This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

---

---

GRAHAM CLULEY. And they're doing this, they're spreading these words by demonically possessing printers normally used to print out receipts at checkout.

---

CAROLE THERIAULT. Demonically? Can you just explain that use of that adverb? I just don't understand.

---

GRAHAM CLULEY. Yeah, well, it's a bit like it was demonically possessed. Okay, they're not really, they're just hijacking it, right?

---

CAROLE THERIAULT. Right.

---

UNKNOWN. Smashing Security, Episode 255: Revolting Receipts, a Twitter Fandango, and Shopkeeper Cyber Tips with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 255. My name is Graham Cluley.

---

CAROLE THERIAULT. I'm Carole Theriault.

---

GRAHAM CLULEY. And this week we're joined by a special guest, someone who hasn't been on the show before. It is the founder of Code Like a Girl and VP of R&D at Arctic Wolf. It is Dinah Davis.

---

DINAH DAVIS. Hello, Dinah. Hi. I am, like, super pumped to be here. I listen to your show all the time, and I kept thinking to myself, I would have so much fun with them on this show that I'm so glad you invited me to come. I'm really excited about it.

---

GRAHAM CLULEY. Well, steady on. Steady on. Don't—

---

CAROLE THERIAULT. Wait, Graham, she's not flirting with you.

---

GRAHAM CLULEY. No, don't expect to be that much fun.

---

DINAH DAVIS. Don't worry. It's going to be fun. I'm here now.

---

CAROLE THERIAULT. I'm here too, and Dinah's here.

---

GRAHAM CLULEY. Shall I leave?

---

DINAH DAVIS. Yeah, sure.

---

CAROLE THERIAULT. Shall we thank this week's sponsors first? 1Password and Upticks. It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?

---

GRAHAM CLULEY. Oh, I've got grumpy people. Grumpy people at work.

---

CAROLE THERIAULT. And Dinah, what about you?

---

DINAH DAVIS. I want to talk about how to keep your small business safe online during the holiday season.

---

CAROLE THERIAULT. Hey, good, because I am talking about Twitter's new privacy feature and how it bites them where the sun doesn't shine. All this and much more coming up on this episode of Smashing Security.

---

GRAHAM CLULEY. Now, chums, chums, have you ever had a terrible, appalling, ghastly job?

---

DINAH DAVIS. Yes, definitely.

---

GRAHAM CLULEY. A job where you didn't feel that you were being properly appreciated, perhaps?

---

DINAH DAVIS. Yes.

---

GRAHAM CLULEY. Yeah? Anything you'd like to talk about? Any current jobs that you want to co-host on a security podcast?

---

CAROLE THERIAULT. No, I love my co-host. I love my co-host.

---

GRAHAM CLULEY. Oh, okay.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. Oh, that's lovely.

---

DINAH DAVIS. Yeah.

---

GRAHAM CLULEY. Well, pity the 900 employees of mortgage company Better.com.

---

CAROLE THERIAULT. Oh.

---

GRAHAM CLULEY. Who were last week fired, somewhat unsympathetically, via a Zoom call. Thank you for joining. I come to you with not great news. This isn't news that you're going to want to hear, but ultimately it was my decision and I wanted you to hear from me. It's been a really, really challenging decision to make. I've— this is the second time in my career I'm doing this and I do not do not want to do this. The last time I did it, I cried. Um, this time I hope to be stronger. If you're on this call, you are part of the unlucky group being laid off. Your employment here is terminated effective immediately. I wish you all the best of luck. Thank you for everything you've done for Better.

---

CAROLE THERIAULT. That is not very warm. No. It's not very sympathetic.

---

GRAHAM CLULEY. It's not very sympathetic, is it?

---

CAROLE THERIAULT. No. I have seen people get fired with about that much care though, in my previous life, but—

---

GRAHAM CLULEY. Do you think it's worse face-to-face, being treated like that, or via Zoom?

---

CAROLE THERIAULT. Face-to-face would be way worse.

---

GRAHAM CLULEY. Because you have to get dressed. Yes. So this became sort of viral. You know, people were sharing this video left, right, and centre. And the company said that the layoffs had been gut-wrenching. Especially at this time of year. So pity them, you know, they must have had a terrible time.

---

CAROLE THERIAULT. Can I make one comment though, just to make sure? It is edited, that little video. There's a lot of stuff taken out of that.

---

GRAHAM CLULEY. Oh, well, they mostly took out the swear words of the person reacting. So they just got to the juicy bits. Yeah, there are other versions. Fuck you!

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. The terrible thing about a Zoom call is that some people like to make themselves presentable before they go on a Zoom call, don't they? So they have a shower and comb their hair and put some makeup on.

---

CAROLE THERIAULT. What a waste if you're just gonna get fired.

---

GRAHAM CLULEY. And then you're told, Get stuffed.

---

CAROLE THERIAULT. Yeah, why did I brush my teeth again?

---

GRAHAM CLULEY. Anyway, the company said this was gut-wrenching. They said it was a terrible thing for them. You know, they really didn't enjoy it at all. But it later emerged that the CEO had claimed that at least 250 of those people who'd been terminated were stealing from the company, because some people apparently were working 2 hours per day but actually claiming to have worked 8 or more hours per day.

---

CAROLE THERIAULT. The question is, how do you know, Mr. CEO?

---

DINAH DAVIS. Yeah, that's the same question I have.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. And this wasn't the first time the CEO of Better.com had taken a swing at his employees. The same chap, he emailed employees in November 2020. And what he said to them was, "You're a bunch of dumb dolphins. Dumb dolphins get caught in nets and eaten by sharks. So stop it, stop it, stop it right now. You're embarrassing me." Dumb dolphins?

---

DINAH DAVIS. Where does that even come from?

---

CAROLE THERIAULT. What were we called? We were called monkeys, weren't we? By our CEO. By our monkeys, yes. We were called monkeys. Well, sometimes he would lie on the ground and bleat like a sheep by your desk if he thought you were wasting time.

---

GRAHAM CLULEY. And he carried Fijian instruments of torture around with him as well, didn't he?

---

DINAH DAVIS. Yep.

---

GRAHAM CLULEY. He was a strange man. Oh my God. But now, just to remind you, Better.com, they sell mortgages and things. So quite why he's employing dolphins, dumb or otherwise, to do the job is a bit of a mystery to me.

---

CAROLE THERIAULT. Haven't you heard how cool AI is? Like, you don't really need people anymore.

