MPs aren't just getting excited about an upcoming election, but also the fruity WhatsApp messages they're receiving, can we trust AI with our health, and who on earth is pretending to be a producer for the Drew Barrymore TV show?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Naked photos sent in WhatsApp ‘phishing’ attacks on UK MPs and staff - Politico.
- How I was targeted in the Westminster honeytrap - BBC News.
- The Westminster honeytrap plotter tried to catch me too - The Times.
- How Westminster WhatsApp ‘honey trapper’ targeted party conference season - Politico.
- William Wragg quits Commons roles over Westminster honeytrap - BBC News.
- A new prescription - The Economist.
- Change Healthcare faces second ransomware dilemma weeks after ALPHV attack - The Register.
- ‘The Drew Barrymore Show’ Targeted by Fraudsters in Celebrity Scamming Effort - Yahoo! News.
- ‘Drew Barrymore Show' Targeted in Hacking, ID Fraud Scam by Imposter Who Posed as Producer and More - Variety.
- Guy Fieri Calls Drew Barrymore “Gangster” For Talking With Her “Mouth Full Of Food” On ‘The Drew Barrymore Show’ - Decider.
- Beware The Fake Drew Barrymore Le Creuset Cookware Giveaway Scam - Malware Tips.
- Carmen - Royal Opera House.
- Mandy - BBC iPlayer.
- Anita de Monte Laughs Last - Bloomsbury.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Kiteworks – Step into the future of secure managed file transfer with Kiteworks.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
- Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
CAROLE THERIAULT. He doesn't sound like he did anything wrong until he did.
GRAHAM CLULEY. Well, yes, Carole, I never did anything wrong until I stole the crown jewels. Did you? I never did anything wrong until I murdered someone.
CAROLE THERIAULT. You heard it here first, listeners.
UNKNOWN. So yes, you're right, he didn't do anything wrong until he did. Smashing Security, episode 367: What's Up at Westminster? Unhealthy AI and Drew Barrymore with Carole Theriault and Graham Cluley. Hello, Hello and welcome to Smashing Security episode 367. My name's Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. And Carole, we're joined by a special guest, someone who hasn't been on the show for a while. Please introduce him, them, it.
CAROLE THERIAULT. We have this week Mr. John Hawes. Thank you for joining us, John.
JOHN HAWES. Thanks for having me.
CAROLE THERIAULT. Always a joy.
GRAHAM CLULEY. Good to have you back, John. And, oh, by the way, Well, while we're sharing good news, Amazon has now refunded me.
JOHN HAWES. So there we go.
GRAHAM CLULEY. No way. Yeah, they have refunded me, but they haven't really explained what happened, which is a little bit more annoying. But yes, pleased to have said, kicking off a big stink on the Smashing Security show certainly helps.
CAROLE THERIAULT. Brilliant.
JOHN HAWES. Someone somewhere still has your phone.
GRAHAM CLULEY. Well, it's curious, isn't it? By the way, listeners, if you've got a problem with Amazon, we can't take on each and every one of you. You can't write to us and we can't make it a reg— maybe we could make it a regular segment. Of the show where we have a different listener who's having a problem with Amazon customer service. See if we get a result. Maybe not.
CAROLE THERIAULT. How about we kick this show off?
JOHN HAWES. Okay.
CAROLE THERIAULT. First, let's thank this week's wonderful sponsors, Collide, KiteWorks, and Vanta. It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?
GRAHAM CLULEY. I'm going to be asking WhatsApp at Westminster.
CAROLE THERIAULT. Oh, I like what you did there. What about you, John?
JOHN HAWES. I'm going to be talking about AI in healthcare. Is it great? Is it scary?
CAROLE THERIAULT. Ooh. And I'm going to be asking what's going on with the Drew Barrymore Show. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chums, chums, I've got a question for you, and this may be an awkward question. This may be something which you don't want to reveal. I don't know. Has anyone from your past ever messaged you out of the blue?
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. So maybe someone who suggests they may have had a liaison, a certain frisson with you.
CAROLE THERIAULT. Someone like an ex-boyfriend type thing, perhaps.
GRAHAM CLULEY. Perhaps something like that. Yeah.
CAROLE THERIAULT. Yeah.
JOHN HAWES. Not me.
GRAHAM CLULEY. Not you, as I know, John.
JOHN HAWES. The closest I get is distant uncles, if that counts.
GRAHAM CLULEY. And sometimes you might not be sure as to who they are. I don't know if you've had a colorful past, Carole. You're thinking, well, you know, need to narrow it down a bit more.
CAROLE THERIAULT. Well, as you know, I don't actually pay a lot of attention to email or social media or any kind of communication. I mean, basically, even my— I don't even hear my door being knocked on now.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. Yeah, I'm turning into a hermit.
GRAHAM CLULEY. Oh dear.
JOHN HAWES. So it could be happening all the time.
CAROLE THERIAULT. It could be.
GRAHAM CLULEY. I don't know. It could be someone banging on your door, as it were. You won't even notice it. Half and half. What I'm thinking is that there might have been someone maybe who suggests they felt a little tingle for you back in the day and you felt a little tingle for them.
And maybe it's something that they want to reconnect with and re-explore. Well, this is what has been happening in the hallowed halls of the British Parliament, the Houses of Parliament itself, because politicians, staffers, and journalists have been reportedly bombarded with racy WhatsApp messages.
Ooh. Either from someone called Abby or someone called Charlie. Have you heard about this? It's been in the newspapers. It's been causing the headlines.
CAROLE THERIAULT. I've read the headlines only, but you'll give me the inside scoop.
JOHN HAWES. Quite a big deal.
GRAHAM CLULEY. Well, the story broke in Politico, which is a political news website. And they reported how several men from the heady world of politics had been sent these unsolicited WhatsApp messages.
