How to find your match on the Bumble dating app, convicted criminals make money out of cryptocurrency, and there are concerns about data in Afghanistan.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/241 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- 1Password: Cybercrime is at an all-time high, and it’s not slowing down, so why should you? This August, you’re invited to Security Summer School, a brand new webinar series hosted by the 1Password team.
- Learn from security experts at top organizations, hear about sizzling security trends, and get quick tips for building a culture of security at home and work.
- Get exclusive perks like 1Password swag for attending events, enjoy the chance to network with top security leaders, and much much more. Find out more and enroll now.
- Privacy.com: Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. Right now, new customers will automatically get $5 to spend on their first purchase. Go to privacy.com/smashing to sign up now.
Links:
- Vulnerability in Bumble dating app reveals any user's exact location — Robert Heaton.
- How Tinder keeps your exact location (a bit) private — Robert Heaton.
- The Taliban Have Seized U.S. Military Biometrics Devices — The Intercept.
- A U.S.-built biometric system sparks concerns for Afghans — NBC News.
- This is the real story of the Afghan biometric databases abandoned to the Taliban — MIT Technology Review.
- Sweden must give Bitcoin worth €1.3 million back to drug dealers after costly legal misstep — Euronews.
- Miles Davis: Birth of the Cool — Netflix.
- What We Do in the Shadows — BBC iPlayer.
- Watch What We Do in the Shadows — Hulu.
- Radio Garden.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
CAROLE THERIAULT. You're not willing to take a journey across town to shag, then—
GRAHAM CLULEY. Wow. It's an equation, isn't it? Right? You look at their picture and you think—
CAROLE THERIAULT. I'm gonna get 2 minutes of joy.
GRAHAM CLULEY. They're 5.2 miles away, whereas this one is 3.7 miles away. Are they significantly hotter to justify the extra distance? Seriously?
MARIA VARMAZIS. Well, remember, Carole, you may not have a lot of blood in your brain when you're thinking about this.
UNKNOWN. Smashing Security, episode 250. 241, phishing, dating apps, and crypto rewards for criminals with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 241. My name's Graham Cluley.
CAROLE THERIAULT. 241. And I'm Carole Theriault.
GRAHAM CLULEY. And this week, Kroll, we're joined by an oldie but a goldie. It's Maria Varmazis.
CAROLE THERIAULT. Hi.
MARIA VARMAZIS. Hi, Maria.
CAROLE THERIAULT. Hi.
GRAHAM CLULEY. Actually, not as old as either of us, is she?
MARIA VARMAZIS. Getting older every day.
CAROLE THERIAULT. Maria, host of Sticky Pickles, and, oh, maybe you've heard of it, often guest host of Smashing Security. Maria, how the heck are you? Haven't talked to you in, well, at least weeks and weeks.
MARIA VARMAZIS. I'm relaxed from a nice vacation and, uh, have no idea what's going on in the broader world, so here I am jumping back in.
GRAHAM CLULEY. You went on vacation? Where'd you go, down the end of your garden?
MARIA VARMAZIS. Yeah, no, I, I went about an hour north of myself to, to Maine. Yeah, which feels like a world away even though it's a very quick drive. So it was very nice and, uh, enjoyed a whole week by the ocean. It was lovely.
GRAHAM CLULEY. Oh yeah, the world of security has not gone on vacation, has it?
CAROLE THERIAULT. It hasn't. But first, let's thank this week's sponsors, privacy.com and 1Password. It's their support that helps us give you this show for free. Now coming up on today's show, Graham, what do you got?
GRAHAM CLULEY. I've got a very important question, which is this: what is the flipping point of dating apps?
CAROLE THERIAULT. Um, to have sex, I think. Maria, what about you?
MARIA VARMAZIS. Oh, me the question or my story?
CAROLE THERIAULT. What's your story?
MARIA VARMAZIS. My story is, uh, along the lines of dating out. No, it's not. It's about, uh, biometric data and the Taliban.
CAROLE THERIAULT. And my story's about a wacky cryptocurrency snafu brought to us by a Patreon supporter who I'm gonna call the Chubster. All this and much more coming up on this episode of Smashing Security. The Chubster!
GRAHAM CLULEY. I was not—
CAROLE THERIAULT. I wasn't ready for that. I did a total spit take. There's coffee everywhere.
GRAHAM CLULEY. Oh God. Sorry. We had spilt tea last week.
CAROLE THERIAULT. This week.
GRAHAM CLULEY. Anyway, right.
CAROLE THERIAULT. I miss Freya so much.
GRAHAM CLULEY. Now, chums, chums.
CAROLE THERIAULT. You have to wait.
GRAHAM CLULEY. Are you alright there?
MARIA VARMAZIS. Okay, I'm gonna mute my—
CAROLE THERIAULT. Breathe.
MARIA VARMAZIS. Okay, I'm good.
GRAHAM CLULEY. Do you know what chubster means? You know, it's a euphemism.
CAROLE THERIAULT. I wanted to anonymize, pseudo-anonymize the person, but I wanted them to recognize that I knew who they were, that I knew what— yeah, so we all understand each other in a private sort of way.
MARIA VARMAZIS. I'm good, I'm great. This is really great.
CAROLE THERIAULT. Welcome back, Maria.
GRAHAM CLULEY. Dating, dating apps, that's what I want to talk about. Dating apps, we've talked about them before. I think we may have even admitted, some of us, that we might have met our partners online.
MARIA VARMAZIS. I did.
GRAHAM CLULEY. Was it IRC or ICQ or something?
MARIA VARMAZIS. No, not ICQ. In my case, it was OKCupid. Yeah, that's where I met my husband.
CAROLE THERIAULT. Yeah, I didn't. I, I met mine the old-fashioned way.
GRAHAM CLULEY. You didn't go to Wookiees R Us or something like that?
CAROLE THERIAULT. Yes, exactly. I went to Planet Wookiee.
GRAHAM CLULEY. Well, you know, these dating apps, especially under lockdown, you know, that's the way you're going to meet the ladies or the gents or the small furry creatures from Alpha Centauri, whatever it is that you fancy, because you're probably not going down bars as much. You're not going to— mind you, I've never been to— would I go to a bar ever, or a pub? But you know, you're not going to your chess club.
MARIA VARMAZIS. Coffee house.
GRAHAM CLULEY. Yes, whatever it is.
CAROLE THERIAULT. You know, Craig doesn't leave the house and do anything normal.
