We find out why calls to Dublin airport's noise complaints line have soared, and Carole quizzes Graham to celebrate World Password Day.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
And don't miss our special featured interview with Clint Dovholuk of NetFoundry.
Visit https://www.smashingsecurity.com/273 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Clint Dovholuk.
Sponsored By:
- Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
- You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
- NetFoundry: NetFoundry's OpenZiti is an open source, free and easy way for the world to embed zero trust networking into anything.
- Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an Edge Router for any cloud.
- No networking engineering skills required. No more pain of inbound ports, VPNs, complex firewall rules, public DNS, and more.
- Learn more and try it for yourself at netfoundry.io/smashingsecurity/
Links:
- Houston Zoo asks FBI to investigate text-message attack — Houston Chronicle.
- Trunk calls for Rory Lion flood telephone lines — Irish Independent.
- Airport Noise & Noise Reports — Dublin Airport.
- Dublin Airport got 12,272 noise complaints last year from just one person — Irish Independent.
- Compromised Passwords Responsible for Hacking Breaches — Securelink.
- Verizon 2021 DBIR Results & Analysis — Verizon.
- Three random words — NCSC.
- What’s wrong with What3Words? — YouTube.
- Why What3Words is not suitable for safety critical applications — Cybergibbons.
- What3Words – The Algorithm — Cybergibbons.
- Why bother with What Three Words? — Terence Eden.
- River (TV series) — Wikipedia.
- Wearing shoes inside the house is gross – and there’s science to back that up — The Guardian.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
GRAHAM CLULEY. It's called River, which I think is a terrible name for a TV show.
CAROLE THERIAULT. Because?
GRAHAM CLULEY. Well, it's not about a river, and it's rubbish search engine optimisation because it's just such a common word.
CAROLE THERIAULT. Poor Stephen King with a book called It, you know?
GRAHAM CLULEY. Right!
CAROLE THERIAULT. He's suffering. No one's heard of him.
GRAHAM CLULEY. If you search for It in a search engine, does Stephen King's It come top?
CAROLE THERIAULT. That's a fun game.
UNKNOWN. That could have been called Creepy Clown Hiding Under the Road or whatever it was he did. I've never watched it because it's too scary. Smashing Security, Episode 273: Password Blips and Who's Calling the Airport? With Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 273. My name's Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. And Carole, this week, for a very good reason, we don't have a main guest on the show, do we?
CAROLE THERIAULT. No, it was kind of my fault. I had some technical difficulties yesterday of an incredibly mysterious and annoying order. So after 3 tries, we let our guests go and we figured out the problem. So here we are, and we will have our guests next week. So you'll have to just put up with the 2 of us for this week. And blame me, not Graham this time.
GRAHAM CLULEY. Well, steady. So, yes. So anyway, so hopefully we'll still be able to have a good old show.
CAROLE THERIAULT. Of course we're gonna have a good old show. What does that mean? How about we say thank you to this week's sponsors, Kolide and NetFoundry. It's their support that help us give you this show for free. Now, coming up on today's show, Graham, what do you got?
GRAHAM CLULEY. I'm gonna be talking telephone numbers.
CAROLE THERIAULT. Okay, and as we are celebrating World Password Day today, I'm going to be testing Graham.
GRAHAM CLULEY. Uh-oh.
CAROLE THERIAULT. Plus, we have a fabulous featured interview with Clint Dovholuk from NetFoundry, who's gonna explain explain the brilliance of zero trust networking. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chum, chum.
CAROLE THERIAULT. Yes, yes.
GRAHAM CLULEY. What's that?
CAROLE THERIAULT. We're back at the 1970s.
GRAHAM CLULEY. What could that be? What could that be? What could that noise be? Is it some strange kind of duck? Some bream out on the lake? No, it's a telephone, of course, isn't it?
CAROLE THERIAULT. It's always hard to tell with your impressions, honestly.
GRAHAM CLULEY. And what do you do, Carole, with a telephone?
CAROLE THERIAULT. You answer. Or you ignore it, if you're me.
GRAHAM CLULEY. Well, in your case, yes, you would completely and utterly ignore it. But the normal sociable person picks up the telephone and says, "Hello, how can I help you?" Now, I want to talk today about telephone attacks and telephone denial of service. I'm going to take you back in time One of my earliest blog entries. I remember when I was writing on the Sophos blog, on my very own little, little blog over there in 2008.
CAROLE THERIAULT. I was there sitting about 4 feet from you.
GRAHAM CLULEY. So. Well, do you remember this? In 2008, Houston Zoo called in the FBI because their phone switchboard was being swamped. They couldn't do anything.
CAROLE THERIAULT. Funnily enough, I do not remember that particular instance from 2008.
GRAHAM CLULEY. It was impossible for relatives of the various animals in the zoo to get in touch by telephone.
CAROLE THERIAULT. What, relatives of the animals at the zoo? So what, lions couldn't get in touch with lions in the zoo?
GRAHAM CLULEY. They couldn't phone in because the switchboard was completely jammed up. Now, you're probably wondering, why was the switchboard jammed up in April 2008 at the Houston Zoo? Well, I will tell you. Because what happened was there was a mysterious spree, a spray, of SMS text messages. People were receiving text messages on their mobile phone, which meant that the zoo was receiving 10 times more than the normal volume of calls on its switchboard. And—
CAROLE THERIAULT. Because of the text messages were going through as kind of phone—
GRAHAM CLULEY. Ah, well, a very sensible assumption, but no, no, the text messages weren't being sent to the zoo. The text messages were being sent to the general public. And the text messages were telling people—
CAROLE THERIAULT. To call the zoo.
GRAHAM CLULEY. Well, yes. Yes. But not to call the zoo to ask about opening hours or how to adopt a penguin. But instead, what they were doing was responding to messages they'd received saying, hey, someone's talking down on you. Look for them. And the message would appear to come from the number belonging to the zoo. And so people would think, who is this? And they would ring up to try and work out who it was. There was another one which says, "Hey, why is someone calling me and looking for you and asking where you're at and where you live? Here's the number. Tell them to stop calling me." And so people responded to this, these text messages, by calling the number it appeared to come from.
