Justice Van Court was the judge who was ruling over this particular case.

What a name though, right?

Justice Van Court.

Like he was born that way and he's like, I know what I'm going to do, be a judge.

I don't think his first name is Justice, Carole. That's his title. Smashing Security, episode 353. Phone hacking, Piers Morgan, and Carole's Christmas cock-up with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 353. My name is Graham Cluley.

And I'm Carole Theriault.

And Carole, on this seasonal— Dun dun dun! Crimbo— Dun dun dun!

Holidays!

Final of the year. The holidays are just around the corner. It's just you and me. We wanted a cheery farewell episode. Not farewell forever. No, and we'll be back in 2024.

We're just having a little break because we need it.

Yeah, maybe the listeners need it too. All right, should we get on with the show?

Yes, let's do this thing. But first, let's thank this week's wonderful sponsors, Collide and Vanta. It's their support that helps us give you the show for free. Now, coming up on today's show, Graham, what do you got?

I'm going to be reflecting on Celebrity Phone Hacking.

That's a nice little title. I like the alliteration. I like the way it flowed. I'm going to be telling a Christmas tale. Did Charlotte fall for a scam? All this and much more coming up on this episode of Smashing Security.

Now, chum chum.

The chums chums. The people like it.

Chum chums. Yes. There's more than one listener? Chums, chums? That's right. Okay, we'll stick with chums. Chums, chums, my story is all about phone hacking and the celebrated journalist and broadcaster, bon vivant, Piers Morgan.

Your favourite.

Friend of the show. He has blocked me, of course, on Twitter. Piers Morgan, for those people who are blissfully unaware of his lifetime achievement, his contribution to culture.

Turn off now.

He's the author of such esteemed works as To Dream a Dream: The Amazing Life of Philip Schofield, which came out in 1992. 1993, he wrote Take That! Our Story. And of course, his best-selling work was 1994's Take That! On the Road, which I think—

For real?

Yes, these are real. That's what he wrote? This is what he wrote. Yeah, this is what he's contributed to the world. And he was also, of course, editor of the Daily Mirror newspaper.

Yeah, that's much worse.

From 1995 until 2004, when he was sacked because he printed some crudely faked photos of British soldiers allegedly abusing Iraqi prisoners. He lost his job over that. He refused to admit they were faked and said even if they were, it didn't matter because similar abuse was taking place elsewhere in Iraq. But anyway, now Piers Morgan, he's an interesting fellow because he's sort of somehow embroiled in this whole phone hacking debacle. And I remember back around 2010, 2011, writing a lot about phone hacking after it really became prominent.

It was crazy at the time, though, guys. If anyone who didn't live through it or didn't pay attention and loves a huge debacle wants to write a podcast about it, you could do a serial on this.

Amazing topic because it all started, of course, with the News of the World. Ultimately, which was a Murdoch newspaper, which was ultimately completely binned and destroyed. People did go to jail over the phone hacking, although not some people who you might have expected.

Cream pies were thrown.

Yeah, cream pies were thrown into Murdoch's face when he— I shouldn't laugh. He's an old fella, isn't he? Is he still alive, Rupert Murdoch?

Yes, apparently. Well, who knows?

Who knows? I think he's like Walt Disney.

He may be alive for the next 500 years.

He's been pickled well. Cryogenically suspended. Anyway, originally it was all about that, the Milly Dowler killing, and there was all kinds of hacking of murder victims and celebrities. And the way in which it worked was that, in fact, this is what an actual Sunday Mirror report— because it stopped being just about the News of the World. It also was about other newspapers from other newspaper groups, including the Mirror newspaper. And there was one Sunday Mirror newspaper who told Newsnight back in 2011 how it was done. He said it was routine practice at his newspaper in the hunt for salacious celebrity gossip. What would happen is there'd be two journalists, they would ring a celebrity at the same time, and because they were ringing at the same time, it meant one of them would get the voicemail of the celebrity.

Yeah.

Because the line was engaged. And it would go straight to their answer machine, and if they entered the right PIN code, they were able to access that person's voicemail.

Now, listeners, listeners, what do you think that PIN code might have been?

Yeah, so depending on who your cell phone provider was, it might be 0000 or 1234. But, you know, most people didn't change their voicemail PIN code. You could say silly of them, but they just didn't know, many of them, there was even the ability, I imagine.

