Which encouraged even more people to join in the fun of having a go. And this has hurt the poor ransomware gang's feelings. And they're saying, look, can you stop hurling insults at us and swearing at us? We're just trying to make a crust. We're hungry. Because it's interrupting our negotiations.

We don't need the government to go after these folks and target their backups and all this kind of stuff. We just need red-hot memes to fire their way.

Let's send in something like, what's his name? Frankie? Oh, I've forgotten his name. Who's the really offensive comedian? Oh, Frankie Boyle. Frankie Boyle. Let's send in Frankie Boyle.

That's a bit old school, Graham.

I'm not sure he knows—

He's old school. I'm not talking about Frank Carson. Sorry, I tell him. Smashing Security, episode 249, Devious Licks, Netflix and sensitive hackers with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 249. My name's Graham Cluley. And I'm Carole Theriault. And Carole, we're joined this week by a special guest, someone who hasn't been on the show before, but he is no stranger to podcasts because he is in many ways the main fella on the Random But Memorable podcast from 1Password. It's Matt Davey. Hello, Matt.

Hello. Hi. Longtime listener, first time in a guest-odial capacity, I guess. I think I've just made that word up, but there we go.

Your podcast is— it's Random But Memorable, right? It's a good name.

Yeah, it's supposed to be what you should choose as a password. But then I feel people would choose that instead of choosing a password manager, which is probably the wrong choice.

Hang on a minute. But should you choose a random but memorable password? Shouldn't it be a random—

For your master password. Oh. The main password to your 1Password account. It should be random and memorable.

Yes. Okay. I love how Graham tried to stick you in a corner on that one.

When you're from 1Password. There was a little bit of that.

Yeah, but all your other passwords should be random but unmemorable.

That's true. Yeah. Random but unmemorable was not a good podcast name. Yeah. That, you know.

Let's thank this week's sponsors, Thinkst and 1Password. It's their support that helps us give you this show for free. Now coming up on today's show, Graham, what do you got? I've got hurt feelings.

I've got hurt feelings.

God, I got hurt ears.

What about you, Matt? So my story is about Netflix and about them potentially being a big contender for being a data business.

Ooh, and I am going to TikTok land. So this should be a great show. All this and much more coming up on this episode of Smashing Security.

Well, chums, chums. Feelings. Nothing more than feelings. Do you remember that song? Yeah.

Why are you singing? Are you planning to sing the entire show? What? I don't mean to break it to you, but—

I want us to get a little bit more emotional, okay? I want us to get in touch. And be a bit more sensitive on this podcast than maybe we've been in the past, because it's easy to imagine that the typical cybercriminals are just hard-nosed crooks. The ransomware gangs don't give a monkey's about hacking hospitals and, as we heard, causing newborn babies to die, or they don't give a darn about people losing their jobs because the company they've been working for has been nearly bankrupted by an attack. But I think maybe that isn't true. I think maybe the cybercriminals do have a heart of sorts and maybe can be hurt. What do you think?

Well, I don't think that their driving force is to do any of these bad things. I think these are side effects of their activities, right? So they don't want medical equipment to go down, they just want the moolah.

They just want money, but they don't care, do they? That's the impression we get. They just simply do not give a darn about anything like that.

They've made a cost-benefit analysis, right? And they've chosen, yeah, they've chosen a certain side, yeah.

It doesn't affect me, and so I don't give a darn about it, that's right. Well, new reports suggest that ransomware operators are in fact much more in touch with their emotions than we ever imagined. Because the gangs, the ransomware gangs aren't happy, and they're beginning to tell us so. Now, did you see last week, there was a report from Reuters? It's very interesting, this story, and I think we may find out more about it in the coming months. Report from Reuters that the FBI and others had ganged up on the REvil ransomware gang.

I didn't read this, so yeah.

Well, REvil or REvil, they are a gang of ransomware operators, ransomware as a service. You may remember they had attacks on groups like Kaseya.

Mm.

We talked about them a number of times. Also the world's number one meat supplier, JBS. They had their systems messed up, and I think they ended up paying a ransom to the REvil group as well. And a Swedish supermarket chain also ran out of cheese after its infrastructure was taken down by the ransomware gang. Anyway, according to sources, this is what Reuters reported. They said law enforcement and intelligence cyber specialists were able to hack REvil's computer network infrastructure, obtaining control of some of their servers. And when a ransomware gang gets hacked by the good guys, the guys in blue, the guys who are trying to bring them down, they obviously try to recover. And so REvil, rather like a company that had been hit by a ransomware attack, turned to their backups.