CAROLE THERIAULT. Would you respond? Would you respond to one of those? Even back in 2008, even if you squint your eyes and go back to 2008, I think I'd ignore it if I didn't recognise the number.
GRAHAM CLULEY. You ignore it now, you ignore it then, Carole.
CAROLE THERIAULT. That's true.
GRAHAM CLULEY. That's true.
CAROLE THERIAULT. That's true.
GRAHAM CLULEY. Yeah. But the normal, as I say, polite person might say, "Oh, well, someone's clearly made a mistake. I'll call them back, or I'll get in touch and tell them that they've sent it to the wrong place." This is the normal Houston accent, is it? Yes. Okay.
UNKNOWN GUEST. Yeah.
GRAHAM CLULEY. Okay. Now, you might think that is an odd kind of attack.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. What is strange is that was happening in Houston. At the same time, the switchboard of Dublin Zoo similarly reached thermal death point after 5,000 people got a text message, at least 5,000 people, telling them to ring a number urgently, which belonged to the zoo.
CAROLE THERIAULT. I have a theory.
GRAHAM CLULEY. Oh, okay.
CAROLE THERIAULT. You ready?
GRAHAM CLULEY. Yeah, go ahead.
CAROLE THERIAULT. Is it animal rights activists that did this in order to protest against animals in captivity?
GRAHAM CLULEY. It didn't really get the message across though, to fight animals being held in zoos, did it? I mean, it's a nuisance.
CAROLE THERIAULT. Well, it annoyed the zoos a lot.
GRAHAM CLULEY. I suppose. I suppose it would've annoyed people who were planning to go to the zoo. It's an interesting theory.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. So in Dublin, people were receiving this text message and it said, "Ring this number urgently and ask for a particular person." And the people they were being asked to contact, they all had fake names, which were animal-related, like Rory Lion.
CAROLE THERIAULT. Oh my God.
GRAHAM CLULEY. Anaconda. Mr. Sea Lion, or— G-Raph.
CAROLE THERIAULT. Okay, I have another theory.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. Okay. The reason you're talking about this now is because the same guys that were behind this are now doing something. And at the time they were like 13.
GRAHAM CLULEY. Well.
CAROLE THERIAULT. And thought this was hilarious.
GRAHAM CLULEY. I, I, it's a lovely theory.
CAROLE THERIAULT. Okay, I'm just throwing them out there.
GRAHAM CLULEY. Just throwing them out there. Well, I can understand why you're trying to work out why am I talking about this now? In 2022, or where the year is.
CAROLE THERIAULT. Either you're lazy because you were just reviewing your illustrious career of blogging and decided to pull up on the first one, or—
GRAHAM CLULEY. or—
CAROLE THERIAULT. oh my God.
GRAHAM CLULEY. Oh, yes. Or— yes, of course. Sorry. That was my cue, wasn't it? To say there is another explanation because there is a brand new telephone denial of service taking place.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. Not against a zoo. But it is in Dublin. So who knows? Who knows? What's happened is this. Dublin Airport has a noise complaints hotline. So if you're upset with the noise which is coming in, you can ring Dublin Airport, right?
CAROLE THERIAULT. Right. I'm sure all airports have that.
GRAHAM CLULEY. Okay. Okay. Now, what's interesting is last year in 2021, Dublin Airport received 13,569 complaints on its noise hotline.
CAROLE THERIAULT. I have no idea if that's good or bad. I have no idea.
GRAHAM CLULEY. Well, in two years, it'd risen from 1,500 a year to 13,569. So that's quite big.
CAROLE THERIAULT. That's quite a ramp up.
GRAHAM CLULEY. It's quite a ramp. It's like, why would that number be so much bigger? And the reason why that number is so much bigger is that more than 12,000 of those telephone complaints last year came from the same person.
CAROLE THERIAULT. Person or bot?
GRAHAM CLULEY. One single person.
CAROLE THERIAULT. An individual.
GRAHAM CLULEY. An individual living in Ongar in northwest Dublin.
CAROLE THERIAULT. Who dialed the number.
GRAHAM CLULEY. Has called. He's probably got it on speed dial, Carole. Has called the Dublin Airport noise complaints line. 12,273 times in 2021.
CAROLE THERIAULT. Okay, so he—
GRAHAM CLULEY. He is behind 9 out of every 10 of all aircraft noise complaints at Dublin. This one person. He, on average, is ringing that hotline 34 times per day.
CAROLE THERIAULT. You know, okay. I'm going to defend this guy, right?
GRAHAM CLULEY. Okay, okay. Come on.
CAROLE THERIAULT. Let's hear it.
GRAHAM CLULEY. Ready? Okay.
CAROLE THERIAULT. Obviously, the noise is driving him mad. How far— Have you done any recon on how far he is from the airport?
GRAHAM CLULEY. I'm not sure. We don't know his precise address. His identity has not been revealed by the Irish Independent.
CAROLE THERIAULT. Sure, sure. But is he close enough for the noise to actually bug him? Like in terms of the town? If you do a map recon—
GRAHAM CLULEY. I think we can assume he's rather bugged by the noise. Yes. The fact that he's making 34 complaints every day.
CAROLE THERIAULT. Well, no, he could be a disgruntled ex-employee who maybe lives 50 miles away and is just going redial, redial, redial, redial.
GRAHAM CLULEY. I think you may have misunderstood something. Last year, he rang 12,273 times. Every single day, including Sundays, including bank holidays, including Christmas Day.
CAROLE THERIAULT. And this is during one whole year?
GRAHAM CLULEY. That's— yes, that's just in one year. The previous year, he rang 6,227 times. That was in 2020. So he's really ramped up his activity.
CAROLE THERIAULT. Okay, I'm working out his daily call rate here. So he would ring 32 times a day, 33.
GRAHAM CLULEY. 34, 34. Yeah, round about that. Yeah.
CAROLE THERIAULT. That's doable.
GRAHAM CLULEY. Well—
CAROLE THERIAULT. And when he rings, does he hang up or does he log— he says something?