GRAHAM CLULEY. Oh, you're not— yeah, exactly, you're not doing that as much. Now, have you heard of a dating app called Bumble?
MARIA VARMAZIS. Yeah, I have. Yes.
GRAHAM CLULEY. It's an interesting name for a dating app, isn't it? Bumble. I mean, it's like— It's not Bum Ball. We've sort of covered— You've covered both sides of the equation there, haven't you?
CAROLE THERIAULT. Bumble. Jeez.
MARIA VARMAZIS. I was thinking Bumblebee.
CAROLE THERIAULT. Exactly.
MARIA VARMAZIS. Bum Ball.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Oh, Bumblebee.
MARIA VARMAZIS. Bum Ball Bee.
GRAHAM CLULEY. So, one of the things that the Bumble dating app, and I imagine other dating apps do as well, is they tell you how far away you are from your potential date. So you look someone up and it says, ooh, they're 13 miles away.
CAROLE THERIAULT. 1 meter away!
MARIA VARMAZIS. They're outside your window! Watching you pee!
CAROLE THERIAULT. I find that so creepy. Creepy! Holy moly.
GRAHAM CLULEY. They're just looking at you through the ceiling tiles at the moment.
CAROLE THERIAULT. It's Ceiling Cat!
MARIA VARMAZIS. Ceiling Cat knows what you've been up to. Bringing that meme back.
GRAHAM CLULEY. So, um, yes, they tell you how far away somebody is. Now, obviously it would not be a good thing if they said to you not only how far away they were, but that they were on the corner of, you know, Marcham Street and Jubilee Close. If they said something like that, that would be a bit bad.
CAROLE THERIAULT. Oh, they just kind of give you, they kind of give you like 2 minutes away or 2 miles away, something like that?
GRAHAM CLULEY. Yeah, exactly. They'll say 2 miles away or 3 miles away.
CAROLE THERIAULT. All right. In any direction. So you have to run like in circles to find them.
GRAHAM CLULEY. Right, exactly. So all you can think is a circle. Now, of course it is possible that you might be on some sort of, maybe you're on a pier or something which is a bit of a jetty going out into the sea, and then you think, well, they're probably not in a boat, and you might be able to work out roughly where they are. But most of the time, that is not the case.
CAROLE THERIAULT. They're in an aeroplane!
GRAHAM CLULEY. But I think, yes, they're 3 miles away above you at the moment. Oh, they're going to look closer very quickly.
MARIA VARMAZIS. And now they're gone.
GRAHAM CLULEY. And now it's splat. So, Crazy. So, so I'm trying to be serious here, guys. So it's obviously a good thing that dating apps don't tell you precisely where somebody is, right? Right. Because that could be used for stalking. Or maybe, you know, somebody uses a dating app who's like a business rival, or maybe you're a spy and you're trying to track somebody. So you don't want your dating app giving out your precise location.
CAROLE THERIAULT. No. Well, I think by default it shouldn't do any of that.
GRAHAM CLULEY. But anyway, no, they shouldn't.
CAROLE THERIAULT. Uh-oh.
GRAHAM CLULEY. But maybe they're still leaking enough information.
CAROLE THERIAULT. What happened, Graham?
MARIA VARMAZIS. What did you do?
GRAHAM CLULEY. Not me. Not me. I'm not a user of Bumble. Bumble. But a chap called Robert Heaton, who is a software engineer at Stripe, the payments company, he found a problem with Bumble. And Bumble only tells you like, oh, they're 3 miles away, right? They're 4 miles away. And what you're able to do is you're able to use trilateration.
MARIA VARMAZIS. Hmm.
GRAHAM CLULEY. In order to find out their location. Now you're wondering what is trilateration?
CAROLE THERIAULT. No, I'm guessing it's 3 points, right?
GRAHAM CLULEY. Well, we all know about triangulation, don't we? Because we, you see that all the time on TV.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Trilateration is kind of similar. So what he was able to find, and this was a problem as well with Tinder a while back, but they were able to fix it, is that if a dating app is too specific about the distance, if they say something like, oh, it's 3.56 miles away from you, then if you had a number of different dating profiles located in different places, then you'd all be able to look at that particular person, find the distance, and then go choo choo choo with your three lines and work out where they were, right?
MARIA VARMAZIS. Yeah, yeah, yeah.
GRAHAM CLULEY. So you don't want a precise distance. And so for that reason, dating apps hopefully normally round the distance instead. Okay. So if you use Bumble, it will round the distance. So if it's, for instance, 3.3 miles or 3.32 miles, rather than being really precise like that, it will actually say 3 miles.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. Okay. Instead. And that means that if you use trilateration, then you'll only be able to locate them within about a mile by mile square, which probably is vague enough.
CAROLE THERIAULT. Is this just for the lazy? I mean, literally, what's wrong with just like the town or the city name? Like, are you thinking, oh, they're all the way across town, that's annoying, forget it? Like, they have to be—
MARIA VARMAZIS. like, can't you just meet up?
GRAHAM CLULEY. I mean, yeah, I think the thing is this, right? There are some dating apps which offer romantic dates, and there are other dating apps which might be for hooking up.
MARIA VARMAZIS. Oh, right.
CAROLE THERIAULT. If you're all hot and horny You're not willing to take a journey across town to shag, then—
MARIA VARMAZIS. Wow.
GRAHAM CLULEY. It's an equation, isn't it? Right?
CAROLE THERIAULT. You look at their picture and you think, I'm going to get 2 minutes of joy.
GRAHAM CLULEY. They're 5.2 miles away, whereas this one is 3.7 miles away. Are they significantly hotter to justify the extra distance? Seriously?
MARIA VARMAZIS. Well, remember, Karl, you may not have a lot of blood in your brain when you're thinking about this at that moment. So doing that kind of math in your head might not be successful. Just, yeah.
GRAHAM CLULEY. So I think— And also there are dating apps. Is it Grindr and—
MARIA VARMAZIS. Grindr, actually, is how it's pronounced.
GRAHAM CLULEY. Grindr. Grindr. So you might want someone who's within 50 metres or something, mightn't you? I don't know. You might do, right?
CAROLE THERIAULT. You might like to turn around and be engaged. Exactly, exactly.
MARIA VARMAZIS. Be engaged.
