This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

---

---

CAROLE THERIAULT. If you were Sam Bankman-Fried, Fried Friend, what? How do you?

---

GRAHAM CLULEY. That is taking double-barreled to quadruple-barreled now.

---

CAROLE THERIAULT. Quintuple.

---

ROBOT. That's excessive. Smashing Security, Episode 299. EV Charging Risks, FTX, and an Ancient Apocalypse. LastPass with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 299. My name's Graham Cluley.

---

CAROLE THERIAULT. And I'm Carole Theriault.

---

GRAHAM CLULEY. And this week, Carole, we've got a special guest with us. Who is joining us in the hot seat?

---

CAROLE THERIAULT. We do. We have Amtso's John Hawes.

---

JOHN HAWES. Hello, hello, hello. My seat is indeed very hot.

---

GRAHAM CLULEY. What's so hilarious about Amtso, Carole?

---

CAROLE THERIAULT. It's like the hardest word to say, I find.

---

JOHN HAWES. I think you did it excellently.

---

CAROLE THERIAULT.

---

AMTSO. A-M-T-S-O. I don't know how you'd say it, but it's more of a silent T.

---

GRAHAM CLULEY. For those in the know, it's the Anti-Malware Testing Standards Organization.

---

JOHN HAWES. Correct.

---

CAROLE THERIAULT. That's right. What do you guys do? Test standards?

---

JOHN HAWES. We know we set standards for testing. We make sure that the testing is done in a, in a good way that helps everybody.

---

GRAHAM CLULEY. Well, it's great to have you on the show. And, uh, Carole, what's coming up?

---

CAROLE THERIAULT. Well, before we kick off, let's thank this week's sponsors, Bitwarden, Carole Theriault and Kool-Aid. It's their support that helps us give you this show for free. Now coming up on today's show, Graham, what do you got?

---

GRAHAM CLULEY. I'm going to be going deep on FTX.

---

CAROLE THERIAULT. Okay. And what about you, Mr. John Hawes?

---

JOHN HAWES. Well, as usual on this show, I'm going to be talking about the Internet of Things.

---

CAROLE THERIAULT. And I'm not going to be talking about the Twitter deal, but a much, much bigger deal. All this and much more coming up on this episode of Smashing Security.

---

GRAHAM CLULEY. Now, chums, chums, over $150 billion in 3 days. That's how much the 15 largest cryptocurrencies lost in market value due to the collapse of one of the largest exchanges in the world, FTX. $150 billion.

---

JOHN HAWES. Were they real dollars?

---

CAROLE THERIAULT. Well, yeah, I know.

---

GRAHAM CLULEY. I, well, you know, who can say, you know, but theoretical dollars, theoretical dollars. Exactly. Well, suddenly people will be slightly miffed. Customers and investors have been left in the lurch with FTX owing its largest creditors around $3.1 billion. Now, FTX, if you haven't heard of them, well, that really proves that advertising doesn't work because they've been—

---

CAROLE THERIAULT. and media, they've been everywhere.

---

GRAHAM CLULEY. They've been everywhere. They've been everywhere for the last few years. They have had an NBA stadium named after them. They have adverts running during the Super Bowl this year.

---

CAROLE THERIAULT. Oh, that's where the money went.

---

GRAHAM CLULEY. Well, probably. Larry David from Curb Your Enthusiasm, he was in their Super Bowl advert. And the company was founded and headed up by this young chap. I think he's about 30 years old called Sam Bankman-Fried or Fried. And he was a little bit unusual. As these tech bros can be, he would tweet pictures of himself sleeping on beanbags next to his desk in the office. He claimed he lived in a house with 9 other colleagues. He was addicted to video games.

---

CAROLE THERIAULT. I think he did.

---

GRAHAM CLULEY. What, you think he did live in this house with 9 other colleagues?

---

CAROLE THERIAULT. Yeah, and they were people, they were all friends from like Yale and Harvard or wherever he went to school. Really? Yes.

---

JOHN HAWES. Maybe he was living in the office on a beanbag.

---

GRAHAM CLULEY. Yeah, maybe he just sloped off at 1 AM or something to go somewhere nicer. I don't know. I mean, I wasn't keeping track of him. But he was a star of the crypto scene. He was compared to Warren Buffett and JP Morgan. He had an estimated net worth of more than $15 billion. So it's a lot of money, a lot of money swishing around here. A lot of money.

---

CAROLE THERIAULT. Was this, again, was this real money?

---

GRAHAM CLULEY. Mm-hmm. Well, that was—

---

JOHN HAWES. Money-ish.

---

GRAHAM CLULEY. Well, has anyone got any real money, Carole? If you can't actually find it under your bed, if you can't bang it against a window and smash something, is it real money?

---

CAROLE THERIAULT. No, no, but I know a lot of people that have, you know, cryptocurrency. I wouldn't say, unless they realise it, that is worth $0.

---

GRAHAM CLULEY. Would you say that you have real money if the money's in a bank?

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. So that, even though you can't see it, is real money because you can go to the bank and you can get your money out.

---

CAROLE THERIAULT. Yes.

---

JOHN HAWES. Which you can't do with FTX.

---

GRAHAM CLULEY. Well, you can't anymore because it's not allowing you to withdraw your money anymore. Yeah, that wouldn't happen.

---

CAROLE THERIAULT. Very often with the real bank.

---

GRAHAM CLULEY. But if everything's working smoothly, you should be able to go to your cryptocurrency banky thing and say, oh, you know, you know, all that money I've got in there, I'd like to take that out, please.

---

CAROLE THERIAULT. You know what? I agree 100%. I don't think the crypto waters have ever been nice and quiet. And, you know, it's always been rough waters out there.

---

GRAHAM CLULEY. It's been troubled waters.

---

CAROLE THERIAULT. Troubled waters.

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. Troubled waters.

---

GRAHAM CLULEY. Exactly. Even though, of course, you know, this is someone who has fated as Well, I don't know, something like a bit of an Elon Musk sort of figure, sort of real sort of titan of technology, someone who was young and heading up the scene. There are pictures of him rubbing shoulders on stage with people like Tony Blair and Bill Clinton, Katy Perry, some guy from One Direction, Anthony Scaramucci.

---

JOHN HAWES. Whoa.

---

CAROLE THERIAULT. Okay, now you've got my attention.

---

JOHN HAWES. The Mooch.

---

GRAHAM CLULEY. Yep, the Mooch. The Mooch was up there as well. We should, you never hear about him anymore, do you?

---

JOHN HAWES. No.

---

GRAHAM CLULEY. For about a week.

---

CAROLE THERIAULT. He was fascinating.

---

GRAHAM CLULEY. He was the most fascinating person in the world. Ah, those were the days. There's one photograph I found online of Sam Bankman-Fried with, is it Fried or Friend? I don't know. No, Fried. It's Fried, is it? Sam Bankman-Fried. He's on stage.

---

JOHN HAWES. I like Friend. Friend would be much nicer.

---

GRAHAM CLULEY. He's on stage in his shorts with Bill Clinton and Tony Blair. Who've obviously been paid a huge amount of money to turn up to his conference in the Bahamas. It's okay.

---

CAROLE THERIAULT. Again, we know where the money went.

---

GRAHAM CLULEY. This is indoors in some kind of stadium or conference centre or something. And what they've done is they've created a fake beach, a fake beach indoors. And the audience are lounging around on beanbags on this sand. Well, I guess it is a real beach. It's just not by the seaside.