From two suspicious phone numbers between October and February this year. And the people sending these messages, they sign themselves off either as Abby or Charlie.
And the conversation always seems to start the same way. They say, oh, hey, you know, hi, met you a while ago at this political event venue.
You know, we got sloshed, something like that. You know, we're at the bar or at the party conference.
We're working on the local by-election campaign and long time no speak.
CAROLE THERIAULT. Beer in hand.
GRAHAM CLULEY. Yeah, yeah. Long time no speak.
How are you doing? Miss seeing you around Westminster.
A little cheeky kiss at the end of the message. And you're thinking, oh, well—
CAROLE THERIAULT. This is WhatsApp, you said?
GRAHAM CLULEY. These are on WhatsApp.
CAROLE THERIAULT. So presumably, if you know the person and they're in your contacts, their name would crop up.
GRAHAM CLULEY. Well, and that's your confusion when you receive one of these because you think, well, I don't recognise this number. I'm not sure who this is.
So you might well say, sorry, do I know you? And then they reply, ha ha ha.
They say, ha ha, it's Charlie, they say. I used to work in Parliament.
We swapped numbers.
CAROLE THERIAULT. Don't you remember?
GRAHAM CLULEY. Yeah, don't you remember? We swapped numbers after drinking one night.
You know, I'd be offended, but it was a while ago. Kiss kiss.
And it's all a little bit kiss kiss, you know, it's all a little bit flirty, you know, it's, oh, what's this? You know, they're saying, are you still single?
You know, what's going on? And before you know it, the conversation has turned sexual.
CAROLE THERIAULT. What?
GRAHAM CLULEY. Yes, Carole, this is how the youngsters do it these days.
CAROLE THERIAULT. It is WhatsApp, that's what it's for. So you're, hi, I use WhatsApp a lot, and A, I don't respond to messages I don't know from people I don't know.
I just ignore them. In fact, I think I just view contact information, so maybe people are sending me messages I don't even know because they're not my contacts, so I don't care.
GRAHAM CLULEY. But you're not single, Carole, and you're presumably in a happy relationship with your Yeti. Presumably, yes.
Presumably.
JOHN HAWES. And not a member of parliament.
GRAHAM CLULEY. That's the other thing, because they were all randy as anything, I suspect. Anyway, in some cases, explicit images were also sent via WhatsApp.
I think it's called a thirst trap. Have you heard of a thirst trap?
CAROLE THERIAULT. No.
GRAHAM CLULEY. Oh, go on.
JOHN HAWES. That's a new one.
GRAHAM CLULEY. You guys.
CAROLE THERIAULT. Yes, we both live under rocks, Graham.
GRAHAM CLULEY. Okay, well, a thirst trap is if you send an image, I think, of yourself working out at the gym, or you yourself looking very, very hot in your tennis shorts, something like that. It's to lure in the people, the gender that you're interested in to be going, oh.
CAROLE THERIAULT. So it's not nudie pictures necessarily, but it's sexy pictures.
GRAHAM CLULEY. It could be. I mean, you know, it's slightly fruity.
CAROLE THERIAULT. Slightly fruity.
GRAHAM CLULEY. It varies the level of fruitiness, but you know, it'd be something sort of saying, do you fancy a little bit of this or not? And in some cases, this Charlie fella, he said, you know, oh, I used to work in Parliament.
Charlie would brag about having had sex with several Conservative and Labour MPs, because that's the sort of thing you boast about, isn't it?
CAROLE THERIAULT. Did Charlie send a picture of himself?
GRAHAM CLULEY. Well, he's got a picture on his profile. There's a picture on his profile of presumably Charlie and a woman as well.
So there's a picture of—in fact, the same image is being used both by Abi and Charlie. So you're not sure which one of them is sending the message, but one of them calls themselves Abi.
CAROLE THERIAULT. Surely, I'm just saying, if you see someone's picture and the guy's, "Hey, do you remember me?" Or the girl's, "You remember me? Remember me?" And then you see a picture of them and you're, "No and no." Surely that's end of.
GRAHAM CLULEY. Carole, you obviously haven't been to very many political events where you get very, very drunk on the nation's dime. And you may not remember absolutely everyone who you flirt with.
You're obviously not living that kind of life. John, you work in the anti-malware testing community—are there any events where those sort of things happen?
JOHN HAWES. I must say, I have certainly been to conferences where I don't necessarily remember all the people I spoke to.
GRAHAM CLULEY. There you go. So it's possible.
So you might bump into someone and think, oh yeah, you know, have a little flirty conversation. Anyway, it seems you would get contacted by Abi or Charlie depending on whether you were likely to be interested in men or women.
An unusual exception was BBC chief political correspondent Henry Zeffman. He has written an article about how he was approached, and his situation was unusual because he got approached by both of them—both Charlie and Abi contacted him.
CAROLE THERIAULT. Well, you never know, right? He might swing both ways.
GRAHAM CLULEY. Well, maybe he does. I don't know what Henry's persuasion is.
But, you know, I suspect that was actually the person who sent the message being a little bit sloppy in using the same phone number, forgetting if they were Abi or Charlie when they were sending the message.
JOHN HAWES. Probably.
GRAHAM CLULEY. Anyway, one MP received these messages. He smelt a rat.
He contacted the police—I think very, very sensible thing to do, because if you're an MP you've always got to be on the lookout for someone trying to get dirt on you, right? It could be a tabloid newspaper, it could be an enemy state, it could be the opposition, someone who's trying to catch you out in some way, or maybe a potential blackmailer.
Contact the police and say, "Had this strange thing sending me pictures of themselves in tight tennis shorts. What should I do about this?"
CAROLE THERIAULT. Well, as we talked about a few weeks ago, if the pictures are of them nude and they weren't requested, that's cyber flashing. You know, that's illegal.