GRAHAM CLULEY. So imagine you're trying to find out someone's real location, right? And the dating app is rounding the number. What you can do, according to Robert Heaton, is you can use the API to slightly shift the location by 0.01 degrees of latitude or longitude on every occasion. So you've got these 3 profiles, right, for your 3 lines. Yeah. And what you do is you move them slightly further out or adjust one ever so slightly And at some point, the distance is going to flip from being 4 miles away to suddenly it's now 5 miles away, and you only just went a very small distance. Do you see what I mean?
MARIA VARMAZIS. Yes. Yeah, yes.
CAROLE THERIAULT. You're pinpointing the exact location by just kind of sniffing around, waiting for everything.
GRAHAM CLULEY. Exactly, because that point where you go from 4 miles to 5 miles, that's probably 4.5 miles distance.
CAROLE THERIAULT. Tell you what, listeners, if you're in the dating sphere and someone admits to doing this to you, can you run away?
MARIA VARMAZIS. Oh yeah, that's a red flag if I've ever heard one.
CAROLE THERIAULT. Like what a humongous red flag, right?
MARIA VARMAZIS. I trilateralled you. No, wait, tri—
CAROLE THERIAULT. trilateralized you.
MARIA VARMAZIS. Trilateralized you. And that's how much I'm attracted to you.
GRAHAM CLULEY. So Robert Heaton did this.
MARIA VARMAZIS. You're worth the trilateralization.
GRAHAM CLULEY. He did this with a few profiles, right? Where he wrote a little routine and he was using the Bumble API. To slightly change his location, and he was expecting it to change at the 3.5. That would be the flipping point, right? That's why I'm talking about the flipping point of dating apps.
MARIA VARMAZIS. Yeah, what is the—
CAROLE THERIAULT. what is the point of this?
GRAHAM CLULEY. Well, he thought it would be at 3.5. He thought at 3.5 it would then turn to 4, but it didn't. What happened was it went all the way up to 3.99999 and then became 4. So Bumble, it turned out, was actually rounding down. So whatever the number was, even if it was 3.9 miles, it would round down to 3, and at 4 it then became 4 until it was 5.
CAROLE THERIAULT. Well, of course it did, because they thought, oh my God, there's more fish in a 4-mile radius than there are in a 3-mile radius.
MARIA VARMAZIS. So let's make it sound like they're closer than they are.
GRAHAM CLULEY. Yeah, it's the marketing thing. That's interesting.
MARIA VARMAZIS. Oh yeah, that's the— math doesn't come into play when we talk about marketing. You start fudging stuff all left and right.
GRAHAM CLULEY. Right. Okay, okay, cool. And so he found that he was able to precisely locate individuals, not, not because he was looking for dates or something like that, but he thought this would be useful for snooping and surveillance. He also found there was a separate bug he found where it was possible— normally, if you want to swipe yes on people and sort of say yes, there's a match, or, you know, someone who swiped yes on you, normally you have to pay a $1.99 fee to the app. And he found that it was possible to bypass that as well.
MARIA VARMAZIS. Oh well, yeah.
GRAHAM CLULEY. So another, another kind of useful—
MARIA VARMAZIS. sure, they fixed that one immediately. Yeah, that one, like, well, you can cheat us out of our money and yeah, we're gonna fix that.
CAROLE THERIAULT. So, but that's really scary though in terms of like someone being a bit of a psycho and, um, taking advantage of this. So did they fix it? Did he, did he responsibly disclose it to Bumble first?
GRAHAM CLULEY. Yes, he did. He was good, man. He reported it to them via HackerOne, yeah, bug bounty initiative. Sophos. He's got $2,000 as a result. The bug was fixed within 72 hours of reporting, which is a good happy ending, I think, which is what you want if you're dating, I suppose. But I think it's an interesting thing because clearly they designed it with the thought that we don't want to be precise about location, but there was enough information in there if the API was abused to actually find out people's location really, really specifically.
MARIA VARMAZIS. Sometimes people don't think about how this stuff can be used maliciously, but don't put it past somebody who's got stalkery tendencies to put in the work, because they will.
GRAHAM CLULEY. And like I said, even if it's not romantic, it might be a business rival. It could be anything, you know. Someone wants to know if two people, for instance, are meeting. This would be a way to do it if they were both Bumble users.
MARIA VARMAZIS. Business rival, that sounds like a meet cute for like a rom-com. That's like, we were business rivals and I was stalking her on Bumble, and then ends up we went on a date and we matched and now we're in love, or something.
GRAHAM CLULEY. I don't know, ever the romantic, Maria.
CAROLE THERIAULT. Except I'm a crazy stalker and that's terrible.
MARIA VARMAZIS. Please don't fall in love with me. Anyway, Yes.
GRAHAM CLULEY. Maria, what's your story for us this week?
MARIA VARMAZIS. Well, mine is also a really upbeat and uplifting story. It's about the Taliban.
GRAHAM CLULEY. So are they on a dating app at all? Can you choose to date the Taliban?
MARIA VARMAZIS. I don't even want to touch that.
CAROLE THERIAULT. No, don't even laugh.
MARIA VARMAZIS. It's terrible. Yeah. What?
CAROLE THERIAULT. Yeah, yeah, just—
MARIA VARMAZIS. yeah, no, no, no, no. This story is about— I have been reading all the headlines I can find about, uh, the U.S. withdrawal from Afghanistan and the large amount of equipment that has been left behind and has now fallen into Taliban hands. So there are a lot of competing stories, and there's a lot of, we left this much behind, no we didn't, yes we did, kind of like, how much did the U.S. leave behind, how much is actually accessible to the Taliban? It's still really unclear right now. Like, there's the, uh, hypotheticals of like $83 billion, and then there's people saying, no, that's not accurate, that's how much we paid that's not what it's worth, whatever. We do know that there's quite a bit of tech that the Taliban now has its hands on that was used by US forces and US allies over the last 20 years. And one piece of kit that has been getting a lot of headline news is the databases of biometric data that were gathered over the years by US forces and allies. Yeah.
CAROLE THERIAULT. This is my worst nightmare.
MARIA VARMAZIS. Yeah, yeah. This, so I might be putting some of your fears to rest, but also giving you new ones. So here we go. So the US military used biometric collection devices called— I'm gonna say they're called HIDE machines, H-I-I-D-E machines— and they use them to scan the fingerprints and irises and facial geometries of not just allies but people that they were looking for. Um, so it's said that actually biometrics were used in identifying Osama bin Laden when they hunted him down about 10 years ago. So biometrics were a big, big part of identifying allies, identifying potential bomb makers that were sort of hiding amongst the general public. So The Taliban now has their hands on all these HID machines. Those were left behind. And at least in the U.S., the news is painting the picture that a whole bunch of Afghanistan— their data has been hoovered up biometrically, and all of that information is basically on these HID machines. So digging into this a little bit, I think I was misinformed drastically. It seems like vast swaths of this data is potentially in the Taliban's hands. This biometric data is potentially something they can access. However, it seems like the biometric data that was scanned by these HID on these machines has been remotely stored, and very likely, or at least we're hoping, the Taliban can't access it.