So they basically had a little taste of their own medicine.

Well, yes, because when they went to their backups, they had a bit of a problem. They thought they'd fixed the problem.

Oh my goodness. Do you think in an office somewhere someone just went, right, here's what we're going to do, we've got to hack the hackers? And they were really happy with themselves that day. That was like, they came home from work and was like, that was a good day.

So in a brutal, callous twist, it appears that when REvil reinstalled from their backups and were restarting their internal systems to bring their infrastructure back up, those backups had actually been compromised and were still under the control of law enforcement unbeknownst to REvil. It hadn't just been hacked, its backups had been hacked too. Hence, feelings, you can imagine the sadness. It's a bit like being a gunman, you're trying to rob a bank, right? You've got your little pistol there, you've got your cap gun or whatever. You go into the bank, you've got your stocking over your head, you've pulled up with a Ford Cortina outside the bank, you lurch into the bank and you're threatening people with the gun to get the money. And then some darn bank clerk shoots you while you're trying to do the robbery. Now that is just not cricket, right? That's not the way it's meant to work. And it's very, very sad for the bank robber.

I think the most unrealistic part of that is a Ford Cortina for a getaway car.

So, as a result of this action, which Reuters reported about, you can no longer, at least at the moment, you cannot access REvil's blog where they announce their victims, the so-called happy blog. You can't get to it anymore. So, oh yeah, I think it's a bit sad really for the ransomware guys. They must be feeling rather downtrodden. It's heartless. It's unfair. They're just trying to earn a dishonest crust so they can buy themselves a luxurious yacht and sail around the Baltics. With a mountain of cocaine and prostitutes galore. You know, that's all they want. It's a simple life. Oh, that's a very— okay. I would imagine, don't you? I mean, what else would a ransomware gang member want to do? I would think they want to live the high life.

Well, if they wanted that, they could do it now, I think. A lot of them have quite a mountain of cash. It seems that, it seems what we see from even the rich in the world, even though you've got so, so much, you still want more moolah, don't you? Bezos hasn't taken a break.

Maybe we'll see our first hackers in space. Exactly. There with William Shatner.

You say that they've probably got enough money, but we don't know at the moment whether the ransomware guys are giving some of their money to charity. Maybe they're adopting pandas and, you know, animals which are close to extinction inside zoos.

I don't think you can take money from hospitals and then give it to zoos and say, 'See, I'm a good guy.' I don't really think you could do that.

You don't think so? Yeah.

Okay. All right.

Okay. No, no. I think, yeah. There's just a very specific Venn diagram of people who love pandas and hate people. Yes, it's true.

Anyway, other ransomware gangs aren't very happy about how REvil has been treated. The Conti ransomware gang, for instance, they've described what happened against REvil as a, quote, unilateral, extraterritorial, and bandit mugging behavior of the United States in world affairs. They're saying this just isn't on. They're saying the United States has not behaved legally.

Yeah, but ransomware is totally fine. Yeah, we love that stuff. It's not a pot kettle situation here. You're absolutely right. It's ridiculous.

So on a Russian language hacking forum, according to Brian Krebs, the Conti gang has posted up and they said, is there a law, even an American one, even a local one in any county of any of the 50 states that legitimizes such indiscriminate offensive behavior. Is server hacking suddenly legal in the United States or anywhere else? They say it's an outrageous law if it allows you to hack servers in a foreign country. So they're just saying this is outrageous what's going on. Now, what do you think about that?

I think the term bandit mugging behavior is one that's going to live with me for a very long time because that is just brilliant. I don't think that's been perfectly translated because in this particular context, it really was mugging the bandit, as in bandit mugging behavior. It was— this is just written so perfectly. It is.