---

DINAH DAVIS. Dolphins are really smart. I mean, they are really smart.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. Oh yeah, so long and thanks for all the fish.

---

CAROLE THERIAULT. But compared to who though, dolphins are smart? Like compared to your average person?

---

GRAHAM CLULEY. Hamsters.

---

DINAH DAVIS. No, like your dog.

---

CAROLE THERIAULT. Yeah. Yeah.

---

GRAHAM CLULEY. Dogs can do amazing things. I've seen dogs on skateboards, dogs driving cars.

---

CAROLE THERIAULT. Dogs saving people in perilous conditions.

---

GRAHAM CLULEY. Dogs getting dressed up in nice suits.

---

CAROLE THERIAULT. Using a knife and fork.

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. No, wait a minute.

---

GRAHAM CLULEY. So, don't be so doggist, Dinah. Right.

---

CAROLE THERIAULT. Good, Graham. Good.

---

GRAHAM CLULEY. Good. Right. Anyway, on with the story. So this made me think about some of the bad jobs I've had over the years. And did you ever feel you've been underpaid? Wonder how much cash your coworkers were making? And then you kind of think, "Oh, but do I ask them or not?" Because it's gonna feel bad if they're making more, but it's also gonna feel bad if they're making less than me. And you're sort of in this quandary.

---

CAROLE THERIAULT. Did you ever feel that someone was making more than you?

---

GRAHAM CLULEY. Um, yes, some people, yes.

---

CAROLE THERIAULT. Really?

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. Right, the CEO, CTO.

---

GRAHAM CLULEY. Yeah, and some other people.

---

CAROLE THERIAULT. VPs, a few VPs.

---

GRAHAM CLULEY. I remember at one company that shall remain nameless where the, um, the HR department left a spreadsheet of everyone's salary on a publicly shared drive for anyone to access, which was a very valuable asset when it came to salary negotiation.

---

CAROLE THERIAULT. [Speaker:KARA] I remember a company that shall remain nameless that had an HR meeting discussing everyone's salary with name and the amount of money they were gonna get at that new year. And did it in a meeting room that wasn't, shall we say, soundproof. And a particular employee was next door taking notes.

---

DINAH DAVIS. Well, have you ever had your bosses discuss your salary in front of you? Going through everyone's salary in the group.

---

GRAHAM CLULEY. Oh no.

---

DINAH DAVIS. Yes, going through everyone's salary in the group and then realizing they didn't take you off this list to be discussed. And then instead of just skipping, and not discussing that, just going full force and having a negotiation in front of you of how much you should get paid. That actually happened to me once.

---

CAROLE THERIAULT. You see? I feel though, I feel community. I feel that I'm not alone anymore.

---

GRAHAM CLULEY. Well, it is about community, Crow. There is on Reddit a subreddit called Antiwork, not to be confused with anti-woke. And Antiwork, it describes itself as a community—

---

CAROLE THERIAULT. Oh, I get it.

---

GRAHAM CLULEY. Community for those who want to— A community for those who want to end work, are curious about ending work, want to get the most out of a work-free life, want more information on anti-work ideas, or want personal help with their own jobs or work-related struggles. Now I've checked out this subreddit and it's rather interesting. It's clear a lot of people aren't terribly happy with their jobs at the moment or how they're being treated. They'd like more money, more respect, just to be treated like human beings. In fact, there are 1.2 million members. Of this subreddit where they're posting jokes and memes and—

---

CAROLE THERIAULT. You sound like a granddad.

---

GRAHAM CLULEY. What? What? I don't know.

---

CAROLE THERIAULT. Keep going. It's fine. 1.2 million members.

---

GRAHAM CLULEY. Yeah, there's a lot.

---

CAROLE THERIAULT. Well, it's the fourth most popular website in the world according to Mika the other day.

---

GRAHAM CLULEY. Just a bit, which is called Antiwork. I just, I found it surprising.

---

CAROLE THERIAULT. A lot of people work and a lot of people aren't happy. Anyway, carry on. You're doing great.

---

GRAHAM CLULEY. And generally, people are grumbling, perhaps quite rightly, about their jobs, their wages, but they're also rallying the masses. They're saying, you know, we need union representation. We need to be part of it. We need to fight for our rights. Mm-hmm. Of a decent wage. Yes.

---

CAROLE THERIAULT. I agree with that.

---

GRAHAM CLULEY. So this fight, this battle, is now taking place digitally across devices because what has happened in recent days is that hackers have been targeting poorly paid workers and trying to recruit them with anti-work manifestos, basically saying, "Come on, all you've got to lose are your chains. Come on, rise up, battle against your bosses." And they're doing this, they're spreading these words, not by doing an airdrop, not by dropping things from a helicopter above people, but instead demonically possessing printers. Normally used to print out receipts at checkout. So, demonically—

---

CAROLE THERIAULT. Can you just explain that use of that adverb? I just don't understand.

---

GRAHAM CLULEY. Yeah, well, it's a bit like it was demonically possessed. Okay, they're not really, they're just hijacking it, right? They're sort of exploiting the receipt printer. So if you were somebody who worked in a sort of customer service role where you took a payment for something and then said, would you like your receipt? Your receipt machine would start spitting out. It would spit out messages like this. It would say, riddle me this, how can McDonald's in Denmark manage to pay their staff $22 an hour and still sell a Big Mac for less than in America? Answer, unions. Did you know it is rather simple task to organise a union?

---

CAROLE THERIAULT. So this would come out on the receipt?

---

GRAHAM CLULEY. On the receipt. So the receipt print, you know, that cheap bit of paper. And then there's a link to the Reddit subgroup. And it's not just that message, there's oodles of other messages as well.

---

CAROLE THERIAULT. I just love the, "Do you want a receipt, sir?" "Yeah, yeah, no, I do." "No, I'm not giving it to you." "Give me my fucking receipt!" "No, you can't have your receipt." "Why?" "I can't tell you why." Yeah.

---

GRAHAM CLULEY. Beautiful. And so there's all kinds of different messages, but they're all promoting this subreddit and saying, "Go and join it, and then you can join the community. Life is short," they say. "Time is your most valuable asset. And so, you know, what are you doing to make sure that you have a decent life? Stop working for slave wages," they're saying. So people are getting these messages on the receipts in front of them, and they're thinking, "That's funny." And then they go on to Reddit and check it out and say, "What on earth is this that's just appeared?" Brilliant. And so they're joining the subreddit. So the subreddit is growing in popularity. And some people are saying, look, you know, I find this amusing, but what I really find funny is my boss who's unhappy that this thing keeps on getting printed out and that we're beginning to talk more about our wages and salary.