GRAHAM CLULEY. Oh, so it's been stored maybe on a cloud server or something?
MARIA VARMAZIS. Correct. And maybe on US servers remotely. It's really unclear because we're getting a lot of settings.
CAROLE THERIAULT. They're good.
MARIA VARMAZIS. Yeah, yeah. So it's like, there might be data at rest on these devices, we don't know. There might be data remotely stored they can't access unless they have enough training, we don't know. I don't want to paint a rosy picture being like, it's fine, they don't know how to use these devices, because, like, it's not good for them to have any of this stuff. And the manuals for using these devices are readily available on the internet, and, like, you can buy them on eBay. Seems like right now a lot of the hope with the biometric data is that the database of information or whatever's at rest on the devices is gonna be too hard for them to sift through without really knowing what they're doing. So maybe they won't be able to access it, or they'll see the data and they won't know what to do with it.
CAROLE THERIAULT. Or there's rootkits on all the devices or some kind of spyware. Ooh.
GRAHAM CLULEY. That suggests that the Americans would have had to have planned that in advance. I got the impression they had a lot of things on their plate.
MARIA VARMAZIS. Yeah, I feel like if they had the time to do that, they should have just not left the devices behind or just like literally destroyed them. Um, the other thinking is that the Taliban might use these devices to make their own biometric database of allies or enemies, or these devices could— they could bring them to the Pakistan spy agency, which might know how to actually extract all this info. So there's a lot of hypotheticals with the biometric data. When I had originally heard these stories, it sounded like it was a done deal. This information is out there. Everybody is like crazy at risk. And it is possible. It sounds like there's a lot of hope in a security by obscurity that maybe they won't know what to do with all this stuff, which is like a really, really shitty way to operate.
GRAHAM CLULEY. Maybe it's all protected by a really strong password. Maybe the Taliban have now got the US Army's Netflix password and they're, they're being preoccupied watching that instead.
MARIA VARMAZIS. They won't notice us creating a new profile over here on the side. If we just say it's like a kid's profile, maybe they won't notice.
GRAHAM CLULEY. Disney Disney Plus. Fantastic. We'll do that. Yeah, we'll work our way through The Mandalorian.
MARIA VARMAZIS. I, I, I found this quote, uh, when I was researching the story that I just— was great. It's by Welton Chang, the chief technology officer for Human Rights First, and he's a former Army intelligence officer. He said, I don't think anyone ever thought about data privacy or what to do in the event of the Hyde system falling into the wrong hands. Moving forward, the US military and diplomatic apparatus should think carefully about whether to deploy these systems again in situations as tenuous as Afghanistan.
GRAHAM CLULEY. Oh, do you think— do you think it might be a good idea to think about it?
MARIA VARMAZIS. He's totally right.
CAROLE THERIAULT. I mean, I think that is the most ridiculous thing I've ever heard. They didn't think— that people didn't think about that? Like, I can't imagine you'd have this powerful technology and go, look, we must consider what if this gets in the wrong hands. Give me a break. That didn't happen. If it didn't, shame on you.
MARIA VARMAZIS. Yeah, and that— it is pretty incredible that nobody thought, like, what, what? Yeah, there is no policy about this at all. So on the biometric data thing, I don't want to be like everything's fine, they don't know how to use it, don't worry about it. We, we just generally do not know. So of course, um, it is possible that the iris and fingerprint scans and the facial scans are not as much in danger as we thought, but they could be. We don't know yet. I think it's kind of a keep a pin on that. So that's actually not what I wanted to talk about primarily. I also wanted to mention there's a big but to this story, and, and I don't talk— I don't mean a big but, not a derrière, but like a, a caveat, if you will. Our friends at the MIT Technology Review did some digging on this story because they were also curious about what the heck is going on with it. And they talked to some sources who are familiar with what's going on, and they, they had to anonymously protect their sources. I'm guessing these are folks who either worked on this or helped set it up. And they said that all this attention we've been paying to these biometric hide systems is really misplaced because there's a lot of unknowns there, right? What the Taliban has almost guaranteed access to is not getting as much press, and it's not as sexy as biometrics, but it ends up is that the Taliban has access to a whole lot of PII for Afghan police and soldiers.
CAROLE THERIAULT. Oh.
MARIA VARMAZIS. Yeah. So a US-funded but not controlled database called the Afghan Personnel and Pay System, or APPS, that's what's at risk. So this database was set up starting in 2016 to make sure that we're paying national army and police in Afghanistan and not frauds who are posing as soldiers to get money. Um, according to the sources at MIT Tech Review who they spoke to, there was no data retention or deletion policy on this database, not even the contingency of, say, the Taliban coming in and taking over. And the kicker is that unlike the Hyde systems, which have all their data remotely stored, apparently the APPS data is held entirely on local Afghan government servers. So it is basically guaranteed that the Taliban has this data right now, and And there's no complex, like, biometric data machinery needed to access this. It's literally just a database. They just hit print on this. So the data on the APPS includes about 40 different data points, which includes the basics you would expect, like the name, place of birth, date of birth for the soldier or the police officer.
CAROLE THERIAULT. Everything you need to get a passport, for example.
MARIA VARMAZIS. Right. It also includes things like their military specialization, their favorite fruit.
CAROLE THERIAULT. What?
GRAHAM CLULEY. Yeah, favorite fruit.
CAROLE THERIAULT. Like kiwi.
MARIA VARMAZIS. Right. Favorite vegetable.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. Favorite flavor ice cream. This sounds a bit like Smash Hits magazine when they'd have these teenage interviews of pop stars.