GRAHAM CLULEY. I suppose it is. I suppose. Is cyber flashing— Carole, you did your research into cyber flashing. Is cyber flashing something which only someone with a penis can do, or is it something that you could do if you were—
CAROLE THERIAULT. Non-penis carrier.
GRAHAM CLULEY. A non-penis carrier.
CAROLE THERIAULT. I suspect it's not a gender-specific law. I think, yeah.
GRAHAM CLULEY. What would happen if you were to send a picture of a statue of someone with a turgid member.
CAROLE THERIAULT. What statue do you know of that has a turgid member?
GRAHAM CLULEY. Oh, Carole, I'm sure.
CAROLE THERIAULT. And no ivy in front of it.
JOHN HAWES. Ivy leaf.
GRAHAM CLULEY. I'm sure they exist. I'm sure they exist. Anyway, whether there's a turgid member or not, I just suspect that, you know, a photograph— I don't know.
CAROLE THERIAULT. Are you talking about politicians again when you talk about—
GRAHAM CLULEY. Let's move back. Let's go back. Anyway, so I say one MP smelled a rat. But the question is this. How did Abi and Charlie know who to contact? Where did they get these phone numbers from of politicians, political journalists, staffers, etc., etc.? And this has been revealed to us since the initial story, right?
CAROLE THERIAULT. Okay, but before we— before you reveal, surely if you're a member of parliament, your phone number is on your website for your jurisdiction that you look after?
GRAHAM CLULEY. No. It could be. It could be. I remember Boris Johnson had a very public phone number. That's true. Even when he was Prime Minister, he left it lying around for years, didn't he?
JOHN HAWES. Yes. And they must have lots and lots of contacts as well, like journalists and things that they talk to. Presumably their number's reasonably easy to get hold of compared to a normal person.
GRAHAM CLULEY. I don't think, Carole, that most members of Parliament would give their mobile phone number on their website. They'd probably give their office number. The mobile phone number, you would think that you would just get deluged with people signing you up for stuff or sending you unpleasant messages.
JOHN HAWES. You'd hope so.
GRAHAM CLULEY. Anyway, so how do they work this out? How do they get the numbers? Well, it has since turned out that another MP, a chap called William Wragg, he has admitted providing phone numbers of his fellow MPs to a man he met on Grindr, the gay dating app, which is— Question! Yes?
CAROLE THERIAULT. So—
GRAHAM CLULEY. Well, what? What's the question?
CAROLE THERIAULT. No, no, I'm just— I'm okay. So I just, I want to hear how this happened. Like, how does he provide these numbers?
GRAHAM CLULEY. How does he do that? Well, it appears that William was contacted by someone who we will call Charlie for these purposes. So Wragg, he's gay, and he said he was mortified. He said he's apologised for his weakness. He's also said he never hired Charlie as a parliamentary aide because Charlie was contacting these other people saying, oh, I used to work for William Wragg in Parliament. And William Wragg said nothing to do with it.
CAROLE THERIAULT. Okay, so let me just make sure I understand. So your guy, who's our politician here?
GRAHAM CLULEY. William Wragg.
CAROLE THERIAULT. William Wragg. So William Wragg, who happens to be gay, gets contacted via WhatsApp saying, hey, you're kind of cute, look at this picture.
GRAHAM CLULEY. They met on Grindr.
CAROLE THERIAULT. Or on Grindr. On Grindr.
GRAHAM CLULEY. They met on Grindr. And then the conversation, as I think it got a little bit more fruity, it transferred to WhatsApp later.
CAROLE THERIAULT. Right. And then at some point he was like, hey, can you give me the phone numbers of all your buddies? Thanks.
GRAHAM CLULEY. Well, it's one way of flirting. It doesn't quite happen. This is possibly corrupt. Well, you're not having that much success. But yes, it doesn't quite work that easily.
So what happened was William Ragg says that this Charlie fella had managed to get some compromising photographs off him. So they had been flirting.
CAROLE THERIAULT. Oh, and he provided them.
GRAHAM CLULEY. And William Ragg reciprocated with some images. Then Charlie, in quotes, said, well, I want the phone numbers of other MPs and other people in politics. Otherwise I'm going to make life a bit difficult for you. In other words, he was being blackmailed.
So William Ragg says he got chatting to him. They exchanged photos. They were meant to meet up for drinks, but the other guy didn't show up. Then he started asking for numbers, and he was, you know, the MP was worried because he basically had kompromat on him.
So it appears that someone was trying to gather information about MPs, maybe get their phone numbers, maybe who knows what else would have transpired. At the end of this. But William Ragg initially had not gone to the police. He had given in to the blackmail.
JOHN HAWES. Maybe he may have just been after more and more phone numbers, a pyramid scheme.
GRAHAM CLULEY. Maybe he's a phone number collector. A bit being a trainspotter or something that. Or a license— I used to write down license plate numbers of cars. I used to think that would be a good hobby.
CAROLE THERIAULT. Did you?
GRAHAM CLULEY. When I was very young, yes.
CAROLE THERIAULT. You can get back to it when you retire. Don't worry.
GRAHAM CLULEY. Okay. Turned out it wasn't that exciting.
CAROLE THERIAULT. Yes.
GRAHAM CLULEY. Anyway, MPs as a consequence. So this William Ragg guy, he's stood down from— he was deputy chairman or something on the 1922 committee. He stepped down.
He's not resigning as an MP or anything that. He's going to carry on as Conservative MP, at least until the next election. He says he is going to stand down the next election, as many other Tory MPs are.
CAROLE THERIAULT. He doesn't sound he did anything wrong until he did.
GRAHAM CLULEY. Well, yes, Carole, I never did anything wrong until I stole the Crown Jewels.