Any of us can do silly things on occasion.

Right, yeah, absolutely. So this was something which was going on there. And what's happened in just the last few days is this subject of hacking of phone voicemails and the possible involvement of the esteemed, illustrious, honorable Piers Morgan himself. That has now been brought back into the news because there's been a high-profile court case in London brought by Prince Harry and others.

Himself.

Yes. Do you say sir-self? Can I say him? I think— what? Yeah.

Lord South? I don't know.

Is Harry still a Highness?

Or—

I don't know if he is, because he's sort of—

Ex-Highness? Do you say that?

Blotted. Anyway, Justice Fancourt was the judge who was ruling over this particular case.

What a name though, right?

Justice Fancourt.

Like he was born that way and he was like, "I know what I'm going to do." "Be a judge." I don't think his first name is Justice, Carole. If that's my mistake, that's his title. It doesn't quite work like that.

I know that, but still he has the name Court in his second name. Oh, Fancourt.

Yes.

Yes. Oh, you're very clever. He ruled in favour of Prince Harry and others and against Mirror newspapers. And they're going to have to pay out some money and things in terms of compensation.

Because they're hurting.

Well, tabloid newspapers, the readership has gone down over the years. In fact, even I'm afraid to say, Piers Morgan, even while he was editor, I think the readership diminished by about 30%. It's a bit when he had his CNN show or TalkTV. It does seem to drive people away. Anyway, not that I've got any beef with Morgan. I do have beef with Morgan. But based upon the evidence presented, Justice Fancourt said that there was unlawful information gathering which was widespread at the Daily Mirror, Sunday Mirror, and the People from 1996 onwards. Piers Morgan became editor in 1995, and that phone hacking started in 1996 and became widespread and habitual from 1998.

Habitual.

And he said there was, quote, no doubt that Piers Morgan knew about it. Of course he flipping did. Okay, sorry, that's my opinion. That's your hunch.

I'm not a justice.

Well, don't raise the ire of Piers Morgan, because as we saw and as we can hear right now, Piers Morgan is very angry indeed about this. Prince Harry's outrage at media intrusion into the private lives of the royal family is only matched by his own ruthless, greedy, and hypocritical enthusiasm for doing it himself. He talked today about the appalling behavior of the press, but this is a guy who's repeatedly trashed his family in public for hundreds of millions of dollars even as two of its most senior and respected members were dying—his grandparents. It's hard to imagine, frankly, more appalling behavior than that. As for him saying this is a good day for truth, the Duke has been repeatedly exposed in recent years as someone who wouldn't know the truth if it slapped him around his California-tanned face. Oh, that's mature.

Good.

He went on to say that the Prince had a ruthless, greedy, and hypocritical enthusiasm for intruding on the personal lives of the royal family.

Oh my God, pot kettle.

For Piers Morgan to say that, you know, he can't—

How dare you, sir?

How dare you? That's my job. So he says he's never hacked a phone and has never asked anyone else to hack a phone. Yeah. If we go back in our time machine, we can see what Piers Morgan has said about this in the past. Three months ago, he used the same words, "never hacked a phone, never asked anyone to hack a phone," to the BBC's Laura Kuenssberg. I do want to ask you if you have ever listened to a voicemail without the consent of one of the participants. No, I've made it very clear my position on hacking is I have never hacked a phone, I've never told anyone to hack a phone, no one's produced any evidence, including in this case— Did you notice that? She asks him, have you ever listened to a voicemail without the consent of the people on the voicemail? Right. He doesn't answer that. What he says is he's never hacked a phone and never asked anyone to hack a phone. Yeah. Doesn't say he never heard any recordings. So someone else—

Did she pull a Paxman? Is the next time that she say it, I don't know, the question I asked was—

I think you're fine. No, no, she doesn't. Unfortunately, she doesn't do that. In May 2023, he told the BBC's Amol Rajan the same thing. He's never hacked a phone or asked anyone to hack a phone.

Have you ever hacked a phone? No. Did phone hacking ever take place during your editorship of The Mirror? Because what you're not saying there is there is no phone hacking at The Mirror.

