Is it the end of the road for John McAfee? Is PornHub more legitimate than Facebook? And do you know as much as you think you do about the Microsoft Exchange Server mega-hack?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire's Dave Bittner.
Visit https://www.smashingsecurity.com/218 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Dave Bittner.
Sponsored By:
- Sailpoint: SailPoint Identity Security can help you enable your business and manage the cyber risk associated with the explosion of technology access in the cloud enterprise – ensuring each worker has the right access to do their job – no more, no less.
- Gain unmatched visibility and intelligence while automating and accelerating the management of all user identities, entitlements, systems, data and cloud services.
- 1Password: Check out 1Password's podcast "Random but Memorable" for lighthearted security advice and banter with hosts Matt, Anna, and Michael.
- Listen to the "Random but Memorable" show in your favourite podcast app to hear the latest about security horror stories, data breaches, password hacking, and more.
Links:
- John McAfee 'disguised as Guatemalan street hawker with a limp' — The Telegraph.
- John McAfee Wanted for Murder — Gizmodo.
- John McAfee says he infected laptops with malware, spied and stole passwords from Belize officials — Naked Security.
- John McAfee is running for president — Graham Cluley.
- Good luck John McAfee, socially engineering a corpse… — Graham Cluley.
- How To Uninstall McAfee Antivirus — YouTube.
- John David McAfee And Executive Adviser Of His Cryptocurrency Team Indicted In Manhattan Federal Court For Fraud And Money Laundering Conspiracy Crimes — US Department of Justice.
- IsLegitSite — Check if a website is legitimate or not.
- Microsoft Exchange Server Market Share and Competitor Report — Datanyze.
- Four new hacking groups have joined an ongoing offensive against Microsoft’s email servers — MIT Technology Review.
- A Basic Timeline of the Exchange Mass-Hack — Krebs on Security.
- New nation-state cyberattacks — Microsoft.
- The Kilobyte’s Gambit — A 1k chess game.
- The Repair Shop — Netflix.
- The Repair Shop — BBC One.
- Sideways — BBC Radio 4.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
GRAHAM CLULEY. Would you trust someone who had maybe disguised himself as a Guatemalan trinket salesman while on the run from the Belize police who wanted to question him about a murder?
DAVE BITTNER. Well, I mean, who among us hasn't done that at least once in our lives?
UNKNOWN. Smashing Security, Episode 218: Microsoft, McAfee, Security and Mayhem with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 218. My name's Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. And Carole, we've got a special guest with us this week, haven't we? Who is it?
CAROLE THERIAULT. An oldie but a goodie. Well, not old, like not old.
DAVE BITTNER. Not that old.
CAROLE THERIAULT. Not that old. Hi, Dave D-Dog Bittner.
DAVE BITTNER. Well, hello, hello. Welcome. Or no, well, no, wait, I'm not the one who says welcome. This isn't my show. Hold on. Thank you for having me.
GRAHAM CLULEY. Dave, of course, you are from The Cyberwire and Hacking Humans, amongst other shows. So you're not the boss around here. I think we all know who the boss is on this show.
DAVE BITTNER. Oh, I think that's perfectly clear, but certainly between you and me, Graham.
GRAHAM CLULEY. It's over to you, Carole.
CAROLE THERIAULT. Well, first, let's thank this week's sponsor, 1Password and SailPoint. It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?
GRAHAM CLULEY. I've got a very strange celebrity tale from the world of cybersecurity. Mm-hmm.
CAROLE THERIAULT. And Dave, what about you?
DAVE BITTNER. I've got a website that can help you determine whether or not you might be being scammed or not.
CAROLE THERIAULT. Ooh, that sounds fun. And I'm gonna look into that, you know, Microsoft Exchange Server snafu. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chums, chums, have you ever considered yourself to be an influencer? Do you think you influence people?
CAROLE THERIAULT. Well, I think I'm a trailblazer, Graham.
GRAHAM CLULEY. Are you?
CAROLE THERIAULT. Yeah, I think I'm a trailblazer. I think a lot of people, you know, I turn a lot of heads, right? Yeah, I think people go, hey, super cool idea, Carole.
GRAHAM CLULEY. You're so funny, Carole. I'll do what she does. Does that happen with you as well, Dave? Do you find yourself—
DAVE BITTNER. I would say more of a cautionary tale is how I've lived my life. As a friend of mine says, every now and then it's good to look behind you and see if anyone is following that parade you're leading. So—
CAROLE THERIAULT. Oh, you need followers, oh.
GRAHAM CLULEY. Right.
DAVE BITTNER. No, I mean, no, I would not say that I, I would certainly not label myself any sort of influencer, no.
GRAHAM CLULEY. Right. Well, influencers and celebrities online, they need to be careful these days. In fact, they've been warned to be careful what they tweet about, haven't they? So they have to have, clearly label things as ads or, in fact, there's a specific warning which went out, which was telling celebrities that, you know, if you're using social media networks to tell people to purchase a stock or an investment, that could be illegal if you don't disclose any kind of link you might have with that organisation or whether you're getting paid compensation.
DAVE BITTNER. Didn't Elon Musk get in trouble with this a few times?
GRAHAM CLULEY. Well, it's an interesting one, isn't it? Because Elon Musk, of course, his company bought a staggering amount amount of bitcoin not very long ago.
CAROLE THERIAULT. Yeah, it was like $1.5 billion worth or something ridiculous.
GRAHAM CLULEY. He is prone to the occasional odd tweet, isn't he, Mr. Musk?
CAROLE THERIAULT. He's the only one actually. He stands out like a sore thumb, actually, doesn't he, on Twitter?
GRAHAM CLULEY. I think he has had his knuckles wrapped in the past by the SEC, who've said, look, if you're going to tweet anything about your company, you better make sure the lawyers have read it first, because he has been accused sometimes of maybe having undue influence. So the thing is that we need to find people and celebrities who are trustworthy, don't we? So who would be the ultimate trustworthy celebrity, do you think?
DAVE BITTNER. Geoff Goldblum.
GRAHAM CLULEY. Geoff Goldblum.
DAVE BITTNER. Thom Hanks.
GRAHAM CLULEY. You know, I knew someone would mention Thom Hanks.
CAROLE THERIAULT. This is where Graham and I do agree. He's a nice guy.
GRAHAM CLULEY. I'm sure he's a lovely chap. He seems charming in interviews. I have a problem with some of his movies. And with his Oscar acceptance speeches.
DAVE BITTNER. Really?
