This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

---

GRAHAM CLULEY. You're not allowed to put live people on a stamp.

---

CAROLE THERIAULT. Is that true?

---

GRAHAM CLULEY. Yeah, because otherwise if you put a live person on, they might do something naughty later.

---

CAROLE THERIAULT. Exactly.

---

GRAHAM CLULEY. Yeah, exactly.

---

CAROLE THERIAULT. Yeah.

---

UNKNOWN. You don't want to be licking the backside of— Smashing Security, episode 330, deepfake Martin Lewis and a deadly jog in the park with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security.

Episode 330. My name's Graham Cluley.

---

CAROLE THERIAULT. And I'm Carole Theriault.

---

GRAHAM CLULEY. Hi, Carole. How are you doing?

---

CAROLE THERIAULT. I'm great. More to the point, how are you?

---

GRAHAM CLULEY. Well, it's been a crazy few days. A number of things have occurred.

The first is that I've moved house. I'm literally surrounded by boxes full of leads, as if my life isn't always surrounded by boxes full of leads and technology.

---

CAROLE THERIAULT. I was going to say.

---

GRAHAM CLULEY. Yes, things I don't understand, things that— why have I kept that? What am I doing with this?

And also I've had huge, huge internet problems because I thought I'd organized for the internet to be here, but it turned out I hadn't.

---

CAROLE THERIAULT. And that is why we are recording just mere hours before we go live.

---

GRAHAM CLULEY. Just hours.

---

CAROLE THERIAULT. And we had to say no to our guest this week because you had to change the times from the recording because of your internet woes.

---

GRAHAM CLULEY. Don't remind me. Sorry, guest.

Sorry, guest. We'll have you back on another time.

---

CAROLE THERIAULT. Very soon, because she's great. How do you feel about getting the show on the road?

---

GRAHAM CLULEY. Let's do it.

---

CAROLE THERIAULT. But before we kick off, let's thank this week's wonderful sponsors. We have Collide, Sysdig, and Drata.

It's their support that helps us give you this show for free. Now coming up in today's show, Graham, what do you got?

---

GRAHAM CLULEY. Well, going for a jog can be bad for your privacy, but even worse for your health. Okay.

---

CAROLE THERIAULT. And I'm gonna look at the bamboozling and deeply convincing deepfakes. All of this and much more coming up on this episode of Smashing Security.

---

GRAHAM CLULEY. Now, Chum Chum, I am indebted this week to one of our friends on Reddit. Frightenstein is his or her name.

And they pointed me towards this story, which comes from the Kyiv Post all the way in Ukraine. And interesting story.

So there is this chap, his name is— and I apologise to anyone listening who has a better understanding of names from that sort of general part of the world than myself— Stanislav Ryzitskiy. And Stanislav Ryzitskiy, he likes to keep fit.

I mean, don't we all?

---

CAROLE THERIAULT. Maybe we could just call him Stan. We can call him Stan.

Or Slav. Stanislav.

---

GRAHAM CLULEY. Stanislav. Stanislav.

Anyway, so he likes to keep fit, right? Stanislav, he likes to keep fit.

And on Monday, Monday of this week, in fact, he went out for a jog as normal. Just went out for a jog.

Likes to keep fit. You and I, Carole, we know we love a bit of fitness, love running around the park, you know, improving our PB, our personal best.

You get on your rowing machine.

---

CAROLE THERIAULT. I'm very fit, Graham.

---

GRAHAM CLULEY. I know you are. You are— Oh, you're a piece of pink steel, aren't you?

You are just all sinew and— aren't you? That's all you are.

---

CAROLE THERIAULT. So rude. One would think you're jealous.

---

GRAHAM CLULEY. Stanislav. He went out for a jog as normal around his local park in the city of Krasnodar, which is in southern Russia.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. Have you ever been into jogging?

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. We had a little stint of jogging, you and I, once long ago.

---

GRAHAM CLULEY. We did, didn't we? We did pretty well. And it wasn't just once, was it? We used to go out every lunchtime, going for a little jog. Hurts the knees eventually, I found, but—

---

CAROLE THERIAULT. Oh, you're a little older than I am, though.

---

GRAHAM CLULEY. Now, Stanislav, he won't be going out jogging anymore. He's not going to be doing that. Not because he hated the jog, not because his knees hurt or something like that.

---

CAROLE THERIAULT. What happened?

---

GRAHAM CLULEY. Because someone shot him dead.