To be clear, originally I said I've never hacked a phone, I've never told anyone to hack a phone, and no story's ever been published in The Mirror in my time from hacking of a phone. And then somebody pointed out, well, you can only know the first two things for sure. Yeah, all I can talk to is what I know about my own involvement. I never hacked a phone. I wouldn't even know how. Let's just state some facts for some people that don't know the detail and haven't been open. And he said the same on Twitter in 2015, The Guardian in 2014. In fact, as Archie Bland of The Guardian wrote this week, he said, if you ask Piers Morgan what his favorite biscuit is at any point in the last 15 years, he will tell you that he's never hacked a phone and never told anyone else to either. But if we go further back, we find a slightly different story. Because in 2006, he wrote an article for the Daily Mail. It's still online. I will link to it in the show notes, where he admits that he played somebody a tape of a message Paul McCartney left for his fiancée, Heather Mills, on the mobile phone. There'd been some bust-up. Paul McCartney apparently sang, "We will work it out. We will work it." He sang that to her down the phone.

I don't think he's going to come after you. Be all right.

And he got hold of this voicemail somehow. Now Heather Mills says that she was called by a Mirror journalist in 2001, quoted parts of the message that McCartney had left for her on her phone after an argument. And you don't mess with Heather Mills, right? You never get on the wrong side of her. And she said to him, you obviously hacked my phone. If you do anything with this story, I'm going to go to the police. Morgan told the Leveson Inquiry into phone hacking that he couldn't discuss how that tape was made or who made it.

But he did not ask anyone to record it.

He said, "I can't give you any more information. It would compromise a source." So the implication was it can only be McCartney himself or Heather Mills. McCartney wouldn't have done it because it didn't show him in a good light. Heather Mills said Piers Morgan would have relished telling the inquiry if I had played him a voicemail. Of course he would have! Right? There's even a video which Hugh Grant shared back from 2003 with Piers Morgan telling singer Charlotte Church she should change her PIN code on her phone to stop reporters from accessing her voicemail. There was a spate of stories that came out because of mobile phones. When they first came out, mobile phones, journalists found out that if the celebrity hadn't changed their PIN code.

Yeah, you can access their voicemail.

You can access their voicemail just by tapping a number. Now, are you really telling me that journalists aren't going to do that? If they know they can ring up Charlotte Church's mobile phone, listen to all her messages, right? Now, all you have to do— and I know it's hard because somebody's done doing anything for themselves— is actually change your security.

Yeah, I changed my security number. Now you don't have to worry.

Exactly. That was Piers Morgan talking in 2003 to Charlotte Church. And what did he say earlier this year to Amal Raghan from the BBC? All I can talk to is what I know about my own involvement. I never hacked a phone. I wouldn't even know how. I wouldn't even know how. Hmm, interesting. So somewhere along the line, round about 2011, for years Piers Morgan was gleefully telling people in the public eye how easy it was to hack into their voicemails. There's GQ interviews, all sorts of things. But then he starts changing his tack and he says, well, I've never told anyone to do it, and I've not done it myself.

Deny, deny, deny.

Yeah. Right. And the judge ain't buying it.

Well, no, Fancourt, of course he's not. Good old Justice, Mr.

Justice Fancourt. He's not believing in it at all. There is a serious side to it. I mean, we can have a bit of a laugh about this, but this hacking of people's voicemails— Oh, it's fucking awful. Did real harm. Yeah. And in the past, Mirror lawyers have argued that although the hacking was unlawful and wrong, it didn't result in permanent harm because they're trying to reduce the damages. Now, if you speak to people like Paul Gascoigne, Paul Gascoigne was a British soccer player. Football. Yeah. Who was troubled, shall we say. He liked to drink. And he's had mental health issues. He says that he was scared to speak to anybody when news stories about himself and his loved ones, his parents, his family, his kids, it got out. He says, and people can't understand why I became an alcoholic. He says it was huge damage which was done to him and his family. 100%.

If this happened to you, for instance, right, you'd be hey, Carl, you told— and I'd be no, I fucking didn't. You'd be suspecting everybody and anybody. You would change your phone. You would get burner. We'd be teasing you thinking you're a bit crazy, Clue. It would not be good for your mental health of anybody, I don't think.

