How does Microsoft hope to defeat the macro terror? How is the UK Government trying to influence the public's opinion on end-to-end encryption? And what is MoviePass hoping to do with your eyeballs?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.
Visit https://www.smashingsecurity.com/262 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Thom Langford.
Sponsored By:
- Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
- You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
- baramundi: Optimize your IT processes with the baramundi Management Suite and make optimal use of resources by automating time-consuming routine tasks.
- Stay in control and maximize your productivity by automating routine tasks. The Unified Endpoint Management Software can be installed and implemented quickly, is intuitive to use, has a modular structure and offers a high level of usability and transparency.
- Try out the free 30-Day full version for yourself today at baramundi.com/smashingsecurity
Links:
- Macros from the internet are blocked by default in Office — Microsoft.
- A potentially dangerous macro has been blocked — Microsoft.
- The Death of "Please Enable Macros" and What it Means — Check Point Research.
- No Place to Hide.
- Why we need EndToEndEncryption and why it’s essential for our safety, our children’s safety, and for everyone’s future — Alec Muffet.
- Smashing Security episode 68: Malware from outer space!
- MoviePass Relaunching Next Summer — Variety.
- MoviePass is back but with eyeball tracking to make you watch ads — Daily Mail.
- MoviePass 2.0 Wants to Track Your Eyeballs to Make Sure You Watch Ads — Vice.
- Starlink.
- 2000 AD - the Galaxy's Greatest Comic!
- Future Shock! The Story of 2000AD — IMDB.
- 40 Strange Etiquette Rules Through the Years — Good Housekeeping.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
CAROLE THERIAULT. Have we lost Thom?
THOM LANGFORD. Oh, I'm here.
GRAHAM CLULEY. I think he's loving it. He's loving it.
CAROLE THERIAULT. He's bored.
THOM LANGFORD. Yeah.
CAROLE THERIAULT. Okay.
THOM LANGFORD. Just checking. You're right. You know, I'm like you. I don't interrupt people midway through their flow.
CAROLE THERIAULT. No, it's just a conversation.
GRAHAM CLULEY. I would hate to interrupt a middle-aged man like Thom Midfellow. That could be very dangerous.
THOM LANGFORD. I'd never know when I could start again. Probably 4 o'clock in the morning. That's when it normally starts.
GRAHAM CLULEY. I'm up then too. You should text me. We can do it together.
THOM LANGFORD. Yes.
GRAHAM CLULEY. Do a live stream.
THOM LANGFORD. Yeah.
CAROLE THERIAULT. That's right.
ROBOT. Smashing Security, episode 262. Macro progress, eyeball tracking ads, and encryption backdoors with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 262. My name is Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. And this week on the show, Carole, we are joined by a special guest. He's returning to us from the Host Unknown podcast. It's Thom Langford. Hello, Thom.
CAROLE THERIAULT. Ah, Thom, welcome.
THOM LANGFORD. Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us.
GRAHAM CLULEY. That was very professional.
THOM LANGFORD. Sorry, it's a force of habit.
CAROLE THERIAULT. Do you know what? We could make a doll of Thom. You know what? Those pull strings on the back and he'd have like his 5 sentences that he You see, we've already been—
THOM LANGFORD. we've got the Thom AI on the podcast that we have.
GRAHAM CLULEY. Oh yes, I heard that.
THOM LANGFORD. So when I'm not there, they just rack out Thom AI, press a few buttons and off he goes.
GRAHAM CLULEY. Yes indeed. Unbelievable.
CAROLE THERIAULT. Okay, how about we thank this week's sponsors, Collide and Baramundi. It's their support that help us give you this show for free. Now coming up on today's show, Graham, what do you got?
GRAHAM CLULEY. Death to macros.
CAROLE THERIAULT. Okay, Thom, what about you?
THOM LANGFORD. Oh, won't somebody think of the children?
CAROLE THERIAULT. Okay. And I'm looking at improving ad engagement in a quote unquote novel way. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chums, chums, I think it's fair to say that we're all of a certain age, aren't we?
THOM LANGFORD. Now, some of us deny it, but yeah.
CAROLE THERIAULT. Yeah, some, some of us are not as old as the others.
GRAHAM CLULEY. Yeah. I don't know who's the oldest amongst, Thom, but—
CAROLE THERIAULT. I do.
GRAHAM CLULEY. You do?
CAROLE THERIAULT. Yep.
GRAHAM CLULEY. If we were to go back in time 27 years to 1995, Thom, what were you doing then?
THOM LANGFORD. 1995. Gosh, I was a field service engineer for a company in Southampton, as I recall. Installing AutoCAD.
GRAHAM CLULEY. That's quite impressive. Crowl, what were you up to?
CAROLE THERIAULT. I was in university partying my butt off.
GRAHAM CLULEY. Yeah, not studying, I imagine. Yeah, exactly.
CAROLE THERIAULT. Well, no, I was very smart.
GRAHAM CLULEY. Well, I was working for an antivirus company, and in 1995, in mid-1995, something extraordinary happened. The world shook, continents collided, volcanoes erupted because Microsoft accidentally shipped on CD-ROM The first Word macro virus, a virus called Concept. And this was the first ever virus which could infect Word documents. You may think, well, what's the big deal about that?
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. Well, what the big deal was, was that previously viruses had spread via executable code like boot sectors or program files, which people were less likely to copy and send to each other. Whereas a Word document, you would share to each other.
CAROLE THERIAULT. Exactly. You didn't worry about that kind of stuff. Exactly.
GRAHAM CLULEY. Right. But you wouldn't be surprised if someone sent you a Word document and you'd open it and you'd get infected. And this virus called Concept, it was a very simple virus which had no purpose really other than to display a dialog box containing the number 1. And inside there was a little remark which said, that's enough to prove my point. The theory at the time was that there must have been someone who was trying to prove it was possible to write a virus using Microsoft Word and to then infect other Word documents. So that's why it was a concept virus.
THOM LANGFORD. So do you know which, what CD it was that this was shipped on? Was it like an MSDN CD or something like that?
GRAHAM CLULEY. It was on a CD-ROM called Microsoft Compatibility Test that Microsoft shipped to hundreds of corporations.
THOM LANGFORD. Because it must have been buried deep in some folder structure somewhere for it to not have been picked up?
GRAHAM CLULEY. Well, the truth was that there were no antivirus programs at the time looking for Word macroviruses.
THOM LANGFORD. Yeah.
GRAHAM CLULEY. And so even if they had scanned it, I think, as I remember, it was in some sort of distributor Word document agreement. And you'd think, well, even if Microsoft did send that out, would it really get widespread? But widespread it became. It became the number one virus in the world. And it proved that a virus could actually spread around the world potentially infecting thousands of computers in a matter of, well, really minutes.
CAROLE THERIAULT. What do you mean minutes?
THOM LANGFORD. How?
GRAHAM CLULEY. Well, because someone can send an email attachment containing a Word document to a lot of people who would then open it. Because if they use the right social engineering, and people, remember, weren't worried about Word documents because how can a data file infect your computer?