---

JOHN HAWES. You know, it's indoors. Do you think they just dug— if they're in the Bahamas, do you think they just dug up the real beach outside and moved it inside?

---

GRAHAM CLULEY. Maybe they did. Maybe they just dug up the floor and there was sand underneath. I don't know, but there've been lots of celebrity endorsements, not just Blair and Clinton and someone from One Direction. There's a supermodel, Gisele Bündchen.

---

CAROLE THERIAULT. Okay, none of these people, as far as I know, are experts in crypto or in finance.

---

GRAHAM CLULEY. Hmm. Well, Gisele Bündchen, she was FTX's environmental advisor.

---

JOHN HAWES. Is she an expert in the environment?

---

GRAHAM CLULEY. If you've got someone like Sam Bankman-Fried Fried, or Fried, looking after— I wish I knew how to say it— looking after all your cryptocurrency millions. You don't need other experts. What you need is someone to explain with you. You need a Larry David. You need an Orlando Bloom. You need somebody like that instead to represent your company, to be there on stage reassuring you that it's all right to get involved. And that's what's been happening.

---

CAROLE THERIAULT. Yes. And it's worked out really well, hasn't it?

---

GRAHAM CLULEY. Well, not that well.

---

CAROLE THERIAULT. Right.

---

GRAHAM CLULEY. Because even though people thought this, always they thought this chap, whatever his name is, he's a good fella. You know, he's into video games like you, Carole. You know, he's, in fact, he enjoyed one video game called Storybook Brawl so much he bought the maker of the video game. He actually thought, well, I just buy them. I won't just buy the game. I'll buy the entire company.

---

JOHN HAWES. I bet that was real money.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. He would boast about the hundreds of millions that he'd handed out to charities. It gave him the nickname crypto's white knight. He even bailed out other cryptocurrencies that were failing. But earlier this month, he was going around the same industry trying to raise money to save his company and customers because FTX collapsed amid reports of mishandled customer funds, US agency investigations, This is the largest crypto-related bankruptcy ever filed. So it's a big deal. It's a big deal. And other cryptocurrency companies are also suffering due to the demise of FTX, putting even more people's investments at risk.

---

JOHN HAWES. Well, yes, they all seem to invest in each other, which doesn't seem very wise.

---

GRAHAM CLULEY. Well, it appears that this chap's other company, which was supposed to be independent, were basically investing in each other and money from one was going to the other. This sort of thing that—

---

CAROLE THERIAULT. Yeah, but they were like teenagers that couldn't keep keep their hands off each other.

---

GRAHAM CLULEY. Yeah. Well, I suppose so. And it's not just the teenagers. His parents, they were somehow involved. His parents bought property in the Bahamas worth $121 million. How can you spend that much money on property in the Bahamas? Surely that is all of the Bahamas, isn't it?

---

CAROLE THERIAULT. Well, I don't think it's very cheap to live there.

---

GRAHAM CLULEY. That's still quite a lot of money.

---

CAROLE THERIAULT. Correct.

---

JOHN HAWES. It'd only be a small hotel.

---

GRAHAM CLULEY. Now, this chap has now stepped down. He's been replaced by a guy called John Ray as the CEO. John Ray.

---

JOHN HAWES. That sounds like a made-up name.

---

CAROLE THERIAULT. Don't you think it's hilarious though? This guy has lost what you quoted as $150 billion, right? Destroying markets all over the place. And he's like, well, okay, okay, I'll step down.

---

GRAHAM CLULEY. Like, it's just like, oh my God. He didn't directly lose $150 billion. That's what was wiped off the price of cryptocurrencies.

---

CAROLE THERIAULT. Of course.

---

GRAHAM CLULEY. Yeah. It's just a—

---

CAROLE THERIAULT. He was the CEO and the leader of the company that was doing it. And also the one behind the little shenanigans of where's the money actually going? Why are both these companies offsetting each other? It's not good. It's not good.

---

GRAHAM CLULEY. It's not good. It's not good. In fact, John Ray, the new CEO, he says that he's never seen such a complete failure of corporate controls. I don't know where he's worked in the past, But he's comparing it and saying this one's a bad one.

---

JOHN HAWES. Are we sure John Ray actually exists?

---

GRAHAM CLULEY. No, not at all.

---

JOHN HAWES. He could be a hypothetical person.

---

GRAHAM CLULEY. He could be entirely faked. Now, I doubt the celebrities who've been associated with FTX are very happy. So Gisele Bundchen, Thom Brady, Stephen Curry. I don't know who any of these are. Shaquille O'Neal. I think he's some kind of sportsman. They are now all defendants alongside Bankman-Fried in a class action suit that claims they may have hyped up the FTX brand to their social media followers and not divulged that, oh yes, I was paid to say that this was brilliant, by the way.

---

CAROLE THERIAULT. Oh, what? So they're being accused of saying, this is great, you guys should get this without saying they actually gave me some money in order to do this.

---

GRAHAM CLULEY. Quite. Or they haven't revealed just how much money. So it's a bit like—

---

CAROLE THERIAULT. Well, no one reveals exactly how much money they've been paid for a gig. Right?

---

GRAHAM CLULEY. Well, no. John, would you reveal how much money you've been paid to come on the Smashing Security podcast today?

---

JOHN HAWES. No, I keep that between myself and my accountant.

---

GRAHAM CLULEY. Well, now here comes the big link to Twitter, because for the last 3 weeks I've been talking about Twitter, and Carole has banned me from talking about Twitter. Carole, even though I've been bad, can I say there have been people who've been asking me to carry on talking about it.

---

CAROLE THERIAULT. I'm sure there have.

---

GRAHAM CLULEY. Sure.

---

JOHN HAWES. And you may not have much time left to talk about Twitter.

---

GRAHAM CLULEY. Yeah, exactly. Exactly. But there is a link to Twitter because on Friday last week, someone using a verified account with a little checkmark, the blue checkmark thingy, the label, they posed as FTX founder Sam Bankman-Fried and they posted a deepfake video pretending to be Sam Bankman-Fried offering FTX users compensation for their losses.

---

CAROLE THERIAULT. Okay. Can I ask a question?

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. When did he step down as CEO? Was it before this went out?

---

GRAHAM CLULEY. Yes, it was. But you know, if you're not following it that closely and if he is the face of the company, which I think most people would consider him to be, I think a lot of people would think, oh, this could possibly be legitimate. I've got the audio. We can listen to it right now. Cool.

---

CAROLE THERIAULT. Hello everyone. As you know, our FTX exchange is going bankrupt. But I hasten to inform all users that you should not panic. As compensation for the loss, we have prepared a giveaway for you in which you can double your cryptocurrency. To do this, just go to the site FTX compensation.

---

GRAHAM CLULEY. So he's telling people to go to the—

---

CAROLE THERIAULT. I don't even know what he sounds like. I'd be like, I don't know.

---

JOHN HAWES. I'm not even sure what he looks like other than having big curly hair.

---

GRAHAM CLULEY. Yeah.

---

JOHN HAWES. Could have been anyone.

---

GRAHAM CLULEY. He looks a bit like Duck who comes on the show sometimes, I think. Duck has big curly hair. He does. So in the video, this deepfaked SBF, he confirms FTX is going bankrupt, but he says, don't worry, you can double your money. Go to this website, ftxcompensation.com. You know, and we all know what's gonna happen.