---

CAROLE THERIAULT. Well, I was wondering, is he— it's kind of a war area. I didn't know if people would go jogging. I don't know. I don't know anything about war.

---

GRAHAM CLULEY. So, well, he's in Krasnodar, which is in Russia.

---

CAROLE THERIAULT. Right.

---

GRAHAM CLULEY. He's not in Ukraine. But it is true to say that he is the deputy chief. He is a military man. He's the deputy chief of the Department for Mobilisation in Krasnodar. And he has commanded a submarine in Russia's Black Sea Fleet. A submarine which is said to have been used to launch deadly missile attacks against Ukrainian cities. So he is involved in the conflict out there.

---

CAROLE THERIAULT. Yeah, I would call that involved.

---

GRAHAM CLULEY. Yes, absolutely. Quite involved.

---

CAROLE THERIAULT. Understatement of the year, but yeah.

---

GRAHAM CLULEY. But presumably he felt safe jogging around Krasnodar in Russia. And according to TASS, which is the Russian state news agency, they say that local police are reporting that he was shot 4 times while he was out jogging. Police are investigating, blah, blah, blah. Now, it hasn't been confirmed who actually killed Stanislav Ryzhitsky. But what happened as well on Monday was that Ukraine's Defence Intelligence Agency, who are called HUR, the H-U-R, they say, well, they seem to know quite a bit about the shooting.

And they filled in some of the details when they posted on Telegram about it. According to them, Stanislav, he loved to have a little run early in the morning.

They say he was out jogging in the Krasnodar Park of Culture and Recreation. Have you ever heard a more Russian name for a park than the Park of Culture and Recreation?

Anyway, he was out at roundabout 6 AM. And they say that 7 shots fired out at Stanislav from a Makarov pistol.

Now, I find that it's how would they know what kind of pistol was used? Peculiar, doesn't it?

How would they know? Anyway, they say it was from a Makarov pistol.

And as a result, Ryzhitsky, they say, died on the spot. And they share some other information as well about the weather.

Which is always important. Everyone's interested.

They say, "Due to heavy rain, the park was deserted, so there were no witnesses who could provide details or identify the attacker." And this is Ukraine.

---

CAROLE THERIAULT. Because no one was around except for the guy who decided to go for a run in the rain.

---

GRAHAM CLULEY. At 6 AM.

---

CAROLE THERIAULT. At 6 AM. He's hardcore, yeah.

---

GRAHAM CLULEY. Yeah, he's hardcore. He's taking this seriously. So they were fairly confident the shooter had got away unseen. That was their opinion, was that, you know, been mentioned. Now, the FSB, Russia's secret service, they later issued a press release saying that a 64-year-old man had been arrested in relation to the killing. So the question— well, there's a few questions here. First of all, how did Ukraine's Defence Intelligence Agency appear to know so much about this if they weren't involved themselves? But also, how did the shooter know that Ryzhitsky— if he was being specifically targeted, how did they know where he was going to be and when.

---

CAROLE THERIAULT. Well, okay, often I would say runners would normally take the similar route. So if you were spying on this person, you might go, oh, he runs every day at this time in this place.

---

GRAHAM CLULEY. Yeah, yeah, that sounds possible.

---

CAROLE THERIAULT. But I'm guessing, because this is Smashing Security, there is going to be some smart tech involved.

---

GRAHAM CLULEY. There is. Or maybe not so smart tech. Perhaps.

---

CAROLE THERIAULT. Yeah, dumb tech, asshole tech.

---

GRAHAM CLULEY. Just tech. I mean, Miko says if it's smart, it's stupid, doesn't he?

So anything which is called smart is normally dumb or dangerous. Well, we don't know for sure, but what we do know is that there is a Strava profile for someone calling themselves Stanislav Ryzitskiy.

And that, of course, Strava, of course, is the app which records runs, shares them with other online users. And we've spoken before about the privacy risks associated with Strava even including military and information about military bases, which has been seemingly spilt online via Strava.

But I don't think we've ever heard about blood being spilt before as a result of maybe things being posted on Strava.

---

CAROLE THERIAULT. It's interesting because people on YouTube or whatever, or commenters and that kind of ilk, will often have a username that doesn't necessarily identify them to their real identity. And yet with Strava, because probably there's a show-off element to it, like, hey, look what I did today.

I actually exercised. You know, I'm top of the leaderboard.

I'm the best. You know, I do run every day. Here's proof.