CAROLE THERIAULT. I don't think we really even had the term social engineering in 1995, actually.
GRAHAM CLULEY. Doesn't mean it didn't exist.
THOM LANGFORD. I'm sure we did.
CAROLE THERIAULT. Okay, we'll wager.
THOM LANGFORD. Maybe not in common day parlance, but I'm sure we did.
GRAHAM CLULEY. Yeah. And previously, viruses had taken months and months to spread around into the wild. Now, whether it be by floppy disk or—
THOM LANGFORD. Well, you had to install them yourself, really, didn't you?
GRAHAM CLULEY. Well, exactly. Because previously, if the media had said to me, what do you have to look out for, for a virus, Graham? And I would have said, don't boot from an infected floppy disk and be careful what programs you run.
THOM LANGFORD. Mm-hmm.
GRAHAM CLULEY. Whereas now, opening a Word document could get you— Now, over time, new macroviruses appeared. Melissa virus, the Wazoo virus, which switched words around in your documents. You're gonna name them all. And then Excel and PowerPoint macro— No, no, no. But for the first 5 years or so, until about 2000, macroviruses ruled the roost. They were the most common, the easiest to write, they spread the most successfully, but crucially, they didn't make their creators any money.
CAROLE THERIAULT. Oh, interesting. Okay.
GRAHAM CLULEY. Because they couldn't hijack your computer to send out spam, they couldn't turn you into a botnet, they couldn't open a backdoor to your computer. The language, the macro language, wasn't powerful enough to do that. So you could pop up messages, you could mess around with documents, but there wasn't really a way to make cash out of it. And so the bad guys, round about the early 2000s, began to think, well, how can we make money out of malware? And that's when they turned their back on macroviruses and started writing password-stealing code and bot code and all kinds of things like that instead.
CAROLE THERIAULT. Mm-hmm. Makes total sense. Yep. Money rules the roost.
THOM LANGFORD. Yep. Okay.
GRAHAM CLULEY. But there were still problems with malicious macro code out there. And in the late 1990s, Microsoft began to display warnings when a macro was embedded inside a document. And you may have seen this. So what would happen is you would open a Word document and you may see this little yellow strip at the top of your screen say, security warning, macros have been disabled. "Click here to enable content." Yeah, of course.
CAROLE THERIAULT. We all remember those. Right.
GRAHAM CLULEY. And what the criminals found out was there was actually a way of getting the macro language to download further malicious code from the internet, which could do all these money-making things. And all they had to do was use social engineering to get people—
CAROLE THERIAULT. What year are we now in this newsworthy story?
GRAHAM CLULEY. This, this, we're getting into the 2000s now, right?
CAROLE THERIAULT. Oh, we're getting into the—
GRAHAM CLULEY. okay, good.
CAROLE THERIAULT. Yeah, we're 20 years now away.
THOM LANGFORD. Okay.
GRAHAM CLULEY. No, this is the point, Kroll. This has been a problem for a long time. I'm listening, I'm listening. So the viruses began to be able to do malicious stuff, but they had to get you to agree to enable macros. And they did this in a variety of ways. So when you'd get the poisoned Word document, albeit with Microsoft having disabled the macros, it would display a screen saying, "Oh, this document's created in an earlier version of Microsoft Word," This document is encrypted. You have to click enable macros to decrypt it for your security. So they're using all these sort of social engineering methods to get you to run the macros.
CAROLE THERIAULT. Playing with security when actually it's— yeah, it's the opposite.
GRAHAM CLULEY. Yeah, exactly. So what Microsoft did to try and fix the macro virus problem didn't actually work that well, and the bad guys found a way around it until This month. Because Microsoft have just announced, one quarter of a century after it accidentally shipped the first macro virus, they've said enough is enough and it is changing the default behavior of Office applications. So rather than saying, just click here on the yellow stripe to enable macros or enable content, which is potentially really dangerous and lots of people have been tricked into doing, Right. They're now going to display a red strip. It says, "Security risk. We have blocked macros from running because the source of this file is untrusted. Learn more." Rather than enable macros.
THOM LANGFORD. That reminds me of the Red Dwarf skit where they say, "Crichton, let's go to red alert." He says, "Are you sure, sir? Because that means changing the bulb." It's like, "Okay, so we're going to change the color of the strip from yellow to red." Well, changing the bulb is only one thing they've done.
GRAHAM CLULEY. The other thing they've done is it doesn't say enable macros. When you click on learn more, you're going to get taken from April to a web page on Microsoft site, which describes at some length. If you thought me talking about this was tedious, it will explain.
CAROLE THERIAULT. I'm not saying anything.
THOM LANGFORD. Is it going to be voiced over by Bill Gates?
GRAHAM CLULEY. And it'll explain why you shouldn't allow macros to be enabled. And it will only let you allow them to run if you're really determined.
CAROLE THERIAULT. Okay. Can I ask you a question?
GRAHAM CLULEY. Yes, you may.
CAROLE THERIAULT. Mr. I'm a security expert.
GRAHAM CLULEY. Thank you.
CAROLE THERIAULT. What do you think of this historical progress, this evolution of Microsoft managing its macro traumas?
THOM LANGFORD. This is quite literally Darwinian evolution. It's taken a long time.
GRAHAM CLULEY. It crawled from the primordial swamp, it climbed a tree, and it is now falling off a branch. It's taken quite a while.
CAROLE THERIAULT. Right?
THOM LANGFORD. 25 years.
CAROLE THERIAULT. To change the hue.
GRAHAM CLULEY. Not just the hue.
CAROLE THERIAULT. And add a learn more link.
GRAHAM CLULEY. Yes, yes.
CAROLE THERIAULT. And to block them by default.
GRAHAM CLULEY. But you know who has stopped this evolution from happening earlier? Has been companies and particularly finance departments who insisted on using macros in their spreadsheets.
CAROLE THERIAULT. Yeah, to make their fancy pivot tables and their clever—
THOM LANGFORD. Yeah, they're useful.
GRAHAM CLULEY. Well, they can be useful. But the problem really is—
THOM LANGFORD. Says a person who doesn't work in a finance department.
GRAHAM CLULEY. I couldn't do a pivot table to save my life. I would not. I don't know how to do this.
CAROLE THERIAULT. You don't even know what a pivot table is.
THOM LANGFORD. Oh, come on. Really?
GRAHAM CLULEY. No, I don't.
CAROLE THERIAULT. Define what a pivot table is.
THOM LANGFORD. If you don't know what a pivot— It's a way of displaying data in—
CAROLE THERIAULT. I wasn't asking you, Thom.
THOM LANGFORD. Oh, okay, okay, okay. Fine.
CAROLE THERIAULT. Thom's showing off.
GRAHAM CLULEY. Just one of his many skills.
THOM LANGFORD. It should be one of those things that everybody should know by the time they're 40. Why? Why? Because it's useful.
GRAHAM CLULEY. Not to me, it isn't. I've never needed one.
CAROLE THERIAULT. How would Graham apply a pivot table to his life to make it better?