---

CAROLE THERIAULT. Can you imagine?

---

GRAHAM CLULEY. So question, who's behind this? Who's the one driving all this?

---

DINAH DAVIS. Oh, there's so many possibilities.

---

GRAHAM CLULEY. Is it someone who's very keen on the anti-work movement, or is it a Joe job? Is it trying to damage the anti-work subreddit by bringing it into controversy?

---

CAROLE THERIAULT. Yeah, I don't even know what the goal is.

---

DINAH DAVIS. But also, if you're thinking about how things are politically motivated, is this a nation-state trying to help destabilize businesses in the US, right? I think I've been reading too many cybersecurity books, but—

---

GRAHAM CLULEY. Well, I have a theory, which is maybe it is the salesmen who sell the receipt paper. Probably don't make that much out of it, so the more they can use—

---

CAROLE THERIAULT. Right, double, double. Yeah, yeah, double, double. Double-ply.

---

GRAHAM CLULEY. Yeah, exactly. Yeah, the good stuff, the quality stuff.

---

CAROLE THERIAULT. Quilted.

---

GRAHAM CLULEY. Dinah.

---

DINAH DAVIS. Yes.

---

GRAHAM CLULEY. What have you got for us this week?

---

DINAH DAVIS. Okay, so do either of you know when the first e-commerce transaction happened online? Any ideas?

---

GRAHAM CLULEY. Ooh.

---

DINAH DAVIS. Ooh.

---

CAROLE THERIAULT. I'll say after 2010.

---

GRAHAM CLULEY. Oh no.

---

CAROLE THERIAULT. I'm kidding, I don't know. I have no idea. 1990?

---

GRAHAM CLULEY. Is it pre the invention of the World Wide Web?

---

CAROLE THERIAULT. No.

---

GRAHAM CLULEY. No? So it was actually on an HTML-signed sort of webpage rather than something a bit more nerdy. Okay, so—

---

DINAH DAVIS. I'm going with August 2001.

---

GRAHAM CLULEY. Mid-'90s?

---

DINAH DAVIS. Okay. Graham, you are closest. So August 12th, 1994. So yeah. So Phil Brandenburg of Philadelphia bought the CD Ten Summoner Tales by Sting. Either of you have that? I know you're a bit older than me.

---

GRAHAM CLULEY. You might have it. Oh, that is such a cruel indictment on the world. To think that the first online purchase was a ruddy Sting album.

---

DINAH DAVIS. Yes, it was.

---

CAROLE THERIAULT. He turned into a tantric sex lover.

---

GRAHAM CLULEY. Oh, there he is with his little mandolin or whatever.

---

CAROLE THERIAULT. He got married. He didn't ride in onto his wedding on a white horse.

---

GRAHAM CLULEY. Oh, he's such a poser. I cannot stand Sting.

---

CAROLE THERIAULT. Yeah, but come on, the police were great. There you go.

---

GRAHAM CLULEY. The police were good. Yeah, but I mean, oh, imagine a supergroup made of Michael Bublé and Sting and Piers Morgan and Il Divo, and then if Thom Hanks leading the group. Oh, oh, just—

---

DINAH DAVIS. okay, so horrendous. So anyway, So anyway, sorry, Dinah, are you a Sting fan? I am definitely not. No, not at all. I was very— I was actually— I read that when I was doing the research and I went, really? That was the first thing? Couldn't we have done better than that?

---

GRAHAM CLULEY. So this is the fascinating thing. Who did he buy it off? Someone created an online store to sell Sting LPs. Well, and suddenly, whoa, we've actually had someone who's bought one.

---

CAROLE THERIAULT. He was big back then. There were tons of people that loved that shit.

---

DINAH DAVIS. Well, apparently his friend Dan Cohen did, because that's who Phil bought it from. And they, they did it on a Unix machine loaded with an X-Mosaic browser, and they used PGP, or Pretty Good Privacy, you see.

---

GRAHAM CLULEY. Very good. Well, I think that's, that's pretty good. Yeah, well done them. They seem to have— like, they did it in a secure way rather than just sort of, yep, emailing their credit card numbers through or something.

---

DINAH DAVIS. So they were actually trying to start an online store. And that online store, um, is called netmarket.com. And I kid you not, that store is still up today.

---

GRAHAM CLULEY. No!

---

DINAH DAVIS. Yeah, I went and looked at it. It looks like it's still from the '90s, but like, I went through— you can add things to the cart. I didn't— I didn't go so far as to actually try and buy something because I was a little bit skeptical about it.

---

GRAHAM CLULEY. But here it is. I'm on it right now.

---

CAROLE THERIAULT. You know what I love? I think there should be revival websites. I love mid-'90s, late '90s websites so much because they were so clear, like Lycos web pages or the marquee effect.

---

GRAHAM CLULEY. Do you remember marquee or blink, the blink tag which would blink text at you in neon green?

---

CAROLE THERIAULT. Beautiful. Okay, I love it.

---

DINAH DAVIS. So at the time, New York Times classified it as the first retail transaction on the internet using a readily available version of Powerful data encryption software designed to guarantee privacy. And the author of PGP, Phil Zimmerman, was like, this is an important step towards the creation of digital cash. And, and look at that now. Now we're here, right?

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. Yeah. Okay.

---

DINAH DAVIS. So what do you think the total e-commerce sales were for 2020 in, in about—

---

GRAHAM CLULEY. in US dollars for Sting LP?

---

CAROLE THERIAULT. No, no, for everything.

---

DINAH DAVIS. Just complete, complete e-commerce sales 2020.

---

CAROLE THERIAULT. Oh, I'm saying billions, billions, billions, billions.

---

GRAHAM CLULEY. I'm going to say $1 trillion.

---

DINAH DAVIS. Wow. $4.28 trillion. What is that?

---

CAROLE THERIAULT. What is that? What is US debt at the moment?

---

DINAH DAVIS. No, but it's probably— yeah, but it's close to that, or less than that even. Yeah. So, and, and this was up a trillion, almost a trillion from 2019, and the sales projected for 2021 are about $4.9 trillion. So this is crazy, right?

