbler. I don't have, I'm not really too invested in bitcoin or crypto, but Graham said, you know, it's always nice to have a little bit just in case you feel a little FOMO or the FOMO comes to fruition.

Interesting. We talk about FOMO. That's coming up. Excellent. Well, I, you know, I'm kind of jealous 'cause I'm a no-coiner. And currently it's a whopping $36,000 per bitcoin, which is not the highest it has been, but that's still a serious chunk of change. And the reason it's so high is because people are buying a lot of it right now. And any ideas, what would you guys say that the reason is? Do you wish to put it down to troubling times or do you think there's something a-go-go?

I think people are buying bitcoin because they think the price is gonna go higher. I don't know. I'm not sure if there's really any other reason to buy bitcoin. It's not like you're likely to make many purchases with bitcoin in my experience. I know there's some things you can buy with bitcoin for privacy reasons, but—

Illegal stuff mostly in our country, but—

Well, not just illegal, but I think it's primarily in the hope that the price triples.

There was this story where I saw an NFL player, first time ever, took his salary in bitcoin. But I'm not sure about you all. I've made a few transactions in bitcoin just from wallet to wallet. It's $10 per transaction.

Very high fee. Graham, you might remember you mentioned way back in episode 58 with Vanja Svajcer, who used to be on the show a lot. And there was this, it was a pick of the week. And you talked about the Bitcoin FOMO club.

Bitcoins have skyrocketed from, you know, $7,000 or whatever to almost $20,000. They're bordering on that, aren't they, at the moment? There have been countless people doing their maths on their missed opportunity. And he brought my attention to a website where you can find out how much you have lost out by not investing in Bitcoin earlier. All you have to do, and I'll put the link in the show notes, is go to a website called Bitcoin FOMO, FOMO.club. FOMO stands for fear of missing out. And you tell it, oh, I would have invested maybe $1,000 in Bitcoin on this particular date, and it'll tell you what it would have been worth today. So I've just done it. It's scary, isn't it?

Right, so just to give you guys an idea, right? So if I had $100, if I had $100 and I put in $100 into bitcoin, or bought $100 worth of bitcoin in January 2019, right, what would you think I would be worth now?

Oh yeah, $100. I'm going to say it's now worth $350.

You're shy. $1,000, about $1,000.

Yeah, okay, so 10-time return in a year. That's not bad.

That's pretty impressive, isn't it? I may have to go and, I might leave the podcast for a minute, go and sell some bitcoin.

And had you done it in January 2016, your $100—

Oh, oh, $100,000? No, $9,000. Oh, okay.

Even then, so January 2016 has been pretty high in terms of value, but had you done it in 2011 almost 12 million. Oh, don't— so there's a big difference there. Now, over the past decade, we've heard countless stories of the poor folk who have lost their bitcoin because they lost access to their digital wallets that was holding their precious, precious bitcoins. It's apparently— it's believed that 20% of bitcoin is lost or inaccessible. 20% of the bitcoin. Really? And I believe that because only 1% of companies have invested in bitcoin, right? So this is individuals investing in this stuff.

And people have forgotten how to access it or lost their keys, lost the machine.

They didn't know what kind of wallet they had, they forgot the password, whatever. You might remember in episode 167 with Anna, Anna Braden, she told us about how Clifton held his bitcoin keys in his fishing rod. And at the time of recording, that fortune was worth $60 million. And that's a lot of Big Macs you forfeit.

To be honest, I think once you've had $60 million worth of Big Macs, you're not going to worry too much about it could now be $70 million worth of Big Macs.

New York Times last week reported that Stefan Thomas, he's a German-born programmer, right? And who lives now in San Francisco. He has 2 guesses left to figure out his password that's worth $220+ million. Yeah.

And how frequently do you take that chance? Do you wait a few weeks or you wait a few months?