---

CAROLE THERIAULT. You know, how many people would fall for that? We're going bankrupt, but hey, you can double your money. Like how? I guess you go ahead and go to ftxcompensation.com to find out and then get screwed.

---

GRAHAM CLULEY. Exactly. And then you'll get screwed, of course. And cryptocurrency companies are screwing up left, right, and centre. Just the other day, the CEO of one cryptocurrency company said that his company had accidentally sent $416 million worth of cryptocurrency to the wrong address instead of his cold wallet. Uh, so, but they were able to ask for it back. They asked for it back and they got it back. Apparently.

---

JOHN HAWES. Well, that's nice.

---

CAROLE THERIAULT. I have a tip for everybody doing this. I really have a strong tip. So, You are about to transfer a ginormous amount of money.

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. How about transferring $1 first just to make sure it arrives at the destination that you expect it to? And then you can do some little tweaks and it'll only cost you a buck.

---

JOHN HAWES. Well, maybe that's what he was doing. Maybe $416 million was just a little test payment.

---

GRAHAM CLULEY. I did something like this once. I had to pay my income tax bill once to the Inland Revenue.

---

CAROLE THERIAULT. Only once?

---

GRAHAM CLULEY. Well, every year, okay. But on this particular occasion, they said, you know, you need to pay us this much and here's all the details. So I wired the money over, but being a bit of a doofus, I entered the account number that I had to send it to. I transposed two of the digits. And so I sent quite a large amount of money, not $416 million, but close. Yep, yep, a lot of money to me at least. And I said I sent it to the wrong account. And then, you know, and I only realized about a month and a half later when the Inland Revenue got in touch and said, you still haven't paid us, you're going to be fined. And I was like, whoa, whoa, whoa, whoa, whoa, whoa, whoa, whoa, whoa. What are you talking about? Now? I managed to sort that out, thankfully, but quite scary when it happens. And maybe easy to enter the wrong number or you know, if you don't have a. Didn't do something sensible like cut and paste, which maybe I should have done.

---

CAROLE THERIAULT. If you were Sam Bankman-Fried freed friend, what, how do you—

---

GRAHAM CLULEY. That is taking double-barreled to quadruple-barreled now.

---

CAROLE THERIAULT. Quintupled.

---

GRAHAM CLULEY. That's excessive. That's excessive.

---

CAROLE THERIAULT. How would you feel you'd behave walking around?

---

JOHN HAWES. You'd be wearing a hat, wouldn't you?

---

CAROLE THERIAULT. Would you, and a hoodie and a—

---

GRAHAM CLULEY. Big hat with his hair.

---

CAROLE THERIAULT. Yeah. Would you wear one of those noses with, you know, those glasses with the fake noses and tap dance?

---

GRAHAM CLULEY. The Groucho Marx glasses. Yeah, Groucho Marx glasses, yeah.

---

CAROLE THERIAULT. It could all be a bit of a—

---

GRAHAM CLULEY. be a bit hot like that in the Bahamas, couldn't it? If you're doing that.

---

JOHN HAWES. You wouldn't stay in the Bahamas, would you?

---

GRAHAM CLULEY. I don't know. Well, that's where Tony Blair is.

---

CAROLE THERIAULT. Yeah, there'd be a lot of people that would want to see you trip up, let's just say.

---

GRAHAM CLULEY. Yeah, I think you're right. Well, maybe, you know, follow Carole's advice and keep all your money under your bed.

---

CAROLE THERIAULT. I never said that, but okay.

---

JOHN HAWES. And always use copy-paste when you're putting in account numbers.

---

GRAHAM CLULEY. Well, unless you've got a piece of malware which changes the clipboard en route.

---

JOHN HAWES. Oh, yes.

---

GRAHAM CLULEY. Which could do that, couldn't it? It could change it.

---

JOHN HAWES. Also, always look at what you filled in afterwards and check it matches what you meant to fill in.

---

GRAHAM CLULEY. Actually, it's a great idea. If you had a bit of malware which looked for a cryptocurrency wallet address, if it thought that's a cryptocurrency wallet address, I will change it to one under my control.

---

CAROLE THERIAULT. What the fuck are you saying to people?

---

JOHN HAWES. I'm fairly sure that's being done.

---

CAROLE THERIAULT. What is wrong with you?

---

GRAHAM CLULEY. John, what's your story for us this week?

---

JOHN HAWES. Right. Well, I know I've been on the show a few times and I, looking back, I seem to have talked about IoT quite a lot.

---

GRAHAM CLULEY. Teledildonics a fair amount, as I remember as well.

---

JOHN HAWES. Yes, that's what I was going to say. It is usually more kind of niche areas.

---

GRAHAM CLULEY. Keep that IoT device out of my niche area, thank you. Yes.

---

JOHN HAWES. Yeah, so there's things that sort of apply to specific groups of people and most of us can just say, ah, maybe I'll just avoid that kind of tech. This week I wanted to talk about something a bit more mainstream. Something that's actually becoming more mainstream very fast, which is probably a big part of the problem. So it's electric vehicle charging stations.

---

CAROLE THERIAULT. Ooh, Graham has an electric car.

---

JOHN HAWES. Yes. Yes.

---

GRAHAM CLULEY. Yes.

---

JOHN HAWES. So when you, when you're driving along in your electric car and your battery's getting a bit low, when you're looking around at the many options for charging stations in your area, do you think about how secure they might be before you choose one to plug into?

---

GRAHAM CLULEY. I don't. It depends how desperate I am for power.

---

JOHN HAWES. Ah, you see.

---

GRAHAM CLULEY. I tend to think more, I look for particular brands, ones which I know are reliable because a lot of them are quite broken and ones which will charge me up quickly so I can get on with my journey.

---

JOHN HAWES. So you're thinking about speed and reliability rather than necessarily than security or anything like that.

---

GRAHAM CLULEY. Yeah, I must admit I am. Yes.

---

JOHN HAWES. Yeah. Okay. So yeah, so I was reading, there's a, a very interesting, uh, paper put out by Sandia Labs, which is one of the America's big three national laboratories.

---

CAROLE THERIAULT. Mm-hmm.

---

JOHN HAWES. Based in the beautifully named Albuquerque. Um, so they've spent four years looking at, uh, EV charging, not doing their own research specifically, but looking at, uh, sort of meta-analysis of reports from all other places as well. Other labs, academia, pentesters. Smashing security firms and, um, kind of putting this all together with the stuff that they'd been working on themselves. And basically the results were pretty much every single device they looked at had at least some kind of problem.

---

CAROLE THERIAULT. But like problems that we need to be worried about or problems like—

---

JOHN HAWES. Well, pretty much, yeah. So they, they kind of, they identify 4 main areas of these devices connecting to things. So obviously they connect to cars.

---

CAROLE THERIAULT. Mm-hmm.

---

JOHN HAWES. Um, with a cable to put the power in, but obviously they also have to have some ways of measuring whether that's working and when to stop and things like that. The more sophisticated ones kind of basically interface with the car so they can talk to it and maybe identify it so you can just be billed automatically or get all kinds of other useful information out of the car.

---

GRAHAM CLULEY. Oh, yes.

---

CAROLE THERIAULT. Okay.

---

JOHN HAWES. They obviously also interact with the user, the driver, who might want to, you know, pay with a card or using a phone app. And apparently some of them even show targeted ads depending on who's using it at a given moment. Um, they also interact with the central control, whoever, you know, the operator of the charging station so that they can make sure they keep working. Very important for Graham. He needs them reliable.