---

CAROLE THERIAULT. Yeah, I think it's all down to pets. People got a lot of pets during the pandemic. And, you know, you need— if you have a cat, you need that stuff that they pee in, whatever it's called, like whatever, the cat litter. And, you know, dog leashes, dog food, all the pets, hamster stuff. Yeah.

---

DINAH DAVIS. So, so the holidays are upon us, right? And I am definitely guilty of shopping online. I think I've done 90% of my Christmas shopping already online. What about you guys?

---

CAROLE THERIAULT. I've decided that I'm gonna be the gift. I'm not— I can't— You know what? I had to go do a PCR test 'cause I'm gonna be traveling soon. And I went there—

---

GRAHAM CLULEY. That's a nice Christmas present.

---

CAROLE THERIAULT. Right? 'Cause it's fricking expensive. Yeah. And I have to do 4 for this travel I'm gonna do. Like, literally. And that's a lot. Anyway, so, and I'm in this mall, you know, and everyone's scream buying stuff, and I couldn't get into it. I don't— yeah, I don't think I'm doing Christmas this year. I want to do it with love. All right.

---

DINAH DAVIS. Well, well, I have a child, so that's not an option.

---

CAROLE THERIAULT. Ah, uh-huh. I got you, Dinah.

---

DINAH DAVIS. Yeah, nieces and nephews. So, so, so definitely have—

---

CAROLE THERIAULT. my niece has like 5 presents.

---

DINAH DAVIS. Yes, of course.

---

CAROLE THERIAULT. Everyone else can fuck off.

---

DINAH DAVIS. So here's the thing. When we get to this time of year, we hear all things about what, you know, people can do to help keep them safe online while they're shopping. But what we don't hear a lot of is what can small businesses do? Because there's like, you know, almost $5 trillion up for grabs, right? So small businesses want to get online. They got to sell stuff. You know, they want to sell their soap or their handmade jewelry or maybe, Carole, one day you want to sell your paintings and, you know, You need to sell that in a safe way, right? So I thought I would talk a little bit about the things that small businesses could do to make sure that they stay safe during the holiday season.

---

GRAHAM CLULEY. I like that. It's about time we had some helpful advice on this.

---

CAROLE THERIAULT. I agree 100%.

---

GRAHAM CLULEY. Some top tips.

---

DINAH DAVIS. There we go. So according to the Association of Certified Fraud Examiners, 50% of small businesses fall victim to fraud. At some point in their business lifecycle, and it costs them on average about $100,000 US, right? So that's a lot. And there's kind of two main ways small businesses get attacked. The first is the account takeover. So maybe the attacker will go to your customers, try and do some phishing attacks and take over their accounts and then make fraudulent purchases, right? And the store is then left in the lurch having to pay for, pay for these purchases because, you know, the credit card company's refunded the other person back and they have to carry the cost, right? And then the second is identity theft, right? So hackers hack into the company database, steal the usernames and passwords. But like, both of these attacks lead to financial and reputational impacts for the, for the small businesses.

---

CAROLE THERIAULT. And not good impacts.

---

DINAH DAVIS. Yeah, no, not good ones either. So no. Okay, so here are the tips. So one, make sure your website's using HTTPS, right? You gotta ensure all communications on your site are secure. Yeah, yeah, right? It's a basic step but not always used. Um, second, if you're a really small business, don't try and implement all of this yourself, right? You don't— right, yeah, you don't want to hold credit card information. So you want to go and look for an e-commerce platform But the thing is, there's a few different ones out there, right? Like there's, there is a large market for this now. So things to look for when you're choosing an e-commerce platform. So do they use the address verification system or AVS? So do they check the billing address against the address on file of the credit card company? Do they require the CVV or the card verification value? Are they PCI compliant? What data do they store from your customers? What responsibility do they have if your client data is breached? Like, what, what do you get for this? And Carole, you're going to like this one. You got to really make sure you read the T's and C's before signing up.

---

GRAHAM CLULEY. I like that one. That's how Carole's spending most of her Christmas holidays is reading terms and conditions. She knows how to have a good time.

---

CAROLE THERIAULT. Yeah, well, you know, about to have a family party, so definitely contracts are required.

---

DINAH DAVIS. So outside of the e-commerce site you're using, don't store sensitive user data, right? Only collect what you need for transactions and nothing else, especially credit card information. That's bad. If you get caught with that, you know, it's a violation of PCI and there can be fines. But the biggest thing to remember here is hackers cannot steal what you don't have. Right? So only get what you absolutely need. And then approximately 71% of merchant loss can be attributed to friendly fraud. So to help you not be affected by this, you can ensure there's proper notation of charges on your customer credit card statement. So the more information that's on the customer credit card statement, the better it can match up to what was actually sold. And it'll help you as a business when the credit card comes in and says somebody's disputing a charge, right?

---

CAROLE THERIAULT. Okay, so friendly fraud is when, what, like you purchase something and then there's a dispute, or— yeah, I didn't know that. I didn't know that term.

---

DINAH DAVIS. Exactly. Um, and then you want to make sure you're also using tracking numbers for every order that is shipped, um, so that you have proof of delivery. I mean, this is also how some of the other side of the fraudsters work, where they ship you something crappy and then you're like, I didn't get it, and they're like, yeah, you did, you got this tiny little piece of crap. But for you as a business, this is a the right way to go. And then of course, get a list of the chargeback codes. Like anytime somebody is saying, no, this isn't what I wanted, or I'm trying to dispute this purchase, make sure you get the chargeback code so you can really see what the credit card company is saying. One more really good one is consider setting limits, right? So based on your orders and your revenue trends, set limits for the number of purchases or total dollar value that you will accept from one account in a single day. So you don't get hit by somebody going crazy buying a whole bunch of your things and then you shipping them out and then it's like they refuse to say that that was theirs and then you're on the hook, right?

---

GRAHAM CLULEY. Oh, that's interesting. 'Cause I mean, there are people I know who possibly their purchasing behavior online would look like a crazy kind of attack. You would think this must be a bot who is ordering everything. In every size imaginable to be delivered, and then they'll return anything that they decided they didn't like or didn't fit properly. So companies actually do put some kind of limit, do they? That's encouraging to know.

---

DINAH DAVIS. Yeah, exactly. Exactly.

---

GRAHAM CLULEY. Yeah. Yeah.

---

CAROLE THERIAULT. This is seriously good advice, guys. Like, you may want to have to listen to it one or two or three times.