GRAHAM CLULEY. Yeah. Yeah. There's something about him which just makes my skin crawl.
CAROLE THERIAULT. Is he too perfect for you, Clue?
GRAHAM CLULEY. I don't think anyone's too perfect for me.
CAROLE THERIAULT. That's why you hang out with me, right?
DAVE BITTNER. What about George Clooney? How do you feel about him?
GRAHAM CLULEY. I'm all right with him. There's a sort of a rhinestones to him, but Hanks, I think his best performance is probably in Toy Story where I can't see him. I liked that movie about the Pentagon Papers. That was quite good.
CAROLE THERIAULT. Is your thing, do you just want to punch him in the face for no reason?
GRAHAM CLULEY. No, no, no. No one can go around punching Thom Hanks in the face. That's like a capital offence, wouldn't it? You can't do that.
CAROLE THERIAULT. I was just asking.
GRAHAM CLULEY. A nation's hero. Well, I think Thom Hanks, probably many people would consider him trustworthy.
CAROLE THERIAULT. Can I ask one question?
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. If you are in the ocean and on one island is Piers Morgan and the other island is Thom Hanks, where do you swim?
GRAHAM CLULEY. Hanks. Thanks.
CAROLE THERIAULT. Really? Okay, so, okay. Yeah, yeah, yeah, yeah. Interesting. Okay, sorry, I digress.
GRAHAM CLULEY. Let me paint you a picture of a celebrity and see if you would trust him. Would you trust someone who had maybe disguised himself as a Guatemalan trinket salesman while on the run from the Belize police who wanted to question him about a murder?
DAVE BITTNER. Well, I mean, who among us hasn't done that at least once in our lives?
CAROLE THERIAULT. My question is, does he have a goatee? Because that's a definite no-no.
DAVE BITTNER. Well, that just, that indicates evil twin, right? Exactly. That's a giveaway. Yes. That's the Michael Knight evil twin, right?
GRAHAM CLULEY. Oh yes, Spock did it too as well, didn't he? Okay, what if the same person claimed he'd run a team of 23 women to seduce and spy on his enemies? Or he'd tried and failed, obviously, to be chosen as a US presidential candidate?
CAROLE THERIAULT. I think insecure. The fact that he has to tell me about it.
DAVE BITTNER. Just the kind of out-of-the-box thinking that we need, right?
GRAHAM CLULEY. Would you trust someone who also said, that he would socially engineer a corpse in order to find an iPhone passcode.
CAROLE THERIAULT. I love that, though. What does it even mean?
GRAHAM CLULEY. Well, who knows? But these are all claims of someone who we in the security industry know or may remember. Certainly you're familiar with his surname. It's John McAfee.
CAROLE THERIAULT. Yes, you've talked about him on the show a number of times. Are you working for him? Are you actually getting kickbacks?
GRAHAM CLULEY. I think I may be the only person who isn't getting kickbacks from John McAfee, to be honest.
DAVE BITTNER. Aren't you kind of burying the lead here, Graham, though? Didn't he make some sort of pronouncement that if something didn't happen, he was going to take part in some sort of a culinary event that— of some note?
GRAHAM CLULEY. As I recall, he was expecting something to rise to quite a level. And if it didn't rise to quite a level, then he would perform an act on television. I think that's— it will never stand up in court. That's the end of the joke.
CAROLE THERIAULT. Eat his dick, right? Eat his own dick.
DAVE BITTNER. Thank you, Carole, for going straight to the point.
CAROLE THERIAULT. It's all right. I know you guys are professionals, so I'll just lower the tone.
GRAHAM CLULEY. John McAfee is now 75 years old.
CAROLE THERIAULT. Jesus Christ. Is that true?
DAVE BITTNER. Doesn't look a day over 80.
CAROLE THERIAULT. He's like a Hugh Hefner wannabe, isn't he? God.
GRAHAM CLULEY. He has quite the harem.
CAROLE THERIAULT. I've seen him in a silk robe and something stupid he's done before.
GRAHAM CLULEY. With some bath salts on his upper lip. He's done some curious videos. He has been charged by the US authorities with money laundering and fraud because they claim he's been using Twitter to promote cryptocurrencies— get this— that he was secretly invested in, trying to inflate their value and then sell them for profit.
CAROLE THERIAULT. Yeah, okay. But he's not in the States, right?
GRAHAM CLULEY. No, no, he's not in the States. At the moment, he's holidaying in a Spanish jail cell. Oh! Where he's been since last October. The reason why he's in a jail cell in Spain at the moment is that the US authorities asked the Spanish police to collar him, claiming that he'd been— basically, it's tax evasion. He said, "Look, that's absolute nonsense. Of course, I would never have done anything like that." Here's 10 grand, bring me a cell phone. Right.
CAROLE THERIAULT. Yeah. Okay.
GRAHAM CLULEY. But no, he's been hit with 7 counts of fraud and money laundering by the DOJ. They claim that in 2017 and 2018, he was running an operation. You may well remember it if you follow him on Twitter. He was doing something called Coin— No, Normie. Coin of the Day and Coin of the Week, which is where he would choose a cryptocurrency. He said he and his team would thoroughly research it, And then he would give his recommendation. And in recent years, rather than talking about malware, because of course he founded the famous antivirus company McAfee.
DAVE BITTNER. I can't help thinking about the poor people at McAfee PR who have to have, like, in copy and paste, they have to have—
CAROLE THERIAULT. We no longer affiliated in any way.
GRAHAM CLULEY. Yes, exactly, exactly.
DAVE BITTNER. They just sit there with their head in their hands on their desks every time something like this happens.
GRAHAM CLULEY. Because I think he left the McAfee antivirus company in about 1994 or so.
DAVE BITTNER. It's been a while.
GRAHAM CLULEY. Yes, it's been a long time. But he does love to sort of stir up the connection. He did produce a video all about how to remove McAfee from your computer, which he did with a pistol, as I recall, and some hookers.
CAROLE THERIAULT. Can I ask a question? Who the hell would trust him and his advice? Who is following him and going, oh, he's reliable and informed? Well, and is totally sane.
DAVE BITTNER. Well, but he's rich, and that's all it takes for a lot of people. He's wealthy. He's living a lifestyle that I suspect many people probably aspire to. Not me personally. I know, Graham, probably not you either. But I could imagine there being a certain appeal, a certain class of people would enjoy, would think that's what I want for myself.
GRAHAM CLULEY. And he was, let's say, let's say, a luminary of the cybersecurity industry, an industry which has always been held in the highest regard and with great respect by the general public.