JOHN HAWES. I never did anything wrong until I murdered someone.
GRAHAM CLULEY. You heard it here first, listeners. Yes, he didn't do anything wrong until he did.
CAROLE THERIAULT. No, no, but my point is, there's nothing wrong with being on Grindr, there's nothing wrong with sharing sexy images. You both want them, blah, blah, blah. But he went astray when the guy's, you know, but give me the numbers or else.
JOHN HAWES. Well, if you're an MP and you think that someone having nudie pictures of you would be potentially compromising, then handing—
CAROLE THERIAULT. Why the fuck did you send them?
JOHN HAWES. Yes, exactly. That's doing something wrong.
GRAHAM CLULEY. It's not great judgment, I think. Because people in these sort of positions are open to being blackmailed, right? He's probably got more to lose than you or I have got to lose by being blackmailed by, for instance, Russian agents or something that.
CAROLE THERIAULT. You know what? I have an idea. I have an idea.
So say you're in that situation where you want to share nudie pictures with somebody.
JOHN HAWES. I—
CAROLE THERIAULT. What about doing your nudie picture as a kind of walk-by, maybe have a remote. So basically it's just you're walking naked in a room. You know, you're not paying attention and showing off everything. And then you can say, look, I was just walking across to get a cup of coffee in the buff.
JOHN HAWES. Or you could just send them a drawing instead.
GRAHAM CLULEY. Yes. When you said a walk-by, I was imagining like a drive-by shooting. You just drive past the house naked very, very quickly and say, if you happen to look out the house now, you might see me going past. So we don't know who's behind the attacks. Was it a tabloid newspaper? Was it an enemy state? Was it YouTuber pranksters? You know, we don't know. But I think there's some advice we can offer our listeners, which is, if someone suspiciously hot starts messaging you out of the blue, it's probably a trap.
CAROLE THERIAULT. Well, unless you're super hot.
GRAHAM CLULEY. Well, even so.
JOHN HAWES. Still probably.
GRAHAM CLULEY. Especially if you work in politics. You know, if you're a politician, there's no one less sexy in the world at the moment than politicians. No one sexy is trying to have sex with you. It's just not happening. This is a golden age for quantity surveyors and estate agents and traffic wardens because they're not the least sexy profession anymore, right? Politicians are. So there's no chance of you having sex. No one's interested in flirting with you.
You're considered vile. And the other thing is Westminster, get your act together. This is like cybersecurity 101. It's gone horribly, hilariously wrong. But just be sensible. I mean, what's next? Are MPs going to believe they're going to inherit a fortune from a Nigerian prince? You know, this isn't complicated. They should know how to protect themselves and act sensibly.
JOHN HAWES. Did anyone else fall for it? Was it just this one guy that actually engaged, or did other people start saying, oh yes, Charlie, I don't remember you, but here's a picture of my armpit?
GRAHAM CLULEY. There have now been, I think, about 17 people who say that they got the messages. It's unclear how many may have taken the flirtation a little bit further and actually exchanged images and maybe other information as well. And of course, it may be more than 17 people this has happened to who are nervous about going to the authorities and saying, "Yeah, we've done it as well." So the Speaker of the House has said, if there's anyone else out there who's done this inside the House of Commons, please let us know because we are trying to investigate.
CAROLE THERIAULT. They're naked inside the House of Commons?
GRAHAM CLULEY. Always, yes, yes, that's right, Carole. That's exactly what's going on. John, what have you got for us this week?
JOHN HAWES. So I wanted to talk a bit about AI in healthcare. That seems to be a thing that's cropping up in my various news feeds a lot lately. And The Economist magazine did a big quarterly technology special on it. So AI has been in use in health things for quite a long time now. I'm sure you probably remember the Google DeepMind when they brought out their AlphaFold, which could fold proteins into shapes.
GRAHAM CLULEY. Oh, I thought it was some sort of machine learning origami when you say AI. Well, it kind of is.
JOHN HAWES. It's like a—
CAROLE THERIAULT. Is it?
JOHN HAWES. Well, almost. It's not paper. It's protein. So you have this kind of string of— Yeah. I don't— whatever the components that make up proteins, amino acids or something. And basically once you have that string, it kind of folds up into a shape and that shape affects what it does. And something people have been working on for 50 years or so and had solved a few, I think something like 160,000, something like that had been solved in that 50 years.
GRAHAM CLULEY. And at the end it turns it into a swan or something like that, does it?
JOHN HAWES. Well, no, it turns it into a protein which might be incredibly useful as a drug or who knows.
GRAHAM CLULEY. Oh, okay.
JOHN HAWES. AlphaFold. So that's a big thing. So that's now solved 600 million of these. In the 3 or 4 years since it's been around, which compares to the 170,000 in the 60 years people have been working on it without this kind of technology. And there's a lot of similar techniques being developed to help in developing drugs, which is probably a good thing, hopefully.
I mean, it's not made an enormous impact yet, mainly because the process of putting out a drug, it's not just, oh, look, we've made it, we've made a molecule. Done. What it's really doing is identifying potential drugs that then have to go through great big long trial processes, which are the same as they always were, and take years and years and cost billions.
So it's reduced the time to find the candidates and possibly made the candidates better, but if still 80, 90% of candidates are rejected very early stages of trials, and then the trials have to be completed anyway, there's not really any safety angles there that I could see.
GRAHAM CLULEY. Okay.
JOHN HAWES. That's a general benefit. That's a win-win. It's more on the other side of things where the humans come in, I guess. So things like diagnosis. So again, AI has been used in that for a long, long time.
I think it was 12 years ago that the first machine X-ray readers proved to be better than humans at spotting potential issues in scans and things. And then they've been getting better and better all the time. So it means you can process a lot more data with a lot fewer doctors, obviously.
