This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

CAROLE THERIAULT. Oh my god, they didn't kill him, did they? Well? Oh, shut up! Oh, crutchie! No, shut up!

---

GRAHAM CLULEY. No, no, they didn't kill him. Smashing Security, Episode 275, Jail for Bing, and Mental Health Apps may not be good for you with Carole Theriault and Graham Cluley.

Hello and welcome to Smashing Security episode 275. My name's Graham Cluley and I'm Carole Theriault and this week Carole we're joined by a returning guest, someone who's been on the show several times before. It's Dr Jessica Barker. Hello Jess.

---

DR JESSICA BARKER. Hello, hello. Thank you for having me back. I'm like a bad penny.

---

CAROLE. I love it, I love it you're back. Have you anything to share with us, anything amazing?

---

GRAHAM. You want to tell our audience, have you been anywhere wonderful? Seen anything terrific?

---

JESSICA. Since we last spoke, I've been back to Dubai and Abu Dhabi, got to see the end of the Dubai Expo, which was great and amazing. And then I've also started horse riding again.

Oh, la la. That's amazing. Random little hobby that I've added that I hadn't done for years. Went horse riding in the Abu Dhabi desert and that inspired me to come home and start horse riding lessons, which I haven't had for decades. But it's great fun.

---

GRAHAM. Horse riding in the desert. It sounds absolutely horrific. You poor thing, what a horrible experience. No, what a horrible experience that must have been.

---

CAROLE. One struggles on. Okay. Yeah. We're going to stop him right there and thank this week's sponsors. Collide, Rumble and Good Access is their support to help us give you this show for free.

Now, coming up on today's show, Graham, what do you got?

---

GRAHAM. I'm going to be looking at how companies point the finger at suspected hackers. Okay. Okay. Mysterious. What about you, Jess?

---

JESSICA. I will be talking about malware as a service sold by Telegram.

---

CAROLE. And I will be sharing the privacy lowdown on some popular mental health apps. Plus, we have a great featured interview with Krish Kirsch. He is the co-founder and CEO of Rumble.run. All this and much more coming up on this episode of Smashing Security.

---

GRAHAM. Now, chums, chums, have you ever felt unlistened to in the workplace?

---

JESSICA. I'm sorry. I'm sorry. Did you say something?

---

GRAHAM. Have you ever felt Chicken Little, warning the company of impending doom and disaster, no one taking you seriously?

---

CAROLE. Yes, definitely. I have worked at places where I'm saying, I really think you guys need to do this. I really think this is important. And they're, yes, yes, yes, it's on the list.

---

GRAHAM. We shouldn't do this IT vigilante thing. We shouldn't dress him up in orange latex, produce a series of videos. Did you warn something dread was going to happen, and then discover to your horror that you'd been thrown into a Chinese jail for seven years. Had that ever happened to you? No. No, okay. No, but I can remember. Not that you can remember. Well, they might have wiped your mind, mightn't they? That might have been part of the torture process. It's always possible. I have to ask myself all the time, what might have happened yesterday that I've had wiped in a sort of men in black scenario from my brain? It's

---

CAROLE. going to work in my advantage, actually.

---

GRAHAM. Let me tell you the story of a man, a man called Han Bing. He is a database administrator. And he worked for a real estate company in China called Lianjia, formerly known as Homelink. And in his job, he had some security responsibilities. He had admin rights and so forth. And he discovered what he believed were some problems with the security, the computer security at his company. And he wanted to bring them to the attention of senior members of the firm.

---

CAROLE. Right. So he's oh, this looks a bit not good for us. Let me just tip it off. Yeah.

---

GRAHAM. We need to fix this. There's a problem here or something needs to be patched or reconfigured or we need to throw some budget at the wall and see if it sticks.

---

CAROLE. Kind of what you want ideal employees to do.

---

GRAHAM. Yeah. Yeah. Yeah. Sounds great. Sounds good. I said, have you ever been in that situation where you've kind of gone, guys, I think we've got a problem, Houston. I think. And everyone's, shush, shush, shush, shush. Will you stop distracting us from what we really want to focus on with all your, oh, there's a security problem. There's some sort of-

---

CAROLE. Yes, we're trying to design the sales service to be slicker. Please stop telling us about vulnerabilities.

---

GRAHAM. Yeah, vulnerability with the landing page or did you realize this page you've created allows you to send spam text messages to anyone in the world for free or something that. Not that that's ever happened at any companies we've ever worked at.

---

GRAHAM. Write to the chiefs. I'm going to explain the problem to them. They're going to reward me with riches. They're going to be so grateful that I've brought this to their attention. And maybe my boss will get the boot because he isn't taking this problem seriously. But you feel strongly about it. Yes, exactly. It's exactly a scenario, isn't it?

---

CAROLE. Can I just bring it even a bit further? I suspect many people like me, after announcing, I would always do it in writing, right? And then I would print with the metadata of the email that I sent and keep a copy of said email just in case they erase the whole server or my emails from the server saying, and no, you never did tell us.

---

GRAHAM. And then in case they break into your home and burn your printed copy, you have it tattooed on your left buttock.

---

CAROLE. That's right. Well, we've talked about tattooing stuff like this.

---

GRAHAM. The ultimate backup, in fact. There it is on your backside.

---

JESSICA. I feel this was a conversation the last episode that I joined you on. Your tattoo artists are busy.

---

GRAHAM. Well, Oxford, you know. So Han Bing, with another database administrator who he got on board, he presented his evidence to the bosses and he waited for their response. You can imagine the scene, the flip charts, the PowerPoint slides, the rolled up sleeves, the expectance of backslaps, congratulations, the opening of champagne, instant pay rises all round. We're going to fix the problem. You are a hero. You saved the company. That's what they're imagining.

---

CAROLE. If that's what they're imagining, they're certainly mistaken. Even half that is, you know, just thanks, we'll look into it, is the best one should be able to hope for, in my experience anyway.

---

JESSICA. Maybe they've not been through this before.

---

GRAHAM. Maybe not. Maybe they're a little naive. Well, it didn't quite go down how they planned because people had their noses seriously put out of joint by what Han Bing said.

CAROLE. Because he was insulting someone else's code?

GRAHAM. Well, the thing was, there were arguments between him and the other database administrators. Maybe they thought it made it look like they hadn't been on the ball. Maybe they had been lax in the security. They had maybe introduced problems or not dealt with issues. And here was this whistleblower kicking up a stink, making them look bad. And of course, the boss as well, he's been sort of undermined by Han Bing going to the big bosses.

---

CAROLE. Oh, my God. They didn't kill him, did they?