---

GRAHAM CLULEY. Yeah. Yeah. Yeah.

---

JOHN HAWES. Who can go out and fix them if they break down and things like that.

---

GRAHAM CLULEY. Oh, it's a bloody nuisance. I'll tell you, if you're there at 2 o'clock in the morning and the thing isn't working properly. I once had the situation where the thing was plugged into my car and I couldn't disconnect it from my car. I couldn't tell. The EV charger to stop.

---

CAROLE THERIAULT. I remember this.

---

GRAHAM CLULEY. So there's a button to say stop and it just carried on and it's like, well, no, I want to go now. And so I rang up this guy and he said, well, we can send round a repair crew tomorrow morning. It's like, what? You say I have to stay here till tomorrow morning?

---

JOHN HAWES. Sleep in your car.

---

CAROLE THERIAULT. But why do you do it in the middle of the night?

---

GRAHAM CLULEY. Because that—

---

JOHN HAWES. People drive in the middle of the night sometimes.

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. I don't think Cluley necessarily has reasons to have to put his charging in the middle of the night, or is there a reason?

---

GRAHAM CLULEY. On this particular occasion, I did.

---

CAROLE THERIAULT. You charge that night a lot. Come on.

---

GRAHAM CLULEY. Well, no, it was about— it was probably like midnight when I started. Outside working hours.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. Yes, it was outside. Yes, I'm just saying, when I'm going— I'm a bit like—

---

JOHN HAWES. electricity doesn't have working hours.

---

CAROLE THERIAULT. Yes, I'm just saying that In order to expect people to come running to your aid, it might be better to do it in working hours.

---

GRAHAM CLULEY. I wasn't expecting anyone to run to my aid. I was expecting the stop button to stop the bloody thing, or for them to not be upset if I put my car into reverse and just drove away with the cable still attached. Because I thought, well, I want to go. And then of course, I have to be— I'm going to be charged because it's going to fill up the car all the way. It's like, well, I don't want to pay all this. Wow.

---

CAROLE THERIAULT. First world problems, eh?

---

JOHN HAWES. Mm-hmm.

---

CAROLE THERIAULT. Yeah. Okay.

---

JOHN HAWES. But yes, back to the story. Reliability is clearly quite important.

---

GRAHAM CLULEY. Yes.

---

JOHN HAWES. And obviously the operators knowing if there are problems is a big thing. So pretty much all of these devices are online for that, mainly for that purpose. But also obviously to do with the power grid, because this, you know, these are things using quite a lot of power. And as we get more and more of them, I think I saw 200,000 have been set up in the UK in the last 5 years. So that's, that's obviously, that's another way of these, these things are connected. And then the final one, they have, they have maintenance connectivity. So some of them might have USB or even Ethernet sockets inside. So all you have to do is prise the lid off and plug something in. Um, they might have remote connections like Telnet or web interfaces.

---

GRAHAM CLULEY. Oh dear.

---

CAROLE THERIAULT. What have you done, Cluley?

---

JOHN HAWES. Somebody found, I think it was Kaspersky, found that they could cause one to factory reset just by flashing the right set of lights at a little photosensitive thing on the device inside.

---

GRAHAM CLULEY. What, you just flash your car lights at it?

---

JOHN HAWES. Well, no, I think you had to be a specific kind of light and a specific pattern of flashing. You couldn't just—

---

GRAHAM CLULEY. What?

---

CAROLE THERIAULT. How would they discover that? That must have been insider information.

---

JOHN HAWES. Did a lot of flashing, I imagine. So yeah, so there's all these different ways that these devices are connected, and there seem to be basically vulnerabilities in pretty much all of them, um, in some form or another, in, in all different devices and, and all the different vectors, they found at least some examples of potential issues. And some of these could be, you know, I mean, for the user, I mean, there are fairly standard things like you could, uh, steal your personal info and skim your, your payment info or clone your cards or things like that. Or they could even, you know, reprogram a machine so it tells you it's charging you I don't know what the prices are, 10p a gigawatt or something, and it's actually charging you a million pounds.

---

GRAHAM CLULEY. Or hold your car hostage so you can't disconnect the radio. Right.

---

JOHN HAWES. Right.

---

GRAHAM CLULEY. It could have displayed a message saying, pay this amount cryptocurrency if you want to get home at 2 o'clock in the morning.

---

CAROLE THERIAULT. Right.

---

GRAHAM CLULEY. In the rain. Did I mention the rain, by the way? It was raining a lot.

---

CAROLE THERIAULT. Yes.

---

JOHN HAWES. Did it occur to you, Graham, that possibly that machine that you were connected to had actually been specifically hacked to keep you there while someone broke into your house and installed cameras in the toilet.

---

GRAHAM CLULEY. Well, thanks for that thought, John.

---

JOHN HAWES. Well, it could happen, right?

---

GRAHAM CLULEY. Right.

---

JOHN HAWES. According to Sandia Labs.

---

GRAHAM CLULEY. Is that what Sandia Labs specifically said?

---

JOHN HAWES. Yes, they said Graham should be worried about that stuff.

---

GRAHAM CLULEY. Check his toilet.

---

JOHN HAWES. Yes. Yes.

---

GRAHAM CLULEY. Right.

---

JOHN HAWES. I mean, the other, I mean, you could also, you could be shown the wrong adverts. That's another.

---

GRAHAM CLULEY. Oh, that'd be disastrous.

---

JOHN HAWES. Yes. That would be a pretty, pretty horrific situation.

---

GRAHAM CLULEY. Or maybe no adverts at all. Imagine how horrible that would be.

---

JOHN HAWES. How would you live? Um, but then obviously there's the problems for the other end as well, for the, the charging station operators. So if you've got these devices that are connected to your corporate network, is highly secure from the outside, and someone can just go and plug into one of these devices, they've got a little backdoor straight into your whole setup. Um, and probably the same for, for a home network as well. If it's, if it's attached to your, your home Wi-Fi, it could be a, a route into that. And then finally, there's also for the electrical grid, you know, these things are now becoming a key part of our critical infrastructure. People need their cars to get around. They need electricity for pretty much everything these days. And if you can hack enough of these machines and fiddle with the grid, you know, these things are very delicate. They depend on the right frequencies and things like that. And if you can cause weird waves and things, you could potentially take down entire electrical grids.

---

CAROLE THERIAULT. I'm imagining the grids are quite well defended.

---

JOHN HAWES. Well, most things are, yes. But there are lots of statistics in the paper about, you know, the, the amount of power that would be required to cause this level of outage on this sort of grid. So they've kind of looked at this in quite detail and they, they're like, there's quite a lot of potential dangers here.

---

GRAHAM CLULEY. Well done, John. You're such a harbinger of, coat hanger of doom, I'd describe you as.

---

JOHN HAWES. Well, no, there is some good news.

---

GRAHAM CLULEY. Oh, there's some good news.

---

JOHN HAWES. Thank you.

---

GRAHAM CLULEY. Fine. Good.

---

JOHN HAWES. The people behind the report and various others are working on standards and best practices, which obviously is always a good thing, in the US at least. The UK actually adopted a set of legal requirements for cybersecurity and other features of electric charging points was adopted into law at the end of last year. But it doesn't actually come into force until next year and will only apply to new kit. So basically this huge rush to, to get caught up and have lots and lots and lots of charging stations is all taking place before the new requirements come in.

---

CAROLE THERIAULT. Ah, I see.