You can use less X-rays in radiation because the machine reading it doesn't need it to be as bright. You can have much smaller machines that are much cheaper. So you can have a tricorder, in Star Trek, where you just go and run it over someone rather than having a huge room-sized machine.
CAROLE THERIAULT. That would be fun in Parliament, someone running around with one of those.
JOHN HAWES. So there's lots of these new ideas and techniques and hardware and particularly software coming out all the time. And in that side of things, the trial testing side isn't really keeping up, or possibly people are getting around it by not having very good testing methodologies. So people are implementing these things when no one's really sure how good and accurate they are, which can be a problem.
I mean, the main issue with that side of things, with reading scans and things, is false positives. So a machine would look at an X-ray or an MRI or something and say, oh, there's a weird blob there. Probably the lurgy. We're going to cut you open and chop it out.
CAROLE THERIAULT. Yeah.
JOHN HAWES. And then it turns out to be nothing, which is a bit of an issue. But again, according to The Economist, 800,000 Americans are killed or disabled by bad medical decisions every year. So human doctors aren't perfect either.
CAROLE THERIAULT. 800,000 a year.
JOHN HAWES. That's what they said. Seems a lot. I know.
GRAHAM CLULEY. So how are we going to fix this problem, John?
CAROLE THERIAULT. Oh, yeah. Dr. John.
GRAHAM CLULEY. Yeah, Dr. John.
JOHN HAWES. I don't know. Well, there's a lot more as well, right? So there's also the human interaction side of things, the doctor-patient relationship, how we find out from people what's actually wrong with them, which is another area where AI is really, really coming into quite widespread use, I think.
So we've had these flowchart type things that you have on the NHS website. You go there and you say, I'm feeling a bit poorly. And it says, oh, what's wrong with you? And you say, oh, my head hurts. And then you click through various yes/no type questions.
GRAHAM CLULEY. Now in the UK, they're telling you not to go to the doctors, aren't they? They're saying go to the pharmacist instead. And tell them how you feel.
JOHN HAWES. And they probably just use the same kind of flowcharty thing and go, yeah. And then they get to the bottom and it says, okay, call an ambulance or go home and go to bed, whatever. But so that those things are kind of similar to AI, but they're much more carefully curated data.
So all the information that they're relying on has been reviewed by experts and plugged in very, very carefully, and then the results are fully traceable. So when you get to the end and it says, okay, I think there's a 90% chance that you've got the lurgy, it can show exactly why it's made that decision.
CAROLE THERIAULT. Right.
JOHN HAWES. But when you start trying to do that with a large language model, say ChatGPT or something, which apparently they did a study last year, ChatGPT could get the same or similar results in a medical exam as the average third-year medical student. So doing pretty okay, but ChatGPT has read all the medical textbooks, so.
CAROLE THERIAULT. But also a lot of shit as well.
JOHN HAWES. Theoretically.
GRAHAM CLULEY. As well as a lot of nonsense it's read on the internet about. Exactly, yes. That's the thing.
JOHN HAWES. That's a big problem.
GRAHAM CLULEY. Right.
JOHN HAWES. That it's prone to hallucinations and really bad decisions. And that it can't actually say why it's made that decision. You can't trace back all of the inputs that it's based that on.
CAROLE THERIAULT. So I like this chatbot called perplexity.ai because it works a little bit like Wikipedia, in that it gives you notes.
JOHN HAWES. Oh, it gives all its references.
CAROLE THERIAULT. Gives its references so you can kind of double-check. It still has made mistakes with stuff that I've done.
So don't trust it blindly, people. Go check those links and make sure the information is in there.
But the other thing I've been reading a lot about is how all the AI competitors are screaming for data, right? Because the AI models are chewing up data and storing data faster than we are producing data.
And one of the worrying things I read is that we're now getting AI to create data to feed into the AI model.
GRAHAM CLULEY. Yeah, absolutely.
CAROLE THERIAULT. Right? So it's kind of, that's kind of insane really.
JOHN HAWES. Big feedback loop.
CAROLE THERIAULT. Exactly.
JOHN HAWES. So the other kind of part of this is that, so you have these kind of medical specialists, I guess, that are making the kind of things like on the NHS website, and then they're thinking, oh, well, we kind of want to make this a bit more human-friendly. So we need to kind of put some AI stuff on the front to make it able to converse with a person and maybe even put a face on it and a voice so you can consult with it like you would at, I don't know, I haven't seen a doctor in person for years.
It's always over Zoom these days. So you could easily just be a, you know, a deepfake doctor.
So there's the ones that the medical teams are making and they're trying to make feel more human. And then there's the other side where there's ChatGPT and things like that, which already can seem perfectly human.
We just need to plug in a bit more medical knowledge and a bit more carefulness maybe. And there's a kind of a race between those two as to which one is going to become the most popular.
It feels a bit like the IoT issue where people who made washing machines and TVs suddenly said, oh, you know, we can just plug in some internet into here and that'll make it way better. And then obviously they didn't really know exactly what they were doing. So that's a big risk.
CAROLE THERIAULT. I can think that AI would be maybe a very good pre-triage for medical establishments and hospitals, right? Because you could go through it and how many people now go to hospital and it's like, "Oh, you just have a splinter. Let me show you how to get rid of it," or something like that, as opposed to something super serious where you need professional medical attention.
JOHN HAWES. Totally. Yeah, well, that's again, back in the reading scans thing, that's where it's really helped a lot because in a lot of things, traditionally, you would need to have two doctors, one radiologist or whatever, one looking at it and the other one checking to make sure they got it right. Whereas now in a lot of less serious cases, they can just say, okay, the AI has spotted something. One doctor looks at it and goes, yeah, I agree, done. So you're saving a lot of time and effort there as well.