---

GRAHAM. No, no, they didn't kill him.

CAROLE. Good, Graham.

GRAHAM. But I prefer your story. I mean, we could say he got killed at that point, if you like.

CAROLE. No, no, no, no, no.

GRAHAM. Something happened to him which was even worse than death. He had his office relocated. He was moved.

---

CAROLE. Oh, dear. Near the toilets? That's the worst.

---

GRAHAM. Probably near the toilet, maybe on the back of a 737. There was some cockroach class. I don't know. But they moved his office and he felt sad. He thought, no one likes me at this company anymore. I'm undervalued. I try to do something amazing and here I am sitting near the bugs. And according to the Chinese reports, the reports which come out of China, which have been translated with the help of online services for me to understand, he became passive and sluggish, often late and early and there was absenteeism. So he wasn't quite as enthusiastic as he used to be. Because he felt well, no one cares about me, little old me.

Okay, so he's disgruntled. He is disgruntled. Either he had completely ridiculous, out-of-proportion thoughts as to how well he would be rewarded, or maybe he was just a bit of a grumpy old misanthrope in the first place. Bit of a git.

---

JESSICA. Why not both? Maybe both.

---

GRAHAM. Possibly both. Quite possibly both. Often does combine, doesn't it? You feel the people who are grumpiest feel they deserve the most.

---

CAROLE. That's so true. And it's the way you communicate these things. If you're saying, Captain, I found a problem and George did it, that's going to cause a bit of frack out in the group. But if you're kind of hey, I think we can tighten our security even further.

---

JESSICA. It sounds like going for a full on presentation and finger pointing. It may not have been the way to go.

---

GRAHAM. So what happened next is where the company's problems really started, because on June the 4th, 2018, someone using admin privileges and a root account accessed financial information on the servers at this company, the NGIA, and they deleted the data. In fact, they didn't just delete the data, they wiped it. They overwrote it multiple times with garbage to try to prevent the data from being recovered.

---

CAROLE. So all their financial data, all their stuff, all their accounts, gone?

---

GRAHAM. All gone. Large parts of their operations were impacted.

CAROLE. Were they in debt? Just out of interest. I'm just, my conspiracy hat's on.

GRAHAM. Well, just checking.

---

GRAHAM. Tens of thousands of employees went without salaries for an extended period of time. And it cost them tens of thousands of dollars to restore the data and get things back up and running again. But they think there were much more costs than that.

And so the company initiated an investigation and they thought, well, who could possibly have accessed this root account and used these admin privileges to access this database? And by a process of elimination, well, they came down to a list of the five database administrators who they employed.

And they were, of course, Han Bing, Gary Google, Peter Pornhub, Arthur Altavista and Dudley Dogpile.

Dudley Dogpile? You don't remember Dogpile? No. Oh, Carole, how old are you? Dogpile was a search engine. It still is.

---

JESSICA. For real? Is it? This is a new one to me.

---

GRAHAM. Not a very popular one.

---

JESSICA. Is it shit? Is that the whole point?

---

GRAHAM. It was a bit like Ask Jeeves, but with dogs as their logo instead.

---

JESSICA. I've never even heard of it. There you go. Not the best name.

---

GRAHAM. I know, but how crazy is Google or Bing and all the rest of them?

So they asked these five people, they said can you hand over your laptops, we want to take a look at them. And four of them said sure, no problem, go ahead, forensically examine as much as you want. But Han Bing, he went oh whoa whoa whoa whoa what, no, hang on.

He said I've got some private data on my laptop and if anyone wants my password it has to be the police. I'm not going to help you. You know, I can enter my password myself and I'll be present while you're doing any checks, but I'm not going to hand this over.

---

CAROLE. Okay. I think that's a fair response, whether he's guilty or not guilty. Right. I know people, Graham, you know, people as well, that there's no way they'd hand their passwords over.

---

JESSICA. Yeah. And you can understand his reluctance, certainly. Yeah. And he's saying he's happy for them to check it. He just wants to be there.

---

GRAHAM. Maybe he'll do the typing. Maybe he'll delete any suspicious folders.

Well, it turns out the company's investigators, they already knew they weren't actually interested in anything on the laptops. They say that it was quite likely that whoever had made the unauthorized access wouldn't actually have left any traces or any breadcrumbs on their own PCs.

They only wanted to see how each suspect would react and four of them had no problems and the fifth was whoa whoa whoa, why would you want to do that? So Peter Pornhub, he got away with it.

Yeah, so the investigators meanwhile had cross-referenced server logs, MAC addresses, IP addresses, they looked at CCTV footage, times when things were accessed.

---

CAROLE. Of course, I mean all their financial data is gone. It's not oh someone said that the CEO yogurt when he hates it, it's a big deal.

---

JESSICA. Exactly, yeah exactly. And done in such a way that they can't get it back and all that disruption and the morale for people not receiving their salaries, it must have caused a whole host of problems.

---

GRAHAM. Yeah, absolutely. And one of the clues they said they found was that Bing's MacBook laptop had the host name Yggdrasil, the giant tree of Norse mythology. And on one of the server logs they had, a computer with that name had connected to their server.

---

CAROLE. So they didn't need to go in at all. They just knew by computer name.

---

GRAHAM. They just knew by some of that information exactly.

So Han Bing has now been sentenced. It's finally gone to court and he has been sentenced to seven years in prison and told to pay compensation of $30,000 or the equivalent to his former employer as well.

All because he wanted security fixed. And for some reason, and what is this reason? Some reason he chose to sort of, well, I'll show them. I'll prove that it's a big problem. And did this to try and get their attention.

---

JESSICA. It's the mix, isn't it? Of A, I'll prove them wrong and myself right. But also if he felt, as you said, Carole, if he felt disgruntled, if he felt pushed to one side and he'd been ignored. And maybe there was other stuff. You know, maybe there was a pattern of these. And so he just thought he'd stick it to them, I guess. And he obviously thought he was cleverer than all of them and he'd get away with it.

---

CAROLE. Yep. And this is why Graham and I and Smashing Security are launching Give Your Data Administrator a Hug Day today. So just to make sure they don't get disgruntled so this doesn't happen to you. Enjoy.

---

GRAHAM. I should stress that it's give your database administrator a hug day today. Yesterday was give your database administrator a personal deodorant day. So as long as you follow all of the...

---

CAROLE. That's so lame. What? Jeez. When's the last time you've even hung out with a data administrator?

---

GRAHAM. Well, it's not just them, Carole. When did you last give somebody a hug?

---

CAROLE. When's the last time I put deodorant on? No.

