A married couple are accused of selling nuclear sub secrets, Facebook continues to make young lives a misery, and a school hacker lets loose one heck of a prank.
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/247 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
Links:
- Maryland Nuclear Engineer and Spouse Arrested on Espionage-Related Charges — US Department of Justice.
- Couple charged with leaking US nuclear sub designs — The Register.
- Facebook will add new safety features, notably for teens, after whistleblower leak — CNBC.
- Unfollow Everything cease-and-desist letter from Facebook — Louis Barclay.
- IoT Hacking and Rickrolling My High School District — WhiteHoodHacker.
- Board Game Arena — Play board games online from your browser.
- Foundation — Official Trailer — YouTube.
- Foundation — Apple TV.
- Film Courage.
- Film Courage — YouTube.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
GRAHAM CLULEY. Peanut butter is fairly toxic, isn't it? It is a bit like plutonium. It does have a half-life, peanut butter, doesn't it?
CAROLE THERIAULT. I can't imagine that does any good for the actual device inside.
GRAHAM CLULEY. It's wrapped in plastic.
CAROLE THERIAULT. Oh, not the sandwich!
GRAHAM CLULEY. Sorry. Well, maybe. Maybe the sandwich causes the problem.
MARIA VARMAZIS. I mean, also maybe the sandwich.
CAROLE THERIAULT. Okay, I honestly— okay, okay.
MARIA VARMAZIS. You know what? I feel like we need to do a Smashing Security Investigates segment where we reenact this.
UNKNOWN. Smashing Security, episode 247, Rickrolling Submarine Secrets, with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 247. My name's Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. And this week on the show, Carole, it's a returning guest. It's the fun time family favorite that is Maria Varmazis.
MARIA VARMAZIS. Wow.
CAROLE THERIAULT. Sorry, Maria.
MARIA VARMAZIS. Wow.
CAROLE THERIAULT. Thank you.
MARIA VARMAZIS. No, fun time family favorite.
GRAHAM CLULEY. Yeah, family favorite.
MARIA VARMAZIS. Your children love me.
GRAHAM CLULEY. Well, everyone loves Maria, don't they?
MARIA VARMAZIS. No, I love Maria.
CAROLE THERIAULT. I can't speak for anyone else, but I do.
MARIA VARMAZIS. I can tell you definitively there are people who definitely do not like me. If only my life was that everybody liked me, right?
GRAHAM CLULEY. Oh, oh dear. On that cheery note, should we get on with the show?
CAROLE THERIAULT. Yeah, let's thank this week's sponsor, 1Password.
GRAHAM CLULEY. It's supported—
CAROLE THERIAULT. help us you this show for free. Now coming up on today's show, Graham, what do you got?
GRAHAM CLULEY. Oh, I'm going to be going deep down underwater investigating submarines and secrets.
CAROLE THERIAULT. Everyone picture it, Graham in goggles. Maria, what about you?
MARIA VARMAZIS. There's this thing called Facebook. I don't know if you've heard about it.
CAROLE THERIAULT. No.
MARIA VARMAZIS. Might be talking about it. Yeah.
CAROLE THERIAULT. Okay. And I'm going to be visiting a teen who tries to teach us all a big lesson. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chums, chums, how good are you at keeping secrets?
MARIA VARMAZIS. Oh, garbage. Absolute garbage. Yeah.
CAROLE THERIAULT. I don't know. I think it's a really hard question. I think most people think they're great at it, but people aren't. I like to think I'm great at it.
GRAHAM CLULEY. Right. Okay.
CAROLE THERIAULT. Depends on the secret though.
GRAHAM CLULEY. Yeah, it does.
CAROLE THERIAULT. I put my own judgment on it. And then that's not necessarily the judgment of the person who told me.
GRAHAM CLULEY. No, that's a problem, isn't it? Because you might think it's less of a secret than someone else or, you know, Someone may be really, really particular about you not revealing their habit when it comes to toenail clippings or something like that. And you just think, well, that's harmless. I can tell my friend Bruce about that. And before you know it—
CAROLE THERIAULT. Yeah, it turns out they were dating and Bruce doesn't want to date him anymore. The toenail issue. And you screwed everything up.
MARIA VARMAZIS. That sounds like a sticky pickle. I'm just putting it out there.
GRAHAM CLULEY. Make a note. Make a note.
MARIA VARMAZIS. You were wondering when it was going to happen. I know somebody was wondering.
GRAHAM CLULEY. Well, talking of toenails.
CAROLE THERIAULT. We weren't, but okay.
GRAHAM CLULEY. Well, I want to talk to you about Jonathan and Diana Toebe. Look, I don't know how to pronounce this. Maria, you're an American. Here is how their surname is spelt. You just simply don't have surnames like this in England. Okay. T-O-E-B-B-E. Toebe? Toebe? Toebe? Toebe?
MARIA VARMAZIS. I'm gonna guess it's Toby.
GRAHAM CLULEY. Toby. It's a weird way of spelling Toby though, isn't it?
CAROLE THERIAULT. It's the best way for the show. Toby.
GRAHAM CLULEY. Okay. Toby. Okay, let's say Jonathan, Diana, Toby from Annapolis, Maryland. Or is it Maryland? Maryland, Maryland, Maryland.
MARIA VARMAZIS. Now I'm pronouncing it weird. Maryland, Maryland, Maryland.
GRAHAM CLULEY. Why do you keep repeating it? Maryland, Maryland. They were arrested last Saturday and they stand accused of selling some secrets. They gave away some secrets, albeit for money. Highly restricted information about a highly sensitive subject. The sensitive subject was the design plans of a nuclear powered submarine.
CAROLE THERIAULT. Okay, so who are these people? Would they just grab these off a webpage or.
GRAHAM CLULEY. No, no, no, no, no, no, no, no, no.
MARIA VARMAZIS. We found these on Chair! Love it! They're on my inspo board.
GRAHAM CLULEY. Jonathan Tobey, he actually works for the US Navy, specifically as a nuclear engineer inside their nuclear propulsion program.
CAROLE THERIAULT. Oh, so he actually knows a thing or two about these things.
GRAHAM CLULEY. Yeah, I'm imagining he's someone a bit like Scotty on the Enterprise with the dilithium crystals.
MARIA VARMAZIS. He's the guy.
GRAHAM CLULEY. Yeah, he is the man. If you want the engines to work, he's the guy that you go to. And he's gonna say, "Oh, Captain." "Can he push it harder, Captain?" "Yeah, we cannot. Engines cannot take it, Captain." It's actually quite a convincing accent.