Sometimes these aren't people who have actually chosen to be in the public eye. Sometimes it's people who simply came into the public eye by accident as a consequence of some other news story. Suddenly they are in the press and the journalists trying to get the dirt on these individuals have dug around and found this stuff. So it's really, really unpleasant stuff.

And all they have to do is guess the little passcode.

Right. Now, fortunately, these days the security is better. I don't know, actually, can you access your own voicemail from someone else's phone anymore? It's been so long since I've had a new phone, I can't actually remember how it works.

Yeah, and also I don't listen to voice messages, so, you know. Well, you may have loads of— In fact, the only way you would find out you had a voice message was if it gets reported in the pages of a tabloid newspaper. Exactly. Yeah, I better call them back.

Anyway, it sounds like someone isn't telling the whole truth. I don't know who that might be, and maybe we'll never get quite the full scoop on this one unless these claims are properly investigated. But I think after this latest revelation and the opinions of the court, which has upset Piers Morgan so much, maybe we do need— because apparently the phone hacking carried on even during the Leveson inquiry into phone hacking. So this has been an ongoing problem for many years. Graham, you know what?

I have an idea for you because I know you're obsessed with him in terms of watching him have his day.

Are you suggesting I'm somehow looking forward to his demise?

I just— no, no, just here's my idea. You're a clever guy. You could put his face our man, what's his name again? Morgan. Moron. Yeah, on a website, right? And then anytime he tells a fib, have a little Pinocchio nose come out and lengthen the Pinocchio nose as you feel he fibs his way along and see how long it gets.

My monitor is not that widescreen, Carole. I would need to—

We would have to scroll sideways a lot.

I'd have to get an IMAX. Carole, what's your topic for us this week?

Well, I have a Christmas story of sorts, and it starts with a lady called Charlotte. Let's call her Charlotte. Right now, Charlotte is days away from kicking off her holiday break. She's been hammering it at work, and she can't wait because she's way behind on all the things. Are you ahead of Christmas this year? Behind on Christmas? Do you have all your gifts bought, wrapped, sorted, and the people you need to see and all that stuff?

I'm having a fairly small, quiet Christmas. I think I've bought just about everything. I may have to get a few stocking fillers. You know how you get just a few sweets or something you may just put in, or a little bit of fruit. So I may do that in the run-up to the final countdown.

Fruit. Here's an apple. Enjoy, baby. Well, yes.

It's from me to

It's from me to you. But there's a lot of things you want to do also at this season. Well, for me anyway, personally, you have pantos, the cities and towns are decked out with little twinkles, right? I was actually in London a few weeks ago, and I was all gaga looking at Carnaby Street this year's decorations.

you. Party on.

It's all space and stars. It's really beautiful on Carnaby Street.

Oh, really?

Beautiful. They do it every year, but this year I just thought it was amazing. Anyway, and then you have to sort out presents, right? And it takes a lot of time. So what do you do? You go to stores and you run around the stores and it's just too much. Right? There's stuff everywhere. There's Christmas music in every single shop. There's people everywhere bumping in and grumpy and grabbing the last stuff. And Charlotte, she's "I'm just wasting precious hours here trawling the streets." So she's bummed out. She gets home. She's wasted a whole afternoon. And she's scrolling Instagram to calm down. Right? And lo and behold, there's a closing down sale in her feed. A closing down sale of a Danish brand that Charlotte has always kind of loved.

Oh, yes. Like bacon. Danish bacon. What other Danish brand is there? Lego? No, no.

Danish things, you know, design stuff. Scandi design. Okay. That kind of thing. Yeah, very nice. Right? And the prices are amazing because the store is closing.

And this is before Christmas.

Fantastic. Right? Beautiful porcelain bowl set she's coveted for years for one of her girlfriends. She can finally get it for a tenner, right? And the site, everyone's going crazy. There's comments everywhere. There's "453 people are currently looking at this item," and "75,000 people are looking at this item." And not 75,000, but 75.

It sounds completely legitimate to me, Carole, if it weren't being discussed on the Smashing Security podcast.