---

GRAHAM. Well, now we're talking. Jess, over to you. What have you got for us this week?

---

JESSICA. Well, I have been reading research from the dark web monitoring company, Cyble, who have published a report about the Eternity Project malware. Have you read this?

No, I haven't. So they share a lot of findings about this malware and the Tor site that is used to share this malware, to sell this malware, but they include findings that this malware as a service is also being sold via Telegram.

---

CAROLE. Telegram comes up a lot with these dodgy groups, doesn't it?

JESSICA. Doesn't it? It seems to be coming up more and more over the last year.

This particular family of malware, the Eternity Project, includes stealers, miners, ransomware and DDoS bots. And this Telegram channel that the researchers at Cyble have found apparently has about 500 subscribers, so not a huge amount but substantial enough.

Interestingly, it employs a bot that allows the purchaser to compile the code themselves. So they can take it off the shelf, they can just buy the malware as is, or they can have the support of this Telegram bot that enables them to customize it too.

So we've got script kiddies who are getting a little bit of support to customize their malware to be exactly how they want it.

---

CAROLE. Forgive me, because I'm not as technically au fait as you guys.

So you'd be on Telegram, you'd be like, I'm looking for this, I'm looking for this. And then you would go through Tor to a special website and buy certain bits and bobs and create your malware, that type of thing? Or is it all free?

---

JESSICA. So you buy it, they sell it on an annual subscription model. So you can basically buy the malware and then get the code and be able to customize it with the support of a Telegram bot.

I think being able to tell you different things that you can do and how to do it, as I understand it.

---

CAROLE. Is it expensive to do this?

---

JESSICA. It is not. It's not the cheapest out there, but it is as little as $90 for a miner and $490 for ransomware.

So ransomware is the most expensive.

---

GRAHAM. It is pretty cheap when compared to the potential rewards for using this code. And that's the worry, of course, is that these sort of services give the tools to absolutely anyone with a criminal bent so that they can begin to exploit it and make potentially a large amount of money.

---

CAROLE. And I just want to say when Jessica says miners, she does mean crypto miners, not kids. Not Arthur Scargill.

Yes, crypto miner. I'm keeping it topical.

So I wonder what Telegram says about this. They've always, as far as I know, said, look, we don't monitor the chats. We don't know what people are using for. We don't have logs. We are not responsible. We're just letting people connect.

---

JESSICA. Yeah, I haven't seen if they've responded to this. It's pretty new, this news coming out.

I don't think they have. And they don't seem to respond to much of this stuff individually.

They seem to have this kind of statement, as you say, that, you know, hey, this is just happening on Telegram, but we're not responsible for it.

---

GRAHAM. I think probably what they would say would be that the onus is on people who stumble across these groups to report them, so they can be shut down. But of course they can pop up within seconds elsewhere.

So there's a lot of this going on on Telegram, and some of these groups have thousands and thousands of people participating on them, sharing information, including sometimes journalists. You know, there's journalists who are subscribed to Telegram channels where they find out what the latest ransomware attacks are going to be.

That's very true. There's probably companies out there who are also subscribed to some of these channels just to get a heads up as to whether they might be the next target.

---

JESSICA. This is certainly not the first time that we have seen Telegram being used by cybercriminals for all sorts of different things as well. Not just this, selling malware, but being used for cryptocurrency scams, job recruitment scams that I think we've spoken about before on Smashing Security, sharing of nudes, you know, unauthorized, without people's permission.

And BlackBerry recently released a report about remote access Trojan being sold really, really cheaply, $20. And that was also using a Telegram channel, kind of a support with nearly 3,000 subscribers.

So this seems to be growing more and more as a proper learner.

---

GRAHAM. So if you bought that, all you would need to do is just email, for instance, somebody with a link pointing to that executable, telling them it's something like an update or something, and then you would have remote control of their computer and be able to spy on what they were up to.

So you can imagine a lot of people out there might be tempted to use a remote access Trojan to snoop on maybe a potential partner or an ex-partner. All kinds of ghastliness there, isn't it?

This malware you're talking about, though, the Eternity Project malware. It's a bit of a stupid name, isn't it?

Do you call yourself something like Lumpy Troubles? I have lumps, maybe not in the right place. More like sugar lumps.

But it's just, I just think sometimes they're a little bit full of themselves. And maybe they need a little bit more sense of humour.

It just sounds pompous. You're not pompous.

And I'm not pompous. I'm never pompous, am I? No.

---

JESSICA. I saw it sounds like a Marvel film or some kind of trilogy.

---

GRAHAM. The Eternity Project malware. It must be 14-year-old, surely, with a name like that.

Carole, what have you got for us this week?

---

CAROLE. I have something super cheery. We're talking mental health.

---

GRAHAM. Because, you know, it's Mental Health Awareness Month. Hang on, it's Hug a Database Administrator Day.

Oh, I just called that. That's a TM.

Oh, that isn't official. Okay.

---

CAROLE. Is it too close to pandemic, post-pandemic, pandemic still? Yes, of course it bloody is. Exactly. Maybe just elbow bump or something.

---

GRAHAM. Yeah, elbow bump. So it's Mental Health Awareness Month.

---

CAROLE. Yeah. And Graham, so how are you feeling? Are you going a bit mental?

---

GRAHAM. I don't think the phrase a bit mental is terribly politically correct. But anyway, I feel all right. Not too bad at the moment. Thank you very much for asking.

---

CAROLE. That's very good. But there are many, many people out there who are not feeling A-OK or fine at the moment, right? And there are countless reasons why they might be. There's inflation, divisive politics, misinformation, you know, poisoned earth, Will Smith losing his cool, Depp versus Heard. I mean, all these dramas.

---

GRAHAM. What the hell are they? Will Smith hitting someone and Amber Heard and Johnny Depp having a Barney at the court. So you're putting these up alongside climate change. Oh, I see. Okay. All right.

---

CAROLE. Yes. Yes, absolutely. All these dramas have no doubt played a very significant part in making us feel either depressed or lonely or anxious or annoyed or frustrated. All the things that maybe a therapist could help us unpack.

---

GRAHAM. Yes. I suppose so. Maybe.

---

CAROLE. When the pandemic hit, the need for therapy skyrocketed for probably mostly obvious reasons, right? And the irony was that therapists weren't allowed to see their patients because remember lockdown? So online video, text and phone sessions slowly normalized. And those of us that didn't have a therapist pre-pandemic found ourselves suddenly in need. We were all out of luck, right? Therapists were booked solid, taking no new patients.

So say you're sitting there and you need a therapist right for your lumpy trouser problem, right?