So maybe there's that weird show-offy thing that makes people put in their real names because, why wouldn't you just have a username?

---

GRAHAM CLULEY. I think that's very true. You don't call yourself sort of, you know, Sausage Dog or something like that.

You call yourself—

---

CAROLE THERIAULT. Well, you could, Graham. I think maybe, you know.

---

GRAHAM CLULEY. Yeah, maybe I should be a sausage dog. No, not only is there an account on Strava in Stanislav Razitsky's name, there are also photos posted on the account which do apparently bear more than a passing resemblance to the Russian commander as well.

And there's a cycle ride which was recorded on the hills outside the city of Krasnodar in the weekend before he was shot dead. And indeed, the last run which was taken shows him at the location of the shooting.

So it appears that this guy had recorded on Strava, because that's the way it works, Carole, is if you have something on Strava, it doesn't sort of livestream it to Strava. At the end of your run, you then say, oh yeah, send that to Strava, please.

That's one I'm proud of.

---

CAROLE THERIAULT. And then it uploads it and says, this is the time, here's the route you took, this is how long.

---

GRAHAM CLULEY. Right. So it wouldn't necessarily be the case that the run he did, which he, you know, obviously came to a sticky end on, that one was uploaded, but his previous run is there.

So was someone watching his runs? Well, we don't know for sure, but here's the really weird thing.

If you look him up on Strava, if you look at his last recorded run, which was at the location where the shooting took place, it has been liked by other people. 4 other people have liked his run.

And one of the people who has liked his previous last run is a guy called Kirillov Budanov. And he is a major general.

Major General Kirillov Budanov, head of Ukraine's military intelligence. Now, I put it to you that possibly they are not running buddies.

These two guys.

---

CAROLE THERIAULT. Or I put it to you, I put it to you that maybe one or both of these—

---

GRAHAM CLULEY. I put it to you.

---

CAROLE THERIAULT. There's a lot of conjecture here, right?

---

GRAHAM CLULEY. Yes, yes.

---

CAROLE THERIAULT. And as we've just said, maybe Major General Kirillov Budanov is actually not Major General Kirillov Budanov, but a fake Strava username. It could be in someone else's name.

To mix everything else.

---

GRAHAM CLULEY. Yeah, that'd be an interesting thing to do actually, wouldn't it? If you wanted Russian assassins to go after the wrong people, you could hack other people's Strava accounts and use the names of senior Ukrainian military intelligence.

---

CAROLE THERIAULT. Graham, I never knew what a military strategist you were.

---

GRAHAM CLULEY. Or maybe just tie a Fitbit to a dog and have it run round the clock.

---

CAROLE THERIAULT. Yeah, that would not be— he spent a lot of time in this hall. He spent a lot of time here.

---

GRAHAM CLULEY. Anyway, Ukraine say these reports have no basis. Budanov himself says, "I don't know what they're talking about," although he has previously admitted that Ukraine has successfully targeted prominent Russian propagandists who've been killed or wounded on Russian territory.

But once again, guys and gals, if you are using Strava, be really careful. Either don't use your real name.

---

CAROLE THERIAULT. It's a pretty extreme case.

---

GRAHAM CLULEY. Well, it is.

---

CAROLE THERIAULT. Yeah, I know. But it sounds a bit like we're scaring the poop out of everybody that has Strava. So I would say if you use Strava, maybe check your settings to make sure you're not broadcasting more than you want to be, right?

And know that these things change their settings with all, you know, the times you have to update your Strava. A lot of the times they're changing settings and they may default them to something that they think is easiest for you or most likely to be wanted by most, but it might be leaking more data than you wish it were. Is that fair?

---

GRAHAM CLULEY. Yes, and you certainly can also sort of slightly anonymise your start and end points on your run to hide where your home might be, things you can do like that. But I think also be very careful about who you friend on the app.

Don't automatically accept friend requests because then you might be revealing details of your life.

---

CAROLE THERIAULT. But do you think Stanislav and Budanov, they did that?

---

GRAHAM CLULEY. Well, I don't know what the security was on Stanislav's account, but I would to think that he had some measures in place. But yeah, maybe they weren't actually running buddies.

But yeah, so Strava security appears to have resulted in someone's death. Am I saying too much saying that?

---

CAROLE THERIAULT. Well—

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. I think this is a completely inappropriate story for us at Smashing Security. A little bit too serious, but thank you very much. Told very well, I hope.