MARIA VARMAZIS. Yeah, yeah. You took me there.
GRAHAM CLULEY. Now, now, he had all kinds of top-level national security clearance, which gave him access to restricted data. Including information related to the Navy's nuclear propulsion systems, sensitive design information, etc. Now, if you had that kind of access to that kind of information, who would you sell it to? Who would you sell the top-secret information to?
MARIA VARMAZIS. Did I value my life or no? I mean, God, I'm a good American. Selling it to anybody would not—
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Who'd be interested in a submarine?
CAROLE THERIAULT. Who would you sell it to, Graham?
GRAHAM CLULEY. Oh, oh, oh, back at me, eh? I think maybe— well, there's a few contenders.
CAROLE THERIAULT. Oh, really?
GRAHAM CLULEY. Submarine designers. I'm thinking Elon Musk. He might want a personal nuclear submarine. Ringo Starr, of course. He's very keen on submarines as well. I'm not sure who else.
CAROLE THERIAULT. So basically, you're telling everybody your ethic level is about 0 out of 10.
GRAHAM CLULEY. Well, no. Oh, I see. Because they're secrets, you don't think I should sell these? Well, probably not, because I would get into a bit of bother, wouldn't I, if it was?
MARIA VARMAZIS. Probably not. A bit of bother. Nuclear submarine.
GRAHAM CLULEY. Mm. Well, according to the authorities who arrested the Tobys, Jonathan Toby sent a package to an unnamed foreign government. So he parcelled up some information. It contained some restricted Navy documents.
MARIA VARMAZIS. Aye.
GRAHAM CLULEY. And also instructions on how to open a secure channel for further communication with him. And he wrote in this, he wrote a little note. He said, please forward this letter to your military intelligence agency. I believe this information will be of great value to your nation. This is not a hoax.
CAROLE THERIAULT. Okay, so he didn't sell it. He handed it over.
GRAHAM CLULEY. Oh, well, at this stage, he's just opening up the communications and I've got something. Oh, I see.
CAROLE THERIAULT. Saying like, here's a little taster.
GRAHAM CLULEY. If you want more, then get in touch.
CAROLE THERIAULT. Get some wonga and call me up.
GRAHAM CLULEY. Right. You know, contact me on my ProtonMail address or something.
CAROLE THERIAULT. Oh my God.
GRAHAM CLULEY. And we'll speak that way. Now, he sent this to this foreign government, which hasn't been named, on April 1st, 2020, which I think, if you're trying to convince someone something is not a hoax—
MARIA VARMAZIS. this is definitely real—
GRAHAM CLULEY. perhaps wasn't the best timing.
CAROLE THERIAULT. Actually, that's very smart from a liability standpoint. If he does get caught, right, this could be one of his arguments going, well, I did send it on April 1st. Of course it was joke.
GRAHAM CLULEY. Oh, he's pulling an April Fool on the FBI and the US Department of Justice. That's—
MARIA VARMAZIS. no take-backsies. Don't know if you know, but that's admissible in the court of law. Like, they say, oh, it's the April 1st offense. Well, we've got nothing.
GRAHAM CLULEY. I was robbing a bank, but it was April 1st, so it's all just a bit of fun.
CAROLE THERIAULT. Of course I was going to give the money back.
MARIA VARMAZIS. Haha, just kidding. Gotcha.
CAROLE THERIAULT. I can't wait to hear how the wife gets involved in this.
GRAHAM CLULEY. Well, the Tobys thought everything was going really well. But unfortunately for them, the foreign government who they approached with these secrets, do you know what they did? You can't rely on any foreign governments these days. What they did was they got in touch with the FBI, with the US authorities, and showed them the letter and said, look, one of your guys.
CAROLE THERIAULT. So that narrows down the countries that they would have maybe sent it to, doesn't it?
GRAHAM CLULEY. It has to be a country which likes America.
CAROLE THERIAULT. Or wants to get in with America.
GRAHAM CLULEY. Right, maybe. Exactly. There's not gonna be many. And so somebody thought, "No, we don't want your flippin' nuclear submarine secrets. We'd rather dob you into the FBI." So the FBI got to see this package.
CAROLE THERIAULT. Well, can you imagine if you were the country that took those?
GRAHAM CLULEY. Right?
CAROLE THERIAULT. And then you got caught?
MARIA VARMAZIS. You lift the corner of the paper a little bit, just like to peek, be like, "Maybe, just a little bit." We'll just photocopy it first.
CAROLE THERIAULT. You call up the FBI and you go, "There's good news and bad news. Someone's sent us all the plans." We've seen them.
MARIA VARMAZIS. I've seen everything.
GRAHAM CLULEY. So the FBI have now received the package, and they decide to string the Tobys along. And so they begin to chat over ProtonMail. So Jonathan Toby, he adopts an alias. He calls himself Alice, and the FBI call themselves Bob. So you've got Alice and Bob, which I think is quite, it's a bit nerdy in the crypto world.
MARIA VARMAZIS. That is extremely nerdy.
CAROLE THERIAULT. I have no idea why that's nerdy.
MARIA VARMAZIS. Yeah. Alice and Bob. Those are always the names they use in examples for stuff. Yeah. Oh, I see.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. Okay. So Jack and Jill, that kind of thing.
MARIA VARMAZIS. Kinda, kinda, yeah.
GRAHAM CLULEY. Yeah, maybe. After a bit of to and fro over this encrypted email, they sent Jonathan $10,000 worth of cryptocurrency.
MARIA VARMAZIS. Is that all?
GRAHAM CLULEY. Well, no, this is just at this stage. This is just at this stage.
CAROLE THERIAULT. Let's just say they're good for it. They're good for it.
MARIA VARMAZIS. Yeah, but like he just handed them nuclear sub plans.
CAROLE THERIAULT. I don't think he handed them all. Did he just send like a 10 by 10 piece of—
GRAHAM CLULEY. No, no, this is just the goodwill gesture of, okay, let's start talking.
MARIA VARMAZIS. Oh, okay, okay, sorry.
CAROLE THERIAULT. He ripped off the corner and said, I've got more where this came from. Exactly.
GRAHAM CLULEY. So Jonathan Tobey and his wife Diane, they put the— allegedly, allegedly— they put the sensitive information onto a memory card and they left it.
CAROLE THERIAULT. You want to say that again?
MARIA VARMAZIS. I don't know what just happened to you.