---

GRAHAM. I don't think that's a therapy issue. But anyway, what do you do?

---

CAROLE. Could all be in your head, right? Maybe you just think. Oh, maybe, maybe. Yeah. OK, so what do you do? What do you do? You can't find a therapist or you've gone through the phone book. You know, you've looked around neighborhood. Everyone's, sorry, totally booked. What do you do?

---

GRAHAM. Are you going to suggest? Because I remember a few weeks ago you were talking about getting yourself a virtual boyfriend via an app, which was AI controlled. Are you talking about an AI therapist? I know the way your mind works now.

---

CAROLE. Close, close. You may have heard ads or promos, right, for online therapy, right? Where therapists are vetted and whatever your problem, they will align you with a professional who can help. So these online app services, for example. Is there any name actually that comes up when you think about it? I'm a big pod listener, right? So there's two that come up in my head immediately of these online services that have been being touted recently over the last few years.

---

GRAHAM. Oh, I have heard one advertised, but I can't remember the name. Is it BetterHelp?

---

CAROLE. Oh, yes. Yeah, yeah. BetterHelp is one. I'm going to talk about BetterHelp. And you may have heard of Talkspace as well. That's another one that I hear all the time. So you go to Talkspace website and it says, feeling better starts with a single message. That's their strapline at the moment on their homepage. And they say, look, we need to do a brief assessment. So basically answer a few questions about your preferences. Pick a provider. We'll give you a selected, we'll give you a list of recommendations. You go ahead and pick which one sounds good for you and just start your therapy and begin the journey towards a happier you.

---

GRAHAM. And this will be online therapy with a real living therapist?

---

CAROLE. Yes. So someone they've vetted. It's a Zoom call or something. Yeah, it's a Zoom call. Maybe you can get text messages, right? You can leave phone, answer phone, voicemail type things.

---

JESSICA. Yeah, I think I've seen these on Instagram where you exchange messages and stuff.

---

CAROLE. Yeah, exactly. So Talkspace and BetterHelp are both known to have done a very huge advertising campaign during the pandemic because people, there was basically a mental health crisis. And they can step in and be helpful so BetterHelp have that on their home page it's you deserve to be happy and answer a few questions to find a therapist who fits your needs and preferences so same idea but they then make a big deal about tapping to the largest network of licensed professional board certified providers

---

JESSICA. Okay so good professional yeah certified

---

CAROLE. Both sites look slick right and there's full of quotes from people saying oh my god my life's so much better now that I've done BetterHelp.

---

GRAHAM. So this is a good news story. This is a good news story. Yes. Yes. Excellent. Oh, well, thanks very much.

---

CAROLE. And, you know, they're very professional websites because if you think about it, right, some mental health issues are basically something you don't want to, you want to keep it entre-nous, right? It's a private thing. If I go to a therapist with an uncontrollable, embarrassing tick, for example, I don't want people around me to know about it. Graham, for example, who'll just mock me every time he sees me.

---

JESSICA. Yeah, it's sensitive. It's potentially really sensitive stuff that people don't just want to talk to anyone about. They want professional experience certified.

---

GRAHAM. That was a bit mean. Who? Jessica's mean to you? I think you were just a bit mean to me there. I think you've hurt me there.

---

CAROLE. Get a therapist. I might know an app that can... Yeah. Well, maybe you want to listen a bit more before you advertise this one. Oh, no. So as this is a security podcast, Graham, to your point, let's bring in Mozilla, the power behind privacy not included. And this is a site devoted to assessing product services that are online connected and they give them a privacy rating.

Sometimes that's a good privacy rating and sometimes it's a poo-poo rating. So Mozilla, they're the

---

GRAHAM. people who make Firefox and Thunderbird. And this little kind

---

CAROLE. of project they do have a team of, I think they must have lawyers in there because they read all the small print. They look at the settings. They do some research online. They reach out to the company for a response.

And just last week, they released their findings on a slew of mental health apps. And it's not scary at all if you don't care a jot about privacy. So you know how I said I knew about Talkspace and BetterHelp so I had those already listed before I went and read all the stuff that they'd done and both of them are listed as two of the six worst offenders in Mozilla's list.

---

JESSICA. Two that have been advertising so much through the pandemic.

---

CAROLE. Yes trying to build their you know the number of people that use their services so I'm gonna list out like this is Carole's cliff notes if you want of Mozilla's privacy not included cliff notes on Talkspace. I mean, you can obviously all the links from the show notes. You can go read to your heart's content.

But Talkspace says they collect a lot of personal information on users, including name, email address, phone number, gender, relationship status, employer, geolocation information, transcripts, and more. And they say they can use this personal information for marketing, tailored advertising, and research purposes. Now there are no promises in the small print not to sell non-medical information so they are HIPAA compliant they say right so they're not going to sell the medical stuff but the non-medical stuff unless you live in California or in the European or UK regions you have GDPR protecting you your information may be used.

---

GRAHAM. Wow so you're not only paying them for the therapy they're also going to take your data, or at least they have the option, taking your data and sending it to someone else for money as well. Because your subscription isn't enough for them.

---

CAROLE. Because you're, yes. Talkspace also says, quote, your written authorization will be required for uses and disclosures of psychotherapy notes and uses and disclosures of your protected health information for marketing, which basically says they might give you a, hey, blah, blah, blah, blah, do you allow us to do this? Consent, right? And how many people just click without looking?

---

JESSICA. Especially when people are potentially very vulnerable, like trying to get therapy, trying to get help. They've turned to this solution and maybe they're not in the right frame of mind to be.

---

CAROLE. 100%. 100%. I couldn't agree with you more on that.

---

GRAHAM. If you go for in-person therapy to somewhere and you go and lie on the couch and all the rest of it, and do the therapists then say, oh, thank you very much for telling me about all of your problems. This is going to be very useful. I'm going to be able to use this. Do you mind if I sell it to Coca-Cola? I'm going to sell this to Grazia magazine. I've got a lovely little column I'm going to write about people with weird problems. It's just another way to supplement my income. Oh, great. That'll be $400, please. Sure,

---

CAROLE. of course. So the New York Times reported in 2020 that former employees and therapists at Talkspace told them that anonymized conversations between medical professionals and their clients were regularly reviewed by the company so they could mine them for info. So they're basically saying that idea that you and your therapist are all alone, no one's listening, may not be all it is.

And then Talkspace say in their privacy policy, if you do want us to share your personal data or feel uncomfortable with the way we use your information in order to deliver our services, please do not use your services. And Ms. Privacy Not Included say, we think that's a pretty good advice.