It's a bit like— so imagine there I am with the stocking over my head, right? Someone's stolen my Ford Cortina while I was inside the bank robbing it. And as I'm running along the high street trying to catch a bus or something, someone sticks out a foot. I'd be very out of breath. They stick out a foot and trip me up, which frankly isn't very nice behaviour and has prevented me from catching the bus, albeit I was robbing a bank. So would I then say, well, hang on, you can't legally go around tripping me up because that might be actual sort of actual bodily harm or something which you've done there. It's certainly an assault in a way if I'm running at speed. It feels a little bit ridiculous, but this is a growing trend of ransomware operators demonstrating their sensitivity. So we've also heard in the last week from security firm MCSoft, and they're a bunch of chaps who help victims of ransomware recover after an attack. They say that the BlackMatter ransomware gang, they've also got a bit of a quivering lower lip, right? They're about to show their emotional side as well, because BlackMatter has just announced on its blog that it will start publishing victims' data and break off ransom negotiation if anyone other than respected journalists and researcher personalities, whoever they might be—

Personalities—

dares to publish snippets of ransomware negotiations. So the problem is this. The problem is that some of the negotiations which BlackMatter has been doing with its victims, trying to earn themselves a crust, has leaked into the public domain.

And they don't like that. They want to keep that on the QT, that's right.

And the problem is that—

With people criticising their grammar or something.

Well, that is, of course, the greatest offence, isn't it? Is when someone picks up your grammar or your typo and just says, for goodness' sake, you've said less rather than fewer.

Do you think there's a stage in which they start unionizing? Like, I don't know, creating some sort of, you know, network and an aside to that network would be hacker HR, I guess.

Yeah, well, they are getting more and more professional. So, I mean, you would begin to think that this is the next obvious step, isn't it, in their evolution? So what happened was this: the BlackMatter guys failed to properly secure their darkweb negotiation portal. So what happens is you get hit by the BlackMatter ransomware, you're given a link where you can go to negotiate how you're going to give them the money and how much money you're going to give them. And someone took a screenshot of that message and posted it up on Twitter. And I know you're going to be surprised to hear this about Twitter, but hijinks resulted, and there were some mischief makers up there who went to that link and leaped onto the conversation happening between the victim and the ransomware gang and started bombarding the ransomware gang with insults and expletives and started trolling them and basically ruining the whole conversation. They were just having a business transaction and other people on Twitter jumped in. And then, of course, people started taking screenshots of how they had trolled the BlackMatter ransomware gang, shared those on Twitter, which encouraged even more people to join in the fun of having a go. And this has hurt the poor ransomware gang's feelings. And they're saying, look, can you stop hurling insults at us and swearing at us?

We're just trying to make a crust.

We're hungry. Because it's interrupting our negotiations.

We don't need the government to go after these folks and target their backups and all this kind of stuff. We just need red-hot memes to fire their way.

Yes, burn them. Let's send in someone like, what's his name? Frankie— oh, I've forgotten his name. Who's the really offensive comedian?

There's like 8,000 of them. Oh, Frankie Boyle.

Frankie Boyle. Let's send in Frankie Boyle.

That's a bit old school, Graham.

I'm not sure he knows—

It's old school. I'm not talking about Frank Carson. Anyway, BlackMatter has now better secured its negotiation portal. They now make you answer questions that only the victim corporation could know rather than any old— so they'll ask you for domain names and of servers and—

They really are getting professional, aren't they? The thing that always strikes me, because I'm a designer by trade. I do mostly looking after designers and running a design org now. But every time I look at a story like this, I think the infrastructure that they need is not just people breaking in and doing all that kind of stuff, but they probably need UI and UX designers as well to make sure that people can get to this point. So the infrastructure that you need to start building to make this, you know, as a service, comes from someone who is building a service. It's quite a lot.

But Matt, if you worked for one of these guys, right, as head of design or whatever, and manage the team, let's stress that he doesn't know this.

Yes, definitely don't. 1Password definitely isn't involved in this. Let's just say that.

If you did, would you feel bad about how the company made money? See, I wonder if there's enough steps removed in that situation where you're actually not doing the actual legit crime, writing the code and negotiating with victims.

Oh, but Carole, you know, sometimes people working for these gangs don't know who they're working for. Right, exactly.

Yeah, I guess you could make an online support forum and not know who it's for. But no, they probably use a $5 service to get a designer on it. Go to Fiverr.com or something like that. You know, it always strikes me, this isn't 5 people in hoodies. They have an infrastructure.