MARIA VARMAZIS. Those two are kind of funny, the fruit and vegetable. You're kind of like, what? But it goes on, and this is where it starts— like, I start sweating. The names of two tribal elders who serve as guarantors of that person's service, who can basically vouch for them. The names of the soldier or police officer's father. Mother, uncle, and grandfathers, as well as a unique ID number that connects them to a biometric profile that is kept by the Afghan Ministry of the Interior. So going beyond the initial fear that this data could be used to identify people who worked with the Americans, if the geeks at the Taliban know what they're doing— and like, who's to say that they don't— they may be able to like one by one hunt down service members' families and people who just vouch for them and carry out wide-ranging reprisals on anyone they suspect is just a political opponent. So the The story about the HID devices and the biometric devices is not a red herring, but like it's getting all the sexy press because we're talking biometrics, and that is terrifying. You can't change that, obviously. Can't change your fingerprint. Um, but these databases that are locally stored, that provides more than enough information to find people, and it also has that identifier tying them back to a biometric profile. So if the Taliban figure out what they're doing with those HID devices, like, I don't even want to finish the sentence because that's terrifying. So So it needs to be said again, there was absolutely no data retention or protection policies in place for any of this. I really hope anytime a government entity wants to start collecting data on people, that they'll listen to this podcast. Whether it's PII or biometric data, I want them to ask themselves, what kind of data are we collecting and why? What are the benefits and drawbacks of collecting it? And do we really need it at all? Like, why do we need favorite fruit and vegetable? Like, I mean, what was the need of the father and the grandfather? I mean, I'm sure there they were justifying it somehow. But like, really, did that need to be recorded?
GRAHAM CLULEY. It is quite important though to know what someone's favorite vegetable— I mean, or rather their least favorite vegetable. It's like, oh, don't give him sprouts. Come on, hide.
CAROLE THERIAULT. If I brought over okra fingers, for example. Right, right.
MARIA VARMAZIS. Yeah, not a happy story. But please, when you're thinking about data policy, like, it has real life implications, and this is one terrifying example. Yeah.
CAROLE THERIAULT. And now you can hand the comedy baton to me.
MARIA VARMAZIS. Please, I hope you have a happier story than mine. Oh God.
GRAHAM CLULEY. Carole Theriault, I'm sure you do. I'm sure you're going to rescue us this week. What have you got?
CAROLE THERIAULT. Okay, okay, you guys shake your heads out a little bit because quick, quick, quick, quick, without Googling, I want you to give me your best guess at what you think the current bitcoin valuation is at the time of recording, which is Tuesday afternoon.
GRAHAM CLULEY. I don't know. Uh, $34,000.
MARIA VARMAZIS. Uh, John McAfee's penis. Didn't he eat it or something? Oh wait, no, he died.
GRAHAM CLULEY. Oh wait, what a way to go.
MARIA VARMAZIS. Um, I, I— yeah, uh, I don't know because I only trade in Monero. I'm just kidding, I'm just kidding, I'm just kidding. I actually have, uh, 5 cents. I have no idea.
CAROLE THERIAULT. $50,000 USD at the moment. $48,000. $48,000. That's a lot of wonka. That's a lot of wonka. Now, what would you do if someone actually gave you $50,000 just now? If I just handed you, you know, a bitcoin worth this money, what would you do?
GRAHAM CLULEY. I think I'd probably start— I'd halt the recording of this podcast and try and turn it into hard cash.
MARIA VARMAZIS. See ya.
CAROLE THERIAULT. You turn it into hard cash pronto. Yeah, yeah, yeah.
MARIA VARMAZIS. Oh, definitely.
CAROLE THERIAULT. You wouldn't kind of go, oh, it's going to go up, it's going to go up.
GRAHAM CLULEY. I don't care if it's going to go up. You've just given me $50,000. That's brilliant. I'm very happy with that.
MARIA VARMAZIS. Same.
CAROLE THERIAULT. Okay, here's another interesting question. Imagine you have this bitcoin, but you've done something bad, like prison-worthy bad, and you have to go to the clink for a number of years, right? What happens to your bitcoin?
GRAHAM CLULEY. Wouldn't it be seized by the authorities? Don't, don't the authorities have have piles of digital currency lying around wondering what to do with it.
CAROLE THERIAULT. From my understanding, and listeners correct us if I'm wrong here, but I think it has to be successfully argued that the monies or the crypto has been gained from illegal activities.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. And then it's confiscated, perhaps to pay fees or restitution to victims, that kind of thing.
MARIA VARMAZIS. Yeah, I don't think the authorities can just like grab your money just because you've been arrested. That would It probably varies though.
CAROLE THERIAULT. Yeah.
MARIA VARMAZIS. Yeah.
CAROLE THERIAULT. All over.
MARIA VARMAZIS. Yeah. Yeah.
CAROLE THERIAULT. But sometimes this whole thing can go badly wrong. So we are heading to Sweden, land of detective noir series, ABBA, IKEA, and fika. Do you know what fika is?
MARIA VARMAZIS. I don't know what fika is.
CAROLE THERIAULT. It's like a cool coffee break. It's like, you know, when you sit down with a cup of coffee and a piece of cake and have a little moment. Fika.
GRAHAM CLULEY. Fika or flika.
CAROLE THERIAULT. Fika. F-I-K-A.
MARIA VARMAZIS. It sounds like you just did a little commercial for it. Just put some guitar music behind that. A little coffee and a cake, a little moment.
GRAHAM CLULEY. Loganberries, isn't that what they like as well?
MARIA VARMAZIS. Yeah, they're very delicious actually. No? Okay, just me.
GRAHAM CLULEY. Oh, I heard that's quite scary. Yeah, that movie.
CAROLE THERIAULT. Yeah. Uh, so, uh, back to me, back to me. So back in 2019— okay, we're in Sweden here— back in 2019, 3 Swedish drug dealers were charged. Okay, and the prosecutor Tove Kullberg argued that the 36 bitcoins seized by Swedish police should be confiscated because they were earned through online drug sales. Ipso facto, illegal activity. Ipso facto, all of ours, right? And the courts agreed. Okay. When Tove was communicating the value of this bitcoin in the Swedish courts, remember, this is back in 2019, maybe these are people that weren't particularly au fait with crypto and how it worked. Uh, prosecutor Tove Kohlberg provided a valuation in Swedish krona.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. And, uh, so she argued, uh, that these 36 bitcoin were equal to 1.3 million krona, or about $120,000.
MARIA VARMAZIS. Okay, okay. Yep, following you. Yep, yep, yep, yep.
CAROLE THERIAULT. So men go to prison in 2019, in May 2019, and it fell to Sweden's state enforcement authority to auction off these proceeds of the drug crime, including the bitcoin. But due to bureaucracy, a pandemic, and a plethora of other headaches, this process of getting the assets, including the bitcoin, to auction took two whole years. Now, what happened in that two-year period, do you think?