THOM LANGFORD. Have you seen his personal finances?
CAROLE THERIAULT. No.
THOM LANGFORD. Neither has he because he's not used to pivot table.
GRAHAM CLULEY. So, so I think this is good news, albeit it's taken a while. Now you will be able to configure it so only if the macros have come from somewhere untrusted, like outside your organization, if they're not digitally signed, etc., etc. But it's an important behavioral change, and I think it's going to be much harder for a lot of the scammers and the people sending malware. And remember, sometimes ransomware is distributed in this fashion. It will start off with a Word document sometimes, which will then download something else. But they have to get you to click on that enable macros button. So this is, this is quite good.
CAROLE THERIAULT. I find this depressing.
GRAHAM CLULEY. Depressing? Why?
CAROLE THERIAULT. Yeah, I don't know. I haven't used Microsoft products for a long time, so I'm kind of talking out of my, you know, Wazoo.
THOM LANGFORD. Wazoo.
CAROLE THERIAULT. Yeah. But I just find it very like 1990s solution.
THOM LANGFORD. Well, this is what the problem I find is that most IT departments and many, many third-party suppliers provide solutions to this problem and have done for the last 20 years. You know, making sure that you can't run macros unless you're explicitly allowed to and all that sort of thing. And what Microsoft is doing is something they literally Smashing Security would've been able to do the first moment they put up the yellow warning.
CAROLE THERIAULT. Right!
THOM LANGFORD. Yeah. And I, this is—
CAROLE THERIAULT. You waited 20 years.
THOM LANGFORD. Yeah. They've been treating a symptom for far too long rather than the cause.
CAROLE THERIAULT. Anyway, it will be interesting to see how this revolutionises the macro drama.
GRAHAM CLULEY. I just think it's gonna be a lot more effort for the cybercriminals to get round this than the old just click on the enable content button.
THOM LANGFORD. And that's good news. Yeah, absolutely. It's another barrier. Whether or not it's going to be sufficient by itself is another matter, but—
GRAHAM CLULEY. I'm sure there'll be ways to still subvert it. But it's going to make life harder for the bad guys. And we're all in favour of that.
THOM LANGFORD. And kids, don't forget your pivot tables.
CAROLE THERIAULT. Fuck, I hate pivot tables too.
THOM LANGFORD. You don't even know what they are.
CAROLE THERIAULT. I do. I used to have to do them for Graham.
GRAHAM CLULEY. A pivot table sounds like something like a sex swing.
CAROLE THERIAULT. Is it a piece of furniture?
THOM LANGFORD. Yes, that's exactly what it is, Graham.
CAROLE THERIAULT. It is, yeah.
THOM LANGFORD. Absolutely. That's absolutely right.
CAROLE THERIAULT. Thom.
GRAHAM CLULEY. Thom, what have you got for us this week?
THOM LANGFORD. Well, I have something else that is also an attempt to address a symptom rather than the cause of a problem. So you may know that the UK government has been upping the ante and has been really pushing this agenda of banning end-to-end encryption and ensuring that there are backdoors into cryptography controls.
CAROLE THERIAULT. Yeah, so I was gonna ask, do they wanna do away completely with end-to-end encryption or they just want a backdoor in that they're gonna use themselves, that they'll keep very safe and no one will ever get their hands on?
THOM LANGFORD. Well, I think the principle is that they get a backdoor into what they want. But of course, the problem being that when you break one set of cryptographic controls, you are ostensibly breaking them all.
GRAHAM CLULEY. Yep.
THOM LANGFORD. Because that's how maths works.
CAROLE THERIAULT. It's rule one of cyber club.
THOM LANGFORD. Yeah, exactly. Exactly. Break one, break them all. But the thing is, there's been a huge pushback, very much so from our industry, basically saying our whole economy and life depends on strong end-to-end encryption. Everything from banking to general online purchasing to the way you communicate with your friends, etc., etc. And by breaking this, this is actually going to cause real problems. And it's all very well saying, well, you know, if you've got nothing to hide, you've got nothing to lose, etc. But this is in the case of benevolent governments. And now, one, there's plenty of malevolent governments out there that will use this against its people. But also, in 10 years' time, I mean, who would have said 10 years ago that we would have had the UK government that we had today, right?
CAROLE THERIAULT. Well, I predicted it completely. I predicted it.
THOM LANGFORD. Yep. Well, obviously. You probably calculated it in a pivot table.
GRAHAM CLULEY. The thing is, the UK government, they're really keen on things like WhatsApp, aren't they? They're always WhatsAppping each other and inviting each other to their government parties. Bring your booze.
THOM LANGFORD. Absolutely. But the point of this story is they've upped the ante. So they have got a website, and I hesitate to advertise a website, but, you know, we need to know what's out there. But it's called noplacetohide.org.uk, which already gives you a sense of, you know, what this is all about. And if you do click on it, you'll see that it's all focused on, don't give child sex abusers a place to hide, focusing on end-to-end encryption. Now, the idea here is that this is just one part of a multimillion-pound sort of engagement campaign to change the public mind on end-to-end such that when the bill comes to Parliament, etc., there's going to be widespread support of it. It will just go through because, you know, people are easily misled, etc., etc., by this sort of thing. And it doesn't look like a government website. It's, you know, it looks like a very valid website. It's supported by many charities and all that sort of thing. The thing is, this particular website has cost the UK taxpayer, the UK Home Office, half a million pounds. That went to a marketing firm, M&C Saatchi. So you can see exactly where this is going. You know, the British government have got some kind of agenda that they want to push onto the British people. So therefore they're using experts in communication, etc., to push this, even though it's not necessarily, in my humble opinion and many others, in our best interest. Now, all of the charities that are listed on there, and there's some, you know, some valid—
GRAHAM CLULEY. Oh yeah, some legitimate charities here.
THOM LANGFORD. Absolutely. NSPCC, Barnardo's, the Children's Society, etc., etc. All very good. They are on a steering group, an unpaid steering group for this campaign managed by M&C Saatchi. So again, you can sort of see this is not just an independent steering group thinking this is right. This is a steering group comprised of people who are already aligned with you know, what the government wants. So there's stats in there like, what is it, 14 million reports of suspected child sex abuse online that could be lost if we don't stop end-to-end encryption. Quite how they get that data is interesting because we already have end-to-end encryption. Does that mean we are losing that many? No, it's saying they could. Now, the counterpoint to this comes from a chap called Alec Muffett. Now, Alec Muffett, he is He's a self-described stay-at-home dad for a home-based startup, which I think is his family, from LinkedIn. But he's got an unsurprising background in network security. He's also on the board of the Open Rights Group. And he's written a fantastic contrasting piece on this, which actually brings a lot of details and far more evidence rather than some kind of interpretation of a report done many, many years ago. Now, one of the most interesting parts I thought about this was they're focusing this on protection of children, etc. One stat that Alec gives is that actually 90% of child sex abuse cases are carried out by people within the family or close to the family of, of the abused. So the end-to-end encryption thing is not about protecting the children. You know, 90% of children are attacked and abused by people who are known to them.