Yeah. So we know that some cybercriminal gangs have hired penetration testers who believe they're working for a cybersecurity firm in order to find vulnerabilities on people's sites that they believe they've been engaged by the firm that is actually going to be attacked looking for vulnerabilities. It is extraordinary. Anyway, there's a serious side to this, which is that law enforcement and cybersecurity companies have in the past monitored negotiations being undertaken by ransomware gangs and in some cases have been able to jump in and say to the victims, actually, 'We've got a decryption tool for that because we found a bug in the ransomware.' So there are sometimes ways of doing this. This certainly has happened with BlackMatter in the past. And now it's harder to snoop on the negotiations because BlackMatter has made it a little bit more tricky because of all these Twitter users who were bombarding abuse left, right, and center. So maybe it's not so good to swear at ransomware makers after all. It's interesting.

I wonder what the next thing that they venture into hiring to seem professional would be. I wonder if they get a PR consultant now. TikTok influencers.

Yeah, social media stars. God, Matt, what do you have for us this week?

I've got an interesting one. This is a Wired article on Netflix data tracking. They've just added privacy on the end there as a keyword. So Netflix is obviously a company that makes TV shows and shows other TV shows and movies and stuff. But it's also really a company that is built on data. It's common knowledge that everything they collect about you and what you watch and how long you watch it for. Essentially, seeing this article about all the things that they look at, and when they put on shows like Bandersnatch, do you remember that one?

Oh, that was the Black Mirror guy, Charlie, what's his face?

Charlie Brooker, yeah. They remember and save all of your choices within that as a game. And they've used some of that information, allegedly, to build other shows. It's got to the point where the streaming service allegedly greenlit the political drama House of Cards without even seeing a pilot because they could use data to determine that it was going to be a hit.

How? Unfortunately for all of Netflix's wisdom regarding greenlighting House of Cards, they weren't able to tell quite what Kevin Spacey was like.

Yes, that is very true.

Well, yeah. They're not that smart.

So Netflix doesn't include adverts in its service despite pressure from investors and analysts' predictions that it could reap $1 billion, which is incredible. Reading through this article, it's really fascinating to learn about all the things that Netflix is knowing about your habits. The article talks about not being able to turn it off, right? You can't choose for Netflix not to understand that you didn't like this show or this one more or have this one in your list or even the fact that you share your Netflix with a partner or a flatmate, or that you share your password with someone else, which will give them information based on the other IP address and all that stuff. So as you build this network of identifiers of all the information that you're giving Netflix, my thought about this article is, what if Netflix then decided to become a data business and sold that information to, I don't know, YouTube or anywhere? It starts to strike me is Netflix could be a big contender for a data business.

Astonishing. Emotional, isn't it?

Yeah, Graham, they're going to know all about your Marriage at First Sight obsession and the recommendations and the ads that you might get when you're watching, say, YouTube or anything else will be hilarious.

I must say, I did listen to last week's and I also fell down this rabbit hole pretty hard. Did you?

There you go. I have not done it yet, Matt. I've not. Have you seen the Australian version, Matt? Yes.

Yeah, I've watched They have to be caricatures. It took me through several waves of emotion that I don't want Netflix knowing about. the Isaac series I don't want them to promote this, even though I'm saying it on a podcast publicly. It's quite, I don't know, it's particularly tasteless. that you spoke about.

And well, so is Graham, so, you know.

Just, oh, some of the characters on there. Well, they're real people, which is astounding in itself, really.

No, they're not real people because these are people who've chosen to be on a television programme. That instantly puts you in a very strange place, doesn't it?

Yeah, I guess so. Yeah. And they've also chosen to marry someone literally at first sight. So, but yeah, when the person rocked up to the other person, can't remember any of the names, and said, 'That piercing is going to have to go.' I believe he had an eyebrow piercing.

Ines. Ines said it to Bronson. Yes. Not that I know anything about this.

Ines and Bronson. She rocked up, first thing she ever said to her future husband, 'That piercing is going to have to go.' Oh my God. It was just so priceless.

Carole, what have you got for us this week?

I've got anarchy, gentlemen. Oh, lovely. Now, can either of you share one thing when you've been at your most anarchist? How would I say it?

Anarchistic? Our most anarchic. Is that what you're trying to say?

Is that how you say it? That's how I'd say it. At your highest anarchy level.

I kidnapped a Christmas tree at my school and held it for ransom for about a week.

Oh, this story is going to be very interesting for you then. What about you, Matt?