GRAHAM CLULEY. Well, no, these are lodged complaints. Don't forget, when you make a complaint, there's someone who processes that complaint at the other end. The phone is ringing. Remember, and this is during waking hours, one assumes, right? I mean, this guy must sleep at some point. Let's assume he sleeps. He sleeps for, or at least tries to sleep, for maybe 6 or 7 hours a day.
CAROLE THERIAULT. Yeah, I've just worked it out. Yeah. So if each call took him 5 minutes to do, that's fair, right? 5 minutes, you know, to log his complaint.
GRAHAM CLULEY. To have a complaint, you'd have to leave your name and address and contact details, wouldn't you?
CAROLE THERIAULT. Right.
GRAHAM CLULEY. You know, say what your complaint is.
CAROLE THERIAULT. Right. And then you divide it, right, for a day. He is working, he's working almost 7 hours a day on this.
GRAHAM CLULEY. It's an occupation. You know, what's his phone bill like? How many people are Dublin Airport? There must be. If you go for a job interview at Dublin Airport in the noise complaints department—
CAROLE THERIAULT. You have a job for life!
GRAHAM CLULEY. As part of the induction.
CAROLE THERIAULT. Until this guy goes, until he passes or moves on to someone else. You're sorted, I think.
GRAHAM CLULEY. They're going to say, oh, by the way, by the way, they say, you're probably going to learn about Steve pretty soon. There he is. You've got a special hotline, like Commissioner Gordon with the Batphone. Of the complaint coming through. Mm-hmm. And of course, the more calls that are coming in, that's going to prevent other people calling in with complaints, possibly.
CAROLE THERIAULT. Well, maybe that's also useful as well.
GRAHAM CLULEY. Right?
CAROLE THERIAULT. Maybe there's not much the complaints people can do about the noise of the planes. Right? Maybe it turns out—
GRAHAM CLULEY. Well, maybe Steve, or whatever his name is, maybe he— could move. Do you think he deliberately moved there because he likes complaining and he realised he was under the flight path and he thought, "Right, I've got my retirement sorted out. I know what I'm going to be doing. I'm not going to be sucking on Werther's Originals or doing crosswords." How old is—
CAROLE THERIAULT. We don't know how old this guy is.
GRAHAM CLULEY. We don't know. I'm just assuming. I'm just assuming it's someone with a lot of time on his hands.
CAROLE THERIAULT. Yeah, that's— Yeah. Okay. Okay. Well, maybe he has a very boring job where, you know, maybe he is a complaints department where no one's complaining. So he's making use of his time.
GRAHAM CLULEY. Oh, you think he's calling from the office?
CAROLE THERIAULT. Maybe.
GRAHAM CLULEY. So he probably isn't calling on Christmas Day and Saturdays and Sundays and bank holidays.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. That's an even greater effort, isn't it?
CAROLE THERIAULT. Yeah, it turns out I think my math was way wrong. I think it works out to about 3 hours a day. It was difficult doing the math whilst listening to you. Fascinating story.
GRAHAM CLULEY. Yeah, well, all I'm saying is denial of service text don't just have to be via the internet.
CAROLE THERIAULT. And hey, if you're out there bored with a lot of time on your hands—
GRAHAM CLULEY. He hasn't got time to listen to us.
CAROLE THERIAULT. No, not him. I'm saying everybody else. This is what they could do for fun. He's obviously loving it.
GRAHAM CLULEY. Oh, I see. Oh, I thought you meant listen to us instead. Oh, I see. So you're saying people should just start—
CAROLE THERIAULT. Sounds like way more fun than listening to us.
GRAHAM CLULEY. Crow, what's your story for us this week?
CAROLE THERIAULT. Well, mine's a little more security related.
GRAHAM CLULEY. How dare you?
CAROLE THERIAULT. Topic today is passwords because today marks the 9th anniversary of World Password Day. So according to Verizon, more than 60% of breaches involve the thievery of credentials.
GRAHAM CLULEY. No, I think it'd be more than that. I think it'd be more.
CAROLE THERIAULT. Yes. Well, they are really good at research, so it's good that you think more, but— and credentials do remain the most high highly sought-after data type, right? In other words, the miscreant gets their hands on a username and password, and that gets them inside somewhere. Hmm. Now, 6 out of 10 is not insignificant, right? It's not to be poo-pooed. And the reason is that we humans at large continue to be pretty digitally hackable. In April, Lapsus$ attackers entered the network through a single Microsoft employee account. And soon after the breach, the thieves apparently boasted of the crime via its Telegram channel.
GRAHAM CLULEY. Did you hear about— what? Did you hear about that? They apparently, they started downloading Microsoft source code.
UNKNOWN GUEST. Yes!
GRAHAM CLULEY. But they fell asleep. They got bored.
CAROLE THERIAULT. Yeah, the hackers claimed they had 90% of the source code for Bing and approximately 45% of the code for Bing Maps and Cortana. And then what, fell asleep? Or there was like these Brazilian hackers who called themselves NaughtySecGroup who recently hacked the network of TransUnion South Africa. The group claims to have gained access to TransUnion's network through an employee's weak password. The ransom, $15 million. And on its website, TransUnion acknowledges that the ransomware attack and stated that 3 million South African consumers and 600,000 businesses were affected. So yeah, a single weak password and it can be a serious game changer in a bad way.
GRAHAM CLULEY. Yep.
CAROLE THERIAULT. So, um, as you are, uh, Mr. Computer Security Guru, why don't we play a little game? Okay, and listeners can play at home as well. Listeners can play at home as well. Okay, you ready?
GRAHAM CLULEY. Are you gonna put me on the spot?
CAROLE THERIAULT. Yeah, we're gonna see if you know what you're talking about. Hands off keyboard.
GRAHAM CLULEY. Hands off— that's, uh, Hock, H-O-C-K.
CAROLE THERIAULT. Question number 1.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. What do 8 of the top 10 most common passwords have in common? So we have top 10 most common passwords out in the world. What do 8 of the 10 have in common? Do, do, do.
GRAHAM CLULEY. Is it that they're all lowercase? No.
CAROLE THERIAULT. I bet they are all numbers. 8 of the 10 involve numbers. In fact, sequential numbers, all starting with 1, right? And of being of varying lengths, except for number 7, which is 111111. Very excellent password there.