CAROLE THERIAULT. But he then was in South America on the run, wasn't he?
GRAHAM CLULEY. Well, yes. Yes.
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. That's right.
DAVE BITTNER. Again, who among us has not found themselves in that exact situation?
GRAHAM CLULEY. Faking a heart attack to evade the police at one point.
CAROLE THERIAULT. Yes!
GRAHAM CLULEY. Extraordinary.
CAROLE THERIAULT. Mm-hmm. I don't think a 76-year-old man with a heart problem should be trying to eat his own—
GRAHAM CLULEY. Well, no, he's a bit of a yoga expert. Anyway, he's— He's an extraordinary self-publicist. I mean, that we can certainly agree, right? And he managed to get 1 million people after the allegations and going on the run in Belize. He ended up with over a million people following him on Twitter. And in December 2017, to give you one example, he began tweeting about a cryptocurrency, an altcoin called XVG.
CAROLE THERIAULT. Oh, so you're doing his bidding?
GRAHAM CLULEY. Well, no, no, no, I'm going to tell you the story of XVG because what he did allegedly, was he deliberately pumped up the price saying that, you know, well, this is gonna go great guns, you wanna get on board with this.
CAROLE THERIAULT. Yeah, get in early.
GRAHAM CLULEY. And he tweeted, because some people, some people were skeptical of John McAfee, can you believe that? Some people were skeptical and they said, I bet you've got some of this cryptocurrency. And he said, no, no, no, I own no XVG. I love how you shallow folks cannot distinguish between someone who shamelessly speaks his mind because it's true and someone with an ulterior motive. I bought absolutely none of it at all. If I did, 'I couldn't promote it if I owned any of it.' Well, according to the DOJ, he had bought quite a lot of it.
CAROLE THERIAULT. Oh, so he was categorically lying online and—
GRAHAM CLULEY. Yeah, because of course you have to—
CAROLE THERIAULT. Declare your interest.
GRAHAM CLULEY. Indeed. The price of those coins rose 400% in 4 days after he tweeted.
CAROLE THERIAULT. Jesus.
DAVE BITTNER. Cha-ching!
GRAHAM CLULEY. And they've since reduced by about 85%. So some people—
CAROLE THERIAULT. But let me guess, did he sell?
GRAHAM CLULEY. Oh yes, yes he did. And he was working allegedly— I'm sorry, let's insert a few of those—
CAROLE THERIAULT. allegedly with his, uh, can you add them in?
GRAHAM CLULEY. Allegedly, allegedly, allegedly, allegedly, allegedly.
DAVE BITTNER. This message brought to you by the Smashing Security legal team.
GRAHAM CLULEY. So he was reportedly, allegedly, claimed, it's claimed, working with Jimmy Gale Watson Jr.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. Who used to be John McAfee's security guard, which must be an interesting job. But he got promoted to be executive advisor of McAfee team. Jimmy Gale Watson Jr. and other cohorts were buying the coins, and the DOJ claims to have gained access to the Skype conversations between John McAfee and other members of McAfee team where they're plotting what they're going to do and how to sell for maximum profit, which suggests to me not great operational security.
CAROLE THERIAULT. Do you think security guards have to sit there and go, you can't reach, John, you can't reach, stop now, back away.
GRAHAM CLULEY. David, what have you got for us this week?
DAVE BITTNER. Well, earlier this week, I was speaking with Dinah Davis, who is the vice president of R&D at a company called Arctic Wolf. And she's a regular guest over on the CyberWire. And we were talking about some ways to protect yourself from scams and those sorts of things. And one of the things she brought up was a website that I was not aware of that she says she uses all the time in her work in security, and it's called islegitsite.com.
CAROLE THERIAULT. Yeah, I was gonna say, is, I'm gonna write is legit site.
GRAHAM CLULEY. It's not grammatically very good, is it?
DAVE BITTNER. It's not, but the site itself is quite valuable. So basically you go to the site, you put in— well, let's back up a little bit. So there are tons of particularly coronavirus-related websites that are being spun up all the time by scammers taking advantage of the fact that people are nervous, that they're worried, they want to get the vaccines as quickly as possible. So they're spinning up all of these domain names that have something to do with coronavirus, but really just lead you down a pathway of separating you from your money. So what this tool does is you can put in, let's say you get an email from someone that says, get in line for the vaccine, for example. Well, before you go to that site, you can load that site into this site, islegitsite.com, load that website in there, and they will run it through a series of checks and give you a ranking of how trustworthy they suspect that the site may or may not be. And it's quite useful. So I thought maybe for fun we could run a few of our favorite websites through this.
CAROLE THERIAULT. I just put in Pornhub.
DAVE BITTNER. She just goes right for the jugular, doesn't she, Graham? Like, I was thinking, let's run Smashing Security through it. And there's Carole. Pornhub.
CAROLE THERIAULT. 85 out of 100%. My male friends would be very happy.
GRAHAM CLULEY. Okay, so which website should we try first? Which one should we try?
DAVE BITTNER. Well, let's start with Smashing Security. Let's put Smashing Security in there. It's our favorite website. We'll just click check website. All right, here it says potentially legit.
GRAHAM CLULEY. What?
DAVE BITTNER. Now they never say, they don't, they know, they only, there's a limited amount of commitment here that they have, you know, because Because that's a bit like mostly harmless, isn't it?
GRAHAM CLULEY. That's quite—
CAROLE THERIAULT. Yes, it's like, yeah, yeah, yeah, yeah.
GRAHAM CLULEY. Okay.
DAVE BITTNER. So exercise caution. Mm-hmm.
CAROLE THERIAULT. Mm-hmm.
DAVE BITTNER. Doesn't have a trust rating yet, but you're not on any blacklists, so that's good. That's good. The domain was created long enough ago that it's not some fly-by-night just started recently. So that's good. You're using an HTTPS connection. Excellent. Excellent. Oh, dear. Website popularity. This website may not have too much traffic.
CAROLE THERIAULT. Oh.
DAVE BITTNER. So it says the website is ranked 1,724,362 among millions of websites according to the Alexa traffic rank. Well, after this show, I'm sure it'll get a little boost, so.
GRAHAM CLULEY. Shit. Wow. That's a little bit upsetting.
CAROLE THERIAULT. I feel like I've been whipped across the face by wet Phishing.