No, but pay attention, pay attention, because there's a question at the end of this. Then it flashes that someone just, you know, in Denmark has just purchased this. This is a Danish company. Danish people are buying it everywhere. And Charlotte's not surprised. Too good to be true. Prices are great. So she trawls through. She accumulates a very nice, sizable shopping basket full of trinkets. And then she goes to pay for it all and stuff. And she gets there and she puts in her name and she goes and searches for certain things, but the search function doesn't work at all. It just kind of barfs, right? Completely barfs. And she's like, oh, you know, they're closing down. They're not going to put any time in that, you know? So she enters her email address, right? Charlotte blah blah. And a line comes up when she's registered saying you have 2 minutes and blah blah seconds to complete the purchase. And, but don't worry, we've added an additional discount. Right? Because the total, you know, she's thinking the total would have been about this, but they're adding in now it's a mere £75 for a dozen.

Even better deal for

Even better fucking deal. Yeah. So what does Charlotte do? She jumps up and finds her credit card, right? Fills in all the info, happy because she wants to get there before all the stuff disappears. And boom, things complete. She breathes out. She's like, I'm done. Christmas is sorted. But she gets this nagging feeling, like, "Was the stuff just a bit too cheap?

the Danish pastries.

Like, really? Was it just a bit too cheap? And was the site really legit? Did she do any checking at all?" And the question is, Graham, what should Charlotte do now? Because I'm Charlotte, Graham. I'm Charlotte. Oh my God!

Oh my God! Jesus, I know. Oh my, I can't—

I cannot tell you how many red fucking lights there were. What? That I completely decided to ignore. Charlotte, I'm not kidding, listeners. I am Charlotte and I feel like a pillock.

But hang on, do you know if— do you know if this is a scam or not?

I'm gonna send you the website, so let me send you the website now. Oh, brilliant. Yeah, get me infected. I don't think that—

Send me the link. Hang on, I'm starting my Tor browser.

Here we go. Okay. Okay, so that's the site. So it came from an Instagram ad and it went to this site. The first thing is this is acting like a shop that would be representing many types of brands, like a distributor. But on the website, there is only this one brand's items.

So, all right. I'm just doing a little bit of searching here. Yeah, yeah. Do some searching. Oh. Mm-hmm.

I know. Tell me.

I'll tell you why this is not good. So the first thing I did was I did a domain WHOIS lookup on this. Okay. And this site was registered, so it was created for the first time on the 10th of December. Yep. So it's only been live for now 8 days.

Yep.

It was registered, it looks like in Hong Kong.

Okay, so number 1, no, no, but for listeners, if ever in this situation, first thing you do if it's too good to be true, I fucking know I should do but did not do. Uh-huh. Do a WHOIS lookup, okay? Yeah. So you go to whois.com, put in the URL, and that's it. It'll tell you when it was registered. Good. What next, Graham? Keep looking, 'cause it gets worse.

Yeah. Hang on, I'm gonna go in on a different route. So at the moment, I've sort of put my maximum shields up to— Yes. You make me do this live, so I'm not— Okay, now I've got some pictures and things. So closing sales up to 90% off. Right. So, see, it seems unlikely that they'd have a closing sale and they've only set up the website just over a week ago. You think? So you paid with your credit card, did you?

Which I think is probably the only move that I did that was intelligent in this entire process.

Yes, exactly. Good that you didn't use a debit card because then you're screwed.

Although even in this case, as we've discussed in the show in the past year, because I was the plonker that fell for everything and activated and authorized everything, I am potentially liable for the charges.

So I've got now pop-ups of people who it claims have just made purchases on the store.

Exactly. And I fell for that shit.

Oh, and there's this very dodgy trusted store. I never trust these things which say trusted store in the corner. And when you go there, it says, "Oh yes, 100% verified. Tick, green tick, green tick." And you just think, "Well, that's worthless." Well, oh, it's got a Twitter link. Have you gone to the Twitter link?

No. Did I go to the Twitter link? No. Oh, I have. What it actually does, their Twitter link goes to twitter.com. Okay. Can I tell you things I noticed on this fucking site? Go on. So if you go to their privacy agreement, their actual company name is not in there. They've just basically taken a template and haven't filled in the blanks.

Claim to have founded in 1954, but they only created their website 8 days ago and are now closing down. No, globally they have around 150 stores, they say. Oh, they're on NASDAQ Helsinki, they claim. Have you looked on the NASDAQ in Helsinki?