---

GRAHAM CLULEY. Of course it's good advice. It's the Smashing Security podcast. Cast, Carole.

---

DINAH DAVIS. It is!

---

GRAHAM CLULEY. He's offering good advice. What do you like? Yes!

---

CAROLE THERIAULT. No, Dinah's offered good advice.

---

GRAHAM CLULEY. Carole, what have you got for us this week?

---

CAROLE THERIAULT. We are entering Twitterland. Now, I'm not a big Twitter follower, but Graham, I know you are.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. Dinah, do you do the Twitter stuff?

---

DINAH DAVIS. Yeah, I'm on Twitter.

---

CAROLE THERIAULT. I'm actually super glad that you both do that because I'm talking about Twitter and I know nothing what I'm talking about. So you can call me out. So you guys, and many of our listeners, probably know that about a week ago Twitter announced new privacy rules. It was going to allow the takedown of pictures of people that were posted without that person's permission. So for example, if I were to find a video or a picture of you, Mr. Cluley, at one of my famous, you know, pre-Rona parties in the '00s where you dressed up as a naked sumo wrestler, basically a plastic onesie with a fan inside to inflate your size. And I took a video of this secretly, and then I slapped that up on the Twitters, right?

---

GRAHAM CLULEY. You could ping Twitter and say, "Oi, remove the evidence, I have not approved." Hang on, are you saying Twitter would look at these this video footage of someone who appeared to be a sumo wrestler and think, yep, that's Graham Cluley, all right, we can take that down. That's slightly insulting, insulting, actually. Thank you.

---

CAROLE THERIAULT. So the new policy basically states that photos or videos of private individuals that are posted without their permission will be taken down at their request. Now, say you're chilling on Twitter as you do, Yeah, right. And you see that someone posted a pic of you, Graham, taking a number 2 in a US bathroom stall.

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. Remember?

---

DINAH DAVIS. Um, thanks a lot for that mental image, Carole.

---

CAROLE THERIAULT. Well, it happened. Graham was having a, a quiet business meeting in a bathroom stall, which is what my sister-in-law calls it, and I absolutely adore that. So I'm off for a business meeting. So, okay, so he's having a business meeting and a camera shows up. We've talked about this.

---

DINAH DAVIS. You've been—

---

GRAHAM CLULEY. It was at a restaurant. That's right. An old-style video camera came under the door, pointed at me. Yes.

---

CAROLE THERIAULT. No.

---

DINAH DAVIS. Oh my God.

---

GRAHAM CLULEY. Welcome to America, everybody. That's my experience. It's like, oh, shit.

---

DINAH DAVIS. Well, that would never happen in Canada.

---

CAROLE THERIAULT. It's not that the Canadian design of the toilet stalls are any different, but a Canadian would never do that.

---

DINAH DAVIS. One would hope.

---

GRAHAM CLULEY. Okay, so what would happen? What would Twitter do then? It would—

---

CAROLE THERIAULT. okay, Twitter would just take it down, say, oh, you're absolutely right, we will remove this for you. That was what they were promising to do about a week ago. And just to be clear, Twitter's rules already prohibited the posting of private information like addresses, phone numbers, and medical records.

---

GRAHAM CLULEY. If I did something incriminating that was newsworthy, if for instance I went up to Boris Johnson and I slapped him with a custard pie or something like that. People were sharing that and I decided I didn't want people to share it. Would I then be able to say to Twitter, "Ah, could you remove all of that off Twitter, please?

---

CAROLE THERIAULT. I don't want that spreading around." [Speaker] Yeah, no, so interesting because it notes that the policy is not applicable to media featuring public figures or individuals um, when the media and accompanying tweet are shared to the public. You know, like, basically, if, if they deem— if Twitter deems that the video or picture is of public interest and adds value to public discourse, they will allow it.

---

DINAH DAVIS. Oh, this is such a slippery slope. This is so— like, what about, what about all the people that record the police officers, like, in the U.S.?

---

CAROLE THERIAULT. Right?

---

DINAH DAVIS. Can the police officer then go and say, "Please take this down"? And what's considered media? Is it you, like somebody's phone, or do you have to have like badge credential that you're media?

---

GRAHAM CLULEY. And what about if someone constructed some ASCII art of somebody? Would that be something which they'd have to take down rather than a photograph?

---

DINAH DAVIS. Wow. I think that's gonna be like a real problem that we have to watch out for.

---

CAROLE THERIAULT. I have a question for you Twitter users on this, okay? So say someone leaked the famous pee pee tapes online, alleged famous pee pee tapes online.

---

GRAHAM CLULEY. Oh, from the Moscow hotel room.

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. And say Mr. Trumpy, who is, as far as I know, currently a non-Twitter user due to banning, being banned from Twitter.

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. Would he be able to complain and request the takedown? Because how does Twitter verify his authenticity?

---

GRAHAM CLULEY. Or— well, yeah, I see what you mean.

---

CAROLE THERIAULT. Basically, like, if you're on Twitter, you'll be able to take down pictures, but if you're not— and maybe you have to be a verified user of Twitter. That was the other question I might have. Like, that's— maybe you might get extra service there, right? Because they definitely know who you are.

---

GRAHAM CLULEY. It could be argued that such a tape would be of public interest, even though no one would really want—

---

CAROLE THERIAULT. I am not interested in the pee-pee tape.

---

GRAHAM CLULEY. No, but the existence of it, proof of the existence of it.

---

CAROLE THERIAULT. I don't need to see it.

---

GRAHAM CLULEY. No, but no, I agree. Look, no one wants to see— and by the way, it wasn't him doing the pee-peeing.

---

CAROLE THERIAULT. I have no idea. I don't want to talk about the pee-pee. I was just—

---

GRAHAM CLULEY. it was Hired ladies apparently were alleged to be the ones who did the weeding.

---

CAROLE THERIAULT. It's already too much.

---

GRAHAM CLULEY. All right. Anyway, the thing— the point is that I think the existence of such a tape would be of public interest and it would be judged as such.

---

CAROLE THERIAULT. Okay. So Twitter says the rule, this new rule, would help, quote, curb the misuse of media to harass, intimidate, and reveal the identities of private individuals "Which disproportionately impact women, activists, dissidents, and members of minority communities." Well, that's the thing, because there are people who post up pictures of minority groups or women and say vile things.

---

GRAHAM CLULEY. And there should be some way of just saying, "Oh, for goodness' sake, can we put a stop to this?" Mm.