MARIA VARMAZIS. It's worth a lot more money now, right? Uh-huh. Right.
CAROLE THERIAULT. The value of the 36 bitcoin skyrocketed.
GRAHAM CLULEY. Well, that's good news, isn't it? The authorities— well, they've got spare money.
MARIA VARMAZIS. It sells nice holiday.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. Yes, in 2019, a single bitcoin averaged $8,000, and today we know what it's worth, right? What is it worth?
MARIA VARMAZIS. 5 cents?
GRAHAM CLULEY. $50,000? $48,000?
CAROLE THERIAULT. $48,000. Thank you very much.
MARIA VARMAZIS. Oh wait, my decimals are— my decimals are off. Sorry about that.
CAROLE THERIAULT. Now, where does this excess of $40,000 where does a bitcoin go?
MARIA VARMAZIS. My pockets?
GRAHAM CLULEY. No, I would think it would go to the police Christmas party, but that would be a pretty sexy Christmas party, let me tell you. Sweden, it's going to be a sexy party. There's going to be birch twigs and saunas and fires.
CAROLE THERIAULT. Yeah, ice hotels. Um, so, uh, the Swedish state has been forced to return the surplus in value to the convicted drug dealers because they hardcoded the value of the bitcoin into krona.
GRAHAM CLULEY. Oh, so they said it's worth the 100 whatever I said, $120,000 about, right?
CAROLE THERIAULT. 1.3 million krona.
GRAHAM CLULEY. And since when it's become a humongous amount? And so actually these criminals, yeah, basically got—
CAROLE THERIAULT. they had to pay a little bit for their blunder for getting caught, yeah, right? They had to pay a little, but they come out with, you know, some pocket change.
GRAHAM CLULEY. Squids in.
CAROLE THERIAULT. Yeah, this is a bit costly error, obviously. Yeah, one done in good faith, right? Uh, but God Almighty, would you feel like a dumbass if you're the prosecutor? I think, like, you imagine all the people looking at you and you're walking around the halls of justice just going, oh yeah, there's that numpty. Um, so do you think it's a bobo error, or do you think this is probably actually not probably written correctly in legal documents now across everywhere?
MARIA VARMAZIS. Yeah, I would just think of like current market value at whatever. Yeah, why would they hard go with the— yeah, I mean, markets fluctuate. Yeah, that feels like a rookie error to me. I—
CAROLE THERIAULT. yeah, I agree.
GRAHAM CLULEY. But what would have happened if the price of bitcoin had crashed?
MARIA VARMAZIS. Tough shit.
GRAHAM CLULEY. Would they then have gone to the criminals and said, I'm so terribly sorry, but you, you actually owe us a bit more cash? You actually got to give us more because it turns out—
CAROLE THERIAULT. I bet.
MARIA VARMAZIS. Yeah, yeah, I would say yeah. If it's like, if you owe the government a certain amount of money, they're going to get their money. So it's going to like, you pay up in terms of cash, however you need to get it, or bit— and/or bitcoin if the value is over blank. You know, make up that money however it's owed. You know, tough shit. I don't know.
CAROLE THERIAULT. The prosecutor, Tove Kohlberg, apparently said on national radio— and I quite like this, I really like the, the feel of this— she goes, it is unfortunate in many ways. Uh, it has led to consequences I was not able to foresee at the Wow.
MARIA VARMAZIS. Okay.
CAROLE THERIAULT. Yeah. But she says others should learn from this. It's unfortunate that it has ended up this way. The lesson to be learned is to keep the value in bitcoin, that the proceeds of a crime are 36 bitcoin regardless of the value of bitcoin at the time. So expensive lesson. But interestingly, so you guys were talking about how much money, you know, seizures make for people. So I was just looking in fiscal year 2019, the FBI said they had about $700,000 worth of crypto seizures. In 2020, it was up to $137 million.
GRAHAM CLULEY. Wow.
CAROLE THERIAULT. And so far in 2021, $1.2 billion. So, uh, this is going to be a focus area for the authorities for obvious reasons.
MARIA VARMAZIS. Oh yeah.
CAROLE THERIAULT. Anyway, the, the word to the wise, check the fine print.
MARIA VARMAZIS. As I always say, hire Carl to read your terms and conditions. Because she will.
CAROLE THERIAULT. It's going to cost you a lot. I hate doing it.
MARIA VARMAZIS. One bitcoin.
CAROLE THERIAULT. But I do.
GRAHAM CLULEY. This episode is brought to you by the folks at Privacy.com. Privacy lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. What a fantastic idea that is, and a great way of keeping your details out of the hands of the bad guys. Right now, new customers will automatically get $5 to spend on their first purchase. All you've got to do is go to privacy.com/smashing to sign up now. And thanks to privacy.com for supporting the show. Cybercrime is at an all-time high and it's not slowing down, so why should you? This August, you are invited to Security Summer School, a brand new webinar series series hosted by the 1Password team. Learn from security experts at top organizations, hear about sizzling security trends, and get quick tips for building a culture of security at home and at work. You can get exclusive perks like 1Password swag for attending events, the chance to network with top security leaders, and much, much more. Find out more and enroll now at www.smashingsecurity.com. Www.onepasswordsummerschool.com. That's www.onepasswordsummerschool, all one word,.com. And welcome back, and you join us for our favourite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week.
MARIA VARMAZIS. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or app, whatever they wish. It doesn't have to be security related necessarily.
CAROLE THERIAULT. Better not be.
GRAHAM CLULEY. Well, my pick of the week this week is not security related.
CAROLE THERIAULT. Excellent.
GRAHAM CLULEY. My pick of the week this week is musical.
CAROLE THERIAULT. Oh, mine is too.
GRAHAM CLULEY. Oh, is it?
CAROLE THERIAULT. Interesting. Okay.
MARIA VARMAZIS. Interesting.
GRAHAM CLULEY. Well, it's musical related. Not musical as in, you know, show tunes, but it is a documentary on Netflix all about Miles Davis.
MARIA VARMAZIS. Oh yeah.
GRAHAM CLULEY. It's called Miles Davis: This Birth of the Cool.
CAROLE THERIAULT. That is so weird. I was just talking this week about Miles Davis to somebody. Yeah, because I was listening to it. I was doing some painting and it was pretty awesome. Yeah.
GRAHAM CLULEY. Interesting. Anyway, it's a great documentary all about the origins of Miles Davis, where he came from, how he revolutionised jazz with his trumpet.