No, Graham. So within about 15 minutes of me sharing my contact details with them and buying crap for fucking throwing away £75. Happy Christmas, Graham, that was your present.

You may have lost more than that though, Carole, just because you bought £75 worth.

So let me tell you what I've done, and then you can tell me if there's anything else I should do, because I'm pretty convinced that I just got completely stupidly, emotionally led down a track even though I know better. I have a newfound respect for— It's so stupid. It was the time limit that did it for me. It was so stupid. There were people in my house. There were people in my house that I could have gone, "Hey, what do you think of this?"

The prices are about a tenth of what they claim they're normal.

Just shut up. I know. I know. I know. They did send me a fairly dodgy receipt thing. It's, you know, here's your tracking number, get in touch with us with a very dodgy support address. I contacted my credit card company and I say, "What do I do now?" And they said, "Actually, we thank you for calling, but we can't do anything for 5 days because it's now pending, it's not processed." I was basically— And I need that kind of evidence for my credit card company. Carole? Yes?

I've just found an article on an anti-spyware blog all about this site, saying it is a scam.

You see, don't.

It's the store closing clearance sale scam, discounts as steep as 90%. That's right, it's exactly the site you're talking about.

You see, and you know what's the shittiest thing is that because I'm not on social media, I somehow fell into this because I fell in through that route. That was the rabbit hole that I went through via that route. And I'm not au fait with the Instagrams of this world.

So it appears that they have used the legitimate brand's imagery in some places. But yes.

Ours was, and we did the reverse search on that stuff. But yeah, I fell hook, line, and sinker. So any links, Graham, just please throw them in the show notes for me.

Quite a lot of people who've written about this, yeah. But just in the last week or so.

So there you go, listeners. And it's gonna cost me at the moment, maybe nothing, 'cause I have to say, when I called the credit card company, they were incredibly kind and helpful. They really were. And they basically— I'm going to call— we'll see what happens. And I will report in the new year. That's good.

But you know what? Well done you for using your credit card. The other tip I could give people is you could have a different credit card number for online purchases, which may have a limit as to how much can be spent on it. Some people have cards— I don't have one of these actually. Maybe you have one of these, which can create virtual card numbers.

Yes. Did I use that card?

Oh, you do, but you didn't use it?

It was in an area of the house where someone was maybe sleeping. So, look, I almost didn't do this story, right? Because it is flipping mortifying. I'm so embarrassed and also pissed off with myself. But at the same time, I think the one thing that I took away from it is it's amazing how sometimes you can get yourself in a psychological state for whatever reason, and you will— it leads you, and you just got to take a breath. And I fell for hook, line, and sinker, even though I know all about this shit. And it's mortifying, but it happened to me.

Yeah, well, I think it's very, very good that you've shared this story. I have to say, from my experience of things like Instagram, the ads there can be really compelling. There's something about them where you just kind of think, oh, that looks so cool.

I just don't play on Instagram, and I— yeah, I got lured into—

Can you report it as well to Instagram? The ad, if you saw the ad again.

Yeah, yes, I can. I'll block every time I do. I'm now blocking and reporting. Yeah, but I have no idea where that goes. But yeah, anyway, beware. Happy Christmas.

You say happy Christmas to me, I'm now not getting this crockery or whatever. I know. It's 90% off for these things.

Well, well, you know, you can come over and play Scrabble.

Okay.

Thank you to Smashing Security sponsors Vanta. Where you can shortcut compliance without shortchanging security. Expand the scope of your security program with Vanta's market-leading compliance automation. Vanta's 5,000+ global customers report saving over 300 hours in manual work and up to 85% of cost for SOC 2, ISO 27001, HIPAA, GDPR, custom frameworks, and more. And with Vanta's 200+ integrations, you can easily monitor and secure the tools your business relies on. From the most in-demand frameworks to third-party risk management and security questionnaires, Vanta gives SaaS businesses of all sizes one place to manage risk and improve security in real time. As a special bonus, Smashing Security listeners get a whopping 20% off Vanta. Just go to vanta.com/smashing. That's vanta.com/smashing. If you work in security or IT and your company has Okta, this message is for you. For the past few years, the majority of data breaches and hacks you read about have something in common. It's employees. Hackers absolutely love exploiting vulnerable employee devices and credentials. But imagine a world where only secure devices can access your cloud apps. Here, credentials are useless to hackers, and you can manage every OS—even Linux—from a single dashboard. Best of all, you can get employees to fix their own device security issues without creating more work for IT. The good news is you don't have to imagine this world. You can just start using Kolide. Kolide is a device trust solution for companies with Okta, and it makes sure that if a device is not trusted or secure, it can't log in to your cloud apps. Visit collide.com/smashing to watch a demo and see how it works. That's collide.com/smashing.