---

GRAHAM CLULEY. Can I ask, is there an FCAEDSO? Is there an electric vehicle charger testing standards organization that you are about to set up?

---

JOHN HAWES. Not that I'm aware of. There probably should be.

---

GRAHAM CLULEY. Yeah, from the sound of you, that's what you want to set up, isn't it? Well, you want to make some cash out of this.

---

JOHN HAWES. Well, actually, interesting, AMSO recently put out a paper on, on testing of IoT security devices. So not, not actually the specific devices themselves, but devices that claim to provide security for them and how you can prove those claims. So possibly we could expand into this area and then make sure your car can disconnect itself now and again.

---

GRAHAM CLULEY. Please. That's what I'm like.

---

CAROLE THERIAULT. So basically every time Graham in the middle of the night goes to get his car charged and goes for a leak, he's actually probably also risking leaking information through the charger because he's paid no attention to which charger he's plugged in.

---

GRAHAM CLULEY. Very clever.

---

JOHN HAWES. Like, very good. Like what you did there.

---

CAROLE THERIAULT. Little laboured. Come on, guys.

---

GRAHAM CLULEY. I do get up quite often in the middle of the night to take a leak, but I don't normally jump in the car and charge it at the same time because that could be dangerous, couldn't it? That's right. Current, as it were. That's right. Carole, what have you got for us this week?

---

CAROLE THERIAULT. Um, well, I was gonna say, for the last few weeks, Graham has been bombarding us with what Elon Musk is doing on Twitter. Uh, and I get it, it's car crash TV, isn't it? It really is. And we know you care about Twitter, both like for business and maybe splash of ego reasons. Maybe tiny splash, Graham. Too tight.

---

GRAHAM CLULEY. Let's not bring my ego splash into things.

---

CAROLE THERIAULT. That's just your bromance with Elon. Your bromance with him.

---

GRAHAM CLULEY. I don't have a bromance with him. He's an asshole.

---

CAROLE THERIAULT. Well, we've been going on about their $40-something billion price tag for Twitter, but that is, um, a drop in the pond when compared to the massive consumer deal of Microsoft's takeover deal of Activision Blizzard for a whopping $68 billion and change. Now, this was announced at the beginning of this year. And I'm not a gamer. John, I know you're a bit of a gamer. Graham, you are too, or your son is at least. So I actually had to look up what Activision Blizzard was. I really didn't know, right? And I know now it's Sony's— one of Sony's— Nintendo's biggest rivals. And Activision say on its website that it continues to disrupt the world of entertainment with its extensive roster of epic blockbuster games like Pitfall, Tony Hawk, Guitar Hero, Crash Bandicoot, Skylanders. Do you know any of these? Call of Duty.

---

GRAHAM CLULEY. Wasn't Pitfall out in the '70s?

---

CAROLE THERIAULT. I mean, they've been around since '79. Yeah.

---

GRAHAM CLULEY. Yeah.

---

JOHN HAWES. They've been, been sort of mopping up lots of other companies as well.

---

GRAHAM CLULEY. Yes, that's right. Yeah. A lot of gobbling going on.

---

CAROLE THERIAULT. They have a lot of users. Blizzard had apparently 31 million users on the platform last quarter. So that's, you know, that's, that's pretty impressive. Now, back in January, when Microsoft announced its plan to buy Activision Blizzard, they wrote in their press release with 3 billion people actively playing games today and fueled by a new generation steeped in the joys of interactive entertainment, gaming is now the largest and fastest growing form of entertainment. And so Microsoft, actually, do you guys happen to know what its ranking is? So it's one of the top 10 biggest technology firms in the world.

---

JOHN HAWES. Microsoft?

---

CAROLE THERIAULT. Yeah, Microsoft is.

---

JOHN HAWES. On what, on what measures? On number of people? Amount of money?

---

GRAHAM CLULEY. Okay, yeah, tell, tell us first of all number of people, John, then tell us the amount of money. We want to hear this. Good.

---

JOHN HAWES. And yes, and what makes it a, a tech company?

---

CAROLE THERIAULT. Okay, and Microsoft— the upshot here, the upshot, the upshot is that when this transaction closes, Microsoft is said to, from its own press release, says it will then become the world's third largest gaming company by revenue, behind Tencent and Sony. And the planned acquisition includes all the iconic franchises from Activision Blizzard, right? So all the things we talked about. You guys played Candy Crush, didn't you? That's part of the empire, Candy Crush.

---

GRAHAM CLULEY. No, I've never played.

---

CAROLE THERIAULT. Yes, you did.

---

GRAHAM CLULEY. No, I've not ever played Candy Crush.

---

CAROLE THERIAULT. Really?

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. You have a lot of views on it.

---

GRAHAM CLULEY. I refuse to.

---

CAROLE THERIAULT. You didn't have to pay any money. You could just play and not pay money.

---

GRAHAM CLULEY. Well, no, I think from what I've heard, Candy Crush is like crack cocaine. I deliberately avoided it because I thought that—

---

JOHN HAWES. Oh, very, very sensible.

---

GRAHAM CLULEY. Yes. I am very sensible.

---

CAROLE THERIAULT. John, you played it for quite a while.

---

JOHN HAWES. Yeah, I dabbled for a while. Yes.

---

CAROLE THERIAULT. How long? Like 3 years?

---

JOHN HAWES. I don't, I don't remember now. It was one of those things that you just kind of pick up for 10 minutes and—

---

GRAHAM CLULEY. Yeah, like crystal meth.

---

JOHN HAWES. Well, because it has, because it has a built-in, like, oh, you've run out of time, give us some more money or go away.

---

GRAHAM CLULEY. Exactly, exactly. It's evil.

---

JOHN HAWES. Well, it's not if you just put it down and go, oh, I've run out. I'll look in again in 12 hours or whatever it tells us.

---

GRAHAM CLULEY. You're very strong-willed, John. You're famously strong-willed and many of us aren't, you know, are not.

---

JOHN HAWES. Famously.

---

GRAHAM CLULEY. Don't have the discipline which you have.

---

CAROLE THERIAULT. Well, Microsoft is going to have Candy Crush, the, uh, what do you call it? What did you call it? Fentanyl? Is that what you think it is?

---

GRAHAM CLULEY. All of these things, yeah.

---

CAROLE THERIAULT. Uh, but the company will also get the 10,000 employees that currently work at Activision. And for Activision, this deal, apparently the timing could not have been better because according to Time magazine, the company run by CEO Bobby Kotick—

---

GRAHAM CLULEY. Bobby, Bobby Kotick.

---

JOHN HAWES. That's another made-up person.

---

CAROLE THERIAULT. Kotick is K-O-T-I-C-K. Kotick.

---

GRAHAM CLULEY. Okay, all right.

---

CAROLE THERIAULT. Kotick. Coochie coochie.

---

GRAHAM CLULEY. It's possible. It's possible. Little Bobby Tables.

---

CAROLE THERIAULT. Yeah, yeah, Bobby Kotick, I'll call him Bobby Kotick. Since 1991, it has been in distress with a falling share price, a result of public scrutiny and lawsuits based on numerous allegations of discrimination, sexual harassment, and toxic workplace culture. Right, so okay, so we have two kind of tech giants here who want to make a deal and announce it, you know, and announce this back in January. Yeah, so, so how's it going? Because there's been a few little neglects, shall we say.

---

GRAHAM CLULEY. I haven't heard anything about this. What's been going wrong?