GRAHAM CLULEY. What about your one, Dave? What do you—
DAVE BITTNER. Sure, let's— all right, so let's do the Cyberwire. So the Cyberwire— now then, cyberwire.com. All right, what does it say here? Let's take a look together. What does it say, Graham?
GRAHAM CLULEY. Potentially legitimate. That's good, well done. You're not on any blacklists. It was created 9 years ago, so you've been around a long time. That's very trustworthy. And you're on SSL. That— yes, good. Oh, website popularity. The website has good traffic. It's popular. Ranked 273. This is way ahead of us.
DAVE BITTNER. Well, I don't like to brag, but—
GRAHAM CLULEY. Is this the whole reason you brought this story to us?
DAVE BITTNER. No, no, no, no. Let's move on to one that we know is a potential scam site.
GRAHAM CLULEY. Facebook.com, right? I'm going to enter that. Yes. Okay, go ahead. All right.
DAVE BITTNER. Go ahead.
GRAHAM CLULEY. It's come up red. Potentially unsafe. We found Facebook. Yes, it has.
CAROLE THERIAULT. Because of all their tracking.
GRAHAM CLULEY. Found evidence that the site may be unsafe. Oh, this is fantastic. I wonder if we beat them on traffic. So there's probably—
CAROLE THERIAULT. we're probably— oh, cyberware definitely do. They definitely do.
GRAHAM CLULEY. Someone has blacklisted them. Yandex Safe Browsing. That's the Russian search engine.
CAROLE THERIAULT. I think they're blacklisting quite a lot of people recently.
DAVE BITTNER. That's interesting.
GRAHAM CLULEY. They can't get a Or unable to get the date when the domain name was created. Well, that's suspicious, isn't it? It should have very good traffic. The 7th most—
DAVE BITTNER. Look at their popularity.
GRAHAM CLULEY. The 7th most popular website, it says.
DAVE BITTNER. Yeah, number 7.
GRAHAM CLULEY. Pathetic.
DAVE BITTNER. So we're down there in the hundreds of thousands and they're number 7. 7.
CAROLE THERIAULT. Try google.com. Hmm. I just did.
GRAHAM CLULEY. Loads of dodgy stuff. Oh, potentially unsafe.
CAROLE THERIAULT. Google.com. We found evidence that your website may be unsafe. So I'm a little nervous about this site.
GRAHAM CLULEY. Do you think it's because Google.com obviously does link to dangerous sites and that's why?
DAVE BITTNER. Well, so let's put in one we know. I put a link in here, one that I know is a scam website, and it's Corona.com. So let's put that in there, 'cause we know this is a bad one.
GRAHAM CLULEY. Ooh, yes.
DAVE BITTNER. And see how it comes up here. All right, so it says potentially unsafe. It has a trust rating of poor, 32 out of 100. Not on any blacklists. The domain creation was a year ago. That actually sort of tracks with coronavirus.
GRAHAM CLULEY. Right.
DAVE BITTNER. And it is an SSL connection, but the popularity, It has low traffic or none at all.
GRAHAM CLULEY. Ah, bless.
DAVE BITTNER. So that's an indicator. So I would say the overall lesson here is that— is this site the absolute be-all end-all to determine whether or not something is legit? No. But if you're suspicious of something, this is a good place to check in, and this will give you a bunch of information in one place to try to decide if you really want to engage with a questionable website or not. So I think it's a useful tool.
GRAHAM CLULEY. I think it is as well. It's easy to use. It's not too nerdy. And, you know, if you are suspicious of a site, then it may be— obviously don't trust this popularity thing.
DAVE BITTNER. No, of course not. That's way off.
GRAHAM CLULEY. Ridiculous.
DAVE BITTNER. Yeah. Yeah. Although, you know, it's funny. I feel like I want to trust it a little more than you do. I don't I don't know why.
CAROLE THERIAULT. I do find it weird, though, that they say google.com is potentially unsafe. Like, I think that's a bit misleading for some people. Yeah, because they say the trust rating is very high, right?
GRAHAM CLULEY. I've just put in pornhub.com.
CAROLE THERIAULT. I did. Yeah. Oh, did you? Yeah. What did you find?
GRAHAM CLULEY. Well, on your recommendation, Carole, and it says potentially legitimate.
DAVE BITTNER. Well, there it is. So start using it at work. I mean, no problem, right?
GRAHAM CLULEY. But not Facebook or Google.
CAROLE THERIAULT. I can't believe after he attacks our site on our own show, you want him to have my joke.
GRAHAM CLULEY. I'm not giving you— I know. Did you actually go to Pornhub, Carole? Yes, I didn't hear you.
CAROLE THERIAULT. 85 out of 100. Oh well, you'll see all the edit.
DAVE BITTNER. Okay. All right, so once again, is legit site and that is my story this week. Carole, what do you have for us this week?
GRAHAM CLULEY. It's not your show. Carole, what do you have for us this week?
DAVE BITTNER. I just keep— sorry, I keep— I just have it. It's a habit. Sorry.
CAROLE THERIAULT. It might be a takeover going on, Graham. And maybe with good reason, because before the show, Graham, you poo-pooed my story. I texted you saying, I think I'm going to cover this. And you wrote back, barrel of laughs, intimating that it wouldn't be funny at all. And what would be the point?
GRAHAM CLULEY. We'll let the audience decide.
CAROLE THERIAULT. You're right on one thing. It's going to be challenging. But the story's a big effing deal, according to one unnamed state official. So I'm doing it. But to make it fun, I'm going to pop quiz you two to see how much you know about this big effing deal. Yes.
GRAHAM CLULEY. Excellent.
CAROLE THERIAULT. Mm-hmm. Totally trust me. I'm going to keep score. So I've got a piece of paper right here. You know, I never cheat Clue.
GRAHAM CLULEY. You have to be careful. There's nothing like a woman scored.
DAVE BITTNER. Yeah, there you go. There you go.
CAROLE THERIAULT. Ready? So as you guys know, last week Microsoft made available 4 software updates to patch critical security holes in Microsoft Exchange Server products. Now, this is a big deal because it's not like Microsoft found it and made the patches available before any baddies started to take advantage of the vulnerabilities. With Microsoft being a bit late to the home plate with a patch, thousands upon thousands upon thousands of organizations that use Microsoft Exchange Server products are sitting ducks or infected. But we'll get to that. So let's start with our quiz. Question number 1, gentlemen.
GRAHAM CLULEY. So much pressure.
CAROLE THERIAULT. What is a Microsoft Exchange Server?