GRAHAM CLULEY. Look, Jonathan and Diane, Toby, allegedly, allegedly, then put the sensitive information onto a memory card and they left it at a dead drop. I love the idea of a dead drop for what they believed was the foreign government to pick it up.
CAROLE THERIAULT. So basically, basically, they duct tape it to the bottom of a mailbox somewhere.
GRAHAM CLULEY. If only, Carole. If only that's what they've done. What they actually did was they took an SD card, they wrapped it up in plastic, and they put it between two slices of half of a peanut butter sandwich.
CAROLE THERIAULT. What?
GRAHAM CLULEY. They put it inside a peanut butter sandwich.
CAROLE THERIAULT. And what, handed a peanut butter sandwich over to the DOJ?
GRAHAM CLULEY. No, they left the peanut butter sandwich at the agreed place.
CAROLE THERIAULT. Like, oh, it's 'cause no one would touch a peanut butter sandwich because—
GRAHAM CLULEY. I wouldn't touch it.
MARIA VARMAZIS. I have a nut allergy. I am not touching that.
GRAHAM CLULEY. Exactly.
MARIA VARMAZIS. No, I do not. Yeah, yeah.
GRAHAM CLULEY. They obviously thought pigeons wouldn't attack it either.
CAROLE THERIAULT. Okay. They obviously have a lot of faith in the memory card construction so that that gunk—
MARIA VARMAZIS. Well, it's wrapped in plastic.
GRAHAM CLULEY. Yeah, I know, but peanut butter is fairly toxic, isn't it? It is a bit like plutonium. It does have a half-life, peanut butter, doesn't it?
CAROLE THERIAULT. But I'm just thinking, I can't imagine that does any good for the actual piece of the device inside.
GRAHAM CLULEY. It's wrapped in plastic.
CAROLE THERIAULT. Oh, not the sandwich.
GRAHAM CLULEY. Well, maybe, maybe the sandwich.
MARIA VARMAZIS. Also maybe the sandwich.
CAROLE THERIAULT. Okay, I honestly— okay, okay, okay.
MARIA VARMAZIS. You know what, I feel like we need to do a Smashing Security Investigates segment where we reenact this. Take an SD card, put it in like a dime bag, put that in between two slathered slices of bread with peanut butter and jelly, because peanut butter sandwich always has jelly. Right? And then leave it to the elements and find out, will anybody actually steal national secrets? Okay, anyway.
GRAHAM CLULEY. Well, the FBI picked up this half a sandwich and retrieved the SD card.
MARIA VARMAZIS. And did they eat the sandwich?
CAROLE THERIAULT. Yeah, they must have suggested the sandwich. They must have, 'cause they were leading them on.
MARIA VARMAZIS. No, no, no, no.
GRAHAM CLULEY. This was the Navy guy. Allegedly, it was the Navy guy, because the FBI actually praised Alice, as we will call him, for his suggestions on how to manage the whole dead drop situation and transfer the information.
MARIA VARMAZIS. Was the sandwich inside like a lunchbox, like a kid's lunchbox?
GRAHAM CLULEY. This is all excellent detail which—
MARIA VARMAZIS. Little Bobby Drop Tables, you forgot your lunch at school today. Here you go.
GRAHAM CLULEY. I don't know. I don't know. We're going to have to leave that for a more serious podcast to investigate that.
MARIA VARMAZIS. Okay.
GRAHAM CLULEY. What I can tell you is that later there was another SD card delivered to the dead drop. This time hidden in a packet of chewing gum. And Alice, aka Jonathan Tobey, was paid $70,000 in cryptocurrency for that particular drop.
MARIA VARMAZIS. Okay.
GRAHAM CLULEY. So each time, after each dead drop, Tobey would allegedly send through a decryption key to Bob or Alice. I've lost track now. I think Bob is the FBI. And they would say, look, this will decrypt the data. And the FBI did confirm that the cards really did contain encrypted data. Which was decrypted with that decryption key, related to nuclear reactors on submarines.
CAROLE THERIAULT. So it wasn't like he screwed them around a bit and changed the drawings. They were the actual plans for the submarine.
GRAHAM CLULEY. So it is alleged, yes.
CAROLE THERIAULT. Right.
GRAHAM CLULEY. And in addition, while still using his pseudonym of Alice, this chap who has been arrested, he is reported to have told his FBI contact, who remember, he believed to be a foreign government. He said that he had actually been collecting data over several years in the normal course of his job. And to avoid attracting attention, he was smuggling it out past security checkpoints a few pages at a time. So I don't know, he's shoving it in his underpants. I wonder why. Well, maybe he was thinking that his pension wasn't going to be that good.
CAROLE THERIAULT. No, this is a big deal, right? This is not like stealing a few burgers from your McDonald's job or something. This is like serious big shit.
GRAHAM CLULEY. You could try stealing burgers, Carole, and then going to the Chinese government or someone like that and saying, look, I've got some burgers for you. I can hide them amid half a peanut butter sandwich. Are you interested?
CAROLE THERIAULT. But I'll wrap them in plastic, so don't worry.
GRAHAM CLULEY. To be honest, they probably wouldn't approach the FBI with that information. So you're at least safe from that point of view.
MARIA VARMAZIS. Yeah, but his quote reveals that he was— this was not like a, you know, he was about to get sacked or something. And suddenly he's— he was planning this over years. That is really serious. Yeah, that's honestly really disconcerting.
CAROLE THERIAULT. And how is the wife— why is the wife involved in this? Why has she been arrested?
GRAHAM CLULEY. Well, she was an accessory, is the allegation. She knew about this and was part of the operation. Maybe she was the one who made the sandwiches.
MARIA VARMAZIS. There you go.
GRAHAM CLULEY. Do I cut them into triangles? Do I cut off the crusts?
MARIA VARMAZIS. Oh my God.
GRAHAM CLULEY. Maria, what have you got for us this week?
MARIA VARMAZIS. Uh, well, um, I heard last week there was some shit that went down on Facebook. I don't know if you guys heard about that, or I don't know, covered it in your last episode.
GRAHAM CLULEY. I think Facebook went down was the story, wasn't it?
MARIA VARMAZIS. Yes, Facebook did go down, and, uh, you guys covered it in your last week's episode with, uh, with Chris. So, um, I thought I would do a little follow-up this week, not on Facebook going down, but on the concurrent Facebook issue that you also covered a little bit, which was the whistleblower.
GRAHAM CLULEY. Yeah.
MARIA VARMAZIS. So in response to the big Facebook whistleblower story that went down last week, uh, Facebook says that it's, it's working on a response.