CAROLE THERIAULT. Let's hope that doctor's not overworked and going, yeah, it looks fine, looks fine, looks fine, looks fine, looks fine.
GRAHAM CLULEY. Doctor's overworked? As if.
JOHN HAWES. And of course, in all of this, there's the age-old issues of both data security and privacy. Apparently, in a lot of cases, people feel it's more private to be talking to a machine about sensitive stuff than an actual person. But, you know, how much of that conversation is actually being recorded? It's all being fed back into the AI's learning system. So no matter how much people try to anonymize it, if the AI has not been built exactly right, it might just one day turn around to someone and spit out, oh, Graham's got the clap.
GRAHAM CLULEY. Oi! Steady.
CAROLE THERIAULT. You have the clap, Graham?
JOHN HAWES. Well, just, well, you know, he might be a hallucination. And then when all that huge piles of data are building up and getting ever more interconnected, that there's always that risk that the data might get stolen or leaked. Just this week, there was another massive ransomware attack on a big US healthcare company. It took 4 terabytes of patient records and stuff. They say, oh, pay us the money or we'll put it on the internet or we'll sell it to somebody else. And then also, of course, there's no reason why, if they can go in there and copy everything, why couldn't they go in there and make a few little weird changes here and there, make it look like everybody's got hairy toes.
CAROLE THERIAULT. Old, old, old style payloads.
JOHN HAWES. Yeah, data diddlers.
GRAHAM CLULEY. John, have you not been to the doctors yet about your hairy toes? Or are you showing your hairy toes on Zoom? Because it's bad enough what people are receiving on WhatsApp at the House of Commons, let alone Would that be considered cyberflashing if they're really too hairy?
JOHN HAWES. I think it might be.
GRAHAM CLULEY. Carole, what have you got for us this week?
CAROLE THERIAULT. I want you guys to start off by looking at your inbox, your main email inbox.
GRAHAM CLULEY. Okay. Yes, I'm going in.
CAROLE THERIAULT. Tell me, how many unread mails have you sitting around?
JOHN HAWES. Zero.
CAROLE THERIAULT. Zero? Okay. What about you?
GRAHAM CLULEY. Well, I've got lots of folders and things.
JOHN HAWES. Do you mean the—
CAROLE THERIAULT. In the inbox, not the folders in the main inbox coming in, not classified.
GRAHAM CLULEY. Okay. It's only 1,779 at the moment.
JOHN HAWES. That's pretty good.
GRAHAM CLULEY. Wow.
CAROLE THERIAULT. Can I tell you mine? 48,835.
GRAHAM CLULEY. In your inbox?
CAROLE THERIAULT. Yep.
JOHN HAWES. This is why you never check your email, right? Because it's too hard.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. Yes. Because I'm too afraid. It's too much. I know. I think I'm just going to delete it all and start again.
I think that's what I'm going to do. And maybe that's why I'm so out of touch, because I'm not— I can't even bring myself to manage the glut of emails.
I mean, 99.9% I have not wanted or requested. And I used to be obsessed with being in the know, but now I just want to know what I need to know and not clog up my brain and emails with useless facts because I don't care anymore unless it's for the show, in which case I care a lot.
But here's a weird fact that I didn't know. Did you know that famous child actor Drew Barrymore has her own talk show?
JOHN HAWES. She's not a child anymore.
CAROLE THERIAULT. No, no, she was a child act— famous child actor. She's still famous.
GRAHAM CLULEY. I didn't know she had a chat show.
CAROLE THERIAULT. No, she's had one since 2020.
JOHN HAWES. What?
CAROLE THERIAULT. We all remember that late 2020 was, you know, the time of the rona virus. And this show, which I've never seen, seems to follow the format of chatting with a variety of people, such as other actors that were famous when they were kids, interior designers testing out viral beauty hacks and the like.
Do you know that guy called Guy Fieri? Was it called Diners and Dives, something like that?
That TV show where he goes around America?
GRAHAM CLULEY. Oh, the guy who eats a lot. The guy who— competitive eater.
JOHN HAWES. Enormous sandwiches.
CAROLE THERIAULT. Yeah, yeah. He eats a lot in his little Corvette or whatever, little red car.
GRAHAM CLULEY. Oh, it sounds like a great chat show, I have to say. I can't believe I've not been tuning into this wonder.
Yeah.
CAROLE THERIAULT. So he was apparently on the show recently to review a new McDonald's recipe. Would you try this?
A hash brown and McFlurry sandwich. Isn't that disgusting?
GRAHAM CLULEY. Well, how would that— wouldn't your bread get all soggy?
CAROLE THERIAULT. Well, I don't know. Maybe it's cold mayonnaise.
GRAHAM CLULEY. I don't know.
CAROLE THERIAULT. So basically Drew, that's what the people in the know call the show, The Drew Barrymore Show. Drew focuses on human interest stories, celebrity guests, lifestyle segments, and field pieces, all driven by a particular brand of humor and optimism that is Drew Barrymore.
Now, the show's launch took place in Manhattan during the lockdown, so there's no in-person audience, right? Instead, members of a virtual crowd would be beamed in via a platform called Audience and then projected on a large display behind Barrymore.
GRAHAM CLULEY. Well, you do shock me people don't bother to turn up in person to watch this show.
JOHN HAWES. I'm surprised.
GRAHAM CLULEY. So it's all virtual. What a surprise.
Okay.
CAROLE THERIAULT. I've always liked Drew Barrymore, though.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. I like her.
JOHN HAWES. Not enough to go to New York and sit and watch her talking about burgers.
GRAHAM CLULEY. No, no, no, no.
CAROLE THERIAULT. Even as a VIP, I would say thanks. Actually, I wouldn't see the email, would I?
GRAHAM CLULEY. No.