GRAHAM CLULEY. Oh, well, it's, it's, it's a computer running the Microsoft Exchange Server software, which you would have on your premises. Rather than using—
CAROLE THERIAULT. For what?
GRAHAM CLULEY. You would use it for email and calendar services.
CAROLE THERIAULT. Mm-hmm. I'm going to give that one to Dave.
GRAHAM CLULEY. Sorry, he just said one word. He just said the word email.
CAROLE THERIAULT. The word I was—
DAVE BITTNER. But it was— well, it was the right word, Graham. It's not volume, it's accuracy.
CAROLE THERIAULT. It's Microsoft Exchange is the messaging and collaborative software solution used for managing email, calendars, contacts. Tasks. Yeah, but you said that after he said email.
GRAHAM CLULEY. So more complete answer.
CAROLE THERIAULT. So basically, it allows people to work online remotely, which during the Rona times is vital to business continuity. Question number 2. What is the approximate market share for Microsoft Exchange Server?
DAVE BITTNER. I'm going to say 5%.
GRAHAM CLULEY. I'm going to say 10%, and I believe I'm going to be closer than Dave.
CAROLE THERIAULT. You are closer. Do you want another go, Dave?
GRAHAM CLULEY. What do you mean, another go?
CAROLE THERIAULT. It's 31% according to Data Knives, which is a weird website, but for the server version, is it really? Oh, yeah. So I put the link in the show notes. Anyone who knows better, tell me, but they claim it's about 31% based on their little algorithm that work it. And for—
DAVE BITTNER. Wait, wait, wait, wait, wait, 31% of what?
CAROLE THERIAULT. Of people using collaborative working systems. And for an extra point, Dave, can you name any competitors, or Graham, you too, any competitors to Microsoft Exchange Server products?
DAVE BITTNER. Well, what about Gmail?
GRAHAM CLULEY. Well, Google Workplace, I think you'd call it Google Workplace.
DAVE BITTNER. Right, are we categorizing them separately that the thing you have running on your own server is different from a cloud-based service like Gmail? Is that what we're, is that the hair we're splitting?
GRAHAM CLULEY. I would think Novell GroupWise, Veritas Enterprise Vault, Open Exchange, Kerio Connect.
CAROLE THERIAULT. Someone's got a Google connection. Someone's looking.
DAVE BITTNER. Wow, it's amazing he's able to get that off the top of his head.
CAROLE THERIAULT. None of you have named the three that I was hoping for. According to Datanyze, the 3 main competitors are Microsoft SharePoint, 26% of the market, Slack with about 6% of the market, and Confluence.
GRAHAM CLULEY. Slack isn't, that's a load of—
CAROLE THERIAULT. Slack is used by a lot of companies.
DAVE BITTNER. But it's not email, is it?
GRAHAM CLULEY. It's just chit-chat.
CAROLE THERIAULT. No, but it is communications, it is a collaborative work environment.
GRAHAM CLULEY. Well, I'm sorry that the question wasn't better phrased, that's all, otherwise I would've Googled for a different answer. Right, right.
CAROLE THERIAULT. Well, look, if, if data nice is right, if that means basically 1 in 3 people who use collaborative software are at risk because they're using some Microsoft Exchange Server product, right? Okay.
GRAHAM CLULEY. But it's important to emphasize it's the server, it's the on-premises server version, not the cloud-based version.
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. Excellent quiz master, carry on. Mm-hmm.
CAROLE THERIAULT. Yeah, thank you. One of the problems is, is not all users that rely on Microsoft Exchange Server products are necessarily the brightest and smartest cybersecurity gurus out there because we're talking a lot of small businesses, local governments, city councils, schools, medical centers, retail outfits, not where the SARS go and make their names. So at risk of what, I hear you ask? Well, basically data stealing, right? So these zero-day attacks are about stealing data and even voicemails can be handled in this as well. So some people tie their voicemails in an email. Do you know that too?
GRAHAM CLULEY. I knew that. I was hoping that would be a question.
CAROLE THERIAULT. There's a question coming, 'cause I know you know a lot of— And you know, it's worth being concerned because we know what people share on email. Like how many people share confidential, private, sensitive information via email or on voicemail? It's stuff you definitely don't want in an attacker's hands, whether you're a company or an individual, right? Okay, question number 3. When was Microsoft first notified about the vulnerability?
GRAHAM CLULEY. Ah, according to Krebs, it was in January.
CAROLE THERIAULT. Correct.
GRAHAM CLULEY. Bing, bing, ding.
CAROLE THERIAULT. You have all this stuff open and you're not using your brain.
GRAHAM CLULEY. I knew that. I knew that.
CAROLE THERIAULT. Okay. Can you close your— I can't even trust you to close your stuff.
GRAHAM CLULEY. No, I haven't. I haven't.
CAROLE THERIAULT. I knew that. You're cheating on a quiz in front of all our listeners.
GRAHAM CLULEY. I know Krebs wrote about this and I know he said that.
CAROLE THERIAULT. He did say it was in early January and on March 2nd. So 2 months later, Microsoft patched Exchange Server 2013 through 2019 and even Exchange Server 2010, which is no longer supported. Microsoft, the kind software giant that it is, made a defense-in-depth exception and gave their 2010 server a freebie patch too.
GRAHAM CLULEY. Mm-hmm.
CAROLE THERIAULT. Now, according to The Verge, Microsoft were waiting for Patch Tuesday to get these patches out, which was going to be today, day of recording. They ramped it up a week ahead, right? And made a bespoke, you know, update available a whole week early. So that's how serious this baby is. Now you'd think once Microsoft put its patches out to thwart these attacks, the attackers would have maybe gone into hiding. But like a bunch of thirsty vampires invited into a frat house, they are snarling up private data from unpatched Exchange servers as fast as they can. Told you I could make it fun. Okay, question number 4. Um, I— this is more an opinion piece, and I'll give points based on the answers of two months between when they first heard about these vulnerabilities in their products and making patches available. What do you think of that? Is that a short time, reasonable time, ridiculously and stupidly long time? What is your expert opinions, gentlemen?
GRAHAM CLULEY. If I may answer first.
CAROLE THERIAULT. Sure, go ahead.
GRAHAM CLULEY. At great length. Actually, I'm not sure it is a good tactic to answer first. Maybe Dave should answer first.
CAROLE THERIAULT. No, go ahead.
GRAHAM CLULEY. Okay. No, no, please, please. Well, I would, I would argue that it's obviously an unfortunate length of time and everyone would love to get a patch out earlier, but I don't think from the outside we can easily state just how easy it is to patch a number of zero-day vulnerabilities like this and test them properly, because if a patch was rolled out which was faulty in some fashion, that could cause even bigger problems.