---

CAROLE THERIAULT. This is where I thought you might do your catchphrase, you know? "What could possibly go wrong?" Sorry, whose voice is that? Sorry, it was yours.

---

GRAHAM CLULEY. Oh.

---

CAROLE THERIAULT. Um, so for me it'd be like, how do you police it, right? Or if it's misused. And, uh, that happened very quickly. So it seems that activists are reporting that members of the far right are using the very— this very policy to have accounts identifying them suspended. Like, I don't know if this is definition of irony. I know you guys are probably smarter than me. Dinah, you went to my alma mater. Graham, that's university. That's university.

---

DINAH DAVIS. That's right.

---

GRAHAM CLULEY. All right, thank you. What do you mean identifying them? You mean accounts which have doxxing them?

---

CAROLE THERIAULT. So in the days following the introduction of the new policy, a group of far-right activists reportedly began urging their followers on services like Telegram and Gab to file reports against anti-extremist accounts. As far as I'm reading, it's like it includes researchers, journalists, activists, The Washington Post says that these, uh, far-right activists were coaching followers on how to use the new Twitter rule to persuade the social media platform to remove photos of them posted by anti-extremism researchers and journalists.

---

GRAHAM CLULEY. Yeah, because social media was being used after the January 6th riots, wasn't it, at the Capitol, to identify individuals.

---

CAROLE THERIAULT. Although we saw it earlier, like way earlier, the Boston Marathon, we saw loads of people. Yeah. So due to the new privacy policy at Twitter, things now unexpectedly work in our favor, a far-right sympathizer wrote to followers on Telegram. And this is last Wednesday. He included a list of nearly 50 Twitter accounts and urged people to report them for suspension under the new rule. Another far-right activist shared tips on how to find potentially reportable images using Twitter search queries such as images Fascist Exposed. Washington Post interviewed Gwen Snyder. She's an anti-fascist researcher and organizer in Philadelphia. You mentioned Philadelphia earlier, Dinah. And Snyder's Twitter account was suspended early Thursday after someone reported a 2019 tweet of hers. So this means Twitter weren't clear that this goes from this day forward, right? This is like from all time.

---

GRAHAM CLULEY. Oh, really?

---

CAROLE THERIAULT. Like, well, isn't that interesting that someone reported a 2019 tweet of her showing photos of a local mayoral candidate attending a public rally alongside the Proud Boys?

---

GRAHAM CLULEY. You know what, I think maybe, maybe that should be the way it is. I think maybe if you're going to set a rule as to what is acceptable to post on Twitter, maybe you should be able to go back in time and say, actually, we've decided we're going to delete that old tweet because it's broken our rules.

---

CAROLE THERIAULT. Okay, do you think that Twitter have the manpower or the resources to manage this if it's for all time since they became—

---

GRAHAM CLULEY. well, they could hire these 900 people who've just been let go from Better.com.

---

CAROLE THERIAULT. That won't make a dent, dude.

---

DINAH DAVIS. It's huge. Yeah, who gets to decide which things get taken off and which stay on? Like, brutal. Because one time I had my— like, I don't even know what I did, but, um, my Instagram account all of a sudden wouldn't let me post for 30 days. And I was like, I can't— there's no way to tell them.

---

CAROLE THERIAULT. What did you do, Dinah?

---

DINAH DAVIS. I don't know. I posted like a whole bunch on one day, but like, it could just be that somebody didn't like the message I was sending and then said I was, you know, doing, doing something nefarious when really I wasn't. Um, but there's no way to get it back. Like, you just have to wait the 30 days out. It's horrible. You can't get a contact with anyone. Yeah.

---

CAROLE THERIAULT. And can you imagine if you're a small business utterly dependent upon these services and you get blocked? Right, you're screwed.

---

DINAH DAVIS. Yeah, yeah, exactly.

---

CAROLE THERIAULT. So Graham, Twitter lover. Dinah, Twitter lover, like her, uh, user. Did Twitter bite off more than it could chew with this new rule, do you think?

---

GRAHAM CLULEY. Oh, it always does. It's always shooting itself in the foot, isn't it?

---

CAROLE THERIAULT. Or is it shooting for the stars? Yeah, that's shooting for the stars.

---

GRAHAM CLULEY. No.

---

CAROLE THERIAULT. Well, I think it's trying to do a good thing. I think it's trying to differentiate itself from Facebook. Of course it is, but— Sorry, Meta. Meta.

---

GRAHAM CLULEY. Ugh. It's between a rock and a hard place, isn't it? These sort of things are so difficult to do. You're never going to win, really, are you? And you can put in some rules which on the— at first glance appear really good, but of course there are always ways to abuse them and to use them in other ways. They just end up in this humongous mess. I think we should just probably shut down everything.

---

CAROLE THERIAULT. I don't blame Twitter though on this. I kind of just think people are taking the piss. I don't think it's their intention. I think the intention was good. It just maybe—

---

DINAH DAVIS. They didn't think through how it would get implemented and how it would be used, right? And I think that's something that big tech does a lot, right? They think of the really positive outcome of what their technology can do and they don't, They choose often not to think about what bad could be done with it, or they're just being very idealistic and they don't even consider it.

---

GRAHAM CLULEY. I think they just look at the algorithm. They just think, "I can code around this." And there are some things you can't code around because you're dealing with fleshy human beings.

---

DINAH DAVIS. Yeah, exactly.

---

CAROLE THERIAULT. Graham, you must be crying because Jack Dorsey's leaving soon and you love Twitter. And aren't you worried about its future?

---

GRAHAM CLULEY. I don't care about Jack Dorsey. What I want is I want to pay for a Twitter account so I don't have any ads, I don't have any messing around with my timeline, and I can use Twitter the way that I want to use it. So I'd be very happy. If you're listening, whoever's in charge now.

---

CAROLE THERIAULT. Fading to black. Fading to black. Fading to black.

---

GRAHAM CLULEY. It's that time again when we're all thinking about plans for the upcoming year. Does your plan include making your team more productive and secure? 100,000 businesses use 1Password to secure employees at scale by encrypting their passwords and sensitive information and helping them get more done faster. That's why for a limited time only, new customers can get 25% off the first year of 1Password Business and find out how 1Password can boost productivity while protecting their most sensitive data. But you better act fast. This deal is only good until December 16th, 2021. Find out more and claim your discount at 1password.com. And thanks to 1Password for supporting the show.