GRAHAM CLULEY. Oh good.
MARIA VARMAZIS. So there was a whole litany of things that the Facebook whistleblower brought to bear, but a lot of them were essentially that Facebook knows how bad, uh, their content is, especially for like young women and young girls, and, and how it basically promotes eating disorders. It knows that it serves up a lot of very divisive, to put it mildly, and misinformed political content to people who are not looking for it and kind of almost actively serves it up. And that a lot of this information has been known at Facebook for a long time, and they've sort of chosen to look the other way or have not used tools available to them to make these problems less bad.
CAROLE THERIAULT. So it'd be like, for example, if I had an eating disorder like anorexia and I went on Facebook looking for that, the ads served up might be about dieting. For example. Yeah, stuff.
MARIA VARMAZIS. Yeah, that kind of thing. Or, or just if you are looking at photos of people living their best life who are very, very skinny, uh, maybe surgically enhanced, and you're just going to see more and more and more and more and more content like that because there is a lot of it, like on Instagram especially. So it's just going to give you— if you click on it once, they're going to serve it up to you ad nauseam, and it'll be almost impossible for you to escape, to the point that it's like you're being mentally waterboarded with this stuff.
GRAHAM CLULEY. It's like their algorithms are too good.
MARIA VARMAZIS. Mm-hmm, kind of.
GRAHAM CLULEY. Not good in a good way, obviously, but they're very good at giving you more of the kind of thing which you liked before.
MARIA VARMAZIS. Like a golden retriever, super, super eager to please. Like, just, oh my gosh, oh my gosh, this is what you want, I'm gonna give you more of it. Yeah, like, please stop. No, I'm good, thank you. Yeah, so yeah, the whistleblower allegations just came to light, and actually there— I read this morning that I think a second whistleblower is going to be testifying soon. But yeah, should be interesting. Um, but in the meantime, the Facebook vice president of global affairs, Nick Clay, Clegg went on a lot of the TV networks over the last couple days and has been doing a lot of damage control, or at least trying to.
CAROLE THERIAULT. Imagine Mark calls him up, Nick, sort this now, you can fix it.
MARIA VARMAZIS. Yeah, uh, so he, he assures everyone, please stay calm, we're working on new tools to make things better and address the whistleblower's complaints. So I was really curious, like, what, what exactly does that mean? And, uh, Clegg's details are kind of scant. I imagine it sounds like things are kind of scrambling right now, but And one of the things that Clegg said was, you know, if we see a Facebook or Instagram user who's been using our stuff for too long, we're going to encourage them to take a break.
CAROLE THERIAULT. Oh, so what? So yeah, so if someone's, you know, swiping for over an hour or two, they'll go, hey, why don't you not?
GRAHAM CLULEY. I think I heard they do that on some other social networks. I think I heard they do that on TikTok.
MARIA VARMAZIS. I've never used TikTok, but Maybe go outside and, and, you know, breathe some fresh air and take a walk or something.
GRAHAM CLULEY. Yeah, but you know what, if I'm binging on a TV series and I've just watched 8 episodes in a row, my TV— it's kind of embarrassing, isn't it?
MARIA VARMAZIS. It's judgy.
GRAHAM CLULEY. It's—
CAROLE THERIAULT. all of ours do it. All of ours do it.
GRAHAM CLULEY. It pops up and says, are you really still watching, or are you asleep in front of your TV?
MARIA VARMAZIS. Yeah, but they added this new button that says, no, I'm seriously still watching, and stop asking, which I do appreciate because it's like, no, I am marathoning Arrested Development for the time, stop asking. Yeah, something like that. So yeah, it's gonna gently encourage users to take a break. Well, you know, it sounds really, really helpful.
CAROLE THERIAULT. Doesn't really feel like an answer.
MARIA VARMAZIS. Yeah, yeah, it's okay, take a break. Okay, great. If you have a young child or teen that's looking at tons of pictures of people who are, you know, plastic surgery models living their best athletic skinny life, Facebook says they might give them a gentle nudge to maybe look at something else.
GRAHAM CLULEY. And here are some happy fat people for you to look at, right?
CAROLE THERIAULT. Happy fats, exactly.
MARIA VARMAZIS. And the Instagram platform that Facebook said they were going to make for users that were 13 and under that they paused— Clegg says that's actually part of their solution to make Facebook and Instagram better. So it doesn't sound like that whole thing's been shelved.
GRAHAM CLULEY. I'm pretty sure, I'm pretty sure that that isn't part of the solution, is it?
MARIA VARMAZIS. Right?
GRAHAM CLULEY. Yeah, producing on Instagram for kids under 13.
MARIA VARMAZIS. No, no, no, they're not. They're, they're gonna actually make it for real, and that's gonna be their grand solution for making it better. So yeah, all right. Oh, and on the more Facebook-y side of things, uh, Clegg says that they're going to be sending data on the content that they publish every 12 weeks to an independent audit because they, quote, need to be held to account. Yeah, that sounds like— I don't know, it's like that's all we know. That's just a whole lot of nothing.
CAROLE THERIAULT. It's ironic for me still to think of Clegg as the daddy of this whole episode Right. Because if Zuckerberg was out there doing all these messages, no one would even listen to them.
MARIA VARMAZIS. Yeah.
CAROLE THERIAULT. Somehow is the dad of the, you know, yeah, we trust this guy.
GRAHAM CLULEY. We have a very strange relationship with Nick Clegg being British because he used to be leader of a political party over here and then he was deputy prime minister, wasn't he?
MARIA VARMAZIS. Well, Facebook's basically a massive country, right? I mean, how many? It's like bigger than India in terms of people, right? I mean, it's just a massive nation. So anyway, that's terrifying.
CAROLE THERIAULT. Extremely terrifying.
MARIA VARMAZIS. Yes.
GRAHAM CLULEY. This doesn't feel like a really terribly good fix. It feels like a little bit of a Band-Aid just to say, oh, we've done something. We're telling people to take a break.
MARIA VARMAZIS. It's like, how did Facebook not see any of this coming? Like, I just don't understand why this is such an anemic response. It's like, I don't get it.
GRAHAM CLULEY. It did know. It just didn't care, I think, is the truth. It wasn't a priority for them. I think they've just cared about the balance sheet.
MARIA VARMAZIS. That's very true. That's very true.
CAROLE THERIAULT. But they can't say that and win favor.
MARIA VARMAZIS. So no, no.
CAROLE THERIAULT. Yeah, so taking this seriously, I need to be held to account.