CAROLE THERIAULT. Okay. Do you think it's cool that they didn't tell anybody? They didn't make it public.
GRAHAM CLULEY. I'm not sure if that's actually been confirmed. I know Brian Krebs has claimed that. I don't know if that's absolutely been confirmed at this stage. I think there's a slight question mark around that.
CAROLE THERIAULT. Well, it seems as though, uh, they were informed in early January, as we said, and then March 2nd is when they came out. The problem was, of course, there's already attackers, you know, pillaging data from victims before there was any patch available. So according to Volatility, they say attacks took advantage of these 4 zero-day vulnerabilities, and they think they may have started as early as January 6th, 2021. And Dubek reported suspicious activity on Microsoft Exchange servers in that same month of January. So what Krebs did say is that by March 3rd, 24 hours after the patch was made available by Microsoft, already tens of thousands of Exchange servers were compromised around the world. And 1,000 more servers getting freshly hacked every hour, he says.
DAVE BITTNER. Well, so the thing is when a patch comes out, it's open season on all the folks who reverse engineer the patch and come after the vulnerability based on what they can learn about from the patch. So I think it's important to keep that in consideration as well, that a part of Microsoft keeping this information close to the vest was knowing that as soon as they publish something, there's going to be a whole second wave. And so while the first wave of this, I believe the current understanding is that it was probably Chinese state-sponsored folks. Once the patch comes out, it's every bad guy around the world has their way with this. So I think that's a It's worth considering as you pass judgment.
GRAHAM CLULEY. Yeah, that's a very good point. And I was going to make the same point myself. Excellent, Dave.
DAVE BITTNER. Well, I apologize.
GRAHAM CLULEY. No, no, no, no.
CAROLE THERIAULT. The thing is, though, were I a customer, it's nice that you guys are understanding how Microsoft had to deal with this. But at the same time, customers that rely on Microsoft Exchange Server products to be, you know, on par, we're sitting ducks.
GRAHAM CLULEY. Yep.
DAVE BITTNER. Right. But the primary thing they're relying on Microsoft Exchange servers to do is work. And so if, as Graham said, if Microsoft were to roll out a patch prematurely that got in the way of that, that could be problematic. I mean, the other thing I've heard is that There are a lot of organizations who have Microsoft Exchange servers that are just sort of rolling along in a legacy mode. They've since switched all of their primary services to cloud-based providers because that is the— that's the way most people are doing it. But they keep the Exchange server running just because who knows what you're going to break if you turn it off.
GRAHAM CLULEY. Right.
DAVE BITTNER. There's, there are behind the scenes things that may be relying on it that we just don't know about. And, um, you know, some people say, well, turn it off. And when someone complains, then, you know, right.
GRAHAM CLULEY. So certainly if you are a smaller organization in particular, then you might, there's quite a lot of merit in going cloud-based for something like Exchange instead of having running your own server because you effectively wash your hands of the responsibility of patching it. Up in the cloud.
DAVE BITTNER. Right, right.
CAROLE THERIAULT. Um, so I'll give you guys both a point for that.
GRAHAM CLULEY. What's our tally so far? How are we doing?
CAROLE THERIAULT. Dave has 3, you have 1. Okay, so, um, question number 5: who— any idea who's behind the attack? So there's been a lot of chatter. Hafnium.
GRAHAM CLULEY. China.
DAVE BITTNER. I already said that. I already— I already— I buried the lead on that one. I already—
CAROLE THERIAULT. it wasn't— you did answer.
DAVE BITTNER. If you answer the right answer in the wrong question, preemptively answered your question, Carole. I—
GRAHAM CLULEY. Dave, you were keyword stuffing. That's what you were doing. You were just—
DAVE BITTNER. yes, I was.
GRAHAM CLULEY. Yes, I was. As you could.
DAVE BITTNER. That's right. China, Russia, Iran, North Korea.
CAROLE THERIAULT. Uh, so Hafnium, I'm going to give you half a point because MIT Technology Review reported 3 days ago that Hafnium is perhaps not the only threat, citing a cybersecurity analyst saying there appears to be at least 5 hacking groups actively exploiting the Exchange server flaws. I know, as of Saturday. So So, to Dave's point earlier, Hafnium may have started it, but of course, China's denying anything to do with this, right? So, Hafnium is what is being called the Chinese-based attack, and China's saying, "Uh-uh-uh, nothing to do with us, dudes." So, I don't think it actually matters to most of us or anybody that is running an exchange server and needs to patch where it comes from and where the threats are. All they need to know is it's really, really effing serious and you need to patch.
GRAHAM CLULEY. No, no, all people should really care about is what is the score right now? Right now because Dave just got a point there or not. That's right, exactly.
CAROLE THERIAULT. Dave right now has 3 and you have 1.5.
DAVE BITTNER. So it might not be possible for you to win at this point, Graham. I'm just pointing that out, just okay.
CAROLE THERIAULT. So as your friend, Graham, you can, you can maybe win a few points. What should people do if they have a Microsoft Exchange server?
GRAHAM CLULEY. Well, obviously I hope that you're going to patch because Microsoft have pushed—
CAROLE THERIAULT. what's the patch number? Can you do it off with your eyes? No, I can't do the patch numbers off the top I can.
DAVE BITTNER. Well, you have the CVE number?
CAROLE THERIAULT. Yeah, of course I do. Of course I know the CVE number.
GRAHAM CLULEY. If, however, you're unable to patch for some reason, there are mitigation steps you can take. And regardless, you should also scan for indicators of compromise, because even if you do patch, you want to make sure that you haven't already been compromised and that the bad guys haven't been in there. And there is a tool from Microsoft which you can download to do that.
DAVE BITTNER. I would assume, assume that you are compromised at this point.
GRAHAM CLULEY. Yeah.
DAVE BITTNER. If you're running Microsoft Exchange Server, assume you're compromised and you need the tool from Microsoft. Yep.
GRAHAM CLULEY. Yep.
CAROLE THERIAULT. And because, Graham, unfortunately you just made it 2.5. If you had known the CVE number, you would have got through. Let me share that with folks. So CVE-2021-27078. You see, if you had just known that.
DAVE BITTNER. Rolls trippingly off the tongue, doesn't it?
GRAHAM CLULEY. Yes. Yes.