I mean, I'm trying to pick one that's fit for public consumption.

As you're a guest, I won't force it unless you have one you want to share.

Okay, let me think about it.

Okay. So I looked up how do you actually define it? And one definition is a state of disorder due to absence or non-recognition of authority or other controlling systems. And maybe that's the best way to describe a trending meme that is pissing off schools and parents alike. And it's called devious lick.

Devious lick? Yeah.

This doesn't sound very COVID-friendly. Devious lick.

Well, that's what I thought when I first heard the term as well. I imagined you would have people on TikTok licking people in the face and filming it and then putting it up on TikTok or something. But then, it would be easy to identify who the licker is, wouldn't it?

Yeah, I suppose. Yeah.

Anyway, according to Know Your Meme, the devious licks trend refers to a trend on TikTok where users film themselves pulling supposedly stolen school supplies out of their backpacks with a variation on the phrase "first day of school, copped a devious lick." So actually, let me tell you how the trend began.

Thanks for explaining that. That all makes sense now. That's great.

No, no, it's hard to explain. Okay, so the trend began on TikTok earlier this month when a TikTok user posted a video of them stealing disposable masks from their school, right, with the caption, "A month into school, absolutely devious lick. Should have brought a mask from home." Okay, right. And within days, users had copied the video idea and stole other items from their schools too. One showed a hand sanitiser dispenser in a school bag. That one gained over 2 million views.

I think I heard about this one. Did someone steal some turf as well? I'm sure.

I didn't see that one in my research, but I'm sure.

Yeah, it was someone stole some turf off the sports field and that somehow got them probably a record deal or something.

So it started off, one showed a student removing a fire extinguisher from a wall mid-lesson. Another one showed a failed attempt to try and steal a wall-mounted hand sanitizer. Another one unzips their backpack and pulls out two COVID antigen testing kits, and they toss those two kits into a larger pile of boxed kits on their bed, and then pan over to a duffel bag filled with even more kits. And this video reached 2.3 million views, and then a repost apparently got 4.6 million views. So they are getting rewarded by the clicks. As of Monday last week, Mashable reported the hashtag #DeviousLick had gotten more than 175 million views. And I was reading on Reddit of young TikTokers. An 8th grader dumped ground-up graphite pencil into his teacher's smoothie as his devious lick.

So this is just people being vile. I feel like it crossed a line though.

I feel like there was a definite line crossed between stealing antigen kits and literally putting stuff in teachers' food.

Do you think, Matt? Do you think that's—

Also, stealing antigen kits is the least— I don't know. How is that like, look how cool I am, I stole some antigen tests.

But the thing is, there's kids that can't even go to the loo, right? Because the loos are being destroyed, seats are being ripped off, sinks are being pulled out of the wall. And it looks like a war zone.

People are stealing lavatories and putting it in their backpack.

Yes, that's exactly what they're doing. Yes. All these teachers and parents are complaining of their kids who've taken to barking and meowing. And the worst is making porn-like moaning sounds, saying things like, oh, Daddy, in a really loud and disgusting way for your child to do.

Don't you think times were better when we used to put kids up chimneys and things like that and make them work at the workhouse rather than sending them to school? This sounds absolutely horrendous.

I've got a specific chimney in my house and this isn't great for the podcast, but I will just turn my camera on for a while. You can see I have an old chimney behind me. Yeah, I think it's specifically designed so Victorian children can't fall all the way down it and instead kind of just get stuck in that bit. It's kind of angled at the bit where if you put a child up the chimney, then they don't fall back down again. Handy.

So the bar got raised so high that a sort of tongue-in-cheek response started happening. So one wrote, in just a few minutes, I'm going to win this trend. It was a caption to a video of him pretending to dismantle a boiler. Another one joked about stealing the entire planet, posting space footage of the planet Earth saying, biggest lick in the universe.

Wouldn't it be funnier and get you more views if you— and likes and things— if you removed the brake lines from a vehicle or something like that? Wouldn't that be really funny? Why don't they do that?

Well, Graham, interesting. Really? What? Listen, just listen. We're almost there. Oh, something you get to watch with your own eyes. So of course the schools aren't happy, right? And if you were a parent of one of these kids, you'd be mortified. No? You'd just be like, "You what? You stole the hand sanitizer during a fucking pandemic?" I'd say, "In my day, lad, I just kidnapped the Christmas tree."