GRAHAM CLULEY. I think you'll find they are all lowercase as well.
CAROLE THERIAULT. Are numbers lowercase?
GRAHAM CLULEY. Well, I would say yes.
CAROLE THERIAULT. Oh really, would you?
GRAHAM CLULEY. Yes. Okay, maybe a point to me.
CAROLE THERIAULT. Question number 2: What percentage of people, Graham, say they rely on their memory to remember passwords?
GRAHAM CLULEY. Oh, goodness me. I would think a lot. I would say 95%.
CAROLE THERIAULT. I'm going to repeat the question for you. What percentage of people say they rely on their memory to remember passwords? Because I agree with you on that one, but the number is a little bit lower.
GRAHAM CLULEY. How many, how many people say they do? 5%.
CAROLE THERIAULT. 53.
GRAHAM CLULEY. Okay, okay.
CAROLE THERIAULT. Question number 3: What percentage of people who have already been scammed still have not changed their passwords? What percentage of people?
GRAHAM CLULEY. 80%.
CAROLE THERIAULT. They say 57%, which is still humongous. These are people that have already been scammed.
GRAHAM CLULEY. Yeah, yeah. It's astonishing, isn't it?
CAROLE THERIAULT. Exactly. And okay, number 4. We're almost there. You're doing fantastically.
GRAHAM CLULEY. Well, yeah.
CAROLE THERIAULT. Yeah, 0 out of 3 so far. So, question number 4. A single password is used to access what number of accounts on average?
GRAHAM CLULEY. All of them. All of them.
CAROLE THERIAULT. Yeah, that's a hard one. That's a hard one.
GRAHAM CLULEY. Well, what person, what, a single password?
CAROLE THERIAULT. Yeah, so someone has a password and they reuse it how many times for how many accounts on average?
GRAHAM CLULEY. 20?
CAROLE THERIAULT. No, 5. Oh, 5.
GRAHAM CLULEY. I'm sorry, I was rubbish at this, wasn't I?
CAROLE THERIAULT. No, we're not even done yet. Don't worry, you maybe save yourself. Okay, and finally, the National Cybercrime Security Center, the NCSC, Smashing Security, okay, they did a study that revealed the top 20 most commonly attacked password categories, okay? Can you name any of them? Maybe one in the top 3. So these are categories, like I can give you an example of some at the bottom of the list to give you a hand here.
GRAHAM CLULEY. Okay, yeah, just gimme some of the bottom of the list, yeah.
CAROLE THERIAULT. Okay, so from the bottom of the list, you might see religions, hobbies, weather, drinks.
GRAHAM CLULEY. All right, so let's say names or years.
CAROLE THERIAULT. Yes, number 2. Years is not listed. Let me just look for numbers. Nope. Interesting. Love. Interesting. Emotions is number 4. And pet names. So if you want to add those together, emotions and names.
GRAHAM CLULEY. Oh, squelchy poops.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Love, baby, and angel are the top 3 most used around the world in terms of Is the number 1 anything to do with passwords or the name of the actual company you're logging into?
CAROLE THERIAULT. Number 1 is pet names. Hmm. So, all those little dog names and cat names, and also the words dog and cat. Like, you might have Henry the dog or Max the cat.
GRAHAM CLULEY. See, I do it the other way round. I call my cat Password.
CAROLE THERIAULT. But seriously, okay, so the advice. What is the advice? What do you say to people who need to get safer at password management? What do you do?
GRAHAM CLULEY. Oh, you should get a password manager.
CAROLE THERIAULT. Check.
GRAHAM CLULEY. You should get that to generate random, unique passwords for you. You shouldn't reuse your passwords.
CAROLE THERIAULT. Check.
GRAHAM CLULEY. Don't be a doofus.
CAROLE THERIAULT. Use multifactor authentication.
GRAHAM CLULEY. Oh, yes, yes. Turn on two-factor authentication. Don't use really short passwords.
CAROLE THERIAULT. Mm.
GRAHAM CLULEY. But yeah, you use a password manager. Let that take all the pain away from you.
CAROLE THERIAULT. Okay, well, I have something I wanna run past you. Okay. And you can call me a Muppet or a genius. Yes.
GRAHAM CLULEY. All right. Well, I think, yeah.
CAROLE THERIAULT. Nice. So there's an interesting campaign being run by the NCSC at the moment called 3 Random Words.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. Have you seen this?
GRAHAM CLULEY. So the idea is rather than your password being awful, awful, gloop, awful, awful, gloop, random, exclamation mark, 3Zy. Mm-hmm. Which you can't remember. You look around and you think, okay, I'll choose 3 random words like— well, Donald Trump sort of said camera, woman. Do you remember that? When he said, I'm really good, I can—
CAROLE THERIAULT. I can come up with 3 words.
GRAHAM CLULEY. I can come up with 3. I can come up with words. And he just spoke, he just said exactly what was in front of him. But yes, you could come up with 3 words, you know, sort of stamp, sausage dog, banana or something.
CAROLE THERIAULT. And But to your point, I think that's the problem with it because people say what's in front of them. So it's gonna be always curtain, desk, lamp, computer, shelf.
GRAHAM CLULEY. And worse than that, it doesn't scale because what you eventually find is actually because every password should be unique, you need hundreds or in my case, I've got over 1,000 passwords for different sites and things.
CAROLE THERIAULT. Yeah, you're unusual.
GRAHAM CLULEY. Right, but you know, I think it's all right to use that sort of technique if it's a password which you have to remember. Like maybe it might be the password for your computer, as long as they're truly random. But generally, I would rather get the password manager to generate those 3 random words, or just a whole sequence of random characters, and it can remember it.
CAROLE THERIAULT. Yes. We agree with that. But let's say a listener is not into password managers. Are you ready for my idea?
GRAHAM CLULEY. Oh, okay, go ahead. Yeah?