MARIA VARMAZIS. You tell us, hold us to account. Yes. Uh, yeah, so the goal Facebook says is to limit political content for some users and give parents more control over what their kids see on Facebook and Instagram. That's what they said.
CAROLE THERIAULT. They make it their problem. Exactly.
MARIA VARMAZIS. Yeah, so I like how they said to limit political content for some users. So that qualification is like, okay, that's very interesting that that they felt the need to say that. So, you know, keep watch the space on that front and I guess don't keep your expectations too high. But what I did think was interesting is some people have been trying to take things into their own hands to make Facebook a better platform. And I don't know if you talked about this in the past about a developer who got a really nasty letter from Facebook about this. Lewis Barclay or Louis Barclay. He is a UK-based developer and he got a letter in July from Facebook for his Unfollow Everything extension. Oh yes, did you hear about this? Yeah.
CAROLE THERIAULT. So, oh, and he got us— he got a cease and desist letter from Facebook.
MARIA VARMAZIS. Yeah, because his extension not only mass unfollows friends, pages, and groups, I mean, it, it basically completely removes the news feed from Facebook. So if you're one of those people like me who can't completely leave the platform because your entire family's on there and that's how, you know, friends organize events and schools organize how they talk to you about student issues, but you really just don't want to use it and you don't want to see people's political nonsense. That was his solution, was sort of just like, get rid of the part of the site that sucks, um, and just use it to talk to friends and that's it. But when he did this, Facebook sent him a letter saying that this violated their terms of service, and he himself— not just his app, but he himself— is actually now permabanned from all of their products as a result.
CAROLE THERIAULT. Oh my God, he must be crying.
MARIA VARMAZIS. Yeah, I'm sure he's real sad, right? But he tried to actually make it workable for him. And as a result, he can no longer use it at all. So I thought that was very interesting.
GRAHAM CLULEY. I don't see why Facebook couldn't introduce that technology themselves and say, okay, if you really aren't interested in the newsfeed, you can turn all of that off and just use it to chat to each other.
CAROLE THERIAULT. Yeah, you don't have to see any ads. In fact, let's just stop making money and we'll just give it to you all for free. And we'll just walk away and let it happen.
GRAHAM CLULEY. You'll still be able to put things in the sidebar.
MARIA VARMAZIS. You remember Facebook 2006? We'll bring back pokes and, you know, pokes.
GRAHAM CLULEY. As well. Can you bite people as a vampire or something?
MARIA VARMAZIS. Oh yeah, Farmville, bring all that back. Yeah, bring, bring Mafia Wars back. Yeah, 2010 Facebook. Yeah, no, I, you know, it becomes very difficult to extricate yourself. And there's been a lot of discussion, we've talked about it so many times on the show, and there's been a lot of discussion again from people being like, I need to get off this damn platform but it feels impossible. And I know you talked about it last week too, so if you can Run away.
CAROLE THERIAULT. But of course I'd say that.
MARIA VARMAZIS. Yeah, it's, it's, uh, it's— if you can get, get off of it.
GRAHAM CLULEY. But, um, yeah, a lot of people have trouble getting off, don't they?
MARIA VARMAZIS. A lot of people do have trouble getting off. Graham, tell us more about that. I don't know.
CAROLE THERIAULT. No, stop.
GRAHAM CLULEY. Carole, what have you got for us this week?
CAROLE THERIAULT. So gather around, my lovely little co-hosts, and listen to this, which is a tale told to us by longtime Smashing Security listener Stijn. I think that's how I say his name. S-T-I-J-N. What do you think?
GRAHAM CLULEY. I always thought Stein.
CAROLE THERIAULT. Yeah, Stein. Stijn. Tell us. All right, we are heading to Illinois, okay? More specifically, the Township High School District 214 in Cook County, Illinois.
MARIA VARMAZIS. I know it well.
GRAHAM CLULEY. Know it well.
CAROLE THERIAULT. In Illinois.
MARIA VARMAZIS. Yes.
CAROLE THERIAULT. So, so So this township has almost 12,000 students in grades 9 to 12, okay? And 5,000 staff about to look after those 12,000 students. Now listen to this. According to their test scores, 52% of the students are at least proficient in math and 49% in reading. And this seems to be like a really like, isn't this great, guys? I found that quite shocking.
GRAHAM CLULEY. Less than half of them are capable of reading.
CAROLE THERIAULT. Yeah. And like grade 9, how old are you? You're what, 14?
GRAHAM CLULEY. I'm not, no. Oh, you mean grade 9? I don't know.
MARIA VARMAZIS. 9th grade. That sounds about right. 13, 14? Right? Yeah.
CAROLE THERIAULT. Anyway, so I was surprised at the numbers. So half can do math and less than half can read. There are 6 schools, okay? And one of these schools in freshman year, so I guess 5 years ago because he's a senior now, this kid gets curious about tech. And the tech landscape. And by curious, I mean he soon ends up port scanning the entire IP range of the internal district network. A few of his bud buds. Okay. Okay. This is when he's a freshman. And the scanning generated so much traffic that the school's tech supervisor caught wind of it and asked them to stop.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. But by then, they had finished scanning the first half of the district's 10.0.0.0 address space, a total of of 8 million IPs. Okay?
MARIA VARMAZIS. Okay.
CAROLE THERIAULT. So in doing this IP scanning, they found various devices that were exposed on the district network, like printers and IP phones and even security cameras that didn't have any password authentication. And apparently the district tech team was informed about this issue at the time, and then they responded by placing the cameras behind ACL restrictions or access control list. So, okay, so basically they said, hey, this is open. And the technicians came along and said, okay, I'm going to make, I'm going to block this. But many devices remained exposed during the student network. More importantly, the IPTV system. So this is what they use to broadcast live video, such as text carousels or morning announcements and all that stuff.
GRAHAM CLULEY. Oh, but this is a school district. It's not as though anyone is going to mess around with that in an unauthorized fashion, surely.
CAROLE THERIAULT. And it turns out that since this kid was a freshman, he has had admin access to the IPTV system.
GRAHAM CLULEY. Right?
MARIA VARMAZIS. Boom. Okay.
CAROLE THERIAULT. Now he's a senior and he wants to prank his school.
MARIA VARMAZIS. Of course he does.
CAROLE THERIAULT. Absolutely. And he wants to use his access to do something memorable. And he thinks, well, why just prank my school when I could, you know, maybe do something across the entire district?
GRAHAM CLULEY. Right?