And that was only for a week. If they paid the ransom, they'd have got it back.

That's as far as it went. Mashable even wrote that— obviously students, not all students are in on this. And Mashable wrote that one student on TikTok said participants took this devious lick thing too far at their school, and now the school's only allowing transparent backpacks. And another school is taking anti-menace measures by locking soap dispensers in metal casings.

Oh my God, they don't help themselves, do they? The schools reacting to this don't react in a normal way. Well, I don't know how you would react.

If you were the principal and you go into the, you know, one of the— you have 3 loos, say you go into one and it's just been completely— the whole bathroom has to be closed down, the whole toilet block.

You just search on TikTok and find the person who did it.

The last few days, I saw two distinctly different approaches to how this devious lick thing could proceed. Okay, right? And it's quite interesting. So I'm going to put these, I'm going to put the first one in here for you guys to watch.

Okay, someone's approaching a printer with a hammer. They're smashing the printer while we listen to John and Yoko sing Happy Christmas, War Is Over.

The music choice is possibly worse than the content.

This is a TikToker who literally took a hammer to his own family's printer without the family knowing, as a complete TikTok kind of meme.

So he's so desperate for views on TikTok that he's destroying equipment in his family house.

Do you think that it's the kid's fault? I mean, we've just been through a pandemic.

Do you think this is real,

God knows how it impacted kids. But anyway, there's a Senate committee going on right now, and TikTok, YouTube, and Snapchat are all up for questioning on what are you guys doing to help protect our children.

Carole? Do you think this is just fake?

TikTok's response so far is, well, we'll remove the hashtag devious licks. So that's good story. They're just pretending this is fake, or this is real? I have no idea if it's fake or real.

There's no way of knowing, is there?

But I don't know if it actually matters, because then some people see them and decide to take it down a different route. And this could be a joke, but someone else could see it and go, well, I can do that.

It's presented as real as well. Maybe that's what matters. I feel that is the different point.

And you already said the catchphrase, in my day. So I'm going to say it too. I feel in my day, something this would have happened. It would have been one thing. But because of TikTok, it's kind of the one-upmanship has made this really bad. We had one kid in our school who set his own bag on fire trying to set the school on fire. And I didn't go to the finest of establishments, let's say. And all he ended up doing was setting his own bag on fire. I feel if that had been on TikTok, it would have been really cool. But actually what he did was just set his own bag on fire, and we called him Bagfire for the rest of his school life.

You guys are clever, eh? The smartest. Yep. To end this on a happy note, check out— I put in another link there for you, and this is someone who's trying to combat these devious licks.

So we've got another TikTok video here, which we'll link to in the show notes. And they're in a school, it looks like. And he's walking into— It says, it says gentleman's club and there's sort of lovely lighting. And it says loo. Oh, it's the school loo. What? Oh, cool.

They've changed it to be positive. Instead, they've added stuff. Yes, they have an art wall?

You know, I did this. Oh, shut up. This was the other thing I did, other than kidnap the school Christmas tree, was I set up tinsel and fairy lights around the urinal, because we used to call it our office. And we got into real trouble at sixth form. They claimed it was a health and safety thing, that we could electrocute our willies when we peed in the urinal. You probably could have.

We didn't have battery-operated lights. No, it was all plug-in. Oh my God. Kissing on the phone. Yeah, guys. Guys, it's very old school.

I don't wish to say something about the age group that you're in, but they probably weren't LEDs either, right? They were full-blown just— No, no, no, they certainly weren't. —candescent light bulbs linked to 250 volts. Yeah, that probably was the smart thing to not put that around on. Urinal, yeah. Oh, I rather love this. This is wonderful. I just, I've been taken all the way back.

Devious licks. Stupid.