---

GRAHAM CLULEY. Oh, thank you very much. Fingers crossed. Carole, what have you got for us this week?

---

CAROLE THERIAULT. Well, we are gonna talk about Martin Lewis. I'm not talking about an irritating chap I worked with yonks ago, but the very popular journo— I think I can say, unless you've spent significant time in the UK, I doubt you would know him, but in the UK he's pretty well known.

---

GRAHAM CLULEY. Yeah, he's the money-saving expert guy, isn't he?

---

CAROLE THERIAULT. That's right, that's right.

---

GRAHAM CLULEY. He's often on TV and I have recently seen him. He's actually been sort of anchoring TV shows as well. You know, he's taken the place of Piers Morgan on Good Morning Britain or whatever it's called.

He sometimes does sort of general news now, such is his celebrity.

---

CAROLE THERIAULT. Yeah, he's quite interesting. I did a little mild research on Wikipedia on him, right? And it says Lewis created and ran the website Money Saving Expert back in February 2003 when he launched it.

And apparently he created the site for just £100. Nine years later, sold the website to moneysupermarket.com for $87 million, but remained editor-in-chief.

The deal saw Lewis receive $35 million in cash upfront, in addition to some $20 million in shares in the moneysupermarket.com and $27 million in future payments. But he simultaneously announced his intention to give $10 million to charity and $1 million would go to Citizens Advice.

---

GRAHAM CLULEY. He seems like a good guy. He seems like a champion for people who are hard up.

He often is out there having a go at the government or lobbying for things to improve and helping people get money off their energy bills. And yeah, he seems like a decent chap.

---

CAROLE THERIAULT. Yeah, maybe he should be on a stamp or something because, you know, he's trusted. People like him.

He seems to be doing the right things. He always seems above board and trustworthy.

---

GRAHAM CLULEY. You're not allowed to put live people on a stamp.

---

CAROLE THERIAULT. Is that true? You only put dead people?

Why? Because if you put a live person, they do something crappy.

---

GRAHAM CLULEY. The only live people allowed on stamps are the Queen or the King, you know, or it's like the Regent. Otherwise, yeah.

Because otherwise, if you put a live person on, they might do something naughty later.

---

CAROLE THERIAULT. Exactly. Yeah, exactly.

---

GRAHAM CLULEY. And you don't want to be licking the backside of—

---

CAROLE THERIAULT. You do give all kinds of royal awards to people that are still alive, like CBEs and all these kind of things.

---

GRAHAM CLULEY. That's an interesting idea. Maybe we should only do posthumous awards.

---

CAROLE THERIAULT. Exactly. That way, just make sure we get the whole story before we decide, here you go.

---

GRAHAM CLULEY. Right. Don't reward them in their lifetime for what they've done.

Just say, you'll be rewarded once you're dead.

---

CAROLE THERIAULT. Just a little bit more here on Martin Lewis that's worth mentioning here for this story is in 2018, Lewis started legal action against Facebook for defamation over fake adverts using his face and name.

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. Mostly promoting things like bitcoin and investment, investing.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. And he actually ended up later dropping the action after Facebook agreed to fund an anti-scam project.

---

GRAHAM CLULEY. That's right. I think because Martin Lewis is someone in the UK that people trust, they use him in some bitcoin scams and his image and things.

Whereas the rest of the world gets Elon Musk as someone you don't trust.

---

CAROLE THERIAULT. Very interesting you bring him up. Oh, okay.

Yes. Right?

Okay. Because this whole legal action was in 2018.

That's five years ago. And what do you know, the scammers never let up using his credibility to dupe, mostly on social media ads.

And now they're at it once again, but this time they upped their game and deepfaked a video featuring a deepfake of Martin Lewis.

---

GRAHAM CLULEY. They didn't do the Mission: Impossible thing of just wearing a mask and pretending to be Martin Lewis. They've actually deepfaked him.

I guess because there's lots of video and audio of him in existence.

---

CAROLE THERIAULT. Exactly. So go take a look, Graham.

Take a look. I've just put it in the show notes.

---

GRAHAM CLULEY. Oh, okay. Let's have a look. Elon Musk presented his new project, in which he has already invested more than $3 billion. Musk's new project opens up great investment opportunities for British citizens. No project has ever given such opportunities to residents of the UK. It's pretty good, isn't it?

It is actually. At first, I thought this seems a little bit stilted. It looks a little bit like he's on a Zoom call or something.

