How did a saxophonist sneak sensitive information in and out of the Soviet Union? How might an Apple AirTag have led to murder? And isn't the world of cryptocurrency and blockchain doing just great?
All this and more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Visit https://www.smashingsecurity.com/279 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Sponsored By:
- Kolide: Kolide is a SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack.
- Kolide is perfect for organizations that want to move beyond a traditional lock-down model and move to one where employees are educated about security and device management while fixing nuanced problems. We call this approach Honest Security.
- You can try Kolide on an unlimited number of devices with all its features for free and without a credit card for 14 days.
- Bitwarden: A password manager is an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Open source with published 3rd party security audits, Bitwarden is transparent and secure, utilizing end-to-end and zero knowledge encryption with source code that can be scrutinized by all.
- Learn how Bitwarden can help you do business faster and more securely at bitwarden.com/smashing and start a free business plan trial today.
- Drata: Is your organization finding it difficult to achieve compliance and scale its security posture? As G2’s highest rated cloud compliance software, Drata streamlines your SOC 2, ISO 27001, PCI DSS, GDPR & HIPAA compliance and provides 24-hour continuous control monitoring so you focus on scaling securely. Drata is also the only compliance automation platform with a private tenant database. That’s like having your cake and securing it too
- Countless security professionals from companies including Notion, FullStory, & BambooHR have shared how crucial it has been to have Drata as a trusted partner in the compliance process.
- Listeners of Smashing Security can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata
Links:
- Welsh James Bond Timothy Dalton's cello escape in "The Living Daylights" — YouTube.
- How a Saxophonist Tricked the KGB by Encrypting Secrets in Music — Wired.
- Woman accused of killing boyfriend using AirTag tracking — The Register.
- Andre Smith fatally struck by car outside Tilly's Pub, woman charged — Indy Star.
- Indianapolis woman Gaylyn Morris accused of tracking boyfriend with Apple AirTag, killing him with car, police say — The Washington Post.
- An update on AirTag and unwanted tracking — Apple.
- Apple Updates iPhone with 'Safety Check' for Domestic Victims — Gizmodo.
- Web3 is going just great.
- Audm - Listen to feature stories from The Atlantic, WIRED, and more.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
ROBOT. I go home, I wait for them to come back, and I say, oh darling, you've been working so hard, haven't you? You've been working so hard. Have you been all right? Have you been all right? Yes, I've been all right. Oh, that's so good. Did you have any fun at all? Were you able to— no, I had no fun at all. You had no fun at all with that redhead? Smashing Security, Episode 279: Encrypted Notes and a Deadly Case of AirTag Spying with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security Episode 279. My name is Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. And this week, Carole, we are joined by absolutely no one. And we nearly, we nearly didn't have you either, did we?
CAROLE THERIAULT. Well, yes. The reason we don't have anyone today is my fault because I'm actually on holiday today. Well, for this week. I'm actually in beautiful Croatia, and I love our listeners so much that I've kicked everyone out of the house. And here I am on a travel mic. So if I sound a little different, that's why, to do the show.
GRAHAM CLULEY. Ah, well, you do love our listeners very, very much. And the other person who loves our listeners very, very much is last week's guest, Geoff White. You will recall, folks, that Geoff ran a little competition for a signed copy of his new book, The Lazarus Heist, we asked people to write in for a chance to win a free signed copy of his book. And I can announce that we now have a winner. So please stop writing in.
CAROLE THERIAULT. We've had so many people who want a free book. You know, Geoff would love if you bought the book, just saying.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. For those of you that can afford it. I mean, I know it's always nice to get a freebie, but—
GRAHAM CLULEY. And it was also nice seeing the little begging emails from people where they were trying to win us over by saying, oh, we really love Smashing Security. And Geoff is amazing.
CAROLE THERIAULT. I think you're outrageous. I loved every single one of those emails. They were glorious.
GRAHAM CLULEY. Well, I'm not saying I didn't love them, but well done to Joss Kulunzyk of Queensland, Australia, who was pulled out of the hat and won the signed copy. Thank you very much, Joss, for taking part and everybody else as well.
CAROLE THERIAULT. Shall we move this show along so I can get back to my friends and family?
GRAHAM CLULEY. Chop chop.
CAROLE THERIAULT. And thank this week's sponsors, Bitwarden, Drata, and Kolide. It's their support that helps us give you this show for free. Now, Coming up on today's show, Graham, what do you got?
GRAHAM CLULEY. I'm going to be talking about sax and the Soviets.
CAROLE THERIAULT. Such a crazy title.
GRAHAM CLULEY. Thank you.
CAROLE THERIAULT. And I'm talking AirTags.
GRAHAM CLULEY. Ooh.