GRAHAM CLULEY. Right.
THOM LANGFORD. The end-to-end encryption thing is not going to change that. He then goes on to make a variety number of points and he, he puts a number of stats in there and a number of links in there to details, you know, specifically that 14 million records, etc., etc. The interesting point he makes, and the most fundamental point he makes, is we should be putting our focus in on the source of this. On the societal change. On the support required to stop this kind of abuse in the first place, rather than putting in measures that actually are just going to punish people afterwards or send them even deeper underground. And the other point as well to this is, We've already seen this playbook run out before with the war against drugs, the war against terrorism. You know, the end-to-end encryption thing has already been played out in both those cases. Now it's the turn of, you know, the war against pedophiles, playing on huge emotional triggers for the general public to support this. This just removes us as citizens, our privacy, agency, control of data in our lives. And a point you made earlier, Graham, about Actually, frankly, the government are quite happy to use end-to-end encryption. They're using WhatsApp and, you know, various messenger apps to send out-of-band communications to each other. We've seen that. We've seen that.
GRAHAM CLULEY. And those are applications which are run by companies which are based overseas.
THOM LANGFORD. Yes, exactly.
GRAHAM CLULEY. It's not—
THOM LANGFORD. and they're carrying out governmental business on these things.
CAROLE THERIAULT. Well, I— yeah, can I just say what bugs me here? So what bugs me on this website is there's only one mention at the very bottom of of your landing page that this is a campaign funded by the UK government, right? So it's kind of burying the government endorsement of it. And on top of that, it is providing you with one single, very emotive argument as to doing something. It is not a balanced view on the pros and cons of this. And it feels a bit propaganda-y even.
GRAHAM CLULEY. It definitely is propaganda because this is aimed at your Daily Mail readers who of course—
CAROLE THERIAULT. I'm looking at it and our listeners.
GRAHAM CLULEY. But yeah, but like everybody else in the country or most people in the country, we obviously, you know, abhor child abuse and we don't want child abuse to take place.
THOM LANGFORD. Of course.
GRAHAM CLULEY. But this is the wrong way of tackling it because there are so many other people who will suffer if end-to-end encryption is weakened, if there are backdoors and who on earth is going to hold the keys for that? And can they be responsible and what happens when it ends up in the hands of others? I'll tell you what else annoys me about this website though. Did you say it cost half a million quid?
THOM LANGFORD. Yeah, £534,000 to do this website, but it's part of a large campaign.
GRAHAM CLULEY. Okay, but the website is just one page and there's a one-minute video on it. I would happily have done this for £15,000. Yeah, it just feels like a waste of money.
THOM LANGFORD. Well, it's a single page effectively, isn't it? It's not even— it's a poster.
GRAHAM CLULEY. Yes.
THOM LANGFORD. And there's no meat to it. There's no evidence behind it. There's no peer-reviewed studies and real kind of—
GRAHAM CLULEY. Well, I mean, I know that Alec Moffat, I mean, you've pointed to that one post of his. He's done a series of posts up on his blog where he talks about the different aspects of this and includes links to research and evidence. And I think overall that's much more convincing. But of course, he doesn't have the power of a PR firm like MC Saatchi promoting his site.
CAROLE THERIAULT. Isn't this a problem? Isn't this a problem for, you know, I don't know, journalists to kind of go, uh, guys, yeah, do you think the government should be doing this? Is this really a thing that we should be funding in order to convince people to approve our bill?
THOM LANGFORD. Well, we know you've got chums in the BBC, you two, so, you know, maybe we can, um, you know, get, get this amplified.
GRAHAM CLULEY. Oh yeah, because they're really popular with the government, aren't they, the BBC, at the moment?
THOM LANGFORD. Yeah, yeah. Well, someone's going to cut their, their Who is it?
GRAHAM CLULEY. Nadine Dorries.
THOM LANGFORD. Oh dear God.
CAROLE THERIAULT. Nadine.
THOM LANGFORD. Nadine. What's my password? I shout every morning. Dorries.
GRAHAM CLULEY. That's right.
THOM LANGFORD. Oh my goodness. Who would have predicted 10 years ago, apart from Carole? Who would have predicted?
GRAHAM CLULEY. Carole, what have you got for us this week?
CAROLE THERIAULT. Way back, Graham. Way back in episode 68.
GRAHAM CLULEY. Oh yeah, one of my favorites, yes.
CAROLE THERIAULT. I spoke about MoviePass. Now, MoviePass was a company that wanted to kind of deglue US butts from the couch and put them into movie theaters. And it was basically a movie theater subscription service. So you paid, I don't know, $10 a month.
GRAHAM CLULEY. Oh yes, yeah, I remember, yeah.
CAROLE THERIAULT. The service used this mobile app where registered users would check into a cinema, choose a film, showtime. You'd present your voucher, you know, da da da da da. And the thing was, is it was super cheap, right? Because you could have a movie a day, every day for less than the price of a single movie ticket that you would pay for. 'Cause like $10 a month, movie tickets cost way more than that. So like, how would this work?
GRAHAM CLULEY. Yeah, how did it work? How did they make money out of that?
CAROLE THERIAULT. Data tracking. So, and they even came clear, and that's what that show in episode 68 was all about, was that the CEO, the then CEO, did a talk called Data is the New Oil: How Will MoviePass Monetize It? And during this keynote, he literally crowed about how much data they were currently hoovering up from their paying customers. And he said, we get enormous amount of information. We watch how you drive home from the movies. We watch where you go afterwards.
GRAHAM CLULEY. Okay?
CAROLE THERIAULT. But things didn't work out as planned because in 2019, September 2019, MoviePass shut down its mobile ticketing service. and its parent company soon filed for Chapter 7 bankruptcy and announced that it was ceasing all business. So this is pre-Rona. Have we lost Thom?
THOM LANGFORD. No, I'm here.
GRAHAM CLULEY. I think he's loving it. He's loving it.
CAROLE THERIAULT. He's bored. Okay.
THOM LANGFORD. Just checking. You know, unlike you, I don't interrupt people midway through their flow.
CAROLE THERIAULT. No, it's just a conversation. The show normally.
GRAHAM CLULEY. I would hate to interrupt a middle-aged man like Thom Midfellow. That could be very dangerous.
THOM LANGFORD. I'd never know when I could start again. Probably 4 o'clock in the morning. That's when it normally starts.
GRAHAM CLULEY. I'm up then too. You should text me. We can do it together.
THOM LANGFORD. Yes.
GRAHAM CLULEY. Do a live stream.
THOM LANGFORD. Yeah.
CAROLE THERIAULT. So fun. Right. So MoviePass defunct, bankruptcy, bye-bye MoviePass, what a dumb idea.
THOM LANGFORD. Not a dumb idea. Oh, it was a great idea. Because you're trading something that you have, and you know you're trading it, for something that you want. And it's a transparent business arrangement.