Chums, chums, let me announce to you, doodle-a-doot-a-doot, 1Password University. Yes, our lovely friends at 1Password have created a fun, dynamic, and free resource for all skill levels. Find out how to build a culture of security in your workplace. Learn how to make the most of 1Password's features, or discover why reusing the same password across multiple accounts puts you at risk. Broaden your knowledge, starting with the basic building blocks of security, and learn at your own pace and discover how to keep yourself and your company safe on the internet. 1Password University's growing catalog of courses has definitely got something for you, and it's a lot more fun than dull workplace training or scouring the web for advice. So check out 1Password University free online security resources made for everyone at www.1password.university. That's www.1password.university. And thanks to 1Password for supporting the show. Most companies discover they've been breached way too late. Well, Thinkst Canary fixes this. Just 3 minutes of setup, no ongoing overhead, nearly zero false positives, and you can detect attackers long before they dig in. Simply go to canary.tools to find out why its physical, VM, and cloud-based canaries are deployed and loved. On all 7 continents. And what's more, listeners who mail in referencing Smashing Security get a 10% discount on their order. Can't say fairer than that. So go and check it out now. Canary.tools. And welcome back. Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week. Pick of the Week.

Matt.

Oh, sorry. Pick of the Week.

He fell asleep for a second.

Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security-related necessarily. Better not be. Well, my Pick of the Week this week is not security-related. Good. I want to take you to Woodmere Avenue in Watford. And Watford is a town outside of London, north of London, and that Woodmere Avenue is a road which people live on. And there is a resident of Woodmere Avenue in Watford who has set up a YouTube channel, and he is posting videos from his Amazon Ring camera. Because—

Oh my God.

Outside his house, the council or whoever have put on a sort of width restriction on the road. There's a 7-foot gap with steel bollards. And what happens just about every day is cars come along and misjudge the width and crash. And for a few years, he's been asking the council to sort this out. Nothing's happened. So he's now posting videos of these crashes occurring, including a compilation video, which I've linked to.

So if you check out the video, which I've put in the notes there, yeah, is 7 foot not enough to get through?

Well, you've got to be a little bit careful, it seems. Yeah. So some cars seem to be able to just whiz through, and other cars who are following do come a cropper. And when they hit, they really— oh boy, oh boy, they really hit. Including a police van is one of the vehicles which crashes. And sometimes there'll be a lot of smoke. Yeah. No one's been hurt as far as I know, but there's some serious crunching going on.

Whoa, this is just terrible.

Okay, so apparently, yeah, cars are 1.5 metres to 1.8 metres. Yeah, I don't know if you have an extra foot.

The thing is, I think it depends on the approach that you take to it as well.

How do you mean?

I don't know. if you take a bit of an angle to it, I understand it's a straight road and this might be my terrible driving, but you could.

I mean, it's clearly narrower than people are used to and they are going at some speed. And I mean, there was one van which came along and really tried to keep going and wasn't able to stop at all. It is an astonishing video. And I think maybe a good use for an Amazon Ring camera, having discussed them last week. Here, they're sort of providing a service warning people about I've been on Google Maps to check out this particular road, to look at the— I've sort of driven up in the Google car, Street View car, to see what it's like. It does seem quite tight. It does seem quite tight. So—

I'm just looking at your article here, and there's a commenter here saying, "I can just about squeeze my 6.2-inch-wide Jag XF through it. I'd be very surprised if it was actually 7-foot wide."

I don't know. I guess if you buy a Jag XF, you do, because it's so fucking expensive.

That's true. I have a little smart car, and I probably would get hit by this, just because I'm so overconfident with being able to fit it anywhere. That I just think it's a bike, basically.

Can you go down there and take a picture, take a TikTok video of you trying to go through?

That would be good. The worst thing that I feel is the, they've obviously put this camera up out of frustration, but during the day, because apparently this happens very often. Yes. you're just sitting there in your house, minding your own business. Bam. Right. And if that wasn't bad enough, from the looks of the picture, a digger then has to come along and scoop up the car to get it off the bollard. And if that is happening even once a week, that's driving me up the wall.

It says here in the past 4 weeks, 11 vehicles in 4 weeks.

My goodness.

But that's the crashes. But there's more than that who are scraping and, you know, these are— Welcome to England. Yeah.

What's the need for it though, really? Like they've taken a road and just put an artificial limit on it, right? Because the pavement is the same width that side as the other side. So I don't see like a, I basically don't see a reason at all to do this.

I think it's traffic calming, isn't it? They're trying to prevent people from wanting to go down that road. But all they've actually done is made the traffic much more anarchic and—

What they've done is just put now They've made it a meme. So people are there with their mobile phones standing in front of the road. So they've slowed traffic down by just putting people with phones and cameras on the road.

It's fascinating, Graham. Fascinating pick of the week.

That is my pick of the week. Matt, what is your pick of the week?