CAROLE THERIAULT. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, Chum Chum, have you ever been a member of an orchestra?
CAROLE THERIAULT. Nope.
GRAHAM CLULEY. A musical group.
CAROLE THERIAULT. I'm not very musically gifted.
GRAHAM CLULEY. Oh, come, come. I've heard you playing guitar.
CAROLE THERIAULT. I tried for 3 years. My music theory is quite up there, but I just did not have the je ne sais quoi to be the next guitarist.
GRAHAM CLULEY. Je ne sais quoi. That's French, isn't it?
CAROLE THERIAULT. Yes. Well done.
GRAHAM CLULEY. Yeah, right. Do you know what for?
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. Right. Okay. I thought you'd say—
CAROLE THERIAULT. Do you want me to tell you?
GRAHAM CLULEY. I thought you were going to say, I know not what it is for. No.
CAROLE THERIAULT. I'm not as clever as you, honey.
GRAHAM CLULEY. Anyway, I was surprised to see a musician lined up to speak at the RSA conference. Not Bono. Why would you? Not Mary Hopkin.
CAROLE THERIAULT. No one like that.
GRAHAM CLULEY. Well, no, because they do. They have had a series of crazy people speaking at the RSA conference in San Francisco in the past.
CAROLE THERIAULT. Really?
GRAHAM CLULEY. Oh, yeah, yeah, yeah. Oh my goodness. They're such publicity whores. They will hire anybody. They've had Sean Penn.
CAROLE THERIAULT. The well-known technologist.
GRAHAM CLULEY. Yeah. Shatner.
CAROLE THERIAULT. Well, William Shatner, I get. That's not crazy.
GRAHAM CLULEY. George Takei, Monica Lewinsky. Ooh, okay. The guys from MythBusters, Stephen Colbert.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. The one who caught my eye this year was not a security expert speaking, but a saxophonist. Now, I wasn't at the RSA conference this year, but it's always great to see the reports of what's going on there. And there was a woman called Meryl Goldberg who was speaking, and she was talking about, her experiences way back in 1985. As you know, I like to keep things topical.
CAROLE THERIAULT. Yeah, you do a great job at it too, honey. Great.
GRAHAM CLULEY. 1985. Wonderful things happened in 1985. Live Aid, of course.
CAROLE THERIAULT. Right.
GRAHAM CLULEY. Give us your beeping money.
CAROLE THERIAULT. Uh-huh. Give us your money to save the people that are starving, though.
GRAHAM CLULEY. Yes, that's right. Yes, yes, of course. The Rainbow Warrior was sunk. The wreck of the Titanic was found.
CAROLE THERIAULT. Oh, is that right? I didn't know that.
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. I mean, I knew it was found. I just didn't know it was found that year.
GRAHAM CLULEY. Yeah, yeah, yeah. The first.com domain was registered.
CAROLE THERIAULT. Shut up.
GRAHAM CLULEY. Do you know what it was?
CAROLE THERIAULT. No.
GRAHAM CLULEY. You'd expect it to be something like internet.com, wouldn't you?
CAROLE THERIAULT. I would've thought hello world.com, but yeah.
GRAHAM CLULEY. It was actually symbolics.com.
CAROLE THERIAULT. What?
GRAHAM CLULEY. Symbolics was the— A company called Symbolics was the first one ever to register a domain. What do they do? Oh, I don't know. Something. Something technical.
CAROLE THERIAULT. Something that demanded way more research than we were willing to give the show. Right? Carry on. You're doing great.
GRAHAM CLULEY. It was also the year of Roger Moore's final James Bond. Where do you stand on Roger Moore as James Bond? Have you seen A View to a Kill with Christopher Walken?
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. Appalling. It's an appalling load of old rubbish. Goodness, he was eventually replaced by the Welsh James Bond, Timothy Dalton.
CAROLE THERIAULT. Timothy Dalton.
GRAHAM CLULEY. Yes. Well, that was 1985. And Meryl Goldberg, this woman who was chatting at RSA, in 1985, she travelled to Soviet Russia because that's what it was then, wasn't it? It was the Soviet Union. It wasn't really Russia then.
CAROLE THERIAULT. USSR.
GRAHAM CLULEY. That's right. She went to Moscow. With some fellow— I'm just trying to make you feel comfortable. Do I say Moscow in Canada or Moscow? Moscow. Oh really? So you say Moscow north of the border and Moscow beneath. Okay. And she went there with some other musicians. And she had a great story to tell. Now, unlike Timothy Dalton in The Living Daylights, she did not get entangled with some KGB agents and then escape down a snowy mountain on a cello case.
CAROLE THERIAULT. I don't think they would call that.
GRAHAM CLULEY. That would've been a good story though. Yeah.
CAROLE THERIAULT. It was.