---

GRAHAM. If you don't like it, sling your hook is what they're saying. Well, that is true. I mean, that is ultimately the best advice, isn't it? Is not to use it. I agree. It would be nice if they...

---

CAROLE. Well, yeah, wasn't that on their homepage? Yeah.

---

GRAHAM. Yeah, exactly. They could have had that on big letters there. Just say, by the way, you don't want to use us.

CAROLE. Great way from Mozilla now. It's such a great site. Seriously, I'm going to recommend that all listeners and you too bookmark that page.

Because sometimes you need to buy a new something smart, for example, for the home. You can just go look and see if they've already reviewed it. And if not, you can actually give it to them and recommend that they go review it for you. So it's a very cool site. So again, link in the show notes. Do check it out, guys. It's really good.

BetterHelp wasn't much better. They say they collect, use, and store communications between users and counselors on their platform. They also collect a whole lot of personal information from responses on their intake questionnaire, like are you feeling depressed or anxious or are you struggling to maintain relationships, to things like name, age, email address and phone number. And Mozilla say as well that they can use this data they collect on you for personalization, product offerings relevant to your individual interests and targeted ads.

So if you had an embarrassing problem like say you were a shoe fetishist or a foot fetishist, oh no, right? What would your eyes be like? Shoes and feet for nail polish.

---

GRAHAM. Yeah, but you'd love it wouldn't you? You'd be happy if you're a foot fetishist to get loads of shoes and feet.

---

CAROLE. Doesn't help your drama and your therapy.

---

GRAHAM. Maybe you're getting therapy because you can't get enough pictures of shoes and feet and they're actually doing you a favor. Maybe you're thinking well it's just hard to get hold of new material.

---

CAROLE. Even The Economist again shared a report of one user that said, when I first joined BetterHelp I started to see targeted ads with words that I had used on the app to describe my personal experiences. Wow, it's right.

---

JESSICA. Wow, no. You're not feeling good, you may be feeling a bit paranoid, you're in this session, you're talking about your deepest hurts and sensitivities, and then you see words that you have used being—

---

GRAHAM. I'm just imagining getting some therapy and suddenly I've got ads for a trombone, a terapine and half a pound of lard appearing because I've shared my most intimate thoughts. It's a horrendous thing isn't it?

---

JESSICA. When you put it like that, Graham.

---

GRAHAM. See, I would really like it if more products and services, if I'm paying for them, I could have some confidence that is how they're making their money.

---

CAROLE. I know. We've said that before in the show. We kind of said that, right? Free is not free.

---

GRAHAM. Yeah, it's nice to pay for something, but you then learn to be suspicious if something's free. But when they start charging you and they're also mining you for information or exploiting it in some fashion, then that really feels quite underhand. Because how are you going to spot that unless you read the terms and conditions and all the privacy policies which we know—

---

CAROLE. Jen Caltrider, she's Mozilla's Privacy Not Included lead, right? She says, quote, the vast majority of mental health apps are exceptionally creepy. They track, share and capitalize on users' most intimate personal thoughts, feelings like moods, mental state, biometric data. Turns out researching mental health apps is not good for your mental health, as it reveals how negligent and craven these companies can be with their most intimate personal information, unquote. That's scathing, right?

---

JESSICA. Yeah, that is. You can feel the anger of that statement. And yeah, you sort of think as well, I'm obviously naive, but you would think, okay, it's a company making a mental health app. They're making all these statements about how they want people to be happier and healthier. So to then know that behind the scenes, they have made that decision to actually at least open the door on misusing data in that way just feels so sad, doesn't it?

---

CAROLE. Yes, and what's really gross about it is I have seen many ads from these two particular companies talk about how much cheaper it is to use these services rather than going to a therapist in their office or having a one-on-one with a therapist that you find on your own. And the other problem is Silicon Valley investors are pouring hundreds of millions of dollars into these apps. Insurance companies get to collect extra data on the people they insure. Data brokers are enriching their databases with even more sensitive data.

---

GRAHAM. Just wait until you start getting your online therapy in Mark Zuckerberg's metaverse. Do you know what assets are connected to your network? Most organisations don't. For your security programme to be effective, you need an inventory of all your devices so you can make critical decisions fast.

Well, Rumble was made by the creator of Metasploit, which explains why it finds many devices that other solutions miss, including orphaned machines running outdated operating systems. Quickly find systems affected by the latest security news. Just think of Log4J, SolarWinds and Kaspersky. It can even tell you which machines are missing endpoint protection from your local network all the way to the cloud.

Sign up for a free trial and build your asset inventory in minutes. Get your trial at rumble.run. That's rumble.run, and thanks to Rumble for supporting the show. So

---

CAROLE. We all know that users these days sometimes have to connect from an unsecured network using any device they have at hand, and companies have no control over the device, applications, clouds, and the infrastructure that connects it all together. This rapid shift in online work created security gaps that bad actors use to the full. And most importantly, companies need to emphasize the reduction of risk of a data breach if a user's credentials are stolen.

This is why you need to check out Good Access. This is a global company based in the Czech Republic with a proven 10-year track record. They are a bunch of security enthusiasts dedicated to delivering anytime, anywhere secure remote access for small and medium-sized businesses worldwide. And this begins with a free Good Access starter product for unlimited usage by up to 100 employees. Yes, you heard right, 100 employees. Learn more at smashingsecurity.com/Good Access. And big thank yous to Good Access for sponsoring the show.

---

GRAHAM. Collide sends employees important timely and relevant security recommendations for their Linux, Mac and Windows devices right inside Slack. Collide is perfect for organizations that care deeply about compliance and security but don't want to get there by locking down devices to the point where they become unusable.

So instead of frustrating your employees, Collide educates them about security and device management while directing them to fix important problems. Sign up today by visiting smashingsecurity.com/collide. That's smashingsecurity.com/K-O-L-I-D-E. Enter your email when prompted and you will receive a free Collide goodie bag after your trial activates.

You can try Collide with all of its features on an unlimited number of devices for free, no credit card required. Try it out at smashingsecurity.com/collide. That's smashingsecurity.com/K-O-L-I-D-E and thanks to Collide for supporting the show.

And welcome back. And you join us at our favourite part of the show, the part of the show that we like to call Pick Of The Week. Pick Of The Week. Pick Of The Week. Pick Of The Week is the part of the show where everyone should say on the like. It could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website or an app. Whatever they wish. It doesn't have to be security-related necessarily.

Better not be. Well, my pick of the week this week is not security-related.

Good. I've been rummaging around on the old Netflix. I thought, look, you know, I pay for this every month. Maybe I should watch a few more shows. And I have been watching a documentary. Don't worry, they're not tracking you. I have been watching a documentary, because I love documentaries, all about Three Mile Island, meltdown on Three Mile Island, which for our younger listeners...