CAROLE THERIAULT. So it's based on these 3 random words, which I don't like for this, you know, because people are just going to choose what's in front of them and everyone has the same stuff in front of them. But what if you used that website called What3Words? Oh, uh-huh. So you could go there and put in a random place, like somewhere, just use Google Maps to just get a random place and then put that place in. Choose a random place on the map, get those three words, and use those three words. Hmm. Smart or dumb?
GRAHAM CLULEY. Yeah, is there a danger that they will choose their home or somewhere like that?
CAROLE THERIAULT. Not if they're listening right now to this show.
GRAHAM CLULEY. Yeah, yeah, I know. I've also got a bit of a problem with What3words.
CAROLE THERIAULT. Because?
GRAHAM CLULEY. They've been in quite a tangle. Maybe we can put some links in the show notes with a site of a security researcher called Cyber Gibbons. And it's also been reported, I think, in The Reg as well. Because— they're just a bit nasty. They're just— What? Their algorithm is not as— What3words is not quite as cool as it should be.
CAROLE THERIAULT. It was your pick of the week once, I just wanna say.
GRAHAM CLULEY. Well, you know what? Well, since then, since then, I'm gonna unpick them.
CAROLE THERIAULT. You're unpicking them?
GRAHAM CLULEY. I'm revoking a pick of the week. Oh! You heard it here first.
CAROLE THERIAULT. Smashing Security flash news, everyone.
GRAHAM CLULEY. Collide sends employees important, timely, and relevant security recommendations for their Linux, Mac, and Windows devices right inside Slack. Collide is perfect for organizations that care deeply about compliance and security, but don't want to get there by locking down devices to the point where they become unusable. So instead of frustrating your employees, Kolide educates them about security and device management while directing them to fix important problems. Sign up today by visiting smashingsecurity.com/kolide. That's smashingsecurity.com/kolide. Enter your email when prompted, and you will receive a free Kolide goodie bag after your trial activates. You can try Kolide with all of its features on an unlimited number of devices for free for 14 days, no credit card required. Try it out at smashingsecurity.com/kolide. That's smashingsecurity.com/kolide. And thanks to Kolide for supporting the show.
CAROLE THERIAULT. The network is dead, long live the network. This is the tagline from our sponsor this week, NetFoundry. Protecting applications is getting more complicated. We all care about security, but man, it's hard. You see, all networks, according to NetFoundry, are insecure, period. And the Zero Trust security model is the way to go. It was created with the idea of never trust, always verify. But historically, this has been seriously hard to implement. Netfoundry have created OpenZiti to provide an open source, free, and easy way for you to embed zero trust networking into anything. Embed SDKs inside your app, tunnelers to run on all major operating systems, or deploy an edge router for any cloud. And the best bit, no networking engineering skills required. This is something you guys definitely want to check out. Visit smashingsecurity.com/netfoundry. That's N-E-T-F-O-U-N-D-R-Y. And thanks to NetFoundry for sponsoring the show.
GRAHAM CLULEY. And welcome back. Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security related necessarily.
CAROLE THERIAULT. Better not be.
GRAHAM CLULEY. Well, my pick of the week this week is not security related. My pick of the week this week is on the television. I've been watching television recently. Fancy that. Carole, have you ever seen the movie Truly, Madly, Deeply with Alan Rickman and Juliet Stevenson?
CAROLE THERIAULT. Yes, but like, what was that in the '90s?
GRAHAM CLULEY. Yeah, 1992, 1991. Alan Rickman gets a bit of a bad cold, dies, breaks the heart of his partner, Juliet Stevenson. But she misses him so much, he comes back as a ghost.
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. It's like the movie Ghost.
CAROLE THERIAULT. With Demi Moore.
GRAHAM CLULEY. But good.
CAROLE THERIAULT. And Patrick Swayze. Oh, come on.
GRAHAM CLULEY. No, no, sorry. Oh, for goodness' sake. Truly Madly Deeply is a wonderful movie. Ghost is just an aberration.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. Anyway, it was the inspiration for the TV programme I want to recommend this week. Was it? A programme called River. And they've basically stolen the central idea of Truly Madly Deeply, which is the idea of someone coming back and visiting the person who's still alive and having conversations with them. It is a police procedural drama, and it stars that Swedish chap, Stellan Skarsgård. And Nicola Walker. If you know Nicola Walker, she's lovely.
CAROLE THERIAULT. I'm trying to look it up. I think I've seen this, but—
GRAHAM CLULEY. Well, it was on a few years ago. It was on BBC One, then it was on Netflix, and I've been watching it on BritBox. And the policeman, the main policeman, he's suffering from guilt over a recent loss.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. And he's investigating a case, and dead people keep coming back to him and talking to him. And is he going crazy? Is he not going crazy? It appears that he's been having these visions for quite some time, but they're sort of helping him a little bit.
CAROLE THERIAULT. Are you staying awake during these shows?
GRAHAM CLULEY. I have been staying awake during— I haven't finished the whole series. I'm about halfway through, but I am definitely enjoying it. And I think it's pretty good. I like it. But I've got one problem with it. Which is its name. It's called River, which I think is a terrible name for a TV show.
CAROLE THERIAULT. Because?
GRAHAM CLULEY. Well, it's not about a river. And it's rubbish search engine optimisation because it's just such a common word. I think it should be called, I don't know, Haunted Cop or something like that.
CAROLE THERIAULT. Poor Stephen King with a book called It, you know?
GRAHAM CLULEY. Right.
CAROLE THERIAULT. He's suffering. No one's heard of him.
GRAHAM CLULEY. If you search for 'It' in a search engine, does Stephen King's 'It' come top? I don't know.
CAROLE THERIAULT. That's a fun game.
GRAHAM CLULEY. That could have been called 'Creepy Clown Hiding Under the Road' or whatever it was he did. I've never watched 'It' because it's too scary for me. But anyway, it's— But you know how a lot of police shows are named after the central characters? You have Bergerac, you have Shoestring, you have Columbo, you have Inspector Frost. You have Morse. I just think, "Oh, guys, come on. Chill out, man. Come up with a more imaginative name." So, River, I think, is a rubbish name. Plus, he's obviously Swedish. Why is his name John River? Other than that—
CAROLE THERIAULT. I love when your pick of the weeks are just you ranting about ridiculously unimportant things.