---

CAROLE THERIAULT. We are also sponsored by Uptix. Uptix is a cloud-native security analytics platform built to protect the modern attack surface. Upticks zeroes in on blind spots that are preventing you from identifying and responding to existing threats and vulnerabilities in your ecosystem. Plus, Upticks normalizes telemetry across macOS, Linux, Windows, and containers, records system activity for historical investigation even when no alert has fired, and enables you to build complex custom detections. In short, Uptycs provides observability across both cloud workloads and endpoints in a single centralized platform. Visit smashingsecurity.com/uptycs, that's U-P-T-Y-C-S, to learn more about its cloud-native security analytics platform. And thanks to Uptycs for sponsoring the show.

---

GRAHAM CLULEY. And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.

---

CAROLE THERIAULT. Pick of the Week.

---

DINAH DAVIS. Pick of the Week.

---

GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related necessarily.

---

CAROLE THERIAULT. Better not be.

---

GRAHAM CLULEY. Well, my Pick of the Week this week is not security related. In these simple days of mostly staying at home, I've been finding new ways to amuse myself.

---

CAROLE THERIAULT. Oh, that sounds a bit perverted. Jesus.

---

DINAH DAVIS. I did not join this chat for this.

---

CAROLE THERIAULT. Aren't you lucky?

---

GRAHAM CLULEY. Free.

---

DINAH DAVIS. I'm feeling very lucky right now, yeah.

---

GRAHAM CLULEY. And one of the things that I have been doing, I've been occasionally engaging in the odd little crossword. And— Shut up. I have, I have.

---

CAROLE THERIAULT. Like cryptic crosswords? Like proper ones?

---

GRAHAM CLULEY. Well, that's the thing, Carole. I haven't had— But you know, sometimes it's been cryptic. Quite often it's been the quick one as well. So earlier I only had 20 minutes spare. So I did a quick, quick crossword from The Guardian. And I thought, this is a lot of fun. So I was doing this, and there was one where I was completely stumped. And I thought, what's the answer to that? I just can't work out what would fit in, what would fit in. And I found out that The Guardian had a little webpage, a very slick webpage where they put the answer, but you can type in your answers and you can press a button and it'll say, "Eh-eh," or it will even, if you want, reveal an answer to you as well. And I thought, "This is terrific." And then I found out that they had an app as well where I could see not only today's crosswords, but thousands and thousands of other crosswords, cryptic ones, Quiptic, which are not sort of cryptic puzzles for beginners. I would argue actually, Carole, that cryptic puzzles sometimes are easier than the quick puzzles, the quick crosswords. Because with cryptic, you know if you've got it right and you don't always know that with the quick. Sudoku as well. Anyway, they've got loads of them. There's an app, you can try it out for 14 days for free. You can carry on using it with one and just do one crossword a day for free forever if you want, or you can pay some money. But if you pay some money, you can also, if you have an online chum, you can actually complete the crosswords together, which is a lovely thing to do. Ah, I see. And so that is my—

---

CAROLE THERIAULT. You're getting help from somebody else. Someone else is basically coming up with all the hard ones.

---

GRAHAM CLULEY. And so that is my pick of the week, The Guardian crossword and The Guardian crossword app.

---

CAROLE THERIAULT. Can I just tell you, The Observer one is way easier. This might be a place to start.

---

GRAHAM CLULEY. Yeah, I've done The Observer one as well, 'cause I was—

---

CAROLE THERIAULT. Oh, right. Have you completed any?

---

GRAHAM CLULEY. The Observer is The Guardian on Sunday, isn't it? It's the Sunday edition.

---

CAROLE THERIAULT. Picardy. A little bit easier.

---

GRAHAM CLULEY. Yes, I have completed some of them. Mm-hmm. Thank you. Mm-hmm.

---

CAROLE THERIAULT. Have we lost Dinah?

---

DINAH DAVIS. No, I'm still here. Okay.

---

CAROLE THERIAULT. You just like, "Fuck the crosswords, who cares?" Who cares?

---

GRAHAM CLULEY. I can do that in my sleep, she's thinking.

---

DINAH DAVIS. No, no, what I'm thinking is, I can't think of something more mind-numbing to do than trying to do a crossword.

---

GRAHAM CLULEY. Yeah. But I like having my mind numbed. I enjoy that. I enjoy the— I like it slow. I like it peaceful. I like my Werther's Original. I enjoy something. I don't want any big shocks. Don't want any rude language. Dinah, what's your pick of the week?

---

DINAH DAVIS. Okay, so last few episodes, you know, Carl had pick of the year. You had, uh, what was it, like pick of the century or something with the Beatles thing?

---

CAROLE THERIAULT. It's always bigger.

---

DINAH DAVIS. I'm going with pick of the pandemic. So, um, during the pandemic in, in Canada, we were locked down for a long time, a very long time. And, um, it's just my daughter and my husband and I, and we, we needed, we needed some laughs. And a friend of mine said, hey, check out this show Taskmaster. Now you have to understand, I know this is huge in the UK, but like nobody knows about it in North America. It's not, yeah, this is not a big, big named thing at all in North America. So my husband says, okay, well, watch the first episode episode, see if you like it, and then we can watch it together. So I start watching it, and I start laughing hysterically. And my daughter, my poor, like, 12-year-old daughter at the time, comes down the stairs trying to fall asleep. And she's like, Mom, what are you laughing at? And I'm like, you got to see this. And it's like the first episode ever where Tim Key is like losing watermelon out of his face. And we just died laughing.

---

GRAHAM CLULEY. Dinah, do you want to explain what Taskmaster is all about, people who haven't seen it?

---

DINAH DAVIS. Absolutely. So it's basically a task show for comedians. So they get, they get like 5 or 6 comedians and they've got the taskmaster, which is Greg Davies and Alex Horne, who is like his, his little helper. And they do all of these random tasks and then they have a show where they then show each other what they did and Greg Davies like rates them and gives them points very arbitrarily. And so the best shows for me are the ones where they try to cheat and figure out a way to convince Greg Davies that they're not actually cheating. Um, but we laughed hysterically. Like, every— gave us a laugh every single time. And last year at Christmas, um, it was the first time we could not spend Christmas with my sister and her kids, and that was, that was very difficult. And so my daughter was super into this, and I, and I kind of said to her, Well, what if, what if we did our own Taskmaster? And she was like, what? And I was like, yeah, let's do our own Taskmaster.