I don't know anything about that.

Yeah, well, help me. You don't know anything about Three Mile Island? My goodness. Hey, you shouldn't shame me. I was about to say, Carole, for our younger listeners and co-hosts, I will tell you this was the worst commercial nuclear accident in US history where a nuclear reactor began to go a little bit rather boiled over. Things went a little bit bad and radioactive material was leaked out into the atmosphere and went into a nearby town. It was the Americans' version, basically, of Chernobyl. Thankfully, not quite as bad, but pretty darn bad. Happened in 1979 and the accident occurred just 10 days after a movie called The China Syndrome, which you may have seen with Jack Lemmon and Jane Fonda. I think Michael Douglas was in it as well. That came out just 10 days earlier.

You've never seen the China Syndrome? Well, it's basically the story of what happened at Three Mile Island, and it came out a week and a half.

Well, that explains everything.

Exactly. Jane Fonda must have been behind the leak at Three Mile Island. Anyway, it's very interesting. Four-part documentary all about what occurred and how catastrophe was, well, at least a larger catastrophe, was averted and the impact on the town as well. So very cheery all round. I find it very interesting.

---

CAROLE. Is there anything that you're going to change in your behaviour should it happen close to your home?

---

GRAHAM. Well, yes. What I'm going to do is not live near a nuclear power plant.

Oh, you do though.

No, I don't.

You do.

No, I don't.

Oh, no, you don't. No, you don't. You don't. Thank you very much. You're right. Excuse me. So that is my pick of the week. Meltdown Three Mile Island on Netflix. Jess, what's your pick of the week?

---

JESSICA. Well, mine is also a TV show, but not a documentary, I don't think. But mine is Slow Horses on Apple TV. Have either of you watched this?

No, I haven't.

It's on my list, though.

It is on my list. Oh, it's so good. It's so good. My parents recommended it, and every time I've spoken to them for the last few weeks, they've said, have you watched Slow Horses yet? And I've had to say, no, Mum and Dad, I've not. It's on my list.

So finally got to watching it at the weekend and watched it all over the weekend.

---

CAROLE. Oh I love that that's how good it was.

---

JESSICA. So good and I saw a YouTube interview about it and someone described it as James Bond without James Bond and I thought that was quite a good description. It's basically about a group of dysfunctional MI5 agents so an office of agents in MI5 who have failed or been sidelined for one reason or another and so they've been put in this unit that is called Slough House and I think the line is something like you know they're so far from the actual work and MI5 that they might as well be in Slough.

---

GRAHAM. Love it. No offence to listeners based in Slough. No offence to Slough at all.

---

CAROLE. And for listeners that have never heard of Slough, that's just a town outside of London.

---

GRAHAM. Yeah, if you haven't heard of Slough, well done.

---

JESSICA. It's based on a popular series of books that I've not read, but really want to now, by an author called Mick Herron, Slough House. And it stars Gary Oldman.

He was amazing, obviously. Jack Lowden and Olivia. So it's got a great cast with Mick Jagger singing the theme tune because he loved the books so much.

He wanted to sing the theme tune. It's pretty amazing.

You haven't read the books, have you? No, I've not read the books.

Apparently the books are really good. If the books are anything the series, which obviously they are, then they must be amazing.

It's a great mix. I think quite rare in that it is very dramatic and tense and there's some moments without ruining it but there's some moments there's a sort of a theme of the series that every time these moments are on screen I feel really sick to my stomach really anxious but balanced with absolute hilarity and really dark humor and some absolute laugh out loud moments.

---

CAROLE. Sounds a bit my life.

---

JESSICA. And one unintentional laugh out loud and I know that pick of the week is not meant to be security but there is a hacker character in amongst them all and there are some inaccuracies. He uses this one sentence you'll know what I'm talking about they're in a cafe and there is buzzword after buzzword none of it makes sense if you know at all anything about hacking and that will blow your mind and that really did make us laugh but so watch for that but also watch because it is very gripping very funny and it really subverts the stereotypes plus there is a season two coming.

---

GRAHAM. Jess, you say I love it the books are called Slough House I believe they are and the series that the TV show is called Slow Horses. I'm wondering is it because Mick Jagger when he sings it sounds a bit Slow Horses is that why they've called the TV show Slow Horses?

---

JESSICA. I mean I love that theory but no.

---

GRAHAM. No there's another explanation all right there is there is.

---

JESSICA. Basically these dysfunctional agents are described the slow horses they're you know I was part of slow wars for my first horse riding lesson in a couple of decades that horse didn't move very fast. Good pivot.

Good pivot. It's the same as these agents, basically.

---

GRAHAM. Here we go again, hearing about her riding in the desert on some Arabian stallion.

---

CAROLE. Well, great. When we got onto this call, you said, oh, I just slipped one in before I could get him on the show.

What?

---

GRAHAM. No, I meant I'd been on the exercise bike. That's why I'd slipped in.

---

JESSICA. Oh, well, now you tell us.

---

GRAHAM. Carole, what's your pick of the week?

---

CAROLE. Well, I'm carrying off my theme of Mental Health Awareness Month because I've been listening to a podcast recommended by my buddy Andy, who is currently studying psychotherapy. And she knows I'm a podaholic and she curates a few good therapy ones for me to check out.

And this one called Therapy Uncensored is one that gets my vote. Co-hosted by Sue Marriott and Ann Kelly.

And they describe it as a candid, unscripted conversation rooted in attachment and relational science. So Graham, I imagine you're as interested in my pick of the week as I was in yours.

---

GRAHAM. Yeah, yeah, I'm all into that.

---

CAROLE. But the idea is that they unpack how to improve relationships with others and understand what makes you and those you love emotionally tick. So this is my cup of coffee, my cup of java.

You know, if you wanted to learn how to better deal with conflict or improve your compassion, Graham, or whether you want to have a—

---

GRAHAM. Why would you do that? Just ask.

No, sorry. We'll have a—

---

CAROLE. We will have a discussion. Is that right?

Okay. Or maybe, you know, on a more serious note, you maybe have had, you know, suffered some trauma or a loved one has, or maybe you have a kid or student that's acting out and you need to figure out a way to calm them and refocus them without aggravating the situation.

So basically, whatever your drama, they seem to have something thought-provoking to say about it. I've probably listened to maybe 10 or 12 of the episodes.

There's probably 170 there. And I found all of them super interesting, right?

And they get guests. They call themselves neuro-nerds.