CAROLE THERIAULT. Right? Because they're all interconnected. And could I spread my prank to across all 6 schools?
MARIA VARMAZIS. Those kindergartners will not know what hit them.
CAROLE THERIAULT. And weirdly, luckily for him— okay, so I want you to think, Maria in particular, because I think Graham might know what happens, but you have to think, what did he do? Okay, so you're gonna try and think of like what his prank was. I'm just gonna give you a few more little hints and you just shout it out if you figure it out.
MARIA VARMAZIS. Okay.
GRAHAM CLULEY. Is it doxy?
MARIA VARMAZIS. I feel like that's kind of too old a reference now for kids that age.
GRAHAM CLULEY. Oh, okay.
CAROLE THERIAULT. He's 17.
MARIA VARMAZIS. Yeah, that's ancient history to him.
CAROLE THERIAULT. I don't even think you should say that word. I'm going to censor that out as Meister. I'm censoring that out.
MARIA VARMAZIS. Bleep.
GRAHAM CLULEY. Is it some sort of lolcat thing? Isn't that what the kids are into these days?
CAROLE THERIAULT. Maybe I can just give a few more examples before we just start guessing wildly.
MARIA VARMAZIS. Right.
CAROLE THERIAULT. And then maybe it might let—
MARIA VARMAZIS. I can guess cheeseburger. Yes.
CAROLE THERIAULT. Now listen, this is really fascinating. Different schools have different start times, right? And they have different class schedules.
MARIA VARMAZIS. Yep.
CAROLE THERIAULT. This was all true before the pandemic.
GRAHAM CLULEY. All right.
CAROLE THERIAULT. But conveniently, due to COVID, all the high schools in the districts were now on the same block schedule. So these— his prank in trying to get access to the IPTV system, he knew that they would all be, you know, the morning bell starts at the same time. The end of a particular class is at the same time all the time.
MARIA VARMAZIS. Right.
CAROLE THERIAULT. Across the entire network.
MARIA VARMAZIS. Yep.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. Do you want a hint as to what they may have done?
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. Yeah? Okay.
GRAHAM CLULEY. Yes.
MARIA VARMAZIS. Okay, let me just— Oh, that's a lot more innocent than I would have guessed. That's really sweet.
CAROLE THERIAULT. Okay. They Rickrolled the entire school district, impacting a possible 12,000 students. Students and their teachers, administrators, all that. And as part of their stunt, they sent what they called a pen test report automatically to the technical supervisor's anonymous email address. All right, so it sounds at the moment like that's kind of cute, right? It's not that bad. So in the actual payload, he says, quote, I repeatedly loop commands to keep the Rickroll running. For example, every 10 seconds the display would power on and set to the maximum value. This way, if someone attempted to power off the projector or mute it, it would revert and continue playing. The only way to shut it off would be to pull the plug or change the input source.
GRAHAM CLULEY. Right. Sounds worried.
CAROLE THERIAULT. Think how loud and annoying that would be though. 3 days before they decide to launch this whole attack, right? They discover a brand new big range of IP addresses full of IoT devices. Right? So they do a scan, they find these brand— all these ITO devices. And it turns out it was a recently installed Bell system.
MARIA VARMAZIS. Oh.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. So, you know, all the hallways, all the classrooms have it. And each speaker was connected to an Epic server for the respective schools. And these servers were accessed by a web interface.
MARIA VARMAZIS. No? Okay.
CAROLE THERIAULT. Behind a login page. Now they went looking and only one of them was left with default configs, right? So only one was vulnerable of all the other ones. Crazy. So they're like, well, how do we get access to the passwords and how do we get in? So they followed the backups and the backups went to an external file share and the credentials for the SMB server were the same default credentials as for the Epic system. So basically they had the same password for both and each backup included an SQL dump of the account usernames and password hashes.
GRAHAM CLULEY. This is students doing this. Yep.
CAROLE THERIAULT. He's a senior.
MARIA VARMAZIS. Yeah. He's got a good career in infosec. Yeah.
GRAHAM CLULEY. Has he not got enough homework or something? Is he— how can he— feels like an awful lot of effort to go to.
CAROLE THERIAULT. Well, this is the payload. He was able to customize the bell to play Never Gonna Give You Up.
GRAHAM CLULEY. No!
MARIA VARMAZIS. Yes! That's great. That's so great. Oh, I love it. That's so much more of an innocent prank than I would have guessed at that age, though, man.
GRAHAM CLULEY. Uh-oh.
CAROLE THERIAULT. I don't know. A few days after sending the report through via this anonymous email account, They received an email response from D214's director of technology. And the director stated that because of the guidelines and the documentation that were sent as part of the, you know, inside as the part of the payload, the district would not be pursuing discipline. And in fact, he thanked them for their findings and wanted them to present a debrief to the tech team.
MARIA VARMAZIS. Yeah, that's a great, that's a great response.
GRAHAM CLULEY. Yeah, hang on, hang on. Okay, wouldn't you be a little bit wary that this is some kind of trap? That's what—
MARIA VARMAZIS. are they going to arrest him?
GRAHAM CLULEY. I mean, well, I don't know, or, well, they could, or somehow penalize him or punish him. And so I would be very nervous.
CAROLE THERIAULT. His peers agree with you, Graham. They said they did not trust the administration and were skeptical of the true nature of the meeting. So just in case, I scheduled the debrief to take place after I graduated.
MARIA VARMAZIS. Yes, yes, yes. Yep.
GRAHAM CLULEY. I might have asked for some nudes from the district administrator and said collateral to you. Yeah, I need you to send me some nudes of yourself or in some grubby underpants or something. Oh, then they will be released if anything bad happens to me.
MARIA VARMAZIS. That sounds kind of weirdly kinky. I'm not sure.
GRAHAM CLULEY. I'm not.
CAROLE THERIAULT. I didn't even listen to him. Oh yeah, I just tuned him out. So I don't know, I guess my question is, if this was your kid, would you be proud? Or would you be like, dude, you're really pissing around with fire? Or is this a way to make his mark? So this kid has now put together a big blog article, which will be linked from the show notes, but I'm not using his name. Because I kind of think, I just—
GRAHAM CLULEY. Do you know his name, Carole? Do you know it?
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Oh, his name is out there, is it?
CAROLE THERIAULT. Well, not his name. No, no, no, sorry, his handle. His handle.
GRAHAM CLULEY. Not Alice or Bob, is it?
CAROLE THERIAULT. Is it?