GRAHAM CLULEY. Other than that, it's an interesting show. And I've been watching it on BritBox. Maybe it's available elsewhere. I think other people might enjoy it as well.
CAROLE THERIAULT. Yeah, walk, don't run.
GRAHAM CLULEY. I haven't given away some major plot twists. I've been very good on the spoilers. River is my Pick of the Week.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. Crow, what's your Pick of the Week?
CAROLE THERIAULT. Okay, I have to ask you a question. Are you a shoes-on or shoes-off household?
GRAHAM CLULEY. Ooh, well, it depends where I— Oh, my house.
CAROLE THERIAULT. Yeah, your house.
GRAHAM CLULEY. I mean, I'm pretty free and easy about it, right?
CAROLE THERIAULT. So you're like, would you say 90% shoes on?
GRAHAM CLULEY. Well, I take my shoes off.
CAROLE THERIAULT. Oh, you take your shoes off?
GRAHAM CLULEY. Yeah, most of the time.
UNKNOWN GUEST. Yeah.
GRAHAM CLULEY. But I've got wooden floors. I would feel differently about it maybe if I had carpet everywhere, right? You know, because I just think, you know, I don't want you, you know, squashing in sheep shit all over my carpet.
CAROLE THERIAULT. And what about when you go to other people's houses?
GRAHAM CLULEY. Other people's houses. I'm trying to remember what I do when I go to your house, because I know you're gonna pull me up on this.
CAROLE THERIAULT. No, I'm not gonna, I'm not gonna make you.
GRAHAM CLULEY. No, you might, you might, Carole. You might, you might pull me up on it. I think I would normally take my shoes off.
CAROLE THERIAULT. Often after I bark a sentence like, "Oi, Muppet, shoes off." Yes.
GRAHAM CLULEY. Right?
CAROLE THERIAULT. That's normally what seems to happen.
GRAHAM CLULEY. Yes, exactly.
CAROLE THERIAULT. Well, my pick of the week this week is an article in The Guardian about this very topic. And it turns out that you shoes inside people are, to quote the journalist Tanya Barra, scientifically gross.
GRAHAM CLULEY. I think you just say gross.
CAROLE THERIAULT. One-third of the matter building up inside your home comes from outside, much of it being tracked in on the soles of shoes.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. And these shoes, they found a high prevalence of microbiological pathogens, including like grass fertilizers, asphalt, road residue, all this stuff that's very not good for us. So you see, you're killing me by coming in with your sheep shit ridden shoes.
GRAHAM CLULEY. But you, but you know what?
CAROLE THERIAULT. You live on a farm, for God's sake.
GRAHAM CLULEY. Yes. Yeah, but listen, listen, listen. Don't you feel that you need to be exposed to some of the outside world? Every kid needs a little bit of dirt in them.
CAROLE THERIAULT. Not pathogens!
GRAHAM CLULEY. Well, how else are we going to become more resilient?
CAROLE THERIAULT. Okay, so you're taking on the scientists. Okay, okay, great.
GRAHAM CLULEY. We've been locked down for two years and now we're being felled by all kinds of regular little sniffles. Like, ooh, you know, I'm not talking about COVID and things, but other things. Because our resistance has probably gone down a bit, right? 'Cause we haven't been exposed. We all need to get out there and get our nostrils down in the field and into our bodies to make us a bit tougher, perhaps.
CAROLE THERIAULT. Listeners, do not listen to Graham. Read the article, make your own mind up, and stop wearing shoes indoors. It's gross. But that's just my opinion, and it's Tara's opinion in The Guardian. So that is my pick of the week. And Graham, from now on, shoes at the door.
GRAHAM CLULEY. All right, maybe I'll do that as well.
CAROLE THERIAULT. Alrighty, guess what time it is? Time to listen to my chat with Clint Dovholuk from NetFoundry.
GRAHAM CLULEY. Oh, yes.
CAROLE THERIAULT. Today we have as our special guest Clint Dovholuk. Did I say it correctly?
UNKNOWN GUEST. Yeah, you nailed it.
GRAHAM CLULEY. Awesome.
CAROLE THERIAULT. So Clint is a zero trust advocate at NetFoundry, and this is a company, I don't know if I can say this, but I'm gonna say focused on revolutionizing our relationship with networking. Is that fair?
UNKNOWN GUEST. I would totally agree with that. Yeah.
CAROLE THERIAULT. Clint's here to talk to us about pasta as well, it turns out, but that'll all become clear in a few minutes. So Clint, tell us about NetFoundry, what you do there, and what we're gonna talk about today.
UNKNOWN GUEST. Yeah, so you are right. NetFoundry is absolutely trying to revolutionize the way in which networks are even conceptualized. So this is a company that's founded around zero trust principles. I like to say zero trust is a giant buzzword. Everybody's zero trust. You can't throw a rock into the internet waters and not hit some company who proclaims to be zero trust. So what is zero trust at its core? I think we should talk about that in a little bit, but basically this company is about zero trust. It's about not trusting your network. That's a better way of saying zero trust. And really what we're trying to do is take that, that same core principle of Zero Trust and bring it into applications themselves. So let's not stop with Zero Trust at your network. Let's bring those Zero Trust principles all the way into your applications.
GRAHAM CLULEY. Wow.
CAROLE THERIAULT. Okay. So, and Zero Trust, how do we explain that? Yeah.
UNKNOWN GUEST. So way back there was a fellow that coined the term Zero Trust. And like I said before, really what he was going at is Networks are not secure. Networks are not— were not designed to be secure. They were designed to share data and to be accessible. Like, the whole idea of not trusting your network is kind of, kind of crazy, right? You know, we started out in the dark ages with hubs and switches, and everybody was able to see all of the packets that were traveling. And then all of a sudden, that was like, oh, that's, you know, that's neat, but maybe I only want my packets to go to a certain destination. So switches became popular. And then people were like, well, people can sniff whatever traffic is out there. Maybe I'll use secure protocols. And so we just kept layering on more, and then micro-segmentation came out, and we just kept layering more and more security into this thing called the network. And then firewalls, right? Like, so all this, all this stuff was basically bolted onto the network. Yeah. As opposed to building security in from the start, we had to be reactionary and we had to bolt that security on afterward. And so that's what we've been doing.