Okay, mine is a podcast, which is unusual, but it's called The Futurenauts. And I started listening to this probably at the beginning of the pandemic. They're on their third season now. It's John Richardson, who's a comedian. I didn't really massively like him in other stuff, but it is also Ed Gillespie and Mark Stevenson, who are authors, futurists, and provocateurs. And they essentially pick one topic each, you know, each episode, and they talk about the future of it. So the future of work and how, you know, what that looks like when more jobs are automated, the future of education and how that might happen, the future of energy and the upcoming, you know, push on eco-friendly. This has been probably the thing that got me through the pandemic. But also, it is the kind of most behaviour-changing thing that I have ever done. Like, not read a lot of self-help books and that type of stuff. But this to me, like, I now only buy secondhand clothing and only do various stuff to kind of help climate change and that type of thing. And, you know, the behaviour that I had before listening to this podcast was completely different. So yeah, that's my pick of the week. I highly recommend it.

Do you reuse tea bags?

Do I use used tea bags? Yeah. No. I mean, that's disgusting.

Okay, that's a step too far.

I mean, I might switch to loose leaf, but that's about as dramatic as I would go.

Because you could reuse a tea bag by wearing a tea bag.

That's one of the things you can do. I do only buy used mugs as well. I don't buy new mugs. And again, I'll just turn my camera on so you can see. This one is quite old. 1911 coronation of George V. There you go. Lovely. Very classy mug. And then, yeah, you can pick them up at car boot sales all over England and it's quite nifty.

Well, excellent. Okay, so that podcast is called John Richardson and the Futurenauts.

I think it sounds really interesting. I'm going to take a listen to that. I think that would be one of my favourite jobs to do, to just sit around and go, what will happen in 5 years? Do I think— well, it's just great.

Yeah, I would listen to the earlier episodes. I think later on they kind of run out of topics a bit. Happens. But the future of fashion is brilliant.

Hang on, you're saying they don't recycle their content? Wouldn't that be a good thing to do?

I feel like, yeah, hosting it on probably some eco-friendly place as well, no doubt. But yeah, the Future of Fashion where they talk about how fast fashion can't continue and all this kind of stuff. Yeah, it's great. Oh, fantastic.

What's your pick of the week? Well, mine is also a podcast. A fictionalized serial podcast from Realm called Dead Air. So, the story gist is a true crime podcast host is roped into a decades-old murder. And this is when someone calls into a call-in show she does. I don't know how you do a call-in podcast. I mean, people do do them, but it must be difficult. But anyway, so she, you know, someone calls into her show with a staggering reveal that the person who went to prison for the crime didn't actually do it. So, of course, our podcast host puts on her Detective Clouseau mustache or whatever, and goes off to try and find out who actually did kill this woman named Peg. And she forms kind of unlikely alliances with the victim's son. All kinds of different stuff happen. It's really great if you like crime stuff. And what I love about it most is there's just basically 1-hour-long episodes and there are 8 of them. So I love that because I listen to podcasts when I go to sleep and this is a perfect one. So I've actually probably listened to it 4 times over the period of a month just because I keep missing bits and so I go back.

It sends you to sleep.

Well, yeah, I guess it does, but I've listened to it, I've listened to the entire thing and I thought it was really good and had a nice clever twist at the end. And I think if anyone's out there going, "I just need something to get my teeth into," this is a good one. So I'd say check out Dead Air from Realm Podcast. You can find it wherever you get your podcasts.

Well, that just about wraps up the show for this week. Matt, thank you so much for coming on the show.

It's been an absolute pleasure.

I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that and find out more about what you're up to?

Probably the best thing to follow is @1Password, the number 1 and then password. And from there you can find all of our podcasts and all of the stuff that we put out.

Cool. And you can follow us on Twitter @SmashingSecurity, no G, Twitter doesn't allow us to have a G. And we also have a Smashing Security subreddit. Go and check us out up there. And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Google Podcasts.

And huge, huge thank you to this episode's sponsors, the fabulous 1Password and the wonderful Thinkst. And to our amazing Patreon community, it's thanks to them all this show is free. For episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 248 episodes, check out smashingsecurity.com.

Until next time, cheerio, bye-bye, bye-bye, see ya.

Ooh, no one's ever seen a— oh, that's a first. That's good. See ya. Wouldn't want to be a