And they get guests who specialize on specific areas of certain behaviors and how to deal with them or overcome them. I just it.

It just has a real feel of intelligence and usefulness. Plus, you don't have to give anyone any sensitive information to listen to the podcast, which is a super big bonus.

So this is Therapy Uncensored. Find it wherever you get your podcast.

You can also listen on the website. And that is my pick of the week for Mental Health Month.

---

GRAHAM. Marvelous. Now, Carole, you've been speaking to Chris Kirsch of Rumble this week, haven't you?

---

CAROLE. Yes, my friend. I hope I can call him that, Chris Kirsch.

It was a really interesting conversation. They're really thinking about security in a pretty unique way.

Check it out. So a treat today.

We have Chris Kirsch, the CEO of Rumble.run, a company he co-founded with Metasploit creator H.D. Moore to help companies get visibility into everything connected to the network. Welcome back to Smashing Security, Chris.

Thank you very much. Now, we are here to talk effectively about knowing thy network, you know, and a big part of that is asset inventory or what we're connecting to the network at any given time.

So it sounds to me pretty straightforward. Is there a problem?

Am I missing something?

CHRIS. Yeah, so you think that asset inventory is a solved problem, but most companies still use a spreadsheet or at best some home-baked solution. And even when they use a professional solution, often that's called a CMDB, stands for Configuration Management Database, essentially like a database of all the assets on your network, those solutions typically still miss about 10 to 40 percent of devices on the network.

That's a lot. Yeah, and it can be as high as 80, I've seen that too.

There are a few reasons for that. It mostly depends on what technology they're using, but the root cause is usually that there are unmanaged assets that are no longer managed through drift, through reorgs in the company. Nobody is responsible for them anymore, or they've always been unmanaged because there were just some employee putting out a rogue router on the network or a rogue machine.

Or assets that have managed over time, right?

---

CAROLE. Right, legacy stuff, legacy stuff. Like, you know, that fax machine's been there forever. Yeah, yeah. For those listeners who don't know what a fax machine is. Sorry, go on, go on.

---

CHRIS. So it becomes even worse when you've got things like mergers and acquisitions, right? Then you've got what I call a digital archaeology, where the people who originally set up the network are no longer there.

Nobody knows that certain subnets exist. You might not have credentials for all of the machines on there. And it gets even worse with operational technology and IoT, because those are typically completely off the radar of the IT team.

---

CAROLE. You know, it's a bit like an attic, right? Like, I think I kind of know what's stored up there. But really, probably 80% have no idea, right?

And it's like, I would say I know, and I'd say, of course I know where that is. And then it would take me three days to find it.

So there's solutions out there to help you figure all this out. Why are they having trouble discovering these devices?

---

CHRIS. You know, most of the other solutions take very much an IT mindset to the problem. And they're saying, well, if there's a device on the network, then surely I have the ability to log onto it or to install software on it.

So they either deploy agents or they use something called an authenticated scan, which is basically connecting to the device, logging in with username and password, and then interrogating the device on what it is. And so vulnerability scanners, for example, are a good case for that, where they try to log onto every device and they do a reasonable job.

But there are two things. Number one, if they can't authenticate to a device because it's unmanaged, or maybe it's like a Polycom phone, or it's some kind of HVAC system or something like that, right? Or a developer box that was set up in the corner for testing, that's not on the active directory, right? So those kind of things they really struggle with.

And things like vulnerability scanners don't collect the right information for asset inventory. Something might be an IP camera or something, and they will only tell you, oh, it's Linux 2618, something very generic that actually doesn't help you very much in figuring out what something is.

Right. Okay. So one good example for that is we did a project with a luxury retailer, the kind of stuff that you and I maybe want to buy but can't afford. And so they had a global retail network, different brands and so on, very fragmented because they'd acquired a lot of different fashion houses over the years.

And so we did a bake-off against a major IT service management vendor. And that means what, a bake-off?

A bake-off means, you know, like they tried Rumble versus the other product. Right, right.

And when they were scanning, especially for their Asian operations, which had a lot of lack of visibility, M&A, different fiefdoms, IT fiefdoms, you know, we found two and a half times as many devices on that network. And the reason for that was that they just didn't have a lot of the credentials and they were also missing network segments. There were some network segments I didn't even know they had, so they weren't scanning them.

---

CAROLE. So you're looking for these things in a different way, right? So you must have something unique that you're doing. Are you allowed to tell us or is it all secret?

---

CHRIS. Yeah, I'm happy to tell you just a little bit. I'm just going to give you a peek behind the curtain.

Okay, good. In a nutshell, the reason our solution is that good is really thanks to my co-founder. His name is H.D. Moore. And he's the creator of Metasploit.

Metasploit is an open source network penetration testing tool. And so when you think about it, a penetration tester is dropped onto a network, either from the outside looking in or on the inside and trying to figure out what's on the network. And then once they figure out, okay, there is active machines here and there, then they need to fingerprint those machines and figure out what they are before they attack them. Because if you don't know what it is, you can't attack it, right?

And then Metasploit goes further. It exploits machines. There's post-exploitation, all of that stuff. But H.D. basically had the idea of applying the early phases of a pen test, the network scanning and the fingerprinting, to IT asset inventory. So he says, like, using something really cool and applying it to the most boring thing on the planet, you know?

And so by using that approach compared to the IT-focused approach of logging onto machines, you find all the orphaned and rogue devices and all the weird stuff on your network. And that's not just the case for IT, but it's also the case for OT, so operational technology, IoT, manufacturing, hospitals, you know, all of that stuff.

---

CAROLE. Wow, so I'd say I did this, I ran this and I found, you know, I don't know, this plethora of devices connected to my network. What do I do then? Like, you're giving me visibility or are you giving me tools to try and go and look at them as well?

---

SPEAKER_00. Yeah, so typically what you do depends on who you are. We have different types of users using that data and it's really quite interesting.

So four different types of users. The first one is the enterprise security team. So they use it for situational awareness. They want to know, you know, most of them scan internally, trying to figure out what do I actually have behind the firewall? Some of them also take an external perspective looking in and saying what is actually exposed outside from the internet that attackers might be able to see from the outside.

And then once they have that situational awareness, they can use Rumble in many cases for what I call rapid response for breaking security news. You know, they listen to Smashing Security and they hear about things like Log4j and SolarWinds and, hey, we shouldn't use Kaspersky anymore and all of those things.

So how do you find those things on the network? And so with Rumble, we really do things differently because we decouple the scan from the assessment. We scan your network and we collect a bunch of stuff. And then at the moment when you actually need to know a specific thing, then you can say, show me all of the things that are X, right?