---

CAROLE THERIAULT. Okay. So, so one is just a spat amongst the gaming giants or the competition. So obviously Sony is not going to love that this deal is going through. Remember, Activision Blizzard has lots of games that play on different platforms. That's part of its magic. But Microsoft and Sony— Sony, who's the king of the gaming world, and Microsoft, who wants to notch up a few rankings, will have to honor deals that Activision have already done with Sony. And Sony's going, well, no, we don't want your money. We don't want to have a license with you, Microsoft. So they're all sparring about each other, between each other.

---

GRAHAM CLULEY. Couldn't they resolve this by doing an online beat 'em up or something rather than giving lots of money to lawyers? They could just—

---

CAROLE THERIAULT. Well, yeah, it seems to be all about Call of Duty, actually. So Microsoft say that they will not rip Call of Duty from the PlayStation. And they reportedly offered a 10-year deal to Sony to keep Call of Duty on the PlayStation, but Sony have been told, said that they've declined so far.

---

GRAHAM CLULEY. Oh, I understand. So the problem is that Microsoft has its own gaming console, just like Sony does. And so there are deals between Activision. I get it now. Activision and Blizzard, there may be exclusives which are exclusive to the PlayStation and Microsoft's thinking, well, we want that on the Xbox.

---

CAROLE THERIAULT. Well, according to Microsoft are saying, look, we'll honor all that deal. Sony are saying, will you? Are you? You could pull it anytime. So there's all this sparring going on, but bigger than that is the feud with regulators. So for this deal, there are 16 governments that must bless the purchase, you know, and this is putting Microsoft under the most regulatory pressure it's faced since the antitrust battles of the '90s, according to the New York Times. So of these 16 governments reviewing this Activision deal, just Saudi Arabia and Brazil have approved it so far. Microsoft says it's expecting Serbia to approve it any day now, but it seems that some governments are putting the brakes on the deal in order to review it seriously in terms of how it will impact the balance of power and whether a deal of this size will freeze out competition.

---

JOHN HAWES. Why, why is Serbia one of these deciding countries?

---

CAROLE THERIAULT. Okay, so I spent some time, and if any listener out there knows about this, I'm fascinated to understand, like, how are the governments selected So who decides how many countries have to be involved in this to say, yes, go ahead or don't go ahead? The company's just chosen that out of a hat. It's fascinating. I couldn't—

---

JOHN HAWES. That seems unlikely. Presumably it's something to do with where the companies are based or operational that have people.

---

GRAHAM CLULEY. Yeah. Workforces. Yeah. Could this not all have been sorted out if Microsoft has said, look, Sony, we know you're a little bit upset about this. We're going to give you a game. Which you can keep. You can have Minesweeper. We don't need it anymore. We'll throw in Windows for Workgroups. You know, you can have that.

---

CAROLE THERIAULT. You can get the paperclip.

---

GRAHAM CLULEY. You can have a site license. Exactly.

---

CAROLE THERIAULT. Come on. So, okay. So we have, there's 3 key places where regulators have begun deep reviews and they're basically putting the brakes. One is the UK. So the CMA or Competition and Markets Authority announced it was in investigating the anticipated acquisition, and now they've decided to open another investigation, expanding their investigation into multiple threats to do with competition, competitive issues. So, okay, so that's the UK. So they put the brakes on. In October, the European Commission announced its plans to launch an in-depth investigation into Microsoft Activision Blizzard deal. According to Politico, this is after the US tech giant Microsoft opted not to file remedies to the EU's antitrust enforcers. The FTC in the US is expected to rule this month, and they are said to have significant concerns. So this is a big deal because, A, gaming is huge. Like, I know in our countries we don't have it nearly as much as it is in Asia. It's like, that's where the market really is. 50% of the market seems to be over in Asia. Microsoft is kind of selling the message right now of gaming is for everyone everywhere. But of course, should regulators be paying attention to this? And I of course say yes, cuz it feels like this is like the first time that regulators are ahead of the game and aren't, you know, they're not dealing with something after everything has been signed, sealed, and delivered. Maybe it's the end of the tech wild west. That's why we should care. Maybe they're finally paying attention to what the big boys are doing and how it might impact, you know, and disadvantage the rest of us, us users.

---

JOHN HAWES. Yes. And it's all, it comes down to that, the people owning both the hardware and the software, right?

---

GRAHAM CLULEY. Do you think we'd all be happier with just a hoop and a wooden stick and just playing with one of them in the back garden? Wouldn't that be better? Maybe, you know.

---

CAROLE THERIAULT. Is that a euphemism?

---

GRAHAM CLULEY. No, no. I don't know.

---

CAROLE THERIAULT. Hoop and sticks. I don't know.

---

JOHN HAWES. One of them's longer than it is wide.

---

CAROLE THERIAULT. So yeah, so you don't care because Elon Musk is not the head of this. That's the problem.

---

GRAHAM CLULEY. No, no, I, I, I, I'm just wondering what, what the impact is going to be on us.

---

CAROLE THERIAULT. Well, if the deal doesn't go through.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. Right. If the deal doesn't go through, that's going to be fascinating because they've already announced it. Right. And they expect it to close June 2023.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. It seems as though the regulators getting involved would slow that deal down. Because you have 16, okay, well, 13 now that haven't yet signed and said, okay, go ahead. And there's a lot of gamers there that are waiting to know what happens. Like, you know, what platform should I buy for my kid? Are they going to be available on them? Should I actually buy the Microsoft one because they might have all the games?

---

GRAHAM CLULEY. Yeah. Deary me.

---

JOHN HAWES. Speculative shopping, risky.

---

GRAHAM CLULEY. There is always that RegEx game, which I pointed people to last week if people want to have a good bit of fun.

---

CAROLE THERIAULT. Yes. Yeah, John, you should check that out. Out. I think it's right up your street. You'd love that.

---

GRAHAM CLULEY. Regular expressions, John, are you into those?

---

JOHN HAWES. Oh, I'm all over them.

---

CAROLE THERIAULT. Mm-hmm.

---

JOHN HAWES. But aren't basically all games moving to phones anyway? People still going to have these consoles?

---

GRAHAM CLULEY. Well, yes, John, all these franchises, which Microsoft will now own, having gobbled up Activision, will obviously only be available on your Microsoft phone rather than, you know, on everything else.

---

JOHN HAWES. Is there still a Microsoft phone?

---

GRAHAM CLULEY. Well, maybe there will become a gaming phone, who knows, or a mobile gaming a gaming device from Microsoft, the Xbox Mobile, who knows?

---

CAROLE THERIAULT. Sign me up.

---

JOHN HAWES. Couple of years' time, basically your phone is going to be as powerful as the Xbox could ever possibly want to be.

---

GRAHAM CLULEY. Will it ever have a huge fan on it as well to cool it down?

---

JOHN HAWES. No, no, no, I won't need any of that. It'll just be a phone and it'll, you know, it'll transmit the game to your, your massive screen that's projected onto your wall or whatever. You won't need a special device.

---

CAROLE THERIAULT. You heard it here first, the crystal ball of John Hawes.