GRAHAM CLULEY. It would have been. Why didn't they get Timothy Dalton to show up at RSA? I don't know. Is it because he's Welsh? Is there a Welsh agenda keeping Welsh people out of the RSA conference? Well, no, she was a saxophonist and she was playing in a band called the Boston Klezmer Conservatory Band. And they decided as some sort of cultural expedition that they would go to the Soviet Union and play with Soviet musicians. And this was a thing which didn't happen that much at the time. It was quite rare for the musicians to sort of get together and meet over there and play music together because generally the Soviet authorities thought that was perhaps not the thing to have some of that crazy saxophone music in the USSR. You know, it may sort of corrupt the youth or something like that. But she wanted She wanted to meet up with a group called the Phantom Orchestra.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. The Phantom Orchestra was a dissident group. It was a group of Jewish people in the Soviet Union who maybe weren't too happy with how the authorities were running the Soviet Union at the time. So, Meryl Goldberg, her trip was backed up by a non-profit group that was helping Jews in the then Soviet Union emigrate to the United States and Israel. And if you can throw your mind back that many years, you would know it wasn't—
CAROLE THERIAULT. I was very, very young.
GRAHAM CLULEY. Yes. Well, you weren't that young.
CAROLE THERIAULT. Oh, I think you're talking to our listeners. Okay, sorry.
GRAHAM CLULEY. But it wasn't that easy. It wasn't that easy to get out of the Soviet Union. They weren't very keen on people leaving.
CAROLE THERIAULT. Yeah, exactly. Right.
GRAHAM CLULEY. So you had to behave yourself, basically. So this group of American musicians, including our hero Meryl, went out there, and she realized, "Oh boy, it'd be kind of handy if we could smuggle some information in and out of the USSR, including maybe details of who was looking to escape the Soviet Union," because there were people who were, you know, looking to relocate, as I said, to Israel and the United States. And to get out. But it turns out that the Soviet authorities were onto this sort of thing. And so if you tried to go into the Soviet Union, they would search all your belongings, right? They would go through your cello case, they would go through your handbag, they would look between your toes, they would look everywhere imaginable to see if you had secreted some information or were trying to take in something. So if you had documents which had, for instance, people's names and addresses of you are planning to meet, then that would be something which they'd say, maybe they wouldn't have an accent like that, but they'd say, what's all this about then? What are you up to here? Why are you taking this information in and out?
CAROLE THERIAULT. Yeah, it would be pretty scary.
GRAHAM CLULEY. What would you do, Karel? Would you stuff it up your saxophone?
CAROLE THERIAULT. No, I would probably. I find that all very frightening. I am very glad that I haven't had to deal with that Instance of having to try and be subversive against, you know, the country that I was based in or get other people to do it. It's very complicated, hard stuff. Yeah.
GRAHAM CLULEY. Oh my goodness. Imagine being questioned. You're in a foreign country, you're questioned, you're being searched. I was once questioned about a murder case, right? I wasn't expecting the police to come round and interview me about it. By the way, I didn't do the murder. I didn't know the victim. I didn't know the murderer, but I was interviewed about a murder case. And I thought, oh my goodness, you know, oh my God, You think everything you're going to say is going to incriminate yourself.
CAROLE THERIAULT. Yeah, and they weren't even Russian, right?
GRAHAM CLULEY. No, I don't think so. No, they were from London, these cops. They'd come up all that way. And I said to them, I said, look, if you told me you were on your way, I'd have tidied up. Because my place at the time was a bit untidy. It looked like I could have been a murderer. And they said, oh, we don't normally ring ahead to warn you that we're coming. Okay, fair enough. Anyway. It's fine. I'm just a podcaster now. It's acceptable. But anyway, I can imagine the stress. I can imagine that. So the group, Meryl and her pals, her, you know, performing pals, they had been told to expect to be under surveillance, treated with suspicion, etc. And they had found that everything was being— even apparently their Tampax was unwrapped. And everything that they were— yeah, exactly. Because they're just looking for anything, right? They know that you might buy things.
CAROLE THERIAULT. You can't reuse a Tampax once it's open. That's a, you know—
GRAHAM CLULEY. Well, I suppose it depends on what you're trying to use it for. Maybe for its usual purpose, no, you can't. But—
CAROLE THERIAULT. If you have a nosebleed. I did see a guy once in a car next to me when I was driving back from work.
GRAHAM CLULEY. What?
CAROLE THERIAULT. No, I'm not kidding. I'm driving back from work at the place we used to work at together. And I look over and this guy has two tampon strings sticking out of his nose at the driving wheel of the car next to me.