MARIA VARMAZIS. No, no, his name was Albert Einstein and everyone clapped. No, it's, um, he sounds like he's got a great career in InfoSec. This sounds like an origin story for a lot of people who work in the field, so I don't know.
CAROLE THERIAULT. Yeah, I mean, he's pointing out some important stuff and he's getting a bit of, you know, he's working it for his own benefit as well. I don't know, the thing that struck me in all this, actually, the thing that struck me is it was easier for them to do this because everything was organized and streamlined across the network. So during COVID they got everything in order. You can imagine going, this system's a mess, we need to get everything running perfectly.
MARIA VARMAZIS. Yep.
CAROLE THERIAULT. You know, if it's easy for you to run efficiently and effectively, it might be much easier for a would-be prankster or scammer to find what they're looking for, right? Like someone getting into my computer, they wouldn't find anything because nothing is filed anywhere. Exactly.
MARIA VARMAZIS. You know, but no, the pranksters are like, it's all centralized. No, wait, exactly.
CAROLE THERIAULT. Anyway, so I don't know what I think about this.
GRAHAM CLULEY. It's a bit like some people that they think ransomware is not that bad, you know, it's an, it's online backup. You know, if they've got my data, then somebody has it. Someone's done a backup.
MARIA VARMAZIS. Oh wow, that's such a nihilistic view and I love it.
CAROLE THERIAULT. This is a bit old school, but I wanna do this just on this one. Okay, so the big takeaways on this one though is do not rely on default config options. Okay, that's a big one.
MARIA VARMAZIS. Yeah.
CAROLE THERIAULT. Two, like check all devices for them, right? And change those stupid passwords and check the config options to make sure you're not saying, yeah, yeah, you know, to allow anything. That you don't want access to have access. And use a password manager, people. Use a password manager. And, and also check who has access. Check your auth— like, this guy had access since he was a freshman.
MARIA VARMAZIS. I honestly, I'd be like, hire that kid over the summer before he goes off to college or wherever he's going. Be like, guess what, you're now our summer intern.
CAROLE THERIAULT. I don't think I'd hire him.
MARIA VARMAZIS. Why? He knows— probably knows the network better than anybody else.
CAROLE THERIAULT. Yes, but he's also So, like, he didn't come up and say, "Hey, look what's going on." He did it with a splash and a tap dance.
GRAHAM CLULEY. He should have done that at least first, shouldn't he? He should have— I think he should have disclosed to them the problem before he unleashed Rik Astley.
MARIA VARMAZIS. Oh, but he's 17.
CAROLE THERIAULT. He claims that he did and that he wasn't, you know, he wasn't getting enough of a response.
MARIA VARMAZIS. Well, welcome to being in security. That often happens. That's, like, exactly how it happens in the real world, so—
CAROLE THERIAULT. Well, if you're listening to this show, Guy, Maria's willing to hire you, so you've got one person.
MARIA VARMAZIS. Person on your side with my zero budget. Yeah, I like— yeah, you want to, you want to secure my house Wi-Fi? Great, go for it. No, exactly.
CAROLE THERIAULT. Would you trust him to do that?
MARIA VARMAZIS. Yeah, actually, probably.
CAROLE THERIAULT. You would?
MARIA VARMAZIS. Maybe. I don't know.
CAROLE THERIAULT. You don't think you would keep access? You'd keep a username and password in his own and do— and keep that just in case a rainy day happened and he might be able to use it in the future?
MARIA VARMAZIS. I wouldn't give him admin access to my house, no. But like, if I was asking for like, hey, what am I missing? I'd probably ask him to poke some holes and stuff.
CAROLE THERIAULT. No, no, but you understand those things But if, you know, would you want him to go to your Grandma Janine's house and say, set up her Wi-Fi?
MARIA VARMAZIS. I already do that for Grandma Janine.
CAROLE THERIAULT. You're not even playing the game. I don't want to play anymore.
MARIA VARMAZIS. My grandparents are all dead, Crow.
CAROLE THERIAULT. Good, that's nice. Cheery.
GRAHAM CLULEY. Nice, nice end.
CAROLE THERIAULT. Thanks so much. Lovely having you on.
GRAHAM CLULEY. Crow, you kept pressing her, you kept pushing her. Really heartless. Unbelievable. Thanks to this week's sponsor, 1Password. Did you know around 80% of business data breaches result from weak or reused passwords? Well, using 1Password can close the gaps in your company's security, combat shadow IT, and help your employees stay both productive and secure wherever they are. With the right tools, the right mindset, you can create a culture inside your company where your employees feel empowered to share responsibility for security risk management. 1Password makes the secure thing to do the easiest thing to do by letting your employees stay secure without slowing them down. For employees, 1Password makes it easy to play their part in personal security and, by extension, company and customer security too. So what are you waiting for? Find out more. Try 1Password for free for 14 days. All you gotta do is go to 1Password.com. And thanks to the team at 1Password for supporting the show. And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week.
MARIA VARMAZIS. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.
CAROLE THERIAULT. Better not be.
GRAHAM CLULEY. Now, last week I told everybody about BoardGameGeek, a fantastic website, and I had some feedback from listeners. A listener, SDJCMcHattie, contacted me via our Smashing Security subreddit, and they said, "Graham Cluley, if you liked BoardGameGeek, maybe you will love BoardGameArena." Oh. And I have to say, this is brilliant. Boardgamearena.com is somewhere we can go online. You can play board games online to see if you like them before you buy them.
CAROLE THERIAULT. Do you play on your own with like computer?
GRAHAM CLULEY. Ho, ho, ho, ho. No, you can either play strangers or your friends, or if, and there's a myriad of different board games up there. Which have been sort of emulated and everything. And you can pay a premium subscription that gives you access to more board games. But if just one person has paid for premium, you can play against them. So you don't have to give any money whatsoever, if you like. And it's rather brilliant. And there are rules up there and videos explaining how games— so, because I have this problem sometimes, if I'm reading the description of the board game, I think, would I like that? Wouldn't I like that? I don't know. Would my son like that? That, here's how you find out: boardgamearena.com. I'm really impressed by it. And thanks to SDJC McCatty for telling me about it. It is my pick of the week.
CAROLE THERIAULT. I gotta say, Graham, that's pretty cool.
MARIA VARMAZIS. That's a great pick. Oh my gosh.
GRAHAM CLULEY. Maria, what's your pick of the week?