---

GRAHAM CLULEY. The challenge with endpoint security has always been that it's difficult to scale, and when remote work took over, that challenge got exponentially harder. You need visibility into your fleet of devices in order to meet security goals and reduce service desk tickets. But how do you get that visibility when different parts of your company run on Mac, Windows and Linux? Well, you get Kolide. Kolide is an endpoint security solution that gives IT teams a single dashboard for all devices, regardless of operating system. Kolide gives you real-time access to your fleet's data and can do things that traditional MDMs can't. And instead of installing intrusive agents or locking down devices, Kolide takes a user-focused approach that communicates security recommendations to your workers directly on Slack. You can answer every question you have about your fleet without intruding on your workforce. Visit kolide.com/smashing to find out how. If you follow that link, they'll hook you up with a goodie bag just for activating a free trial. That's k-o-l-i-d-e dot com slash smashing. And thanks to Kolide for supporting the show.

---

CAROLE THERIAULT. Smashing Security listeners, did you know that Bitwarden is the only open-source, cross-platform password manager that can be used at home, on the go, or at work? Bitwarden's password manager securely stores credentials spanning across personal and business worlds. And every Bitwarden account begins with the creation of a personal vault, which allows you to store for all your personal credentials. These are unique and secure passwords for every single account you access. And it's easy to set up. It's easy to use. I honestly love Bitwarden. I use it at home, use it at work, use it on the go. Get started with a free trial of a Teams or Enterprise plan at bitwarden.com/smashingsecurity. Or you can even try it for free across devices as an individual user. Check it out at bitwarden.com/smashing. And thanks to Bitwarden for sponsoring the show.

---

GRAHAM CLULEY. Show sponsor Pantera is taking a whole new approach to penetration testing, allowing every organization to continuously test the integrity of all cybersecurity layers. Including against ransomware and leveraging leaked credentials by emulating real-world attacks at scale all day, every day. This approach helps security teams across the globe to cope with one of today's top security challenges: the growing digital footprint of the enterprise. To help out, Penterra security experts are sharing with us a few tips on how to identify your exploitable attack surface. So here is tip number 1: Penterra recommends always taking the adversarial perspective. The best way to find exploitable vulnerabilities is to, well, exploit them. From here, security teams can hand over remediation requests to IT that are based on true business impact. Find out more by going to smashingsecurity.com/penterra. That's smashingsecurity.com/p-e-n-t-e-r-r-a. And thanks to Penterra for sponsoring the show. And welcome back. Can you join us for our favorite part of the show? The part of the show that we like to call Pick of the Week.

---

CAROLE THERIAULT. Pick of the Week.

---

GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security related necessarily.

---

CAROLE THERIAULT. Better not be.

---

GRAHAM CLULEY. Well, my pick of the week this week is not security related. Following the success of my regular expression game that I pointed people to last week, I thought maybe I needed something which was going to appeal to a wider audience. And I stumbled across a YouTube channel run by someone called Nas, N-A-S-S. And what Nas does is he takes old vintage video from, you know, films from the '30s and the '40s from San Francisco, New York, London, Vancouver, New Jersey.

---

JOHN HAWES. Film rather than video, presumably.

---

GRAHAM CLULEY. Yes. Yeah. Very well spotted, John. He takes these— oh, okay. Betamax. He takes Betamax tapes. He upscales and restores them. He uses neural networks, modern tools. He removes the noise and the scratches and the dust. He adds sound. He uses AI to add colour. To my mind, the colour adding isn't very good. But anyway, I'm sure it's very clever, whatever he's doing. But the end result is rather marvellous. So I have included in the show notes a link to one of the videos. There are others from the 1930s where you can see the goings-on in London around Trafalgar Square and Piccadilly Circus.

---

CAROLE THERIAULT. I saw this as well. Was this the Miss Media Media this weekend or something? Oh, I don't know. Yeah. It's really amazing.

---

GRAHAM CLULEY. It is amazing because it comes to life because a lot of old video is played at the wrong speed or people are sort of walking at a strange rate. But this really makes it come alive. And it's fascinating because, you know, you can sort of identify these people who are all smart and slim like me, but wearing hats. I don't wear a hat. Everyone used to wear hats.

---

CAROLE THERIAULT. You know what? It's kind of cool though. I'm just looking here. I'm looking at what the video that you had in the show notes and I can see an ad for Bovril, which still exists. Schweppes, which still exists. Ginger ale, which still exists, was Schweppes ginger ale. You also have Gordon's gin.

---

GRAHAM CLULEY. And Instagram as well. Instagram is in there too. Yeah. So, maybe he just went out onto the street and just took a video today. I don't know. And told people to wear a few hats. I'm not sure. But anyway, I thought it was rather impressive, and I looked at some of the other ones as well. I think I certainly have seen better colourisation than we've got here.

---

CAROLE THERIAULT. Yeah, I agree with you. I think there's some detail. Yeah, there's some detail that seems to be overlaid in a strange way. Like, just like some of the lines seem—

---

JOHN HAWES. Colouring in always seems to be very difficult.

---

CAROLE THERIAULT. Yeah.

---

JOHN HAWES. I've tried that before and it's never quite worked.

---

CAROLE THERIAULT. Yeah, try being an artist.

---

GRAHAM CLULEY. I've seen some extraordinary clips from Doctor Who, the old black and white ones, where people have painstakingly over months and months added colour by hand. And that is very good. But what they've done here, I think, is he's put it through a mungier. He's put it through some tool.

---

CAROLE THERIAULT. You want him to add colour by hand for every frame?

---

GRAHAM CLULEY. Well, I'm just saying it can be done better. Oh, for goodness' sake. Anyway, just look, he should be pleased anyway, because it is my pick of the week.

---

CAROLE THERIAULT. Yeah, I'm sure he's really pleased it's your pick of the week. I'm sure he's thrilled. He's loving it. He's loving it.

---

GRAHAM CLULEY. John, what's your pick of the week?

---

JOHN HAWES. Well, it's a bit of a problematic pick of the week, really. And it's not necessarily a recommendation. I hope that's acceptable within the rules of the show.

---

GRAHAM CLULEY. Okay, interesting.

---

JOHN HAWES. So put on my Netflix the other day and it has this, you know, up front and center, the big heavily recommended thing you should watch this next, um, was a thing called Ancient Apocalypse, which I looked at and was like, okay, this sounds right up my street. It's a documentary series about building of pyramids and invention of agriculture and ice ages and stuff like that.

---

GRAHAM CLULEY. That.

---

JOHN HAWES. It's like, sounds great. Love it. And I had a look and it's got a big budget. It's got high production values. They go to some stunning places. They have some excellent CGI reconstructions of what things used to look like before they were abandoned for 1,000 years or whatever. But it's all about the way it's presented really, which is really quite strange. You know, I was expecting the usual Netflix documentary is, you know, the similar kind of, you know, huge budgets, lots of beautiful CGI, But it's usually, you know, I don't know, Morgan Freeman or Geoff Goldblum or someone, you know, just droning away fairly blandly. And it's mainly about the visuals or occasionally maybe you'd have a scientist or something coming in like a, yeah.

---

CAROLE THERIAULT. Brian Cox.

---

JOHN HAWES. Brian Cox. Exactly. This one, it's all about the presenter. Um, who's this guy, Graham Hancock, who's best known for a book he wrote in the '90s called Fingerprints of the Gods. And if you look him up, you'll find he's almost always referred to as pushing pseudoscientific theories or just generally being a bit of a crackpot.

---

GRAHAM CLULEY. And this is his show.

---

JOHN HAWES. He's got himself a, you know, a big, big budget show on Netflix.

---

GRAHAM CLULEY. Yeah.