GRAHAM CLULEY. So I guess he must have had a horrific nosebleed and thought, "I know!" You don't think he'd just accidentally inhaled a couple of mice or something, and there were tails hanging down from his nostrils? Anyway, so Meryl Goldberg, she thought, "Well, how can I sneak information through?" And what she did was she devised a way of coding information into the musical notation. And so she handwrote out musical scores And of course, the music, as you may not know, Carole, only goes from A to G, right? You get flats and you get sharps, and maybe you can go into other— what are they called?
CAROLE THERIAULT. Complicated chords?
GRAHAM CLULEY. Octaves.
CAROLE THERIAULT. Other octaves. Yes, yes.
GRAHAM CLULEY. Other octaves, or you know, you can have a treble clef or something. Anyway, so she managed to encode all this information into this music, and what it turned out that was the KGB agents who were spine upon them. They just thought, oh, this is just bloody music, you know, I'm not interested in this. They didn't go and try and play it because if they tried to play it, it would probably sound like modern acid jazz or something really horrendous, or Stockhausen, you know. It would just sound like, oh my goodness, what on earth is this? Someone described it as sounding like a cat walking across piano. You can imagine that kind of music.
CAROLE THERIAULT. No, but God, you'd be shitting yourself, wouldn't you? Because if just one of them could read music—
GRAHAM CLULEY. That would be a way to distract the agents, of course, as if they are getting a little bit warm on what they're looking through. If you actually defecated. Lovely. And then I suppose they'd have to sift through that, looking for— yeah. God, gross. Anyway, they were tailed constantly. They did manage to meet up with these dissidents. They eventually had their passports seized, they were expelled, but they managed to get information both in and out of the country. And some of apparently the people they met up with, some of the Soviet activists, did face consequences for the visit. In the reports I've read, that's sort of been glossed over. Oh, there were consequences for some of the people they met up with.
CAROLE THERIAULT. Yeah, they were jailed for 20 years in a hard-working camp. No problem, don't worry about it.
GRAHAM CLULEY. But others were eventually able to permanently leave the USSR. But I thought it was a great story from a bygone pre-internet age of a way of not really encrypting information. Meryl Goldberg does admit that, you know, if someone actually analyzed it, it was more obfuscation perhaps than encryption, but it was still enough to serve its purpose. And as a consequence, the groups obviously achieved their ambitions.
CAROLE THERIAULT. Can I tell you something?
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. Symbolics.com still exists.
GRAHAM CLULEY. Oh, does it? Yeah.
CAROLE THERIAULT. Download our free mini book, Internet History in the Making.
GRAHAM CLULEY. Ah. Oh, didn't some chap buy the domain from the Symbolics company? Because he wanted to own the very first domain. Who knows why?
CAROLE THERIAULT. Yeah, he says here, our museum is like any other with various wings to explore and unique historical items to visit. Yeah. 100% free, and we aim to continually update it with relevant exhibits and information.
GRAHAM CLULEY. Fantastic.
CAROLE THERIAULT. Yeah. And very interesting.
GRAHAM CLULEY. There you go. Very good. I'm glad that's the bit of my story which you enjoyed, right?
CAROLE THERIAULT. That was my favourite bit. Yeah.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. Hey, I'm on holiday. I'm on holiday. I'm not taking anything too seriously today.
GRAHAM CLULEY. Carole, what have you got for us this week?
CAROLE THERIAULT. Well, Graham, I'm gonna set a scene for you, okay? You are dating a lady friend.
GRAHAM CLULEY. I am.
CAROLE THERIAULT. Let's say that this lady friend, this fictitious lady friend, has been acting a little bit weird recently.
GRAHAM CLULEY. She has.
CAROLE THERIAULT. Weird in a way that makes you think that perhaps she is interested in sniff testing someone else's nether regions, if you get my drift.
GRAHAM CLULEY. I'm sorry, sniffing someone's neck? You mean she's interested in—
CAROLE THERIAULT. You think maybe she's stepping out on you.
GRAHAM CLULEY. Oh, I see. Nothing to do with farts or anything, bottoms and things. Okay. She's maybe interested in somebody else. Okay.
CAROLE THERIAULT. Yeah. Okay. And you know, it's kind of eating at you, right? You just want to know if she's cheating. And the problem is you don't have any proof and you want proof to help you decide whether you're a paranoid freako or a bona fide Columbo?
GRAHAM CLULEY. Right. I don't think anyone would ever cheat on Columbo.
CAROLE THERIAULT. I mean, it's hard to ignore when you're in these situations. It's hard to ignore the extra-long poop breaks, phone in hand, of course, or late nights out without you, obviously, you know, or the faint smell of new love in the air. You know, maybe she's always humming suddenly, or things like this. And basically, you just want to know what the eff is up. So I want to know what steps you would take at this stage.