---

CAROLE THERIAULT. I said, do you want to be the Taskmaster? Yeah.

---

DINAH DAVIS. So she said yes. So she was the Taskmaster, and myself and my husband and my mom and my dad, we were the contestants. And, and this child, like, she just told us a list of things we had to buy. I was getting a little bit scared when, when on the list was shaving cream and sour cream. I was like, um, what are those for? Um, and so You know, I thought she'd give us like 10 tasks and they would take like, I don't know, a few minutes each. Oh no, this child really thought this through. So first we, of course, we did the task where you have to bring something with shiny, something shiny. And then, and then we did, you had to make slime. And she knows I hate slime. I hate it. It's so yucky and gross. And she made us make it. But the pièce de résistance was the third task in which she pairs us up into teams, and then she goes, make me my favorite dessert. So she conned us into making her desserts.

---

CAROLE THERIAULT. She got a stupid kid.

---

DINAH DAVIS. So anyway, we ended up watching all 11 seasons. Frustratingly, right now we cannot watch the 12th season because it's not available in Canada. Um, if If you're in North America or someplace else, you can watch seasons 1 through 11 on YouTube for free. But I don't know when or if they're going to release season 12. And then quite hilariously, my office is now doing this. And so I have just become another participant of Taskmaster for a secret little Christmas show we're doing for our team at Arctic Wolf. And I got roped in again. But it's great fun. Every single show resulted in a laugh. Every single show.

---

CAROLE THERIAULT. Yeah, yeah, yeah. No, I can vouch for Taskmaster. It's a great show. I think my husband's actually an amalgamation of Alex and Greg Davies, and they have a love child, and that's my husband, literally.

---

GRAHAM CLULEY. I can totally see that. Yeah.

---

DINAH DAVIS. That's amazing.

---

CAROLE THERIAULT. No, but it's true.

---

GRAHAM CLULEY. It's true. It is true. It is.

---

CAROLE THERIAULT. I've never thought of it before, but there you go.

---

GRAHAM CLULEY. Crow, what's your pick of the week?

---

CAROLE THERIAULT. Okay. Mine's very wacky. Okay. User, Reddit user, Dad of Lucifer posted a link to a GitHub repo on Reddit and it tickled me so much so it's become my pick of the week. So I'm literally going to read it. Okay. Quote, okay, so our build engineer has left for another company. The dude was literally living inside the terminal. You know, the type of guy who loves Vim, creates diagrams in Dot, writes wiki posts in Markdown. If something, anything requires more than 90 seconds of his time, he writes a script to automate that.

---

GRAHAM CLULEY. Okay.

---

CAROLE THERIAULT. So we're sitting here looking through his, quote, legacy, unquote. Okay. Number 1, smackmybitchup.sh. Sends a text message, "Late at work," okay, quote unquote, "Late at work," to his wife. Automatically picks reasons from an array of strings randomly. The job fires if there are active SSH sessions on the server after 9:00 PM with his login. So he's written a script to tell his wife, "Oh, I'll be late." Number 2, kumarasshole.sh. Scans the inbox for emails from Kumar. He was a database admin at a client's. Looks for keywords like help, trouble, sorry, etc. If keywords are found, the script SSHs into the client's server and rolls back the staging database to the latest backup, then sends a reply, no worries, mate, be careful next time.

---

DINAH DAVIS. Oh my God, how many times did that guy contact him? Right?

---

CAROLE THERIAULT. Okay, I've got two more. Number 3, hangover.sh. Another cron job that is set to specific dates. Sends automated emails like, quote, not feeling well slash gonna work from home, unquote, et cetera. Adds a random reason from another predefined array of strings. Fires if there's no interactive sessions on the server at 8:45 AM. So if he's late, he just has a random, he just doesn't have to get up and tell anybody. It just automatically happens.

---

DINAH DAVIS. If he's sick, he just sleeps in, doesn't worry about it, knows the notification's going out.

---

GRAHAM CLULEY. Genius.

---

CAROLE THERIAULT. And the Oscar, this is all written in this GitHub link, fucking-coffee.sh. This one waits exactly 17 seconds, then opens the Telnet sessions to our coffee machine. We had no fricking idea the coffee machine was even on the network. Runs Linux and has a TCP socket up and running. And sends something like "sys brew." Turns out this thing starts brewing a mid-sized half-caf latte and waits another 24 seconds before pouring it into a cup. The timing is exactly how long it takes to walk from the machine to the dude's desk.

---

DINAH DAVIS. That's genius. That's amazing. That's amazing.

---

CAROLE THERIAULT. Listeners, I have provided the links you require to see this and many more scripts that this particular individual apparently wrote. If nothing, it will make you laugh. So that is my pick of the week.

---

GRAHAM CLULEY. Very fun. Well, that just about wraps up the show for this week. Dinah, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?

---

DINAH DAVIS. Yep, on Twitter @dinah_davis or on LinkedIn @dinah_davis.

---

GRAHAM CLULEY. Super. And you can follow us on Twitter @SmashingSecurity, no G, Twitter.com/smashingsecurity. Ransomware, ransomware.g, and we've also got a Smashing Security subreddit. And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Google Podcasts.

---

CAROLE THERIAULT. Huge shout out to this episode's sponsors, the fabulous 1Password and Upticks, and to our wonderful Patreon community. It's thanks to them all this show is free. For episode show notes, sponsorship information, guest lists, and the entire back catalog of more than 254-ish episodes, episodes, check out smashingsecurity.com.

---

GRAHAM CLULEY. Until next time, cheerio, bye-bye. Bye.

---

CAROLE THERIAULT. Bye.

---

GRAHAM CLULEY. Carole, I may have made a slight error.

---

CAROLE THERIAULT. Okay, where?

---

GRAHAM CLULEY. Uh, with my, uh, audio recording at my end.

---

CAROLE THERIAULT. Um, right, and you also dropped off ours, so Great.

---

GRAHAM CLULEY. Yeah, so I'm, I'm hoping Zoom got the first half of the recording before I dropped off.

---

CAROLE THERIAULT. Fantastic. I will stop recording and let's keep our fingers crossed. Note my tone. Note my tone. Very calm. Very calm. And this is about 12 hours later. I've just finishing up the edit. And we've made it despite audio snafus. Technology saw us through. So I gotta say it, high five to Zoom.

-- TRANSCRIPT ENDS --