That's the worst. That's the worst, the guessing, because you can only, you know, you only got 2. That's— I just don't understand how you wouldn't crowdsource that, right? In his situation, why wouldn't you get the best minds on it? You know, say you'll split the, you'll split the spoils or give them a cut or whatever and seriously just figure it out.

He needs to call Elon Musk and use the Neuralink. That's a great use case for it, right? What was your password years ago?

Okay, now I really want your opinion on this last one. Okay, so this is the case of the infamous James Howell. Okay, I don't know, you probably don't know this story, Ron, but in the UK it's a big story. So this is this Welsh Bitcoin snafu. So this is back in 2013, this guy accidentally tossed out his old hard drive. Oh, and the problem was that it held all the authorizations to his Bitcoin wallet holding 7,500 bitcoin. Wow. Okay, yeah, a serious chunk of change. Now, according to CNN, he first discovered the hard drive was missing when his bitcoin was worth around $9 million, and today it's worth $273 million. Oh my goodness. So serious money here. Though the reason he lost it, the reason, the way it happened is apparently he had two identical hard drives and he threw out the wrong one. And he says, quote, I have to laugh about it now. And I'm like, laugh? Bet you cry a lot, James.

Carole, what's your

He tells everyone that story. You know how much I'm really worth if I find my hard drive?

story for us this week? Did you say $219 million?

Is that what you said? $273 million.

$273 million. He could basically buy all of Wales for that. He could be the King of Wales.

Graham, very interesting you say that. So back in 2017, he offered around $7 million to the council, right? To let them have a rummage in the dump because they're convinced it's in the dump, in the Newport City dump. Because bitcoin's been skyrocketing, he's obviously getting itchy, right? It's even worse now. He's upped the offer to the city. It's quoted here in The Guardian saying, I offer to donate 25% or $70 million to the city of Newport in order to distribute to all local residents who live in Newport should I find and recover the bitcoins.

Ah, but yes, this is only if he manages to recover the hard drive and is able to access the data on the hard drive.

Exactly. Which again makes me think, if his story is worthy, why aren't investors kind of backing him and offering the money up to the council now so he can go have a rummage with his boys and girls that want to find it. Oh, but you—

I mean, this is ridiculous though, isn't it? Because have you been to Wales? Yes, I've been to Wales. It's super country. It's raining all the time, right?

Green, green grass of home.

That's why it's green, green grass. It's beautiful. It's— well, yes, obviously, but wet. And so I think rather than getting investors to try and ever increase the bribe to the council, maybe he needs to rally together the people of Newport. Maybe he needs an army to descend on the landfill with their spades and say— What the hell are you drinking right now?

There is enough nonsense going on in the world right now. We don't need people with pitchforks.

I didn't say pitchforks. I said spades. Well, okay. The real problem is it's at a dump. And who wants to do a search and rescue mission there? Ron, have you ever been to Wales? It's not that bad.

Imagine you guys live in Wales. Okay, you guys are residents of Newport, Wales, right? And this guy, James, has worked out that if he's going to give you a cut of the money as a person who lives in the city, and it works out that you're going to get $140, £175. That is your cut of the 25% he's offering up.

I want more than that.

I want more than that. Well, if you find the hard drive, just take it all for yourself.

Exactly. And how are we to say if he does manage to get the hard drive back and extract the key, you know, to access his bitcoins? Yeah. What's to say that he won't get cosmetic surgery, go on the run, you know, witness protection? I love it's cosmetic surgery.

I love that that's the first thing you think of.

Yeah, because he'll run off and you'll never get your share.

What about hair plugs?

I think this is a disastrous idea. And I think well done to the council for not allowing this nonsense to go ahead.

You want to hear his science?

Oh, okay. Go on then.

Quote, the plan is to dig a specific area of the landfill based on a grid reference system and recover the hard drive whilst adhering to all safety environmental standards.

Here's the science. Here's the science I want to know.

The drive would be then presented to data recovery specialists who can rebuild the drive from scratch new parts and attempt to recover the tiny piece of data that I need in order to access the bitcoins. That's his, that's his master plan.