CAROLE THERIAULT. And some guests have even been asked to appear via green screen during lockdown because, you know, either they were far away or whatever. So why am I talking about Drew Barrymore?
Well, Variety put out an exclusive this week saying that the show is facing a bit of a booking nightmare. Because it seems that ne'er-do-wells have been fraudulently posing as officials from The Drew Barrymore Show in attempts to scam talent and other guests.
So they reported last week that the ruse has been flaunting paid opportunities for prospective guests and attempting to arrange social media efforts like Facebook broadcasts for a fee. And some people have even been solicited for invoices, which include requests for personal banking information.
GRAHAM CLULEY. So this scam relies upon people being so desperate to appear on The Drew Barrymore Show that they will pay to appear on Drew Barrymore Show with their product, I guess, or their service.
CAROLE THERIAULT. Well, I don't know if it's desperate. I mean, people do pay to have themselves— that's what ads are, right? And there is paid content out there that's legitimate, advertorial.
But the people that were contacting these potential guests had nothing to do with The Drew Barrymore Show at all. So the talent booking team at Drew began notifying celebrity representatives across the industry about the matter on Friday last week, saying, hey, it's not us, you know, this isn't us.
And the memo which went out to publicists and agents said, it has recently come to our attention that one or more individuals have fraudulently been holding themselves out to be connected with the Drew Barrymore Show and soliciting participation in Facebook Lives and other paid opportunities. The solicitations seem to be coming from various mock email addresses containing some part of the Drew Barrymore name.
And this is not the first time in recent history that Drew Barrymore's name has been ensnared into fraudulent activity. Do you remember earlier this year, we heard about advertisements promoting Le Creuset cookware on the socials, and they seem to have these celebrity endorsements? Well, Drew Barrymore's name was used in one of these.
JOHN HAWES. And she hates Le Creuset?
CAROLE THERIAULT. She hates Le Creuset. I have no idea. But, you know, no one asked her permission is what she's saying. So I'm thinking, if you're a celebrity, you have to basically spend quite a big proportion of your time going around going, "Not me, gov. Not me. That's not me."
JOHN HAWES. I didn't do that. You have a team for that, don't you?
CAROLE THERIAULT. Yeah, yeah. Okay, okay. But still, you know—
JOHN HAWES. You just add a full-time denier to your entourage.
CAROLE THERIAULT. But okay, imagine, Graham, if, say, some ne'er-do-well, let's say John Hawes, our VIP guest today.
JOHN HAWES. Not that guy.
CAROLE THERIAULT. Let's say he's going around booking guests on Smashing Security, or attempting to, just to secure some fraudulent payments from these potential guests.
GRAHAM CLULEY. Outrageous! Oh, I'd be annoyed.
CAROLE THERIAULT. Now, we wouldn't know that it's John doing it, right? All we'd hear, if we were lucky, is reports of some potential guests getting in touch with us going, "Hey, when am I on air?" Right. So what would we do? We would warn people on the show saying, "Don't fall for the scam." I suppose so, yes.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. Would we report it to the authorities?
GRAHAM CLULEY. What are they going to do? I don't know. But yeah, certainly we'd mention it on the podcast. Maybe we'd post it up on the socials telling people, you know, don't trust this. This is the way to get in contact with us.
If you want to be a sponsor on the show, here's how you do it. See what I did there? Here's how you contact . That's the best way. The only way to contact.
CAROLE THERIAULT. Exactly right. I don't know if anyone wants to get in touch with me because I don't read my emails and it's important. I'm thinking email Graham or John because you both read your emails.
We got your numbers. I trust you both, right? You're people I know that you read all your emails. And then, you know, maybe this is the real bonus of a lifelong friendship.
GRAHAM CLULEY. Legacy managed file transfer tools are dated. They lack the security that today's remote workforce demands. Companies that continue relying on outdated technology put their sensitive data at risk. Well, this podcast is sponsored by KiteWorks, who enable organizations to effectively manage risk in every send, share, receive, and save of sensitive content. To do that, they've created a platform that delivers content governance, compliance, and protection to customers, tracking, controlling, and securing sensitive content as it moves within, into, and out of organizations. All while ensuring regulatory compliance on all sensitive content communications.
KiteWorks provides the industry's first private content network for protecting risky third-party communications with secure email, secure file sharing, secure mobile, secure web forms, managed file transfer, and governed SFTP servers. Visit kiteworks.com to get started today. That's kiteworks.com. And thanks to them for supporting the show.
CAROLE THERIAULT. Smashing Security is also sponsored by Vanta. Managing the requirements for modern security programs is increasingly challenging and time-consuming. Enter Vanta. Vanta gives you one place to centralize and scale your security program.
Quickly access risk, streamline security reviews, and automate compliance for ISO 27001, SOC 2, and more. You can leverage Vanta's market-leading trust management platform to unify risk management and secure the trust of your customers. Plus, use Vanta AI to save time when completing security questionnaires.
Smashing Security listeners, you get 20% off Vanta. All you lucky sausages have to do is visit vanta.com/smashing to claim your discount. That's V as in Victor, A-N-T-A.com/smashing. And thanks to Vanta for sponsoring the show.
GRAHAM CLULEY. You've probably heard us talk about Kolide before, but did you know Kolide was just acquired by 1Password? Well, that's pretty big news since these two companies are leading the industry in creating security solutions that put users first. For over a year, Kolide Device Trust has helped companies with Okta ensure that only known and secure devices can access their data.
And that's what they're still doing, but now as part of 1Password. So if you've got Okta and you've been meaning to check out Kolide, now's a great time. Kolide comes with a library of pre-built device posture checks, and you can write your own custom checks for just about anything you can think of.
Plus, you can use Kolide on devices without MDM, like your Linux fleet, contractor devices, and every BYOD phone and laptop job in your company. Now that Kolide is part of 1Password, it's only going to get better. Check it out at kolide.com/smashing to learn more and watch the demo today.