CAROLE THERIAULT. You think most people realized how much data they were hoovering up? Because it was quite a little bleep in the press at the time that they were grabbing all this data in order to cue where you were going.
GRAHAM CLULEY. Are you suggesting— People didn't read the terms and conditions and privacy policy, correct?
CAROLE THERIAULT. Yes! That is always my main point.
THOM LANGFORD. Well, also, and if it's free, you are the product, blah, blah, blah.
CAROLE THERIAULT. It isn't free! You were paying a tenner a month.
THOM LANGFORD. A whole tenner a month for 30 films? Of course, I mean, it might as well be free.
CAROLE THERIAULT. Yeah, but it didn't work, 'cause they went bankrupt, right? So it was good for you, but it wasn't good for MoviePass.
THOM LANGFORD. Oh.
CAROLE THERIAULT. But like a groaning, knuckle-dragging, mud-drenched zombie, MoviePass has been raised from the dead. This past November, the original co-founder Stacy Spikes was approved ownership of the company by a New York bankruptcy court judge. And just a few days ago, this new CEO explained how it was going to change the movie business.
GRAHAM CLULEY. All right.
CAROLE THERIAULT. And our question is, is this a win-win for everyone? Obviously, it's going to be interesting. Thom, I look forward to your opinion on this. So just as a quick aside, though, okay, so the movie business obviously took a serious hit during the pandemic. In 2021, I think ticket sales hit $4.4 billion. And this is double from 2020 when the cinemas were all shut. But it's still way low compared to 2019.
GRAHAM CLULEY. Yeah, but the streaming services made a fortune though, didn't they?
CAROLE THERIAULT. The streaming service made a fortune. Exactly. Not the cinema going, right? So Stacy Spike's solution here was revealed at this launch this past week, that MoviePass will now be a subscription system that incorporates virtual credits that can be spent on movie tickets. Okay. So you still have a fee to pay. It's still, it's still a subscription service. You're paying whatever it is a month. They haven't said what price yet, but there's a kind of built-in app reward system. And there's tiered plans, et cetera, et cetera. But using Web3, using some blockchain tech, MoviePass will also allow members to trade and transfer these credits. The idea is that they don't wanna be tied to just one movie theater. They wanna be like ubiquitous across the entire industry. So customers, theater studios will be able to trade and everything, like even NFTs. We're gonna, I'm not even going into the NFT world in here, so ignore all that. Now, this is the thing that has everyone's knickers in a twist. MoviePass will also incorporate another feature enabled by Web3 tech that allows users to pick up extra credit if they watch advertisements.
GRAHAM CLULEY. Adverts at the cinema.
CAROLE THERIAULT. Okay. Between us, us three.
GRAHAM CLULEY. Hi, hi, huddle.
CAROLE THERIAULT. Huddle. It's unclear unclear to me if this is actually a movie theater experience or a home streaming service. So I've been having, I've read a number of articles on this and I am unclear. I think it's all going to be done on the phone.
THOM LANGFORD. It would have to be for the eye tracking, right?
CAROLE THERIAULT. Exactly. But I was a little concerned that the ad stuff would happen on the phone. You could do that as an extra, but also go to the theater. I'm just not sure. So I think it's a big phone service.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. So when I say, like, watch advertisements, I don't mean play advertising, right? I don't mean like, oh, the ad's coming and you go make a cup of tea. I mean, you have to watch it with your actual eyeballs. And they will monitor this with very clever tech to track your eyeballs. If you look away, the ad will pause.
THOM LANGFORD. Now, if you have a glass eye, could you take it out and put it on a stick.
GRAHAM CLULEY. Like Columbo.
THOM LANGFORD. And then go and make a cup of tea.
CAROLE THERIAULT. Couldn't you do that with eyeballs, ping pong balls, and a bit of paint? I'm a good artist. I could probably, you know, start a new business.
THOM LANGFORD. This is Web3. I think it's a little bit more complicated than that, Carole. But—
GRAHAM CLULEY. Could you not? I mean, I was thinking along similar lines. I was thinking, surely someone is going to come up with an app which simulates eyes watching something.
THOM LANGFORD. Or a video. Yeah, you record your face on a loop. Yeah.
GRAHAM CLULEY. You have one phone which is playing a video and you shove your other phone in front of it.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. And you just make money. Doesn't that work?
CAROLE THERIAULT. You could have deepfakes of yourself watching, just sitting there paying attention and blinking occasionally.
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. Now, of course, the ads, because they're being played on your phone, are specifically tailored to you. So of huge interest to you, Thom, right? They'll all be about, you know, Lego and stuff.
GRAHAM CLULEY. And stuff.
THOM LANGFORD. You know me so well, Carole. It's like you're peering into my very soul with that statement.
GRAHAM CLULEY. So there we are at Thom's funeral. Carole's been asked to give a speech about, oh, Thom was a fascinating chap. He was into Lego.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. And stuff.
CAROLE THERIAULT. Now, obviously, we can see why this is interesting to MoviePass. Okay, it's an interesting pitch because I can see them now going, "Hey, ad guys, I can guarantee eyeballs. Like, eyeballs happening and watching your ads. So I'm gonna ask for a higher, you know, higher Wonga price to place those ads." Plus, we're unclear at this stage how the app will actually track you. So if it has the same tracking behavior as the previous MoviePass technology. Also, what are they doing with all the facial recognition tech and images? Are they only doing that whilst the ads are playing or during the movie as well?
GRAHAM CLULEY. Carole, I don't think they even care about the facial recognition because they want to say to the advertisers, oh yeah, it really worked well. We had an amazing No, sure, sure, sure.
THOM LANGFORD. But if they were, I'm just saying, if they're corporate whores, they're gonna be, "Hey, and we can also collect all this data because you never know, might be useful one day." As long as it's very clear upfront that this is what they're doing and this is how they're handling your data and what they're gonna sell and what they're not gonna sell and all that sort of thing. If people want to go for this, then great. It reminds me of that Black Mirror episode where you're on an exercise bike and you have cycle and exercise in order to earn points to live, and you go up the, go up the social scale and things like that. It's the same principle as that. You actually, you've got to move your eyes backwards and forwards over, over a, a, an advert of some description in order to earn credits, in order to, to get free stuff. Now, if that's the best way, or the easiest way, or the cheapest way that you can get access to the media that you want then so be it. Go in there with your eyes open, uh, don't close them because otherwise you won't get anything, but go in there with your eyes open and, um, you know, reap the benefits. For me personally, I, I wouldn't do it because I can't bear adverts like that.
CAROLE THERIAULT. Well, you, you can't bear an advert watching you watch it?
THOM LANGFORD. That's right.
CAROLE THERIAULT. Oh, because you just basically said, hey dudes, you think this is a good idea, go do it.
THOM LANGFORD. No, I didn't say that. I said I wouldn't do it.
CAROLE THERIAULT. No, I know you You said that, but you're saying to other people—
THOM LANGFORD. Hey, I know I'm saying, as long as you are aware that this is what you're doing, my risk model is not their risk model. It's very different. My risk model is actually, I'd rather pay for a service that gives me this without adverts rather than not pay for it. But they may either not wish to pay for it or not be able to pay for it.