---

JOHN HAWES. Um, but the interesting thing for me is that he doesn't really hide his whole crackpot reputation. He kind of makes it the main feature of the show. He starts off with clips of him wrangling with with, you know, Jeremy Paxman and other TV people. And he leads in pretty much every scene saying, basically anybody with any kind of expertise or training will tell you that this is nonsense, but, and we talked, he brings, uses the phrase mainstream archaeology a lot as if it's some kind of conspiracy to cover up all the secrets that he's uncovered. But he never mentions any specific archaeologist or historian or anything. He doesn't try and debate with anybody. He does have sort of, you know, talking heads on the show that he interviews about the various stuff that he's talking about, but they don't, there's no actual historians or archaeologists. They tend to be, you know, writer or researcher.

---

GRAHAM CLULEY. Well, I've watched a couple of episodes of this, John. And yeah, I think it was in episode 2 when Joe Rogan popped up.

---

JOHN HAWES. Yes.

---

GRAHAM CLULEY. Yes. Saying that, well, what great quality Graham Hancock was, you know, in terms of his research and all the rest of it. And I thought, yeah, another crackpot. And I thought, okay, I was undecided, but now I definitely am decided.

---

JOHN HAWES. Yeah. That's just what I think now. So I found it fascinating mainly. I mean, obviously the, the, some of the stuff on the show is quite interesting and is his, his whole argument about, I don't know, Atlantis people traveling the world and telling everyone how to build pyramids. Not very convincing. But what was really fascinating was just the, the fact that that he seemed to think that telling everybody that most people think this is bullshit would make it more convincing somehow. And certainly for me, and presumably a lot of people, you immediately think, okay, well, this is all clearly nonsense. But presumably that style of presentation, that way of kind of leading into something and saying, no one else believes this, That must be effective. There must be a sizable group of people who think, I'm convinced now, if everybody else says it's rubbish, must be true.

---

GRAHAM CLULEY. Well, there is an awful lot of that in the world, isn't there? A lot of people love to attach themselves to something which the experts think is nonsense. Yeah.

---

CAROLE THERIAULT. Yeah. There's a more important point maybe, like, you know, you have things like Ofcom, you know, that help regulate what's shown on TV in the UK and kind of people say, oh, we won't, don't have that. That doesn't seem to be having an ounce of truth there and, you know, could cause some problems. But maybe Netflix doesn't have that same issue, or did they say you can make your show as long as you just say at the beginning of every fucking scene, no one fucking agrees with you for liability purposes? Crazy.

---

GRAHAM CLULEY. In case the people from Atlantis complain and say, oh no, we never— if the pyramids fall down, it's not our responsibility.

---

JOHN HAWES. So they need standards and best practices, that's what you're saying?

---

GRAHAM CLULEY. Oh, I knew it. I knew it.

---

CAROLE THERIAULT. Regulation.

---

JOHN HAWES. Yes. Anyway, that's kind of my pick of the week.

---

CAROLE THERIAULT. Your nitpick of the week.

---

JOHN HAWES. But watch it with caution, please. Yes.

---

GRAHAM CLULEY. Carole, what's your pick of the week?

---

CAROLE THERIAULT. Before I get to my pick of the week, if I asked either of you to get a piece of paper and a pencil and to draw a pterodactyl, do you think it would look like one?

---

GRAHAM CLULEY. Oh, well, I think you're fine. Pterodactyls don't actually exist. I think you're referring to the pterodactyl.

---

CAROLE THERIAULT. And, you know, and you may, you may want to have better skills, you may find that difficult, right? You may find it hard to do that without having an image in front of you to know what one looked like. And maybe even if I gave you a picture of one and said, okay, draw this, but 3 times as big, you might find that its eyes are bulging out of its head, or its wings are tiny, tiny, or something, right? Because it's difficult to do that proportions are difficult to do.

---

GRAHAM CLULEY. I think pterodactyls are easy. They're just a bit like clothes pegs you put on the washing line with a couple of wings, aren't they? That's how I draw one.

---

CAROLE THERIAULT. Right. Okay. Well, my pick of the week this week was sent to us by a listener, D Barker, and it was a while ago. Apologies, Mr. D Barker. But he writes, I found an app I like that makes up for my failings at drawing, but allows me to feel part of the process by using the sketch So basically he's using this app called Da Vinci Eye app. And what it does is it allows you to use your iPhone or your iPad as a type of projector. So you might take a clear glass and put it over a piece of paper, and then you'd put a picture on your phone and it would allow you to draw at exact proportion, kind of tracing it out. Out as you were using a projector in the old days. You see what I mean?

---

JOHN HAWES. Like a camera obscura.

---

CAROLE THERIAULT. Like a camera obscura. Yeah. And it not only does let you do that, but it lets you also know, tells you where you need shading and helps you with your tones. So it helps you make your pics more realistic looking or through more 3D. And there's like guides and tips and drawing prompts to help you along. So this app retails for £8.99 in the UK, about $10 in the US. And it seems quite lovely. And plus, the support team seems to be really on point, very friendly, accessible. They make a big deal about that. And there's also quite a few videos on YouTube where you can see the app in action, decide whether it's worth the $10. But as D Barker writes, I bought it thinking if I didn't like it, I could return it to the App Store and get a refund. So there you go. Called Da Vinci Eye AR Art Projector, and you can find it just for for Apple products, I'm afraid. Apple iPhone and iPad, and you can find it on the App Store. And that is my pick of the week. Thank you, Mr. D Barker.

---

GRAHAM CLULEY. Thank you, D Barker. And that just about wraps up the show for this week. John, I'm sure lots of our listeners would love to follow you online. Unfortunately, you have no social media presence whatsoever, do you?

---

JOHN HAWES. No, I keep it very quiet. See, that's why I like But you know, you can go to the AMSO website, amtso.org, and find everything I do is there mostly.

---

GRAHAM CLULEY. Fantastic. So if you're interested in testing standards for anti-malware organizations, that's the place to go.

---

JOHN HAWES. And exactly which you should be.

---

GRAHAM CLULEY. And you can follow us on Twitter while Twitter still exists at Smashing Security, no G, Twitter allows to have a G. We also have a Mastodon account. Easiest way to get there is to go to smashingsecurity.com/mastodon. You'll be redirected. And then also you can look up the Smashing Security subreddit. And don't forget, to ensure you never miss another episode, follow Smashing Security in your favorite podcast app, such as Overcast, Spotify, and Apple Podcasts.

---

CAROLE THERIAULT. And massive shout out to these episode sponsors: Kolide, Bitwarden, and Pantera. And of course, to our wonderful Patreon community. It's thanks to them all that this show is free. For episode show notes, sponsorship info, guest list, and the entire back catalog, blog of more than 298 episodes, check out smashingsecurity.com.

---

GRAHAM CLULEY. Until next time, cheerio, bye-bye. Bye-bye.

---

JOHN HAWES. 299. Did you mention that in the show?

---

GRAHAM CLULEY. Right at the beginning.

---

JOHN HAWES. Yeah.

---

GRAHAM CLULEY. Oh yeah.

---

JOHN HAWES. Right at the beginning. We didn't really go into much next week, John.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. Lots of excitement. Yeah.

---

CAROLE THERIAULT. You better show up, guys. We've got a treat.

---

GRAHAM CLULEY. Well, I'll be there.

---

JOHN HAWES. I'll be nearby.

---

CAROLE THERIAULT. Yeah. And we have a treat.

-- TRANSCRIPT ENDS --