GRAHAM CLULEY. Oh, what? I might say to her, hey, you seen anyone other than me at the moment? You could try the direct approach.
CAROLE THERIAULT. Yes, yes. You could just ask her. Yep.
GRAHAM CLULEY. Yes. You could— Ooh. You could notice if she's suddenly calling you by somebody else's name. If she starts calling me Geoff or something, then I might think, oh, I wonder who this Geoff guy is.
CAROLE THERIAULT. But what if she covered her tracks and said, oh, but you look like a Geoff. I just love the name Geoff. You look exactly like Geoff.
GRAHAM CLULEY. You might fall for that.
CAROLE THERIAULT. I'm like, okay. Okay, call me Jack.
GRAHAM CLULEY. Okay. I mean, it's not uncommon to look at somebody else's phone, is it? I mean, it's not really a very attractive attribute to do it.
CAROLE THERIAULT. Yeah, but sometimes people lock their phones, right?
GRAHAM CLULEY. Ah, right. Yes, true. Maybe they've changed their wallpaper on their phone to the picture of their new loved one. You might be able to see that even if you don't unlock the phone. That would be telling. It is.
CAROLE THERIAULT. But Graham, these are amazing suggestions. Very amazing. But no cigar. What if I told you that there may be an Apple AirTag involved?
GRAHAM CLULEY. Ah, yes. Now we've talked about this possibility before, I think, haven't we? So these AirTags have a sort of lost mode. So if you lose your AirTag, you can sort of get where it is, can't you? You can get some sort of location information.
CAROLE THERIAULT. Well, the whole point is to lose your AirTags in a way. That's the point of them is if you, for example, you slap it in your luggage, you've lost your luggage. You're— it's basically a Bluetooth, private Bluetooth device that pings out and finds any Apple device in the vicinity and uses that device to inform Apple to inform you that here is where your device is. So it activates the GPS in the device that it, you know, the iPhone, for example, that it can connect to.
GRAHAM CLULEY. It's very clever. I've never owned one of these AirTags. No, me neither. I've never played with one.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. But I know people who have, and it sounds like they're jolly clever.
CAROLE THERIAULT. Well, they are clever when they're used for good, but sometimes they are not, especially if it's used by someone who wants to know what their partner is up to. So this is where Miss Gaylynn Morris apparently did to her partner, Andre Smith. Okay, both these people are 26, and earlier this month, Miss Morris was convinced that Mr. Smith was cheating on her because basically he wasn't coming home at night. So that was kind of a fake tip-off, right?
GRAHAM CLULEY. That's a clue. Yeah, it's a clue.
CAROLE THERIAULT. Well, he could be working hard. Who knows?
GRAHAM CLULEY. Yeah, right. 3 in the morning.
CAROLE THERIAULT. Yeah. Now, so she decides to use an AirTag because both she and Mr. Smith were iPhone users. Right?
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. So my guess is, this is how I'm playing it out in my head, right? Mr. Smith decides to piss off for an evening. With what Miss Morris thinks is a flimsy excuse. And she probably gave him no heat and said, "Have fun, honey bunch." But really, she was probably waiting for him to go so she could follow him and find out where he is.
GRAHAM CLULEY. Mm-hmm.
CAROLE THERIAULT. Because she hid an AirTag in the cup holder of his car.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. And it turns out she was successful eventually tracking him to a place called Tilly's Bar in Indianapolis.
GRAHAM CLULEY. Okay, do we know what this chap Andreas actually does for a job?
CAROLE THERIAULT. No.
GRAHAM CLULEY. Because maybe he's a bar—
CAROLE THERIAULT. Tender.
GRAHAM CLULEY. Health— Yeah, but yes, a bartender, or a sort of health and safety person for bars. Or maybe he's an electrician or something. Or a patron.
CAROLE THERIAULT. Or a patron.
GRAHAM CLULEY. Or yes, a professional drinker, maybe. He could be any one of these things.
CAROLE THERIAULT. So, Miss Morris arrives in the parking lot. And she sees some people loitering.
GRAHAM CLULEY. Oh, she follows? She goes there while he's there?
CAROLE THERIAULT. Yes, she goes there, right? She wants to catch him.
GRAHAM CLULEY. Oh my goodness.
CAROLE THERIAULT. And there's a few people loitering around. And she goes up to them and she goes, "Hey, have you seen a guy that looks like this?" So she describes Mr. Smith's appearances to the other patrons lurking outside and says, "Look, he's my boyfriend. I think he's cheating on me, and I want to know if he's in the bar." Oh, I wouldn't—
GRAHAM CLULEY. okay, I wouldn't personally say to complete strangers, "I think he's cheating on me," at this stage. That feels a little—
CAROLE THERIAULT. Oh, I don't know. You're pretty close. No, but you're being honest. You're just being straight up. You're like, "I think he's cheating on me. I want to catch him out." So it turns out Miss Morris seems to enter Tilly's bar, and she quickly spots her man, Mr. Morris. And guess what? He is not alone. She was right. He's obviously playing the Judas, and by having a drink with a lady who is not Miss Morris. So—
GRAHAM CLULEY. Is it his mum?