---

CAROLE THERIAULT. Lots of people do Zoom calls.

---

GRAHAM CLULEY. You can believe he's just doing this down his webcam. And it does sound like him, and it looks like him. It's the sort of way he may well speak. It's wow.

---

CAROLE THERIAULT. Exactly. And isn't it funny that you brought up Elon Musk? Because this fake likeness of Lewis is encouraging people to sign up for what is claimed to be an Elon Musk-backed project, calling it legit and a great investment.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. And if you were looking at this on your phone as you're scrolling through social media and you see this guy you trusted, right? And you weren't as familiar about these scams.

---

GRAHAM CLULEY. This is scandalous.

---

CAROLE THERIAULT. It's scandalous. Now, of course, this is not the first time that synthetic media has been used. That's another word for deepfakes.

Synthetic media has been used both to entertain and to bamboozle. But it's interesting to hear from those whose identities have been nabbed by miscreants because Martin Lewis did not take this sitting down.

---

GRAHAM CLULEY. My face and name have been the subject of scam adverts for the last 6 or 7 years. I get countless reports every day. Now they have video and audio technology that is absolutely replicating my face and my voice.

These people are trying to pervert and destroy my reputation. In order to steal people off, steal money off vulnerable people. And frankly, it is disgraceful, and people are going to lose money, and people's mental health is going to be affected.

---

CAROLE THERIAULT. And he says, I have had friends of mine get in touch with me saying, hey, I've just put some money into that investment scheme you're advertising. Oh, come on, advertise, he says.

---

GRAHAM CLULEY. Come on, have they really? Friends of his, he says, have actually got the money.

---

CAROLE THERIAULT. I thought that too, but then I thought, you know what, he's such a nice guy, he probably has people who he's helped with in the past, right, who are in his email list, you know, all these people with different skills, perhaps not techies.

---

GRAHAM CLULEY. Yeah, yeah, yeah. Okay, okay, all right.

---

CAROLE THERIAULT. He's not alone, of course. There's even stars. Now, I'd be interested in seeing if you think this is a star being taken advantage of or not.

So months ago, ITVX put out a show called Deepfake Neighbor Wars. Have you heard of this?

---

GRAHAM CLULEY. I think I've seen a bit this.

---

CAROLE THERIAULT. Yes. Okay, good, good, good, because I didn't know about this until research. So it features the celebrities, or deepfake celebrities, as roommates.

Okay. And it spoofs the long-running New Zealand TV format Neighbours at War, and that's still going strong.

---

GRAHAM CLULEY. Oh, it's totally a joke. Yes. Because it sort of puts them in sort of suburban settings and things and has them say that the main thing about that show is it's really astonishingly non-amusing. It's like they've got all the tech, but they haven't got any jokes. But so it's clever deepfakery, but it's just, oh, this is so dull.

---

CAROLE THERIAULT. And right now in the UK, we have a bit of a little media storm about a BBC presenter that may or may not have gotten up to shenanigans. And there's a whole war going on. But I shared with you a potentially deepfake image that kind of suggested who the BBC presenter might have been in a compromising position.

---

GRAHAM CLULEY. Oh, yes. Oh, thank you. Yes. Thank you for sending that to me, Carole, by the way. You know, not that I'd asked for it. But actually sending me that image.

---

CAROLE THERIAULT. What was my question? I sent it to you to say, is this, do you think this is a deepfake? Because I was asked by somebody.

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. So I think absolutely it was. And I sent it to you thinking, what do you think? And really, you know, neither of us are sure.

---

GRAHAM CLULEY. What were you expecting me to do? I couldn't take a fingerprint of it, maybe a bum print. There was a picture of a man with his trousers around his ankles. I wasn't sure how you expected me to identify whether it was well known.

---

CAROLE THERIAULT. The person's face was in it as well, Graham.

---

GRAHAM CLULEY. Just did the beloved BBC news anchor.

---

CAROLE THERIAULT. But I'm just saying these things make the rounds and go to convince certain people one way or another as to what to believe. And it's pretty fricking scary.

---

GRAHAM CLULEY. Well, it is. This is the whole problem, isn't it, with deepfakes, is that so much fake stuff can be made. And also when something genuinely dodgy does happen, that people will begin, I think this has already begun to happen. I've heard reports of when politicians have been in a spot of bother in other countries and they've said, well, that must have been deepfaked.