Graham, this relates back to your story. You try to delete the data, but define delete as someone's gonna come up and they're gonna be like, hey, this is the Fleek data again.

He should have uploaded it to Fleek, shouldn't he? He should, that's what he should have taken a photo of his hard drive. Maybe if you analyze a photograph well enough, you can extract the data. Off the hard drive. How about get some—

Why do we care if this nutjob wants to go, you know, milling around in the dump?

I'll tell you why you want to care, because otherwise every other nutjob comes forward. So what? Well, what about my local—

And then they're gathered up in one place.

Right, right. Stop right there. Okay. Because what happens when my local dump suddenly has people going to it, even though there's no one claiming that there's a hard drive there? Chances are—

You've been out there very often.

Chances are there is a hard drive. Well, sometimes I go to the dump and I take some rubbish and I don't want to fight back people with spades digging around for hard drives in the hope that there might be someone's Bitcoin crypto wallet key on it. It's just insanity.

I personally could not care less if someone was rummaging through the dump trying to find something of value. Good for them. Recycle, reuse.

You're an irresponsible member of society. Imagine—

No, you are. Sorry, Ron, this is getting a little heated. What are your views on this?

Whose side are you on? I say, you know what, if he's offering $70 million, go for it.

Unbelievable.

I also think he's a little bit greedy. Surely he could offer 75% of the, you know, why does he have to keep $200 million for himself? True. Yeah, does he need $200 million? Who needs that?

Well, is he part of the mission? Is he going to the dump also, or is he benefiting?

Yeah, is he gonna do any of the work?

If he's doing most of the work, then all right, I think 20% is okay. But if he's not, then yeah, totally 70%, maybe even more. You get 5%. How much—

How many hair plugs can you get for that kind of money?

Graham, you had a quiz. I've got a quiz for you. What can people do to stay safe online at home?

Well, I'd recommend 1Password for families. Protect all your family with password management software. Okay, why? Well, you can share your logins with your family, passwords, credit cards, and you can do it safely. You'll get alerts if accounts are compromised, and it's really easy to set up.

Cool, where can I learn more?

We can find out more at 1Password.com, and until March 31st, if you purchase a $50 gift card, you'll get $10 towards a YubiKey security key for strong two-factor authentication. Nice. Find out more at 1password.com/giftcards. Smashing Security is sponsored this week by Recorded Future. They empower organizations revealing unknown threats before they impact a business, helping teams respond to alerts 10 times faster. Recorded Future does this by automatically collecting and analyzing intelligence from technical, open web, and dark web sources. Well, you too can access the up-to-the-minute security intelligence that allows Recorded Future clients to make fast, confident security decisions by installing their free browser extension, Recorded Future Express. Go and grab it now at smashingsecurity.com/recordedfuture. That's smashingsecurity.com/recordedfuture. And welcome back. Can you join us on our Patreon? Favorite part of the show, the part of the show that we like to call Pick of the Week. Pick of the Week. Pick of the Week. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related necessarily. Better not be. Well, my Pick of the Week is not security related this week. I want to take you back in time to 19— Oh, again.

It's not gonna happen one more, isn't it?

I like the old days. Yeah, I know, I know. And in particular, I like retro television. I'm a big fan of retro television. But I'm going to take you back to a show which I watched in 1987. And I remember seeing this— Have you watched it since then? Well, yes, because I've watched it in the last week. Hence, I'm recommending it to you now.

Okay, I just thought I was worried we were relying on your memory from way back then. I was going to be like, okay, sketchy.

You can watch this on YouTube, and I think it's quite a well-known piece of film. It was a little thing done by the BBC, which was a masterclass by Michael Caine about how to act in film.

I don't know if I've ever seen this.