CAROLE THERIAULT. No, it is not her mum. Although I don't know who this is. This woman has remained anonymous in this whole—
GRAHAM CLULEY. All right. Okay.
CAROLE THERIAULT. So we don't know who she was. Okay. So you get there. Let's go back to you, right? So you've done all this. You arrive at the bar. You see your girlfriend with some hot hunk of love. That you're not comfortable with, what do you do now? Do you just go, okay, now I know, and I'm leaving, and I'll let her know when she comes home, or what?
GRAHAM CLULEY. Oh yeah, so I would go home. I wouldn't let him see me.
CAROLE THERIAULT. Would you wear a mustache when you went in or something just to—
GRAHAM CLULEY. Yeah, yeah, I'd be wearing a big raincoat. I'd probably be standing on someone else's shoulders as well so it looked like I was taller than I really was.
CAROLE THERIAULT. Yeah, that wouldn't attract any attention. No one would see you then. You're right.
GRAHAM CLULEY. With a long red coat. Anyway, or maybe I've dressed up as a pantomime horse. Something like that. Not to draw attention to myself. Right. To disguise my true identity. I go home. I wait for them to come back. And I say, oh darling, you've been working so hard, haven't you? You've been working so hard. Have you been all right? Have you been all right? Yes, I've been all right. Oh, that's so good. Did you have any fun at all? Were you able to? No, I had no fun at all. You had no fun at all? No fun at all with that redhead?
CAROLE THERIAULT. So you would have the WTF conversation or WTF chitchat at home is what you would do?
GRAHAM CLULEY. Well, I think rather than in public, yes.
CAROLE THERIAULT. Well, Miss Morris, slightly different from you.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. Miss Morris goes up to the table and has a serious WTF chitchat. And according to witnesses, Miss Morris seizes an empty bottle and swings at Smith's companion.
GRAHAM CLULEY. A what?
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. No way. Yes.
CAROLE THERIAULT. And Smith, however, gets in between them and says, "Hey, hey, calm down. Calm down, Miss Morris." The bar owner sees all this and asks all three of them to leave. But the companion says, "Um, actually, I'm waiting for food, so, that I've paid for, so I'm gonna stay right here." Who ordered the calamari? Yes.
GRAHAM CLULEY. Someone— I'm having calamari.
CAROLE THERIAULT. If someone just tried to deck me with a— crack my head open or whatever with a bottle, I don't think I'd be worrying about my French fries or tacos, right? I don't know. Anyway.
GRAHAM CLULEY. Okay, so if I was going to stay in the bar to do the confrontation, I would do it differently. First of all, I wouldn't swing at someone with a bottle. I wouldn't do the WTF, girlfriend, who do you think you are with my man kind of thing. First of all, she should be, surely if she's upset with anyone, she should be upset with her guy, not with the woman. But anyway, regardless of that, because the woman may not know that he's in a relationship. But wouldn't it be cooler just to sit down at the table and just go, hi?
CAROLE THERIAULT. Yeah, you know, I think that's great, but I think sometimes when people are in these situations, they don't have the clear reasoning available to them. They're kind of in this fog of what? WTF? Jealousy, crazy.
GRAHAM CLULEY. Yeah, I guess they're seeing red.
CAROLE THERIAULT. However, I've never been at the— I've never been so enraged that I wanted to crack someone's head open with a bottle.
GRAHAM CLULEY. So, you know, good.
CAROLE THERIAULT. However, Now, it doesn't stop there, okay? This gets a little bit more disturbing. I'm warning you all out there as well. Miss Morris does decide to get the heck out of Dodge, gets into her car and drives off. And Mr. Smith also leaves, right? And he steps out onto the sidewalk. Miss Morris zooms back, mounts the sidewalk with her car, and literally runs him over. Like, literally.
GRAHAM CLULEY. Oh my God.
CAROLE THERIAULT. Now I get that cheating sucks, but I'm not sure that running someone over for this misdeed is a fair response. Do you have any thoughts on that?
GRAHAM CLULEY. Do you? I tend to agree. Is it possible she's exhibited some crazy behaviour in the past, which maybe has driven Mr. Smith elsewhere? Possibly. Maybe he's been seeking some assistance from outside of his relationship.
CAROLE THERIAULT. This all makes— become clear in a second because this is not the end of the story. Because she decides that running him over, that running over trick, was not quite enough. So, uh, she then—
GRAHAM CLULEY. puts the car in reverse.