---

CAROLE THERIAULT. Totally. There's even one of Boris Johnson. Yeah. And but, you know, it's even bigger than this. Ars Technica says we all need to be careful because in large hacks, right, which maybe your details are somewhere in a third party, an insurer's or a cloud service. And baddies get in and get away with a glut of personal information like your driver's license, social insurance, health, pension information.

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. This was the case when Progress Corp got hacked. The Massachusetts-based maker of business software revealed that its file transfer system had been compromised.

---

GRAHAM CLULEY. Right. Yeah.

---

CAROLE THERIAULT. And the article goes on that the California Public Employees Retirement System, the— is it Clop or C-L-O-P hackers?

---

GRAHAM CLULEY. Clop, yes. Clop, yes.

---

CAROLE THERIAULT. Yeah. Clop, yeah. Clop made off with the personal data of about almost 1 million retired members and their survivors. The data of recently deceased Americans is particularly valuable on the underground markets because you open a credit card in a dead man's or dead woman's name, take out the loans, redirect Social Security payments, sign up for food benefits. Who's going to ring the alarm?

---

GRAHAM CLULEY. Yeah, good point. Yeah, you can't be protected from the scammers even after you're dead.

---

CAROLE THERIAULT. No, and of course the problem is, is many state and federal agencies use information stolen in hacks to verify identities of people. So if you've got your date of birth and photographs and names and home address and Social Security numbers—

---

GRAHAM CLULEY. It's horrendous, isn't it?

---

CAROLE THERIAULT. It is. So, you're a security boffin. You know everything. Yes, I do. Right?

What would you do? What would you do if suddenly on the social media rounds there was a deepfake Graham Cluley telling people to do incredibly stupid non-security stuff?

---

GRAHAM CLULEY. Well, like the things I spout on the podcast. Well, I don't know. I mean, what can you do?

I suppose you can tell people that if it's authorized and it's really from me, it will be on my real website, grahamcluley.com. You could do something like that, I suppose. But even that obviously could be hacked one day.

---

CAROLE THERIAULT. Okay, well, what if you were on holiday, right? I knew you were on holiday and I get a phone call from you, a deepfake you saying, "Oh my God, oh my God, help me, help me, I need help."

Do I just laugh and say, "Hahaha, nice try"?

---

GRAHAM CLULEY. Normally you would, yes. Would I?

---

CAROLE THERIAULT. That is the thing.

---

GRAHAM CLULEY. No, you wouldn't. You wouldn't. You wouldn't.

You'd probably ask me a deeply embarrassing personal question, which only you and I knew the answer to.

---

CAROLE THERIAULT. And we never talked about in the podcast. You see, that's the problem.

We talk about a lot of things in the podcast.

---

GRAHAM CLULEY. There's a couple of things we never have though, Carole.

---

CAROLE THERIAULT. That's true.

---

GRAHAM CLULEY. A couple of things which we reserve for those situations. There's not much we haven't discussed.

By just a couple of little things. Feeling like you have too many alerts, overwhelmed by vulnerabilities, and at the end of the day not deploying apps as quickly as you'd like? Well, Sysdig delivers the industry's only complete consolidated cloud-native application protection platform, CNAPP, powered by Runtime Insights.

To prioritize critical risks and stay ahead of unknown threats. With Runtime Insights, you can level up your cloud visibility, shift left the right way and start scanning for vulnerabilities earlier, shield right to protect your production environment, and keep dev teams innovating securely at cloud speed.

Now is the time to transform your cloud security. So visit sysdig.com/cloudsecurity sysdig.com/smashing to learn more. That's sysdig.com/smashing.

---

CAROLE THERIAULT. If you work in security or IT and your company has Okta, this message is for you. For the past few years, the majority of data breaches and hacks you read about have something in common.

It's employees. Hackers absolutely love exploiting vulnerable employee devices and credentials.

But imagine a world where only secure devices can access your cloud apps. Here, credentials are useless to hackers, and you can manage every OS, even Linux, from a single dashboard.

Best of all, you can get employees to fix their own device security issues without creating more work for IT. The good news is you don't have to imagine this world.

You can just start using Kolide. Kolide is a device trust solution for companies with Okta.

And it makes sure that if a device is not trusted or secure, it can't log into your cloud apps. Visit kolide.com/smashing to watch a demo and see how it works.

That's k-o-l-i-d-e.com/smashing.