MARIA VARMAZIS. So my pick of the week is something that I just discovered last week. So I'm very into it now. And It's Apple TV's adaptation of Isaac Asimov's Foundation, which is a very well-known in the sci-fi realm book series. And I have to admit, I have never read it because I've tried many times in my life and I could not get into it. My husband loves the Foundation series though, and he's read them many times, and we're watching this together and we're both really enjoying it. So I'm— huh, I'm a person who has not— never read the books, and my husband is, and we're both enjoying it. It is 100% faithful to the books on purpose. Uh, if from what I have been told by my dear husband, if you have read the books, you will understand that it is almost impossible to adapt a TV directly because of how Asimov writes. So they've made some interesting changes, which, uh, I have found intriguing. I will admit this series is not going to be for everybody. It is very high concept.
GRAHAM CLULEY. Maria, explain the premise.
MARIA VARMAZIS. This is based on the TV show, so this may not be 100% faithful to the books, but the idea is that there is a scientist who has come up with something called psychohistory, which can predict the long arc of how a civilization may rise and fall on the macro, macro scale, like over hundreds, tens of thousands of years. And he predicts that this great empire that they all live in is going to collapse and there's going to be like a 10,000 or 30,000 year long dark age unless they take some important precautions and do some work to try and save the important knowledge of their empire.
GRAHAM CLULEY. This sounds like a message to Nick Clegg at Facebook more than anything else.
MARIA VARMAZIS. And that knowledge that's going to be saved is called the Foundation. So it's sort of— it's extremely relevant to now. And, you know, this was written— Asimov started writing this, I think, during World War II, right? This is one of his first works, but it's extremely relevant to now. And Apple threw like so much money at this series. It's extremely expensive. Every frame of the screen looks like the budget, which is just massive. And Lee Pace and Jared Harris are in it, so you know it's good. As I said, it's not going to be for everybody, and it's not a 100% super duper faithful adaptation of the books.
CAROLE THERIAULT. Nothing's for everybody though.
MARIA VARMAZIS. Yeah, yeah. But I have to admit, I'm really, really enjoying it. And it is— they're doing the whole one episode a week drop thing. So every Friday there's a new episode and 4 episodes are out right now.
CAROLE THERIAULT. So how old school and fun.
MARIA VARMAZIS. Yeah, I'm really enjoying it. And I think we started watching it just 3 days ago and we've already watched all 4 episodes twice now.
GRAHAM CLULEY. Wow.
MARIA VARMAZIS. Really, really enjoying it. And there's just a lot there.
CAROLE THERIAULT. Um, see, I never read any of the Foundation books, but I did— Asimov taught me about DNA, the whole helixes. I don't remember, he wrote one book on it or something and it was in our shelves, and I remember devouring that and going, oh yeah, understanding what genes and everything.
GRAHAM CLULEY. That's—
CAROLE THERIAULT. yeah, interesting.
MARIA VARMAZIS. Yeah, so if you're watching Apple TV for Ted Lasso and you want something very different, switch over to Foundation. Yeah, there you go. That's my pick.
GRAHAM CLULEY. Cool. Very cool. Carole, what's your pick of the week?
CAROLE THERIAULT. So my pick of the week, actually, Maria, you've seen at least one of these. We talked about it a few weeks ago. This is a YouTube channel, yeah, called Film Courage. And it's more than a YouTube channel, which I found out only in looking this up. It turns out there's a website with all kinds of content like podcasts and, you know, articles and everything. Everything. But the concept behind it is basically filmmakers, actors, and screenwriters and authors share their thoughts, or it can be anything really. Like, it can just be like how to create an evil character, or how to tell a good story, or writing supporting characters, or grabbing attention, or thrillers, or anything. And there's thousands and thousands of interview snippets up there. And like, every well-known or respected director, screenwriter, producer has been showcased, or at least those from the States. Like, it's a treasure trove for movie lovers, but for creatives, like people like me who like to write stories or get characters down quickly. There's been a lot of stuff in there that's helped me, you know, kind of hone that skill.
MARIA VARMAZIS. The video that you sent me was fantastic.
CAROLE THERIAULT. I've—
MARIA VARMAZIS. I'm still thinking about it because I think you sent it to me like two weeks ago, and I'm just like, yeah, I've gone back to it a few times. Um, yeah, it's, uh, there's a lot in there and, um, a lot of wisdom. And, uh, yeah, if you do any kind of narrative I don't know, like a podcast. Uh, it's, it really, it, it gives you a lot to think about.
CAROLE THERIAULT. There is a lot of ads because, and there seems to be a ton of followers, millions follow this channel, but like the interviews have a kind of intimacy and authenticity I really like. The content seems super solid and they feel like they're really putting their heart on the line. Anyway, I think it's worth it. Check it out. It's called Film Courage on YouTube, link in the show notes.
GRAHAM CLULEY. Brilliant. Well, that just about wraps it up for this week. Maria, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to that.
MARIA VARMAZIS. I won't mention the podcast that I'm on with Carl. Um, so you can find me on Twitter. No, no, I'm not going to talk about Sticky Pickles. Oh, there it is. I didn't do it.
CAROLE THERIAULT. Uh, you should.
MARIA VARMAZIS. Okay, yeah, we're on Sticky Pickles, so stickypickles.com.
GRAHAM CLULEY. And you can follow us on Twitter @SmashInSecurity. No G. Twitter allows to have a G. And we're also up on Reddit. Just look for the Smashing Security subreddit. Reddit. And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Google Podcasts.
CAROLE THERIAULT. And let's not forget to thank this week's episode sponsor, 1Password, and to our wonderful Patreon community. It's thanks to them all that the show is free. For episode show notes, sponsorship information, guest list, and the entire back catalog of more than 246 episodes, check out smashingsecurity.com.
GRAHAM CLULEY. Until next time, cheerio, bye-bye, bye-bye, bye!
CAROLE THERIAULT. Hi everyone, Carole Theriault here. It's been a while since I shared a review, and normally we get glorious reviews. However, Ransomware. This month we have received a 1 out of 5 stars that I want to share with you. Title: Not funny, not informative. And they write, I've given this podcast a try multiple times over the years hoping I'd both enjoy it and get something out of it. Unfortunately, each time has been disappointing. There are a plethora of other cybersecurity "Ouch." Right? One thing we all know is that we can't make everybody happy, and I can accept that. So obviously this listener felt strongly about this and shared it with us, and for that I thank them. But if you you, dear listener, enjoy our podcast and haven't left us a rating or a review, it would be really helpful because we do put a lot of heart and soul into this and our egos are a little bit crushed. Stay safe out there. We love you, even if you don't love us.
-- TRANSCRIPT ENDS --