CAROLE THERIAULT. Yep. And backs over the boyfriend.
GRAHAM CLULEY. Oh, okay.
CAROLE THERIAULT. And there's a report that witnesses are there, right? There's people there watching all this. They saw the bottle incident inside the, you know, probably people came outside to see what was going on. And there are reports that this guy witnessing all this tries to step in front of the car to protect Mr. Smith, but Morris, alas, drives around him, hitting him in the left hip with her car mirror before running over Mr. Smith for a third time.
GRAHAM CLULEY. Well, this is a—
CAROLE THERIAULT. A registered nurse is on the scene, and she tries to help Mr. Smith, right? But he's completely under the car. Like, his head is under one front wheel, and his feet are under another. The passenger side front wheel, and she can't get to him. And when the cops arrived, are you surprised that Mr. Smith is dead after being run over by 3 times?
GRAHAM CLULEY. Well, no, I'm not surprised. I'm just surprised at you. Why do you tell us this story? Are you going to blame all this on Apple or something for their—
CAROLE THERIAULT. I cannot believe this because I just have here written in my notes, I have a question for you at this point. Who's at fault, Miss Morris or Apple? Now you all know that we are big fans of password managers at Smashing Security because it's an important tool for generating and saving secure credentials for every online account. Bitwarden makes it easy to stay secure and for businesses to share logins with team members and departments. Bitwarden is transparent and secure using end-to-end and zero-knowledge encryption with source code that can be scrutinized. Now you can go to bitwarden.com/smashing and try it for free across devices as an individual user, or you can start a free trial of a Teams Enterprise plan. And the thing I like about this, a good password manager is robust and cost-effective. As it can radically improve your chances of staying safe online, all without requiring super high-tech expertise. Go to bitwarden.com/smashing. Start your free password manager trial today.
GRAHAM CLULEY. Collide Security sends employees important, timely, and relevant security recommendations for their Linux, Mac, and Windows devices right inside Slack. Collide is perfect for organizations that care deeply about compliance and security but don't want to get there by locking down devices to the point where they become unusable. So instead of frustrating your employees, Collide educates them about security and device management while directing them to fix important problems. Sign up today by visiting smashingsecurity.com/collide. That's smashingsecurity.com/collide.
CAROLE THERIAULT. K-O-L-I-D-E.
GRAHAM CLULEY. Enter your email when prompted, and you will receive a free KOLIDE goodie bag after your trial activates. You can try KOLIDE with all of its features on an unlimited number of devices for free, no credit card required. Try it out at smashingsecurity.com/kolide. That's smashingsecurity.com/kolide. And thanks to KOLIDE for supporting the show.
CAROLE THERIAULT. Is your organization finding it difficult to achieve compliance and scale its security posture? At G2's highest-rated cloud compliance software, Drata streamlines your SOC 2, your ISO 27001, your PCI DSS, your GDPR, and your HIPAA compliance. Plus, it provides 24-hour continuous control monitoring so you can focus on scaling securely. Drata is the only compliance automation platform with a private tenant database. They say it's like having your cake and securing it too. Countless security professionals from companies including Notion, FullStory, and BambooHR have shared how crucial it is to have Drata as a trusted partner in their compliance process. Listeners, you can get 10% off Drata and waived implementation fees by visiting smashingsecurity.com/drata. That's D-R-A-T-A. And thanks to Drata for sponsoring the show.
GRAHAM CLULEY. And welcome back. Can you join us for our favorite part of the show? The part of the show that we like to call Pick of the Week. Pick of the Week.
CAROLE THERIAULT. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. It doesn't have to be security related necessarily.
CAROLE THERIAULT. Better not be.
GRAHAM CLULEY. Well, my pick of the week this week is a little bit security related. Mm. Well, you know.
CAROLE THERIAULT. I'm on holiday. It's just unfair. But anyway, go on. Let's see if it's worth it.
GRAHAM CLULEY. I found a website called web3isgoinggreat.com.
CAROLE THERIAULT. Sounds riveting.
GRAHAM CLULEY. And web3isgoinggreat.com was created by a software engineer called Molly White. This is how it describes itself. It says Web3 is going just great and is definitely not an enormous grift that's pouring lighter fluid on our already smoldering planet.
CAROLE THERIAULT. You know, I'm thinking of Mark Stockley right now who was on this show complaining very intensely about Web3, so I hope he's listening to this.
GRAHAM CLULEY. I think he'd like this website. It is a project to track some examples of how blockchain, crypto, Web3 stuff isn't actually going as well as its fans might like you to believe.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. And so it is a timeline of cryptocurrency and blockchain-based cock-ups dating back the last couple of years. And so it's basically stories of hacks, of scams, of money being lost, of everything.