CAROLE THERIAULT. Kind of imagine, like, you know, a kind of soldier wearing loads of armor, and it must make you heavy and sluggish as having to go through all those different bolted-on security components.
UNKNOWN GUEST. Yeah, if you take a look at some of the presentations I've given, I use a slide where I show you this thing called the Beast, which is the president— that's what the limo the president of the United States drives around in. And like, if you look at that limo, it looks like a limo, right? Because all of the security is built into it. It's not bolted on. And then to contrast that, if you've seen the movie Mad Max, It's a car with like, you know, armor plating and spikes and all kinds of defenses that are clearly visible and clearly are afterthoughts, right? They were bolted on afterwards. So yeah, here in the Foundry, we'll use the terms build it in, don't bolt it on. And that means take that zero trust, put it right in your application, and then, you know, you don't even know it's there.
CAROLE THERIAULT. God, it must be difficult for companies to get their heads around that because they're like, well, my whole environment is basically bolted together. So how do I make the jump? How do I start?
UNKNOWN GUEST. Yeah, what a great question. I would say the very first hurdle people jump over is, I've already built all that security, isn't that good enough?
GRAHAM CLULEY. Right?
UNKNOWN GUEST. And my answer to that is, well, you know, have you heard of something called Log4Shell? Have you heard of, you know, the, the, the Lapsus variants that are going around? Like landing somewhere and expanding your network reach by finding other vulnerable machines on that network. Happens every single day. And like even in companies that are gigantic who have lots of red team, blue team activities. So realistically, that amount of trust that you put on just your network has for a long time served us well, but it's probably time to start thinking about making it even more secure. You know, you think about IoT devices, all those, those things are getting compromised left and right, right? They're constantly vulnerable. They don't get patched. How are you going to fix those sorts of devices?
CAROLE THERIAULT. Yeah, and they're plugged in everywhere as well, right?
UNKNOWN GUEST. And they're plugged in everywhere. And who carves off a VLAN for themselves on their home network? I mean, some people might, right? But like my mother won't, you know, because it just doesn't— it's not something that she would know how to do. So if those IoT devices could have that whole concept of zero trust built into them, then those devices only know how to to communicate to the, the services that they are supposed to communicate to. And when that starts happening, when you have firewalls on all your devices everywhere and you have no open ports, then we'll start having an even better security posture. The whole idea is to make this so difficult for an attacker that they'll move along and go someplace else.
CAROLE THERIAULT. I know I often talk about how people assume that the default settings in whatever device or anything they're plugging into the network are not necessarily the best ones for security, right? They're there for connectivity. So it comes back back to your original point of why computers were even, you know, created in the first place is to share information. So how are you doing this? Like, I know that you're a huge advocate of open source approach as well. So how does that fit in with NetFoundry?
UNKNOWN GUEST. So NetFoundry takes the open core model, which means, uh, we put all of our software into the open source world, free open source software. It's the full version. You don't have to worry about having some sort of, you know, neutered version where you don't get any of the neat features. Oh, they're only available on the enterprise All totally free and open source. In fact, if you could go to GitHub right now, drop a little star on github.com/openzd/zd and put a star on that main repository. It's right there when you pop up. That'll help us get the word out that there is this free open source software out there that creates an entire overlay network and also allows you to take an SDK because this project also deploys SDKs into your favorite language. And you could, if you were a developer like me, you can start coding a secure zero-trust application right today. And there's lots of demos, there's lots of samples you can find out there. So Netfoundry takes that open core approach. And then of course, not everybody wants to have the hassle of standing up a server in the cloud, right?
CAROLE THERIAULT. Right.
UNKNOWN GUEST. Like I'm one of these developers who, who I, I do not like it when the quick start makes me sign into Amazon. I don't even wanna, I don't even wanna do that. Right.
GRAHAM CLULEY. No.
UNKNOWN GUEST. So some people don't want to do that, and that's where NetFoundry comes in. We'll, we'll host a network for you, right? So you don't have to deal with standing up servers. We have a different UI. So the, the FreeSRP stuff comes with a UI, but the, the, the NAS stuff from NetFoundry also has a UI and it does a little bit extra stuff. It adds some, some secret sauce, like you get really nice charts and, and data, really rich reports that you can get from the enterprise grade that requires things like a data lake. And requires, you know, more enterprise-type features. That's focusing on, you know, the businesses out there.
CAROLE THERIAULT. But what about the non-businesses? So is this good for just enterprises or do smaller companies, can they take advantage of this as well? Presumably, of course.
UNKNOWN GUEST. Yeah, yeah, absolutely. In fact, I write all the quick starts so far. So congratulations. If you go out—
CAROLE THERIAULT. I used to do that.
UNKNOWN GUEST. I know, I know how hard and wonderful that can be and how much feedback.
GRAHAM CLULEY. Yes.
UNKNOWN GUEST. So if you go out to openziti.github.io, that's the doc landing page, you can choose 4 quick starts, one of which which is just don't, you know, let me run this entirely on my local developer machine or home network or whatever, right? Like I want to run it on one machine and don't get in my way. We have some Docker-based installs. So if you like Docker, Docker Compose, you can, you can go that route. And then there's the host-it-yourself option, which lets you either host it on a machine in your local network or host it on a machine in the cloud. Like the, the maker space, I think OpenZDT is particularly well suited for because VPS, a virtual private server, is something that lots of makers end needing for various reasons. And you know, you'll hear there's, and there are lots of good options in this space too. I'm not, you know, OpenZiti is not the only one, but you could absolutely go and stand up all of this for free right now. If you go to YouTube and you search for OpenZiti, you could find me doing it. I like, I stand these things up all day long and to get an entire overlay network, which, you know, it sounds, it sounds difficult, but it really isn't. It comes down to one, one thing called a controller, one thing called an edge router. And you can do that in 5 minutes tops.
GRAHAM CLULEY. Wow.
CAROLE THERIAULT. I have to ask you, silly question. Why the pasta reference?