So for Log4J, we might find you all of the applications that include Log4J. SolarWinds boxes we can fingerprint through certain attributes. And we can even fingerprint Windows devices that are running Kaspersky without authentication over the network.

So it goes a lot deeper than most people expect for an unauthenticated scan. Wow.

So that's the enterprise security team, right? But then we have the second user group is incident response. And in incident response, really, there are a few other use cases.

So people use it both proactively and reactively. So proactive would be something like threat hunting. You know that there are a lot of devices getting attacked. Let's say Schneider Electric had some power supplies that had a security issue. So you try to find all of these devices so that you can patch and update them, right, or to see if they were already compromised, for example.

---

CAROLE. Yeah, you're trying to race ahead of the potential attack, right?

---

SPEAKER_00. Exactly. And the reactive side would be something like you're getting an alert on a certain IP address, but you don't know what's behind that IP address. So is it my domain controller? Is it an IP camera and so on? Is it maybe an access badge door controller kind of thing?

So Rumble gives you that context. You can, for example, give it an IP address and it gives you that. And then you can also say, show me all other things that look like that. So you can go hunting.

---

CAROLE. Oh, yeah, yeah. You're giving people the tools to go and find all the little critters in their network.

---

SPEAKER_00. Exactly. And so you can either use Rumble directly or you can import it into your Splunk environment and use it there.

Now we have the blue team covered, right? Now the red team. So the penetration testers love it because it really helps them with their reconnaissance phase. It provides you a lot more depth than some of the other open source tools. And it provides you a very good user interface to pivot into information.

So you can look, for example, for we have something called an outlier index where you can filter for devices that are weird and different from the other ones. You can look for devices that are not on the active directory because they're probably not patched, right?

And we can even find you devices that are multi-homed, so that have two network cards, and that allow you to jump from one network segment into the other as a pivot point. We can do that even when we only scan one of the interfaces, because a lot of the devices are leaking their secondary interfaces.

---

CAROLE. I bet you pen testers that are listening out there are now downloading fast. Yeah. Okay. And group four, group four.

---

SPEAKER_00. Group four. Okay. So group four is IT teams. So now we're outside of the security realm.

And so those folks typically have a CMDB or are looking to get a CMDB, but they're really having trouble getting the right data into it, getting clean data, getting comprehensive data. Yes. They can pull rumble data into ServiceNow. That's a very common one. GRS service management is one that's up and coming.

And that enables them to, number one, have a fuller view of what they actually have on the network. They can look for operating systems and devices that are end of life, that are no longer patchable and so on.

And so you think that given our history, we would only sell into security, but actually our largest deal was with a telco provider that purely uses it for that use case. And so we cover all of the industries really across the board from anything from brick and mortar retail to cloud hosting providers.

---

CAROLE. Now, tell me, listeners are listening to this and they're going, look, can I have a play around with this? I just want to see what's connected to my network. What do

---

CAROLE. You say to that, Chris?

---

CHRIS. Sure, absolutely. So they can do that. And quite frankly, I'm making some bold claims here. And most people don't really believe that you can do that with an unauthenticated scan until you try it out.

And by the way, we then also augment that with API integrations to cloud hosting providers, with integrations with, let's say, CrowdStrike and SentinelOne, where you can figure out, are any of my endpoints missing endpoint protection, for example? That's a huge use case, right?

So if you would like to try any of that out, please go to rumble.run. There is a 21-day trial, fully featured. You can go up to 50,000 devices.

You can go wild if you want to. Just register and go.

Some people start out just with their home network. It's the easiest way to do it because it's a small network. It's somewhere where you don't need to ask others for permission.

They get comfortable with that, see the quality of the scan, and then they bring it to work. That's what we see quite often.

And if you'd started a trial at the beginning of this interview, you may already be done scanning your home network because it's really quick and easy to get started and to scan the network and then to view your devices. And if you are not in IT or security as a job or you just want to use this at home, we also have a free edition for up to 256 devices.

And you can do that either use that for free at home or even in a small business. You can use it commercially. So that's fine as well.

---

CAROLE. So what happens if you're not technically au fait, some of our listeners may not be, and they want to try this out? Will they be able to get comprehensible information, even if they're not very techie?

---

CHRIS. Yeah, what most people find is, let's say somebody who's not as technical in scanning a home network. Most people scan their network, and they're quite surprised what they find, because they thought, oh, I know what's on my home network. It's not that big. It's not that complicated.

And then they figure out, oh, yeah, that thing, I put that in five years ago, I didn't even remember that. And that thing, oh, yeah, my daughter added that I didn't know that was connected and so on.

So it's quite eye opening just to see what's connected. Of course, if you want to dive in deeper and do some of the more funky stuff, that requires a little bit more technical expertise.

But we see just, you know, tech enthusiasts and private people using it as up to very large enterprises.

---

CAROLE. Chris, thank you so much. This is Chris Kirsch, CEO of Rumble.run. Is there anything you'd like to add?

---

CHRIS. No, just head over to Rumble.run, give the product a try, and thanks a lot for having me.

---

CAROLE. Listeners, you heard Chris. Run to Rumble.run so that you can see what devices are connected to your network.

Chris, thank you so much for coming on the show. Okay. You can say thanks if you want to. I didn't know how you wanted to cut it. You can respond.

---

GRAHAM. And that just about wraps up the show for this week. Jess, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?

---

JESSICA. You can find me on Twitter at Dr Jessica Barker and check out sygenta.co.uk to see what we're all about.

---

GRAHAM. Marvellous. And you can follow us on Twitter at Smashing Security, no G. Twitter at the last of a G.

And we also have a Smashing Security subreddit. And don't forget to ensure you never miss another episode.

Follow Smashing Security in your favourite podcast app, such as Apple Podcasts, Spotify and Google Podcasts.

---

CAROLE. And again, massive thank you to our episode sponsors, Collide, Good Access and Rumble, and to our wonderful Patreon communities. Thanks to them all, this show is free.

And for episode show notes, sponsorship information, guest lists and the entire back catalogue of more than 275 episodes, check out smashingsecurity.com.

---

GRAHAM. Until next time, cheerio, bye-bye. Bye. Bye-bye.

---

CAROLE. Can I ask you a question, though? What? What's your problem with Slough?

Slough? I have very good friends who live in Slough. What's your problem with Slough?

---

GRAHAM. Do you? It's just the word. It's a bit like stains.

Slough looks like... Okay, I'll just hang up the phone now. Slough looks like slough and stains just makes me think of dirty underpants.

Yet again, a very reasonable explanation.

-- TRANSCRIPT ENDS --