CAROLE THERIAULT. The shit show. The shit show that is Web3.
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. That's right. And I found it quite entertaining. The site even includes what he calls its grift counter, which is a running total of the amount of money lost so far to Web3 grifts and scams and crypto nonsense increments as you scroll through the page. Currently it's at about $9 billion, they reckon.
CAROLE THERIAULT. Oh, chump change. Fantastic.
GRAHAM CLULEY. Yeah, exactly. Exactly. So I found it quite amusing. I think many of our cynical and skeptical listeners might enjoy it as well. And so that is why web3isgoinggreat.com is my pick of the week.
CAROLE THERIAULT. You don't mind if I don't look at it until I'm finished my holidays, right?
GRAHAM CLULEY. That's fine. That's fine.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. What's your pick of the week?
CAROLE THERIAULT. I've got a good one. My pick of the week is an app called Audem, A-U-D-E-M. Now, I quite like long-form journalism. Right? And I used to love reading all this, right? I'd read it online all the time, but honestly, I'm just in front of the screen just too much for me.
GRAHAM CLULEY. Ah, I can guess what it does. Yeah.
CAROLE THERIAULT. They narrate them. So I prefer to listen to these stories. And now I can with Audum because Audum is an app that curates the best long articles from about a dozen pretty high-caliber publishers like The Atlantic, The New York Times, the wonderful New Yorker, Rolling Stone, and others.
GRAHAM CLULEY. Oh, wonderful. That sounds great. Yeah.
CAROLE THERIAULT. And they have about 3,000 articles available so far, and you can download and listen away. You can even jump to any paragraph in a story by tapping on it. So you have also the written version in the app. You could choose your narration speed. So if you need it to be really slow, really fast, you can do that. And what's cool about it is rather than paying every single publisher their fee to have access to their content, You can pay the price of Audible to get access to many great stories from many different publishers, which I like.
GRAHAM CLULEY. How much does Audible cost?
CAROLE THERIAULT. Well, you can try it for free for 3 days, or you can even go to the daily because I do listen to the daily. This is the New York Times podcast. And occasionally on Sundays, they play an Audible version of a long-form New York Times article. Um, and after that you're charged $9 a month, which is pretty reasonable. Because you could hoover up a lot of content in that time.
GRAHAM CLULEY. Yeah, I guess so. Yeah. Well, I'm really pleased to hear that things like The Atlantic and The New Yorker are in there because they have tremendous articles, don't they?
CAROLE THERIAULT. Yeah, I really think it's great. And the app is pretty slick. And I think it's great. So I think if any of you out there rather listen than read sometimes, this is definitely worth checking out.
GRAHAM CLULEY. And does it sound okay? Or does it sound like this?
CAROLE THERIAULT. No, no, they have very good readers. Now I'm always on the hunt to see if they're automating it, and I'm sure one day they will. I mean, why wouldn't they, right? That makes sense. But at the moment, I think there may be some automation because, you know, sort of pauses are the same length, that kind of thing.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. But I find it pretty easy listening. I don't find it too automated that it puts me off. So it's called Audm, A-U-D-M. You can find it in any of your app stores. And I hope you enjoy it. That's my pick of the week.
GRAHAM CLULEY. That sounds fantastic. And that just about wraps up the show for this week. Carole, I hope you enjoy the rest of your holiday out there in Croatia.
CAROLE THERIAULT. I will.
GRAHAM CLULEY. Are you gonna come back to the UK? No. Oh.
CAROLE THERIAULT. It's super sunny here and beautiful. I've got dogs to play with, a husband that snoozes constantly. It's great.
GRAHAM CLULEY. Well, you can follow us on Twitter @SmashInSecurity, no G. Twitter allows to have a G, and we also have a Smashing Security subreddit. And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast apps such as Overcast, Spotify, and Apple Podcasts.
CAROLE THERIAULT. And a massive shout out to this episode's sponsors, Bitwarden, Drata, and Kolide. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free. And as always, for episode show notes, sponsorship info, guest list, and the entire back catalog of more than 277 episodes, check out smashingsecurity.com.
GRAHAM CLULEY. Until next time, cheerio, bye-bye.
CAROLE THERIAULT. Bye. I should have probably made Croatia my pick of the week. Can you make a country a pick of the week?
GRAHAM CLULEY. Of course you can.
CAROLE THERIAULT. Yeah?
GRAHAM CLULEY. As long as it's not security-related, necessarily.
CAROLE THERIAULT. Yeah, well, you have trouble following that.
GRAHAM CLULEY. True.
CAROLE THERIAULT. Talk to you next week. Maybe.
-- TRANSCRIPT ENDS --