And welcome back. Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.

Pick of the Week.

Pick of the Week. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app, whatever they wish. It doesn't have to be security-related necessarily. Better not be. Well, my pick of the week this week is actually a podcast, Carole. Oh! Or an audio documentary. It wasn't a podcast until I saw the creator of this audio documentary post about it on Twitter. And I said, "Oh, it'd be lovely if you had this as a podcast." And he said, "All right," and he shoved it up on my podcast host. Oh, cool! Yeah, it's very good of him. His name is Lucas Testreau. Okay. And he has made a documentary in 3 parts about the life and work of Donald Cotton. Now—

I know that name. Why do I know that name?

You don't know this guy. Are you sure? Yes, I don't think you know Donald Cotton. Donald Cotton, how can I explain? You know, when I choose a Pick of the Week, I quite often think I'm in a dilemma. Do I choose something that I really like, or do I choose something that I think listeners will actually like? In this case, I suspect only a very niche number of our listeners will enjoy this because the biggest audience probably for this is a Doctor Who fan audience, but not just a fan of Doctor Who generally, but a real kind of in deep fan.

Wasn't he a Doctor Who writer?

He was a Doctor Who writer in the 1960s. He wrote two Doctor Who stories: The Gunfighters, which was all about the gunfight at the O.K. Corral, and The Mythmakers, which was all about the Siege of Troy and things like that. And I've never actually seen The Mythmakers because it was destroyed by the BBC. I have seen bits of The Gunfighters, but as a young lad, I loved reading those two particular novelizations. So, Doctor Who stories were novelized. These two were novelized by Donald Cotton himself, and they are two of the funniest books I have ever read.

Do you not think you've told me this before in our friendship that has been about 30 years long now? I'm—

It's possible I've told—

Is it possible when all the Doctor Who books were living in our office space for about a decade? Do you think it's possible that I said here's a particularly good one?

Yes, I really love Donald Cotton. It's really funny. Well, that's what this documentary or podcast is all about. It's in 3 parts. It's about 45 minutes per part. It's called Mythmaker: The Lost Legacy of Donald Cotton, and you find out about his life. This very witty chap who had a bit of a sad life, a difficult life, a lot of lady action, but at the same time, it seems that he was unfulfilled both as an actor and a lyricist. TV, he felt, was beneath him. He wanted to be into the stage, and it's quite moving. And I really enjoyed this podcast. I suspect there are about 3 people who may enjoy it who are listening as well. It's a great tale about somebody's life and the impact they had, and it's extremely well put together by Lucas Testreau. So I really wanted more people to hear it. He interviews people, he manages to get in touch with Donald Cotton's family, his estranged son, other people who used to be married to him. He used a lot of sort of open source intelligence to reach out and get in touch with people. It's absolutely fascinating how he did it, and it's a great little documentary. I really enjoyed it. So if you're into Doctor Who or if you just hear about stories about people's lives— I certainly love to hear stories of people's lives— then I can recommend Mythmaker: The Lost Legacy of Donald Cotton. And if you manage to get hold of a copy of The Gunfighters book or The Mythmakers, you'll really enjoy those as well. Are you looking for first editions, Clue? No, I think I've probably got first edition. Actually, no, I— oh, I gave away all my Doctor Who books to a charity shop before my son was born. I thought, I'm never going to have kids. I'll give these all away. And then of course I had a kid. I've got them as PDFs. Great. Not really the same though. Hey ho. Anyway, that is my pick of the week. Carole, what's your pick of the week?