CAROLE THERIAULT. Oh, they're still paying. They're still paying. They're just getting extra credits that they can use within the MoviePass environment, right?
THOM LANGFORD. You are getting paid for it. You are getting stuff ostensibly for free.
CAROLE THERIAULT. And the algorithm, the ad algorithm will never get it wrong anyway, right? They're never going to show alcoholics people clinking glasses of Chablis or showing a fast food ad to someone trying to eat more healthily.
THOM LANGFORD. No, exactly. Exactly. And this targeted ad thing has never really worked. Let's face it. It's like you go online and you order a mattress, something you're supposed to buy every, what, 7 years, I think it is. And then for the next sort of 6 months, all you get is adverts for mattresses.
CAROLE THERIAULT. My hope though, what would make me feel a little bit better about all this, even though I don't like the model, is if they had a bounty program to get the best techies out there to hammer the system to expose any holes before customers are lured into using this service. That would be—
THOM LANGFORD. You mean they're not doing that already?
CAROLE THERIAULT. Well, are you surprised?
THOM LANGFORD. One would hope that they make this rock solid because otherwise you're going to get Priti Patel and Nadine Dorries onto them.
CAROLE THERIAULT. So when I was researching this, right, of course the freaking Daily Mail covered the story. Now I didn't really take any tidbits from them in the story I've done, but I did look at the commentators and there was one that I thought I would share with us all.
GRAHAM CLULEY. You went into the Daily Mail comment section?
CAROLE THERIAULT. That's It's a bold decision. I know. I did it with like my eyes squished so I couldn't read everything.
THOM LANGFORD. And took a shower afterwards.
CAROLE THERIAULT. It was fuzzy. Yeah. So this Had to Comment, that's the name, wrote, I've never paid to watch a movie nor bought music or attended concerts. Why? I refuse to fund alcohol and drug addictions of today's so-called celebs and stars or contribute towards their rehab and their divorces or towards their excessive spending habits. Such as the shoes and clothes they wear once, the many cars they rarely ever drive, and the many homes they buy that they never live in. I can't justify any of that when there are so many people in this world with nothing. That's why I've never paid, and it's for those same reasons that I never will. So, you know, the world's fine.
THOM LANGFORD. That's why I visit the Daily Mail website and regularly go down the sidebar of shame to read about Kim Kardashian Do you know, if that was a comment from, I don't know, Socialist Worker or Hippies Are Us, maybe they don't have a TV and a radio or anything like that and they just knit their own yogurt and play their own songs or something. But given it's on the Daily Mail on a website, I'm thinking that person has got a TV and probably a Netflix subscription and probably listens to a lot of music either on the radio or downloaded illegally from the internet. So, now I need a shower.
CAROLE THERIAULT. Come on, it's funny.
THOM LANGFORD. It is funny.
GRAHAM CLULEY. Very funny.
THOM LANGFORD. In a very depressing way. Although it's probably just a Russian troll, let's face it.
CAROLE THERIAULT. Baramundi offer unified endpoint endpoint management from a single platform. Think of it as an all-in-one solution, consolidated endpoint management under a single interface. For example, with baramundi JOBS, you can control and monitor all tasks in the management suite, including software deployment, automation, and operating system installation. Baramundi also offer vulnerability detection and patch management, so you're ready to deploy updates and patches from Microsoft, ransomware, malware, and third-party applications. And you can centrally manage any number of devices no matter where they're located. And that means you can distribute all the necessary updates to smartphones, tablets, notebooks. Excited to check it out? Well, we don't blame you. Our pals at Barramundi are offering Smashing Security listeners a 30-day full version free trial. Check it out at barramundi.com/smashingsecurity. That's barimundi.com/smashing.
GRAHAM CLULEY. Collide sends employees important, timely, and relevant security recommendations to their Linux, Mac, and Windows devices right inside Slack. Collide is perfect for organizations that care deeply about compliance and security, but don't want to get there by locking down devices to the point where they become unusable. So instead of frustrating your employees, Kolide educates them about security and device management while directing them to fix important problems. Sign up today by visiting smashingsecurity.com/kolide. That's smashingsecurity.com/kolide. Enter your email when prompted, and you will receive a free Kolide goodie bag after your trial activates. You can try Kolide with all of its features on an unlimited number of devices for free for 14 days, no credit card required. Try it out at smashingsecurity.com/kolide. That's smashingsecurity.com/kolide. And thanks to Kolide for supporting the show. And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week.
THOM LANGFORD. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security related necessarily.
CAROLE THERIAULT. Better not be.
GRAHAM CLULEY. Well, my pick of the week this week is technological. Now, Thom, I know you love a good gadget. Let me explain to you a problem we've been having behind the scenes at Smashing Security. Because ever since, probably about, I don't know, 18 months ago when I went to live in the middle of a sheep farm without a proper internet connection, we've had a slight challenge recording the show. So I don't have broadband down a wire. I've been on 4G LTE. I've had antennas outside my house and it's been up, it's been down. It's been problematical.
THOM LANGFORD. Did you replace the printer that your antenna was sat on? Because that may well have been blocking some of the signal.
GRAHAM CLULEY. It was like a leaning tower of Pisa to try and get my antenna as high as possible.
THOM LANGFORD. A leaning tower of Canon, more like.
GRAHAM CLULEY. Well, Carole, you've handled the situation very well. You've barely mentioned to me that we've—
CAROLE THERIAULT. yeah.
GRAHAM CLULEY. So I— I did some research into alternatives. Are there any alternatives at all? And I was chatting with friend of the show, Professor Alan Woodward.
CAROLE THERIAULT. And yeah, and with the speed of Microsoft dealing with the macro problem—
GRAHAM CLULEY. I have now invested in a solution, which I hope is going to work. I'm speaking to you right now via a low Earth orbit satellite.
THOM LANGFORD. Is that basically the equivalent of getting the string wet between the two cans?
GRAHAM CLULEY. It is. We've got— there are no toucans involved. Pigeons, maybe. I have got a Starlink dish in my back garden.
THOM LANGFORD. Oh.
GRAHAM CLULEY. Which is beaming up to a satellite, and then beam— that's then beaming down to Earth somewhere which has an internet connection.
CAROLE THERIAULT. Which tech juggernaut gets the cash for that purchase?
GRAHAM CLULEY. This is the slight problem, because it is, of course, part of Elon Musk's empire.
THOM LANGFORD. Do you not like Elon then?
GRAHAM CLULEY. No.
THOM LANGFORD. Why not? I mean, not that I particularly—
CAROLE THERIAULT. He's more popular than Graham, so, you know.
THOM LANGFORD. He got his blue tick before Graham did.
GRAHAM CLULEY. He just seems a bit of a twat.
THOM LANGFORD. Yeah. Yeah.
CAROLE THERIAULT. But hey, he makes great tech.
THOM LANGFORD. Most visionaries and entrepreneurs are.