CAROLE THERIAULT. Yeah, so as Dave said, no dilly-dallying, right? Apply the patch ASAP. Posthaste.
DAVE BITTNER. It's a serious one. It is a serious one. No, no.
CAROLE THERIAULT. Big effing deal.
GRAHAM CLULEY. Yeah.
DAVE BITTNER. Yep, yep, yep, yep, yep.
GRAHAM CLULEY. I bet I can beat you at chess, Dave.
CAROLE THERIAULT. God, it's like sandbox fights.
GRAHAM CLULEY. No, I'm really quite unhappy. I'm quite unhappy.
DAVE BITTNER. How flexible are you, Graham?
CAROLE THERIAULT. You know you can't do business without technology, and you also know you can't securely access technology without identity security. Enter SailPoint identity security for the cloud enterprise. It enables access and protects businesses with automated, managed, and governed access in real time with AI-enhanced visibility and controls. SailPoint lets companies run with speed, security, and scale in a cloud-critical threat intensive world. Plus, it tracks usage and enforces policies for all users, apps, and data continuously. Want to learn more? I bet you do. Check out smashingsecurity.com/salepoint. That's smashingsecurity.com/salepoint. And thanks to SailPoint for supporting the show.
GRAHAM CLULEY. This week's podcast is also sponsored by 1Password's Random But Memorable podcast, Random But Memorable is a podcast filled with lighthearted security advice and banter with hosts Matt, Anna, and Michael. I've been on the show myself, so I can confirm it's great fun. Tune in to Random But Memorable to hear about the latest security horror stories. They've produced over 50 episodes covering data breaches, password hacking, surveillance, and more. Check out Random But Memorable in your favorite podcast app, and thanks to 1Password for their support. And welcome back. Can you join us at our favorite part of the show, the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week.
DAVE BITTNER. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security-related necessarily.
CAROLE THERIAULT. Better not be.
GRAHAM CLULEY. Well, my Pick of the Week this week is just a quick one. It's nothing very substantial, in fact. It is 1K of JavaScript, which has been wrapped up with some glorious CGA-style graphics. If you remember the old 4-color graphics, it is a game called the Killer Bytes Gambit. Links in the show notes.
CAROLE THERIAULT. Can you describe CGA for us, please?
GRAHAM CLULEY. We don't know what CGA is. CGA was the graphics standard before EGA and VGA.
CAROLE THERIAULT. I'm just not as old as you are. Like, why don't you get that?
DAVE BITTNER. I remember, Graham. I remember.
CAROLE THERIAULT. Do you know what? On Reddit, this guy— there's a Reddit thread which is like, what is this? So people kind of post crazy pictures of like weird animals or weird things they find in new houses. And this guy posted this picture of this thing and he's like, what is this? It's like a connection. And it was an old phone line, like an old phone box, you know, like the landline. He had no idea what it was.
GRAHAM CLULEY. Oh my goodness. Wow.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Well, I have none other than Carole Theriault to thank very much. Thank you very much for bringing this particular online game to my attention. It is a pretty cool chess game. What's impressive about it is not only the retro graphics, but it's an entire chess engine, which even knows about en passant and castling, within 1K, just 1,000 bytes of JavaScript. And it plays an unusual game of chess, I have to say, particularly the opening. It's very keen on moving lots of pawns, but it's quite strong. And I did at one point think, oh, I'm going to have to concentrate a bit more here to actually beat this thing. So it can think about 4 moves ahead. but amazing to have crammed so much understanding of the game of chess into such a small space. I was really impressed by it.
CAROLE THERIAULT. Do you think more than 4 moves ahead?
GRAHAM CLULEY. Rarely.
CAROLE THERIAULT. Yeah, I think that would be hard. I bet, yeah.
DAVE BITTNER. I like this. I like the old-style graphics. It takes you back. And the— I guess the woman that you're supposed to be playing against here has Disney princess eyes. The size of cue balls, you know.
CAROLE THERIAULT. It's Queen's Gambit girl.
GRAHAM CLULEY. She looks like the girl from Queen's Gambit. That's right.
DAVE BITTNER. Oh, okay. Got it. Got it. Of course.
GRAHAM CLULEY. And you can also check out the actual code as well. They've— there are links where you can check out the 1K of the chess code and maybe put that into your own game as well. So that is my pick of the week.
CAROLE THERIAULT. There. There. Good one.
GRAHAM CLULEY. Dave, what's your pick of the week?
DAVE BITTNER. Well, my pick of the week is a television program that I suppose is probably well known to those of you who are on on the side of the pond you and Carole are on, but it's new to me and I came across it on Netflix and it's called The Repair Shop. And this is a show where people— it takes place in the UK and it's this beautiful old thatched roof barn where there are old school craftspeople who— people bring their old family heirlooms to that have fallen into disrepair. And they bring them to these people to bring them back to life and make them as good as new. And it's just a gentle show where you watch people who are very good at the things they do, doing the things they do. It's just a nice show to sit and watch during COVID if you want to relax and appreciate fine craftspeople doing their crafts. I do quite enjoy it.
GRAHAM CLULEY. David, it really does sound like your kind of show. I can picture you there with your sort of travel blanket over your knees, and maybe sucking on a Werther's Original. And it's just, you know, and nothing too horrible, nothing that's going to upset you.
DAVE BITTNER. No, no, exactly. There's no yelling. There's no rock and roll music. No, it's just gentle. And I will say, I've noticed that Brits tend to have understated responses to the responses to the unveilings. So these people have taken weeks, hundreds of hours of restoration, right? And this family heirloom that's been in the family for 500 years, it's good as new, and they pull the blanket off of it, and the person they're revealing it to says, "Yeah, well, that's quite nice, isn't it?" That's it.
CAROLE THERIAULT. Whereas in America, they literally start crying, fall Right, they burst into tears. They run around the room. I did it!
GRAHAM CLULEY. Yes! It's beautiful! It's beautiful! Thank you so much!
DAVE BITTNER. Right, right.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. I don't know what's better, Dave.
DAVE BITTNER. I don't know either, but it's fun to watch.
CAROLE THERIAULT. Maybe somewhere in the middle.
DAVE BITTNER. Yeah. So there's one season of it available on Netflix for those of us who are on this side of the world. You all have 6 seasons of it where you are. I believe it's a BBC BBC program.
CAROLE THERIAULT. I've never even heard of it.
GRAHAM CLULEY. I've heard of it, but I've never seen it.
CAROLE THERIAULT. I'm quite tempted. It's like your thing. You know, really stressed today? This is maybe what you need.