Well, you know, some of us are going to be inundated with people this holiday season. Others may not be. Some of you also may have people you wish you were with, but can't be because you're travelling or you're in a different country, different part, you know, it's too expensive, all that stuff. So how do you connect? Well, of course, there's the video call, right? Yes. But they can be quite difficult. I don't know if you've done— we all have done family-wide ones, especially during the pando, where you're sitting there and everyone's— you know, my other half's parents would sit there and they— I think their screen was smudged with some kind of grossness. So they looked they were in a sepia, 1920s screen. It's just so weird. Anyway, so you have these situations and everyone I know it's kind of awkward on these calls and stuff, but maybe, maybe you could do some good old Christmas games, those that people play around the fireplace. Ah! Virtually. Okay. So I found a list, which I'll share in the show notes. Oh, this is brilliant. There's a number of different ones, and I'm gonna share my favourites here, okay? So there's virtual karaoke Christmas, where you would download an online karaoke player or just share your screen. Yep. And everyone has a chance to join in screaming from your houses, right? There's the virtual scavenger hunt where one person puts together a list of crazy items that may or may not be in the house.

Oh, and then you all have to run off and go and get them.

You have to all run off and find out as many as you can, and the one who has the most is the winner. And it could be things like batteries, family photograph, you know, condom wrapper, whatever.

What happens if Auntie Marge runs off and there's suddenly a scream and a thud? And you realize she's fallen down the stairs, stepped on a roller skate.

You can play Never Have I Ever. Ah, that's a bit kinky, isn't it?

I've never played that.

Well, I don't know, but I think on Zoom it's quite fun, I think, because the idea of it— or on Zoom or on any video player— but basically the idea would be someone says, never have I ever X, whatever. And those that are guilty of it have to keep their cameras on and those that aren't turn them off. Right? So you turn off your screen and then the only person left is the— Yeah. You have two truths, one lie. We all know that game. Oh, that's good fun.

Yeah. Right.

Okay. So, Graham. Yeah. I've got one for you here. All right. I have ridden an ostrich. No. I have water skied barefoot like Jesus. Like Jesus.

I don't think Jesus did water ski, Carole.

Okay. Well, maybe he was invisible like Wonder Woman's plane.

Maybe he kept his sandals on. Okay. I love tricking people into eating durian fruit. Well, I know that one's true because you've tricked me into eating durian fruit and it's absolutely disgusting. So that's two truths and a lie. So it's either you've water skied. Or—

Barefoot. No skis. Oh, I see.

That must hurt. Or what was the other one? Ridden an ostrich. You've not ridden an ostrich. That would be cruel.

I've never ridden an ostrich. You know me well. My Pick of the Week, for those of you at home or away from home—

Is riding an ostrich. That's Pick of the Week. Fun, fun, fun. Well, that just about wraps up the show for this week and wraps up the Smashing Security podcast for the year. 2023, goodbye. We are going on a little break. It's been a wonderful year, hasn't it? 2023. So marvelous. I'm sure 2024 will be so much better.

It says here. I'm hoping for less warring, more talking. Just saying.

We will be back in the second week of 2024. January the 11th, I think our episode comes out. So don't forget us. Of course they won't. Graham, don't be so needy. In the meantime, you can follow us on Twitter @SmashingSecurity. And we're also on Mastodon as well. And we also have a Smashing Security subreddit. And don't forget to ensure you don't miss our episode when we come back in January. Follow Smashing Security in your favorite podcast apps, such as Spotify, Overcast, and Apple Podcasts.

And huge, huge thank yous to our episode sponsors, Vanta and Kolide, and to our wonderful Patreon community. It's thanks to them all that this show is free. For episode show notes, sponsorship info, guest list, and the entire back catalog of more than 352 episodes, how can you be bored? Check out smashingsecurity.com.

Until 2024, cheerio, bye-bye, bye!

Happy holidays, happy holidays! I was trying to build a Christmas album. Oh yeah. And I wanted to get different genres. So I was looking for rap Christmas albums. There's not a lot of that. There's not a lot of that. All right. But I then ended up in Christian rap Christmas albums.

C-rap, as it's known for short.

Yes, maybe. And there's this one called Jesus, It's Your Birthday. Hey Jesus, it's your birthday. Hey Jesus.

Do you remember I bought you Billy Idol's Christmas album?

You did, but I didn't have a CD player. So, you know, it was— you were just about two decades too late.