UNKNOWN GUEST. Oh, so yeah, so if you go— another plug— so OpenZeedy is on Twitter, and OpenZeedy has a mascot. Because if you are an open source project and you don't have a mascot, are you really an open source project? You have to have a mascot. So, so we have this mascot, and he is a piece of pasta, and he looks like a piece of ziti. So Yeah, his name is Ziggy. So you can go out to Twitter and follow @OpenZiggy, and Open Ziggy is, he actually tweets about CVEs and zero days and, you know, makes various security type of tweets. He is a piece of Ziti because zero trust, if you take the Z and the T, it's a Z and T, and now it's Ziti. And so yeah, we make lots of jokes about baking Ziti and OpenZiti is what you wanna look for. Do not search for ziti. You'll be hungry. So yeah.
CAROLE THERIAULT. What are some of the big pain points that someone right now is listening to this and they're looking around their network and they're going, yeah, no, I could totally do this. I could totally just go and do this.
UNKNOWN GUEST. Like, so one of the best, one of the absolute sweet spots for OpenZiti and NetFoundry is multi-cloud. So let's say, let's say that you are a SaaS vendor. And you have customers who are running in their own data centers. They want to have control of their data, but you want to be able to monitor whatever they're doing, or you need to deploy something into their environment. Mm-hmm. With an open source zero trust overlay network like OpenZiti, you can simply give those people an appliance that they can install into their domain or data center. And then you will have secure Zero Trust access into their data center, and then they can authorize whatever services they want to authorize you to have access to. So that reach from, from one cloud to another cloud, multi-cloud, like this whole— there's a whole new term called supercloud, right? And makes it just so easy, it's not even funny, because when you're on a Zero Trust overlay network like OpenCD, the internet is your LAN, basically. So, so you just have to authorize a service or an identity. It's all around zero trust, which is strong identities as a core pillar of zero trust. Those strong identities are cryptographically signed documents or X.509 certificates, and those are used to identify who you are or what device you're on more accurately or what application you're using even more accurately. And you can authorize that identity to do various things. So we make these applications and, you know, I'm a developer and I've talked a lot about, you know, adding code to your app, but it's also not just for code. To your app. Zero trust is a journey. And what that means is people are not going to be able to go from, you know, trusting their network to zero trust application embedded solutions because that's like going from 0 to 60 in 0 seconds.
CAROLE THERIAULT. Right. You can't do it in a, you can't do it in the blink of an eye. It takes a bit of time to get there.
UNKNOWN GUEST. Yeah. Yeah. And a lot of times what you'll do is you'll install this little thing. It's like an agent. It's like a VPN client, but it's a zero trust client that is authorizing individual services on individual ports even. So like if you wanted to open VPN, a hole into your local network, and you wanted to let your mother browse the pictures that you have on your whatever server that you're hosting, then you just give her an identity, you authorize her to browse the pictures, and then all of a sudden she can browse the pictures. So she can just go to some interesting URL and you're there. Those tunnelers are really cool too because they have a superpower that is, is I think really neat— private DNS. Not only private DNS, but like private authorized DNS. What you can do is you can create your own DNS name, just materialize it out of thin air, and it will be resolvable while you have that zero trust network on.
CAROLE THERIAULT. Oh, wow.
UNKNOWN GUEST. Oh, yeah, it's really neat. An example I like to use is like, you know, http.ziti. Ziti is not a valid top-level domain, which means it doesn't exist. Nobody in the world can get to http.zd except you could if you defined that service, right? And that's, that is really neat because now your DNS doesn't even go out to your ISP. It just simply sits— that request will sit local to your computer and your network will be the only thing that even knows that you tried to access that service. And then it'll, it'll get synthesized into port 443 or whatever port you want to use. If it's not 443, OpenZDT will synthesize that. It's really neat.
CAROLE THERIAULT. Wow, Clint, this has been a huge wealth of information. Is there anything that like to add?
UNKNOWN GUEST. Yeah, yeah. So like, um, I'd really love it if people would go to that open source project. If you think this is really neat, give us that star, github.com/openzd/zd. That's really important, uh, it helps developers get the word out. Um, you can watch me on YouTube every Friday— well, most Fridays I do a ZDTV where you can learn something interesting about Zero Trust and OpenZDT. Uh, we got a bunch of socials, uh, Open Ziggy on Twitter. Um, but yeah, you know, it's not just— it's for everybody. It's for CEOs, It's for makers. OpenZDT is free and open source. You can get it and install it today. And if you don't wanna bother, then get it from NetFoundry. Wow.
CAROLE THERIAULT. Perfect. And Clint Dovholuk, Zero Trust Advocate at NetFoundry. And thank you so much for talking to us. It's kind of blown my mind, to be honest.
UNKNOWN GUEST. Yeah, it's been, it's been nice to be here.
CAROLE THERIAULT. It's been nice to have you. And listeners, of course, Clint shared loads of resources during his chat with us, but you can You can also go to smashingsecurity.com/netfoundry and you'll see everything you need there.
UNKNOWN GUEST. Hmm.
GRAHAM CLULEY. Very interesting, Carole. Well, good stuff. And that just about wraps up the show for this week. You can follow us on Twitter @SmashinSecurity, no G, Twitter must have a G. And we also have a Reddit subreddit. Go and find Smashing Security up there. Don't forget. To never miss another episode, follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Google Podcasts. And if you want to leave us a review on Apple Podcasts or Podchaser, please do that as well. We really love those.
CAROLE THERIAULT. And massive thank you to our episode sponsors, NetFoundry and Kolide, and to our wonderful Patreon community. It's thanks to all of them that this show is free. For episode show notes and sponsorship information and guest lists and the entire bag catalog of more than 272 episodes, check out smashingsecurity.com.
GRAHAM CLULEY. Until next time, cheerio. Bye-bye.
CAROLE THERIAULT. Bye. I miss having a guest, Graham.
GRAHAM CLULEY. Yeah, I know, but you know, we're in a hurry. I've got to go to a dentist. That's going to be scary, both for the dentist and myself.
CAROLE THERIAULT. Yeah. She's getting you ready.
-- TRANSCRIPT ENDS --