---

GRAHAM CLULEY. Any company can say they're trustworthy, but with this week's sponsor, Drata, you can prove it. With over 14 frameworks including SOC 2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. Automated controls, over 75 integrations, and 24-hour monitoring keeps your company in compliance without manual work. And with a new open API and plenty of customization, you can build your program your way.

With over 360 5-star reviews, Drata is the highest-rated cloud compliance platform on G2. Countless security professionals from companies like Notion, Lemonade, and BambooHR have shared how crucial it's been to have Drata as their trusted compliance partner. So listeners of Smashing Security, you can get 10% off Drata and waived implementation fees at smashingsecurity.com/drata. That's smashingsecurity.com/drata.

And welcome back. Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.

---

CAROLE THERIAULT. Pick of the Week. Pick of the Week.

---

GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website. Or an app, whatever they wish. It doesn't have to be security-related necessarily.

---

CAROLE THERIAULT. Better not be.

---

GRAHAM CLULEY. Well, my pick of the week this week is not security-related. I watched the other night a program on BBC iPlayer. Now, Carole, it is a documentary. You know I love documentaries.

---

CAROLE THERIAULT. I'm just— yeah, I know. You just mix it up a bit. Mix it up. Mix it up.

---

GRAHAM CLULEY. Hey, you quite often—

---

CAROLE THERIAULT. Okay, I'm doing a podcast as well, so you're fine.

---

GRAHAM CLULEY. Oh, you— right. Okay. So there you go then. So, this is a documentary called My Old School. And My Old School tells the tale of the curious case of Brandon Lee. Have you heard of Brandon Lee?

---

CAROLE THERIAULT. Yes, but remind me.

---

GRAHAM CLULEY. Well, the famous Brandon Lee is the son of Bruce Lee, who died on the set of The Crow. I think he got shot or something, didn't he?

---

CAROLE THERIAULT. 'Kah kah, fuck, you're dead.' That was a line. That was a line from the movie.

---

GRAHAM CLULEY. What? Really?

---

CAROLE THERIAULT. I wrote a newspaper article on it in college. Yeah.

---

GRAHAM CLULEY. All right. I've never seen it. Is it a good movie? The Crow?

---

CAROLE THERIAULT. Yes, it is. I slated it at the time.

---

GRAHAM CLULEY. Right. This has nothing to do with that Brandon Lee. This is a different Brandon Lee. And in 1993, so 30 years ago, a boy named Brandon Lee enrolled at the Beardsden Academy Secondary School in Glasgow. And over time, it was revealed that Brandon Lee was not who he seemed.

So this 16, 15-year-old, 16-year-old boy joined the school. And in fact, the truth is he was actually a 30-year-old man who joined the school. No, no, it gets more bonkers than that.

---

CAROLE THERIAULT. Shut up! He was 30 pretending to be 16?

---

GRAHAM CLULEY. Correct. But you know what's particularly extraordinary is that he had actually been a student at the same school years before, and he ended up having some of the same teachers teaching him who didn't—

---

CAROLE THERIAULT. And then no one noticed.

---

GRAHAM CLULEY. No one noticed. Now, some people said, you know, oh, he did look a bit older than the rest of us, and they thought it was just premature aging or something. Once almost rumbled because he told a friend he remembered the day Elvis Presley had died, which was supposed to be in the year he was actually born.

---

CAROLE THERIAULT. Yeah, so he wouldn't have remembered that anyway. In 1977.

---

GRAHAM CLULEY. No, no, exactly at that age. But also sometimes people wondered about him. And he posed as a Canadian. He claimed to be Canadian.

---

CAROLE THERIAULT. And of course he did.

---

GRAHAM CLULEY. The Scottish students said, "Well, maybe Canadian students mature more quickly than British students." And that way he seems more grown up and knows an awful lot more.

---

CAROLE THERIAULT. It's all that fresh air and trees and clean lakes.

---

GRAHAM CLULEY. But he wasn't Canadian at all. He completely fooled them. He went on to college because he passed his exams.

---

CAROLE THERIAULT. His high school exams.

---

GRAHAM CLULEY. Yeah, that's right. And he went on to go and study medicine.

And the whole reason was that he had previously wanted to become a doctor, but he'd goofed up on his first time around. And then he was too old to do the medical training. So what he decided to do was pretend to be a kid again and go through the process again.

So it is an extraordinary documentary. This chap, Brandon Lee, his real name was Brian MacKinnon. He doesn't appear in the documentary, but a lot of his fellow students at the time did, and they talk about it.

There's some cartoon imagery and things. But what they do is they have an audio interview with this guy, and they have Alan Cumming.