Have you never seen this? It is fascinating. So, 1987, Michael Caine, and he's got about 4 or 5 young actors with him, one of whom is actually, subsequently became relatively famous, Celia Imrie. So what Michael Caine does in this hour is he's chatting to these people and you're watching and he's explaining how to act in front of the camera and how to appear natural. And so what he does is he gets the actors to perform scenes from some of the movies that he's been in, things like Educating Rita, Alfie, and Death Trap. You may remember he was in with Christopher Reeve. And it's really good.

I wonder how many people watch this to try and act English, literally just to kind of pretend to be English.

Well, it's Michael Caine, so it's not sort of anyone for tennis acting. It's not sort of, "Eh, I say, oh jeez, you must know." I don't think that's the majority of Brits.

I don't know. I don't know where you live, but—

But it is an absolute masterclass, is the right word, in how to be still. And silent and rather dangerous.

You're very, very good at that, Graham.

In front of the television.

He's taken the class.

Yeah, yeah, he is. Yeah, you always get a sense of danger when Graham's around. Threatening.

What you come out from watching this is not only— because he's given you real techniques in how to do this. And I'm not an actor, but I find it fascinating to watch the things he's doing. Because normally you see an actor on the screen, you think, well, what are they doing? They're just not bumping into the furniture and they're saying some lines. But oh no, no, no. When an actor is good, when an actor is very natural in front of the camera. It's really impressive. And some of the young actors—

You really think acting is just doing that? Did you really think it was just a piece of whatever?

Sometimes. Sometimes. But when you see some of these young actors he's teaching, right? When you see them do a scene from Alfie, for instance, and they do it in such a theatrical way, and then he does it, and he picks them up and he says, "No, no, no, do it this." So much of a difference. And it's fascinating. And that is why I'm recommending, and I'll put it in the show notes, a link to the Acting in Film Masterclass by Michael Caine. Great piece of TV from 1987. And I really enjoyed it this week, which is why it is my Pick of the Week. And breathe. That's called acting. That was a big finish.

I will watch this. I didn't your Pick of the Week last week.

You always think you can act until you watch yourself back. It's, do I sound a robot? Really?

I don't know. I don't think I could act.

Ron, what is your pick of the week?

My pick of the week is Damn Fine Story: Mastering the Tools of a Powerful Narrative by Chuck Wendig. It is a book, it is phenomenal. And I have a question for you two, okay, who answers first? Let's go Graham, okay, what do Luke Skywalker, Graham Cluley, and Carole Theriault have in common?

The Force is with us. Bad hair?

Well, oh, hang on. Carole's married to a Wookiee.

I'm married to Chewbacca, actually.

Not any old Wookiee, not any old Wookiee. I'm not sure, is it that we all started a long, long time ago?

You would never guess, but you two are storytellers. You're constantly telling stories on your podcast - we did the topics and our pick of the week, and they're all kind of done through a narrative that is interesting through a story. But the thing that you all have in common is you all are the characters that we care about. Each week, two archenemy best friend heroes unite and expose the truth while debunking myths, and that is you two. And the best part about a story is the characters are the problem - that's you two. You two are the problem each week, and the stories that you tell—

One of us is a very big problem. Us two are the problem.

The stories that you tell are the solution, and that's what makes a great story is great characters along with the solution that are presented to the characters.

I think that's very true, Graham. I think you are the problem, and then when I tell my story, the solution shows itself and everything's great. That's really good, Ron, you're so insightful, man, thank you.

That's what I was going for. Sorry, Graham.

So it's called Damn Fine Story by Chuck Wendig.

Yes, it's a great book, and it really breaks down some of the elements of a story that regular storytellers might overlook. We typically get so caught up in a story is a beginning, a middle, and an end, and it has a problem followed by a climax and resolution, but there's so much more depth that can be within a story. You can really tell a lot of things through the characters - if you focus on the characters rather than the problem and the solution, there's a lot more interesting things that can happen. When I'm writing a story, I might write a story about cybersecurity, for instance, but what happens if cybersecurity was done on a remote island and it's dark, it's cold, and the only way to survive is by hacking others? When you start to bring in those elements of a story, it's like, hmm, now my imagination starts to kind of be more exposed, I have to think harder.