GRAHAM CLULEY. Well, possibly they are, but he seems particularly weird. And—
CAROLE THERIAULT. Yes, I'm not a fan either. How much did it set you back, Lou?
GRAHAM CLULEY. It's quite expensive. Dish itself, it's a little rectangular dish that costs, I think it's about £499. Oh. And my broadband bill as it is, will be £89 per month.
THOM LANGFORD. Wowzer.
GRAHAM CLULEY. So it's quite a lot of money, but it is designed for people who can't get reliable internet connection any other way. I'm getting, well, I've had up to 300 megabits per second down, which is brilliant.
THOM LANGFORD. And I've had a fiber speed.
GRAHAM CLULEY. Yeah.
THOM LANGFORD. Yeah.
GRAHAM CLULEY. And I've had up to like 30 or 40 going up. My ping is low and I haven't had any outages and it's, it's going really, really well.
THOM LANGFORD. It's very, very slowish. It's 39, isn't it?
GRAHAM CLULEY. Oh, it's yeah, it varies. It changes. So it's, I've seen it between about 20 and 40.
THOM LANGFORD. But I do see from the images that are in the show notes, I do see that by paying for Starlink has meant you couldn't upgrade your phone.
GRAHAM CLULEY. Why? Why is that?
THOM LANGFORD. Because you've got an iPhone SE from 2020.
GRAHAM CLULEY. Why does that mean yes? Well, an iPhone SE is the best iPhone there is.
THOM LANGFORD. No, it isn't.
GRAHAM CLULEY. Yes, it is.
THOM LANGFORD. What are you talking about?
GRAHAM CLULEY. No, the XR was. No, it's the iPhone SE is the best phone Apple's ever made.
THOM LANGFORD. Why is that?
GRAHAM CLULEY. Because it's a sensible size rather than being like a clown shoe or having stupid cameras sticking out the back, which you don't need.
CAROLE THERIAULT. This is from a man with very small hands. Yep.
THOM LANGFORD. Yes.
GRAHAM CLULEY. I don't like all those big stupid— I mean, I don't need a camera. Fuck, you know, stop giving me a better, better camera. I don't need a better camera.
THOM LANGFORD. Why do you not need a better camera?
GRAHAM CLULEY. Why would I need a better camera for?
THOM LANGFORD. To take better photos.
CAROLE THERIAULT. Of what?
THOM LANGFORD. Stuff! Family!
GRAHAM CLULEY. Friends! I don't need gazillion megapixels. It's not required. It's good enough.
THOM LANGFORD. Your future descendants will not thank you as they look at the equivalent of a, like, 500K GIF of your photo.
GRAHAM CLULEY. They don't want to see all the plaque on my teeth or the hair coming out of my nostrils. You know, they don't need details like that.
CAROLE THERIAULT. Graham, stop biting, stop biting. It's fine.
GRAHAM CLULEY. Oh, you're right. Don't feed the troll.
CAROLE THERIAULT. Exactly.
GRAHAM CLULEY. So there it is. That is my pick of the week so far. I'm very, very happy of it. Go and investigate it yourself. Starlink.
CAROLE THERIAULT. Hallelujah, I say. You know, in a blink of an eye, you sorted the problem.
THOM LANGFORD. Very good. I'm really impressed by this. Although I did see that a whole bunch of his Starlink satellites came crashing down to Earth the other day after a geomagnetic storm.
GRAHAM CLULEY. They did, didn't they? Yeah.
CAROLE THERIAULT. Don't worry, your $400 will help fix that.
THOM LANGFORD. Yeah, exactly.
GRAHAM CLULEY. Thom, what's your pick of the week?
THOM LANGFORD. So my pick of the week is, well, something that many people may describe as a guilty pleasure, but actually, frankly, I don't feel guilty about it.
CAROLE THERIAULT. Uh-oh.
THOM LANGFORD. This was, yeah, it's not that kind of guilty pleasure. And I was reminded of it, or rather it was front of mind, because unfortunately the other day I had to go to a funeral of my second cousin. Cousin. Oh, and I was chatting to his brother and we were reminiscing about our times when we were like, you know, well, when I was about 8 or 9 and they were sort of like early teens. And these two got me into a number of things. So for instance, Pink Floyd. They introduced me to Pink Floyd on vinyl, etc., etc. Um, they also introduced me to a fairly new comic. We're talking like, like late '70s here, new comic called 2000 AD, and this year is its 45th anniversary.
GRAHAM CLULEY. Amazing.
THOM LANGFORD. 2000 AD. These guys had, um, uh, well, they call it progs for program because it was all sci-fi, but prog 1, 2, and 3, they had that, those 3 progs, 3 times over. Now, those 3, 3—
GRAHAM CLULEY. hang on a minute, what are you talking about? You're talking about What is a prog? Oh, a comic.
THOM LANGFORD. Yeah, comic. So one sort of comic. So they had Progs 1, 2, and 3, and they had those 3 times over. Now, those 3 comics in reasonable condition, not even mint condition, today are worth about £3,000, £4,000. Wow. Very, very good. The thing, you know, why am I talking about this? Well, I still read this comic today. But it has launched many, many careers and has supported many, many careers. And I've got some examples here. So have you watched 300, the film 300?
CAROLE THERIAULT. No.
GRAHAM CLULEY. No.
THOM LANGFORD. Great. Have you watched V for Vendetta? No.
CAROLE THERIAULT. No.
THOM LANGFORD. What? Have you watched Watchmen? No. Oh my God. Have you watched The Boys on Amazon?
GRAHAM CLULEY. Yeah, I saw that.
THOM LANGFORD. Yeah. Have you watched Kick-Ass?
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. No.
THOM LANGFORD. Have you watched Wanted?
GRAHAM CLULEY. No.
CAROLE THERIAULT. Don't know.
THOM LANGFORD. Okay, what about, have you heard of Judge Dredd?
CAROLE THERIAULT. Yes.
THOM LANGFORD. Yes. There you go, okay. All of this—
GRAHAM CLULEY. Adrienne!
THOM LANGFORD. Adrienne! We don't talk about that Judge Dredd. So, Alan Moore was the writer of 300, V for Vendetta, Watchmen. Watchmen is in the Times Top 100 books to read before you die. The only graphic novel in that top 100 list.
GRAHAM CLULEY. Well, that's why I haven't read it.
THOM LANGFORD. Well, exactly, because you haven't died yet.
GRAHAM CLULEY. Yeah, I'm in no rush.
THOM LANGFORD. But it also was turned into a big film by Zack Snyder and a TV series as well as that. Dave Gibbons was artist for that. Garth Ennis, the writer of The Boys. Mark Millar, who wrote Wanted, Kick-Ass, Jupiter's Legacy, Super Crooks, which is on Netflix now, is a very good show. Judge Dredd was a character that was created and drawn by Carlos Azcárraga and Strontium Dog. That was a character that was frankly murdered by Sylvester Stallone, was immortalized by Karl Urban in Dredd, and is soon to be a Netflix series called Mega City One.