CAROLE THERIAULT. Do you like him?
GRAHAM CLULEY. Well, I— okay, here's the thing. Thing. First of all, interesting question. Do I like him or do I like his music? I think Miles Davis is a rather difficult character to like. He wasn't necessarily a terribly nice chap.
CAROLE THERIAULT. Okay, so this show goes into that, I'm guessing, the private—
GRAHAM CLULEY. Oh yeah.
MARIA VARMAZIS. Art versus artist. Yes.
CAROLE THERIAULT. I know absolutely nothing about that, actually. I know his music fairly, medium well.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. Because my dad was a fan, so I kind of got exposed really young.
GRAHAM CLULEY. So some of his music is much more accessible than others. So if you were to, for instance, he had an album called A Kind of Blue, which is very famous, came out in the late 1950s. It's an amazing piece of work, very accessible, I would think, to most people.
MARIA VARMAZIS. Yes.
GRAHAM CLULEY. It's beautiful and all the rest of it.
MARIA VARMAZIS. Yes.
GRAHAM CLULEY. But by the time you get to the late '60s and early '70s, there is a, what is considered a groundbreaking LP, which he did in around about 1971 called Bitch's Brew.
MARIA VARMAZIS. Mm-hmm.
GRAHAM CLULEY. Mm-hmm. And which I have heard, and I was thinking thinking, what on earth is this?
CAROLE THERIAULT. Maybe your ear is not refined enough to appreciate it.
GRAHAM CLULEY. Oh, here's the thing, Carl. The reason why I was listening to Bitches Brew is that I was invited to a concert to see a group perform the Bitches Brew LP in its entirety. So I thought I'd better listen to it in advance. So I've got to think. And then I started listening to it, thinking, oh my God, how am I going to tell But when I saw it live, the magic of live performances, if you remember those, yeah, I actually thought this is pretty cool and I actually enjoyed it seeing people perform it. I really enjoyed listening to it on Spotify.
CAROLE THERIAULT. Do you know what though? I would put it to you, Graham, that you could now listen to it on Spotify or wherever and you might find it much more exhilarating because I've seen quite a few Jazz Acts in my time.
GRAHAM CLULEY. I think you're probably right. I think I probably could.
CAROLE THERIAULT. What a whole new cool world to explore. I'm so pleased for you.
GRAHAM CLULEY. Indeed. And I will be wearing my turtleneck from now on.
MARIA VARMAZIS. Snapping.
GRAHAM CLULEY. Go check out Miles Davis: Birth of the Cool on Netflix. Great documentary, really interesting. And, uh, you can understand why people rave quite so much about Miles Davis. And that is my pick of the week.
CAROLE THERIAULT. Well, Miles Davis's music.
MARIA VARMAZIS. Yes, yes, yes, yes.
CAROLE THERIAULT. And I just made that point. I just want to underline it. Yeah.
GRAHAM CLULEY. Maria, what's your pick of the week?
MARIA VARMAZIS. My pick of the week is a show that is returning for its third season, uh, right now actually. I think it's coming out in the next few days, so when this episode airs, it'll be like the premiere. The show is called What We Do in the Shadows, and, um, I did not think I was gonna enjoy the show because it uses my least favorite recent innovation uh, of comedy, which is like that fake documentary thing that The Office made very popular. I can't stand that whole thing. I just can't. I think it's just— at least to me, it seems overdone now, so I just can't do it.
CAROLE THERIAULT. Yeah, yeah.
MARIA VARMAZIS. No, like, I love the original UK Office. That was really funny. But like, I just can't do— but Jermaine Clement, yes, and Taika Waititi— I think I pronounced his last name correctly. Yeah. So this show is about 3 vampires living on Staten Island now, uh, and it's actually— the show is It's not so much about them as it is about their sort of assistant/familiar, who's the best part of the show. And I don't want to give too much away, but the thing that I like about this show is there's a very clear story that they're following. And it's not just like, we're following them and they have hijinks and it's super funny. Like, there's a very clear story arc that's happening and it's very, very smart. So yeah, you see all these mythical creatures, like werewolves and witches and vampires, as they're sort of just living in modern society and dealing with their dry cleaning and all that kind stuff, um, but also dealing with weird occult stuff from the past.
CAROLE THERIAULT. And it came from a movie, didn't it? Yeah, it was a movie first, which we— I saw on my husband's 40th birthday. I remember it very clearly.
MARIA VARMAZIS. The pilot was successful, now they've made a TV show out of it. So season 3 is starting this week. I have no idea how you watch it outside of the US. I don't know, I'm sure there's a way, but in the US it's on FX and I watch it on Hulu. So, uh, really, really funny show. I enjoy it a great deal, so I'm looking forward to season 3 starting.
CAROLE THERIAULT. Fantastic pick of the week.
GRAHAM CLULEY. Well, Jermaine Clement, he's hilarious. He's from Flight of the Conchords.
CAROLE THERIAULT. Yes, yes.
GRAHAM CLULEY. And that other, that other chap, they're both from Flight of the Conchords.
MARIA VARMAZIS. They're like the dream team. So yeah, they, yeah, basically almost everything they do, I've, I find myself really enjoying it. So yeah, this show's great. And they're in it too, like they, they sometimes make little cameos. And, uh, um, oh my gosh, why am I blanking out? Matt Berry is one of the stars, so like obviously the show's hilarious because he's in it. So I don't know. He's great.
GRAHAM CLULEY. Terrific. Great pick of the week. Carole, what's your pick of the week?
CAROLE THERIAULT. Okay. I invite you guys to go to a website.
MARIA VARMAZIS. Oh yeah.
CAROLE THERIAULT. That website is called radio.garden.
MARIA VARMAZIS. Radio garden. Okay.
CAROLE THERIAULT. Radio.garden. Listeners, you can go too, as long as you're not operating any machinery.
GRAHAM CLULEY. Radio Garden.
CAROLE THERIAULT. Radio dot garden. Yeah, I know, I know what it is, Carole, because we've had it as a Pick of the Week before.
GRAHAM CLULEY. Yeah, episode 215 earlier this year. It was my Pick of the Week. Oh no, this is the second week that someone has come on this show with a Pick of the Week which has already occurred, but this is the first time I think that a co-host has actually had the audacity to bring a Pick of the Week.
CAROLE THERIAULT. Do you really think it was— do you really think it was audacious of me, or do you think that I just didn't go double check.