DAVE BITTNER. No, it is. It's just gentle and peaceful. It's kind of like if Bob Ross were to do a repair show, it would be kind of like this.
CAROLE THERIAULT. He's on BBC Two now at 12 o'clock. There's a secret pick of the week for people who need to calm down.
DAVE BITTNER. So, The Repair Shop is my pick of the week.
GRAHAM CLULEY. Crow, what have you got for us?
CAROLE THERIAULT. A podcast. So my pick of the week is a really effing good podcast called Sideways. Have any of you heard it?
GRAHAM CLULEY. I've heard of it, but I haven't heard any episodes.
DAVE BITTNER. I've heard one episode, uh, it was recommended to me because I sneaked it to you.
CAROLE THERIAULT. I snuck it to both of you, but Graham couldn't be arsed. So it's hosted by Matthew Syed, a British journalist, broadcaster, author of several books, also a Commonwealth ping-pong champion. Of some sort. So he does things on Radio 5 Live as well. Anyway, so he hosts the show, and it's basically— the whole premise is to challenge assumptions or pseudo-knowledge that we all occasionally and unwittingly accept into our lives. So one of the episodes was looking at Stockholm Syndrome. What do you know of, of the Stockholm Syndrome, you guys? Like, what, what's—
DAVE BITTNER. know it, I live it.
CAROLE THERIAULT. But where did it become famous? And what is it?
GRAHAM CLULEY. Well, okay, so the story I was told was that there was a bank raid or a heist or something where they took hostage people inside the bank for a length of time and the police were surrounding the place and somehow the, uh, No, you would've thought Patty Hearst.
CAROLE THERIAULT. Patty Hearst made it famous.
GRAHAM CLULEY. Hmm. Well, she wasn't in Stockholm.
CAROLE THERIAULT. No.
DAVE BITTNER. I'm thinking of the Stanford Prison Experiment, which I think was similar.
GRAHAM CLULEY. It was a bank thing in Stockholm, wasn't it?
CAROLE THERIAULT. There was a bank thing in Stockholm in 1973. I'm just surprised you know about it.
GRAHAM CLULEY. Well, that's where the name Stockholm Syndrome comes from.
CAROLE THERIAULT. Well, I know, but how do you know that? Why would you know that?
GRAHAM CLULEY. Because I'm quite a knowledgeable person.
CAROLE THERIAULT. Well, really?
GRAHAM CLULEY. Yes. Really?
CAROLE THERIAULT. So how did it come established then? How did they establish the condition? What was it based on?
GRAHAM CLULEY. I don't know that. I've heard the podcast. I'm just telling you I kind of know the—
CAROLE THERIAULT. You know a lot of stuff, but basically I'm telling you you're misinformed. You may want to go listen to this podcast and get a few key facts that totally changed my view on the syndrome and how it works. Oh, so take heed, Mr. Cluley. Another episode I heard was about a family—
GRAHAM CLULEY. I feel like I'm just being gaslit.
CAROLE THERIAULT. Another episode I heard was about a family who had been, you know, who had two children die unexpectedly. And she was— the mother lawyer was accused of murder. Do you remember this? I think this was in the '90s in the UK. And there was a crucial statistic that was at the heart of the trial that changed the outcome completely. And it's, once you dig into it, it's kind of actually astounding that no one caught this.
GRAHAM CLULEY. Are you going to tell us?
CAROLE THERIAULT. No. Should I tell you? I don't think I'm going to tell you. I'm going to say go listen to it. It's that good. Okay. And there's even one about fighter pilot and radical theories.
DAVE BITTNER. Yeah, that's the one I listened to.
CAROLE THERIAULT. Oh, did you?
DAVE BITTNER. OODA loop, which is in warfare. It's this method of establishing what's situational awareness and so on. But perhaps most interesting to me was I learned where Maverick in the movie Top Gun got his signature move.
CAROLE THERIAULT. Yes, I thought that when I heard that episode too.
DAVE BITTNER. Yes, yes, exactly. So if for nothing else, listen to find out that little tidbit. That's quite good.
CAROLE THERIAULT. Yeah, weird that they then segue to Dominic Cummings and a route to secure Brexit, right? So anyway, super interesting, well produced. This is my pick of the week, Sideways, BBC Radio and Podcasts, wherever you get them, check it out.
GRAHAM CLULEY. Marvelous. Well, that just about wraps it up for this week, Dave. I'm sure lots of our listeners would love to follow you online, find out what you're up to. What's the best way for folks to do that?
DAVE BITTNER. Uh, just check out thecyberwire.com.
CAROLE THERIAULT. That's really famous, lots of—
DAVE BITTNER. quite a lot of web traffic.
CAROLE THERIAULT. Yeah, yeah.
GRAHAM CLULEY. And you can follow us on Twitter at Smashing Security, no G, Twitter @LastPassG, and you can also join us on the Smashing Security subreddit. And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast apps, such as Apple Podcasts, Spotify, and Google Podcasts.
CAROLE THERIAULT. High five for this episode's sponsors, 1Password and SailPoint, and to our wonderful Patreon community. It's thanks to all of these people this show is free for all. And for episode show notes, sponsorship information, guest list, and the entire back catalog of more than 217 episodes, check out smashingsecurity.com.
GRAHAM CLULEY. Until next time, cheerio, bye-bye.
DAVE BITTNER. Bye.
GRAHAM CLULEY. Bye-bye.
CAROLE THERIAULT. So Dave D-Dog, do you think that your traffic went up when I started doing segments for the cyberwire.
DAVE BITTNER. Do I think my traffic went up when we started? Oh, oh, absolutely. Undoubtedly. We saw a huge boost in people visiting our website when you started doing stories for us.
CAROLE THERIAULT. Just think you could share some of the joy.
DAVE BITTNER. That is a true thing that happened.
CAROLE THERIAULT. It is a true thing that happened. Just saying.
DAVE BITTNER. Graham, help me here, buddy.
CAROLE THERIAULT. Help me out here, buddy.
GRAHAM CLULEY. I'm not getting involved.
CAROLE THERIAULT. Oh, now he's your buddy, Graham.
GRAHAM CLULEY. You've got more points than me.
DAVE BITTNER. Come on, we were competitors moments ago, but there's got to be a little— He kicks us in the shin.
CAROLE THERIAULT. Now he's offering you a Coke.
DAVE BITTNER. I'll give you— you can have all of my points. You can have all of my points if you bail me out of this.
-- TRANSCRIPT ENDS --