GRAHAM CLULEY. Oh cool.
THOM LANGFORD. Rogue Trooper, another character soon to be directed in film form by Duncan Jones. Duncan Jones is David Bowie's son, and he's the director of Moon, Mute, Source Code, World of Warcraft. So very, very talented, very forward-looking director. All of these people and all these characters were effectively springboarded into today's, well, media content that we consume. But you've watched stuff like this, that has been written or heavily influenced by these people. Batman stuff, anything, anything that's got any kind of, well, action to it is inspired by a lot of these people. And if you'd like to know more about this, there's a documentary called Future Shock: The Story of 2000 AD. There's a link in the show notes. Thoroughly recommend it. It's fascinating because it's also a sociopolitical reflection because what the comic does is it really does hold up a mirror to society at the time. So, you know, not only is it, you know, forward-looking and ahead of its time, it's topical, it's satirical, it's dark, it's humorous, it's playful, it's hard-hitting.
GRAHAM CLULEY. So I've never read 2000 AD, but I do know about some of these things and I I do know it's very highly regarded and it is meant to be very good. It's just never been my particular bag, but—
THOM LANGFORD. No, absolutely not. But if you— what they also have is the Rebellion, who own 2000 AD, they also have a Treasury of British Comics group.
GRAHAM CLULEY. They do.
THOM LANGFORD. Bringing back a lot of the old school comics that kind of went out of print. So Scream, Misty, The 13th Floor.
GRAHAM CLULEY. The Trigon Empire.
THOM LANGFORD. They do that. Trigon Empire.
GRAHAM CLULEY. Which I, yeah, that's right. I always call them Trigon. Are you sure it's Trigon?
THOM LANGFORD. It's Trigon. From Look and Learn, right?
GRAHAM CLULEY. That's right. It's an old Pick of the Week of mine. And I think Rebellion are based in Oxford.
THOM LANGFORD. Yes.
GRAHAM CLULEY. So there you are. Another link to Smashing Security.
THOM LANGFORD. So yeah, there you go. But check it out. 2000 AD, there's an app. You can get weekly comics and a monthly Judge Dredd and lots of stories, lots of books you can buy online. Watch the film, strongly suggest it. I don't get paid for any of these endorsements.
CAROLE THERIAULT. No, you obviously love it. See, that's why it's great having guests on with their own pick of the weeks, right?
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. It's great. It's fantastic.
GRAHAM CLULEY. It's great. Let's see how, if you can match it, Crow, with your pick of the week.
CAROLE THERIAULT. Yeah, I'm not sure. Okay, my pick of the week. So this past weekend, I was at a mini family event in a kind of I don't know what you call it, like a manor house.
GRAHAM CLULEY. Oh, right.
CAROLE THERIAULT. Yeah, I know, a bit la-di-da. Exactly.
THOM LANGFORD. Were you upstairs or downstairs? Just asking.
GRAHAM CLULEY. A bit personal.
CAROLE THERIAULT. No idea what that even means. Um, and, uh, the house has been in the family for generations, and there was loads of evidence, like, you know, with like art, everything, everything, furniture, everything. So it got me to thinking about like how dinner parties would have been held in this house, and then I was thinking, oh, I wonder what the etiquette was, you know, at the time. So I found this Good Housekeeping article from a few years ago, and it lists like 100 or so expected behaviors that today may or may not fly. So I think that the link is in the show notes if you guys want to take a look. And it's just like a slide on one of those irritating slideshow things.
GRAHAM CLULEY. I'm looking right now. Ladies, you should smile when talking on the telephone.
THOM LANGFORD. I know.
CAROLE THERIAULT. There was one, shake hands at elbow level. So, like, make sure your hand's at a right angle when you shake.
THOM LANGFORD. A host always serves the meat.
GRAHAM CLULEY. Please. What kind of party are you at?
THOM LANGFORD. See, I learned from these places. You know, the posh places, you have people serving you. The really posh places, you have a butler. Who brings around the food and you serve yourself, which is kind of a little bit back to front.
CAROLE THERIAULT. It's funny, yeah.
THOM LANGFORD. So the posher the place, you'll serve yourself from the butler.
CAROLE THERIAULT. There's this one from the '60s that says, "Avoid dead fish hands." What does that—
GRAHAM CLULEY. fish don't have hands. What does that mean?
CAROLE THERIAULT. In the '50s and '60s, there were a lot of dos and don'ts for a woman to follow, including how to position her arms. This instructional guide, a woman is advised not to let her hands hang straight to her sides, as it detracts from her silhouette. Just. There's one: refrain from impure thoughts, especially if pregnant.
THOM LANGFORD. Was a bit late.
GRAHAM CLULEY. Men should enter dark rooms first.
CAROLE THERIAULT. Right?
GRAHAM CLULEY. Slightly sinister. What's that about?
THOM LANGFORD. Well, it's protecting the ladies. Oh, I see. I like, always have a cigarette on hand.
CAROLE THERIAULT. That's aged a bit, huh?
THOM LANGFORD. Don't cough into your right hand. Is that because that's the one you wipe your bum with?
GRAHAM CLULEY. No, that's the wrong— What?
CAROLE THERIAULT. Okay, I think we should call it a quiz.
GRAHAM CLULEY. Don't you have a swan for that purpose? That's what you use a swan's neck for.
THOM LANGFORD. That's true. With the toilet paper I've got, it's more like swan vester.
CAROLE THERIAULT. Link in the show notes, Good Housekeeping article if you want to read about wacky, I don't know, what is it, do's and don'ts.
GRAHAM CLULEY. Very handy. Very handy. Well, that just about wraps up the show for this week. Thom, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
THOM LANGFORD. You can catch me on Twitter @ThomLangford. That's Thom with an H because they would let me have the I'm also at ThomLangford.com, and you can also catch the other best infosec podcast, Host Unknown, at HostUnknown.tv.
GRAHAM CLULEY. Fantastic. And you can follow us on Twitter @SmashInSecurity, no G, Twitter must have a G. And we also have a Smashing Security subreddit. And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app.
THOM LANGFORD. Starstep.
CAROLE THERIAULT. And of course, shiny shout out to our episode sponsors, Kolide and Barramundi, and to our wonderful Patreon supporters. Thanks to all of you. This show is free. For episodes, show notes, sponsorship information, guest lists, and the entire back catalog of more than 261 episodes, check out smashingsecurity.com.
GRAHAM CLULEY. Until next time, cheerio. Bye-bye.
THOM LANGFORD. Bye. Goodbye.
GRAHAM CLULEY. Short and sweet this week.
THOM LANGFORD. Was it short and sweet? Been going for an hour. Oh, oh, sarcasm, right.
CAROLE THERIAULT. Well, who talked forever?
GRAHAM CLULEY. Not me.
THOM LANGFORD. 25 years, I think he was, wasn't it?
CAROLE THERIAULT. In, yeah. In 1993, did— have you ever heard of a macro, Thom Langford? Carole Theriault? Well, let me tell you what a macro did.
-- TRANSCRIPT ENDS --