GRAHAM CLULEY. I just think you can't have been paying attention on that previous episode and thought, that's a great Pick of the Week, Graham. I, I'm— and would remember that I brought it to the show before, and now you've brought it. What are you going to do about this, Carole? Are you going to fix this problem?
CAROLE THERIAULT. I was going to carry on talking about my Pick of the Week. That's okay, because maybe someone missed it, and maybe I'm just reinforcing your excellent, excellent Pick of the Week, which, if you'd let me finish, I would have said Graham mentioned this in an earlier show, and you know what? He was right. I'm right now listening to stations in, uh, Bryn Mawr, right?
GRAHAM CLULEY. Explain what it is. It's worldwide radio. Well, they should do. Episode 215. Zoe Kleinman knows, she was on that show.
MARIA VARMAZIS. Wow, you remember the guests and everything.
CAROLE THERIAULT. No, he's looking at his— he's looked— he searched for it, of course.
GRAHAM CLULEY. Oh yeah, because we have a page on our website, Maria, where we list all of our picks of the week. Yeah.
CAROLE THERIAULT. Thanks to our wonderful listeners. But we've been doing this show a long time. So listen, Radio Garden, international radio, but it's done very cutely because you have a little globe that you can spin around and then you can get to, you know, I was worried it had already been mentioned, but I thought, fuck it, I'm going for it anyway. You can actually click. So if you go to the site, for example, why don't you go look close to your hometown, Maria?
MARIA VARMAZIS. Yes.
GRAHAM CLULEY. I'm not.
CAROLE THERIAULT. Yeah, and you may find one close by, and then you can kind of play it and listen to what music is being streamed 24/7 from that station. So that's the one rule, they have to stream at all times.
MARIA VARMAZIS. Yes, so my hometown has one. Yeah, yes, Radio Uganda.
GRAHAM CLULEY. Is that your hometown?
MARIA VARMAZIS. Yes, we have one of the largest Ugandan diaspora populations in the world. Oh, here are they. Yep. So I'm not—
GRAHAM CLULEY. well, I never—
MARIA VARMAZIS. yep. So we've— Radio—
CAROLE THERIAULT. I've been enjoying music in France a lot recently. That's where I've been hanging out. But anyway, Graham, I just wanted to say I supported your earlier pick of the week. I didn't know about it at the time, but I've had time to look at it and I think it's excellent. And I think, well done you for coming with such a great pick of the week way back when. That's radio.gardenpeople.
GRAHAM CLULEY. Tune in next week for a repeat of this week's episode.
CAROLE THERIAULT. Oh God.
GRAHAM CLULEY. Well, no, no, you know, it's just, you know, Yeah.
CAROLE THERIAULT. I think it was a good save. I think you should give me the save.
GRAHAM CLULEY. Oh no, you've kind of saved it.
CAROLE THERIAULT. Thank you. You're welcome.
GRAHAM CLULEY. Let the listeners decide.
CAROLE THERIAULT. They will decide. They understand.
GRAHAM CLULEY. Yeah. I'm sure they understand what's happened. Whether they're impressed or not is a whole different matter. And on that rather unsatisfactory denouement to the episode, we have just about Wrap it up.
CAROLE THERIAULT. Listeners, shame me publicly. That would be so fun. Yeah, that'd be really fun. I'd love that so much.
MARIA VARMAZIS. It counts as engagement. We need it. It's good.
CAROLE THERIAULT. Shut up, Maria.
GRAHAM CLULEY. Maria, and I know people will have heard this bit before, but I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
MARIA VARMAZIS. Go to stickypickles.com.
CAROLE THERIAULT. We'll be back soon.
MARIA VARMAZIS. Yeah, we'll be back soon. So we'll probably be recording this week. So, um, yeah, yeah, seriously, I don't, I don't use Twitter for much anymore, and, uh, Sticky Pickles is where I'm spending the rest of my time. So follow me there.
GRAHAM CLULEY. You can, you can follow us on Twitter at Smashing Security, no G. Twitter allows to have a G. And we also have a Smashing Security subreddit. And please don't forget to ensure that you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Google Podcasts.
CAROLE THERIAULT. Thanks to this week's episode sponsors, privacy.com and 1Password, and to our wonderful Patreon community. It's thanks to them all that this show is free. For episode show notes, sponsorship information, guest list, and the entire back catalog of more than 240 episodes, check out smashingsecurity.com.
GRAHAM CLULEY. Where there's also a list of all of our past picks of the week.
CAROLE THERIAULT. Yes, we're talking about that.
GRAHAM CLULEY. And until next time.
MARIA VARMAZIS. Whoops.
GRAHAM CLULEY. Cheerio! Bye-bye!
CAROLE THERIAULT. Don't hate me, listeners. Bye-bye! Thanks, thanks for the public scolding there, Dad. Mommy and Daddy are fighting. I don't like it. Didn't I have your back earlier today in a non-public fashion? Did I not?
GRAHAM CLULEY. Yeah, you do. You're all right.
CAROLE THERIAULT. Exactly. So, just saying.
MARIA VARMAZIS. Don't fight, you two.
CAROLE THERIAULT. This makes me sad. I'm not bothered. I kind of, honestly, I had a nagging suspicion it had come on the pick the week before because I'd remembered the globe somehow, the visual. I wouldn't remember the name, but I remembered looking at the visual. And then I'd already, yeah. So then I just thought, you know what? He'll remind me, I'm sure. And you did within 10 seconds. So, well done, you, Chris. No clue.
GRAHAM CLULEY. Yeah, I was like, I'm right on.
CAROLE THERIAULT. You were like lightning. Yeah, you still got it, guy. You still got it.
MARIA VARMAZIS. I'm amazed that you remember. I'm amazed that you remember.
GRAHAM CLULEY. Of course it was yours, so of course it was my pick of the week. Yeah, yeah.
MARIA VARMAZIS. But after so many episodes, doesn't it all become like a—
GRAHAM CLULEY. like, do you know the blood, sweat, and tears that are created trying to think of a pick of the week each week? You remember your past picks of the week. We don't remember what we say about cybersecurity, but we remember the picks of the week.
MARIA VARMAZIS. Yeah, I don't remember my past ones, honestly. I'm amazed that you do.
CAROLE THERIAULT. Yeah, I'm amazed as well. And pleased, Graham. It was a test.
MARIA VARMAZIS. Oh, oh, you passed.
-- TRANSCRIPT ENDS --