You know the Scottish actor Alan Cumming? He's a bit camp.

---

CAROLE THERIAULT. Yeah, yeah, yeah.

---

GRAHAM CLULEY. Anyway, he is miming to Brandon Lee/Brian MacKinnon's words, so he plays the part. But other than that, it's just a regular kind of documentary.

---

CAROLE THERIAULT. Do you see pictures of him at 30?

---

GRAHAM CLULEY. Well, yes, you do, because he was actually even caught on video because they actually recruited him to play the lead in South Pacific in the musical. So they have video of him singing, and also rather creepily, he kisses one of his fellow schoolgirls as part of the play.

---

CAROLE THERIAULT. Ew! Ew!

---

GRAHAM CLULEY. Yeah. Yeah. And she feels a bit ooh about that now as well.

---

CAROLE THERIAULT. I bet she does.

---

GRAHAM CLULEY. Anyway, My Old School, interesting documentary about an extraordinary story, which is why it is my pick of the week.

---

CAROLE THERIAULT. Okay, I'll give you that one. Sounds good.

---

GRAHAM CLULEY. Carole, what's your pick of the week this week?

---

CAROLE THERIAULT. I was going to do an audio podcast, a fiction one, but since it's just the two of us, I've changed it up and grabbed something from my bag of tricks that I thought you would enjoy. So, Graham, my pick of the week this week is a podcast, not an audio drama, but a satirical news show called Non-Censored with Rosie Holt. Have you heard of it?

---

GRAHAM CLULEY. I've been listening to it for months. No!

---

CAROLE THERIAULT. Oh, brilliant. Well, I didn't know that. And isn't that lovely?

So, for our listeners, Rosie Holt is an emerging UK comedian. She kind of rose to fame on YouTube during lockdown by playing a right-wing activist and conservative reacting to lockdown parliamentary shenanigans while people were locked in their houses and not being able to go to work or to funerals or to hospitals.

And she says she got angry during this whole fiasco with Parliament having parties. And she says when she gets angry, she likes to laugh at things that make her angry.

So she used existing footage with responses from actual parliamentarians from, you know, Good Morning Britain or all these kind of shows. But she spliced herself in as the interviewer. And you guys can see these on YouTube, link in the show notes.

---

GRAHAM CLULEY. That's how I first came to know her, is I saw her on Twitter and Instagram with these little videos, which were quite funny. But then, of course, I found out about the Non-Censored podcast, which I really enjoy.

---

CAROLE THERIAULT. Yes. So this podcast, Non-Censored with Rosie Holt, okay, she plays a right-wing conservative MP called Hillary Langley Swindon, which I love that she used the name Swindon. So perfect.

And she's ably assisted by her long-suffering producer, Martin, and provocative comedian, Ahsan Akbar. And it's a topical podcast battling what Hillary, the protagonist here, calls the Wokies.

It's scathing. It's hilarious. And she does not shy away from the most outrageous situations and questions and jokes.

It's cringy, man. I've had to rip the headphones off my head occasionally because I'm just like, "Oh my God, I can't, I can't, I can't."

---

GRAHAM CLULEY. Yeah, I like it a lot. It's very fun.

---

CAROLE THERIAULT. So listeners, this is Non-Censored with Rosie Holt. It's a podcast.

Find it wherever you get your podcasts. But warning, this is satire.

Don't get your knickers all in a twist. She's just being funny and being quite bravely funny.

And that's my pick of the week.

---

GRAHAM CLULEY. Good one. And that just about wraps up the show for this week.

You can follow us on Twitter @SmashInSecurity, no G, Twitter and Mastodon have G. And we also have a Mastodon account.

And you can look us up on the Smashing Security subreddit. Don't forget to make sure you never miss another episode.

Follow Smashing Security in your favorite podcast apps, such as Overcast, Apple Podcasts, and Spotify.

---

CAROLE THERIAULT. And massive shout out to this episode's sponsors, Drata, Kolide, and Sysdig. And of course, to our wonderful Patreon community.

It's thanks to them all that this show is free. For episode show notes, sponsorship info, guest lists, and the entire back catalog, of more than 329 episodes, check out smashingsecurity.com.

329. 329. Oh my God. What have I been doing with my life?

---

GRAHAM CLULEY. Until next time, cheerio, bye-bye.

---

CAROLE THERIAULT. Bye.

-- TRANSCRIPT ENDS --