See, it doesn't always have to be smutty, Graham, right? Be creative.

I'm just not rising to any of this, girl. Alright, Carole, what's your pick of the week?

Okay, did you guys ever watch The Office? Yeah, of course, right. Okay, I don't know if you saw the UK version, Ron - I never watched the US one. I know I saw a few episodes, but I didn't kind of watch the whole series, but I'm assuming it was the same in that it made you feel really uncomfortable? The humor was just—

It's good, it's different, it's a different show, but I think both have their merits.

If they both have that discomfort thing, don't they? That, you know, that level when you're watching, you're like, oh my God, he's not going to do— oh my God, no, he is going to do that. He is going that. He's doing that right now. I need to go hide behind the couch and not watch this. That kind of show. Well, if you like that sort of comedy and you don't mind swirling in a little bit of dark mystery drama, you might want to check out Back to Life, which is just currently on Netflix.

You know, it's pretty crazy to hear because I feel like I sound like I'm reading something sometimes when I have guests on, but when you guys start and when you end, it almost sounds— it sounds pre-recorded, it's so good. Really? Wow.

This was a BBC production which aired on BBC One back in 2019. And it stars Daisy Haggard, and she's this woman called Miri Mattson. And she's like a 30-year-old-something who's just returned to her family home in Kent after serving 18 years in prison. And you just— it's like 6 episodes of her kind of coming out and wanting to find her old boyfriend that she used to date when she was 15 or 16. And he never came to visit her once inside. And when she finally meets, you know, she's kind of fantasizing about getting back together with him. And then you meet him. He's such a pillock, guys. He's so bad. Like, he's so vile. And then he has the secret that almost made me hurl. Like, I literally jumped out of the room. I could not stand what was happening on television in that The Office times a thousand moment. And I just— I'm putting it out there for all listeners.

I was like, wait, are they playing something?

If you think you can stand anything, I think this is where you— if you want to make a bit of cash, just do a bet with your partner saying, can you do it? Can you do it? Whoever doesn't walk out, okay, $10, and see what happens, because wow. So 25 minutes each episode, 6 episodes, not a huge investment, and best thing I've watched all year.

I think— Do you know I

How many episodes till you walk out?

went on Hacker Valley Studio and Oh, oh, it happens pretty early. Episode 2. Episode 2, it happens, and I was shocked. I was so shocked. interviewed Ron and Chris?

Is it a better use of my time than going to the local dump and digging around for hard drives?

Is it? Fab. I can't wait to hear it. In my view, absolutely. Absolutely. The writing's awesome. Daisy Haggard is incredible. I loved it. So the show is called Back to Life. It's a BBC production. It's now available on Netflix. Check it out. Fantastic. And that just about wraps it up for this week. Ron, thank you so much for joining us on the show. I'm sure lots of our listeners would love to follow you online.

The best place to follow me and all the things I'm working on is hackervalley.com. You can also catch me on Twitter at @RonaldEddings and same for LinkedIn. You could just search me by name. Fantastic. And you can find us on Twitter at Smashing Security, no G, Twitter wouldn't allow us to have a G. And you can also join the Smashing Security subreddit as well. And shout out to this episode's sponsors, 1Password and Recorded Future, and to our wonderful Patreon community. It's thanks to all of you that this show is free for everybody.

Until next time, cheerio, bye-bye. Bye-bye. Bye.

All right. That's a wrap. Awesome. Awesome.

Thanks very much, Ron.

Say more, say more, Ron. Say more. Who's better at it, you think? Can we stop the recording now?

Please just stop the recording.

No, no, no, no. I just want to hear.

I don't think we need to Oh, did you? Yeah. record anything else.

That episode, by the way, is going to be out tomorrow.