That's k-o-l-i-d-e.com/smashing. And thanks to them for supporting the show. And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week.
JOHN HAWES. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they like. It doesn't have to be security related necessarily.
CAROLE THERIAULT. Better not be.
GRAHAM CLULEY. Well, my Pick of the Week this week, it's a bit of a Pick of the Week, it's a bit of a nitpick of the week. I'll be honest. Yeah, I'm sorry. It's a bit of both.
This week, there has been a birthday in the Cluley household.
CAROLE THERIAULT. Happy birthday to whoever that was.
GRAHAM CLULEY. Thank you very much. And it was decided that we would celebrate it by doing something a little bit different. And we went to the Royal Opera House in London, where we saw Carmen, Bizet's Carmen.
CAROLE THERIAULT. To get some culture.
GRAHAM CLULEY. It's a bit of culture. Never been to the Royal Opera House before.
JOHN HAWES. Did you wear a dickie bow?
GRAHAM CLULEY. Certainly not, no. But I was smartly dressed. You know, sartorially, I've always been Premier Division, haven't I?
By Premier Division, I don't mean that I wear football stuff. But there I was at the Royal Opera House and, you know, marvelous singing, the music, oh, the drama.
She gets strangled at the end, you know, but I guess they couldn't change the plot. Spoilers.
But it seemed a little bit brutish. But where my nitpick comes is with the presentation.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. Because I want to ask you a question. Is it all right?
And what do you think about taking something classic, something which is well established, where you expect to see a certain amount of spectacle, you expect to see it presented in a particular way. And what they've done is they've placed it in another time period.
So The Carmen at the moment at the Royal Opera House has been set in the 1970s, and there are people with mullets, and, you know, it's all sex clubs, and, you know, is it mainly the mullets you're objecting to? Well, it's just you do expect to see a certain amount of bosom and, you know—
CAROLE THERIAULT. I hear it's electrifying in simmering naturalistic staging. 4 out of 5 stars, says The Guardian.
GRAHAM CLULEY. Well, views do vary. There's the opinion of The Guardian, which did give it a very good review, and there's the views of me, which did say singing great, music great, fantastic, but I'm just not sure about when something's put in a different time.
What? Is this a gimmick?
And no, is it a gimmick? Is it a gimmick?
CAROLE THERIAULT. No, it's to try and get the youth of today going, hey, there's maybe some good moral tales here. This is a story I should watch.
GRAHAM CLULEY. You know what, Carole? The youth of today aren't interested in the 1970s.
The youth of today are interested in what's going on down in the streets, man. What's happening now in downtown.
CAROLE THERIAULT. I didn't know you were so connected to the youth. Yeah.
GRAHAM CLULEY. Well, you'd be surprised.
CAROLE THERIAULT. I would be very surprised.
GRAHAM CLULEY. Yes, you would be surprised. I would be surprised.
JOHN HAWES. It's also saying that some stories are not necessarily tied to a particular time in history. You know, they can be universal.
CAROLE THERIAULT. Timeless.
GRAHAM CLULEY. Some aren't. Some aren't.
Personally.
CAROLE THERIAULT. For an old curmudgeonly man who has had 3 nitpicks this month.
GRAHAM CLULEY. I would have liked to have seen something which was a little bit more traditional, a little bit more frou-frou, a little bit more of the passion and the roar and the roar. I wanted a bit more of that and a little bit less of the disco.
That's my opinion.
CAROLE THERIAULT. Well, why don't you ask for your money back then?
JOHN HAWES. What?
CAROLE THERIAULT. Why don't you go ask for your money back? You seem to be good at this.
GRAHAM CLULEY. You saw the problem I had getting money back off Amazon. I don't know if I'm going to get it off the Royal Opera House.
JOHN HAWES. Had they rewritten the music in a disco style?
GRAHAM CLULEY. No, no, they hadn't. They hadn't, but it was—
JOHN HAWES. Because that would be a bit weird.
GRAHAM CLULEY. That would have been weird.
JOHN HAWES. But it might be great.
GRAHAM CLULEY. Anyway, it's just something I want to— I'm just putting it out there into the universe. I'm putting it out there into the universe.
I'm just asking the questions. Is it okay to take the classics and put them into another time period?
That is my question for you.
CAROLE THERIAULT. The answer is yes.
JOHN HAWES. Yes, it is.
GRAHAM CLULEY. Yes, it is. Totally fine.
CAROLE THERIAULT. 2 out of 3 say yes.
JOHN HAWES. Often great.
GRAHAM CLULEY. And I'm saying in this particular case, I'm not so sure. And that is why it's both my pick of the week and my nitpick of the week. Thank you very much. I rest my case, my lord. John, what's your pick of the week, John?
JOHN HAWES. So not a lot of people know this, but I really enjoy big dumb action movies.
GRAHAM CLULEY. Okay.
JOHN HAWES. And especially big dumb action movies set on airplanes. Con Air?
You give me, give me, yeah, yeah. Nicolas Cage on a plane. Denzel on a plane. Liam Neeson on a plane.
GRAHAM CLULEY. Harrison Ford.
JOHN HAWES. Harrison Ford on a plane.
CAROLE THERIAULT. Snakes on a Plane.
JOHN HAWES. Snakes on a Plane I've not seen, but I would.
GRAHAM CLULEY. Leslie Nielsen on a plane.
JOHN HAWES. Yeah. Also good, but it's slightly different genre.
Okay. Jodie Foster on a plane. That was good. Kurt Russell on a plane with Poirot. Great.
Anyway, that's beside the point. I also very much a TV show that put out a new series this week.
It's called Mandy. Oh, it's on the BBC.
They did— they've done two series before. I think the first one 2020 and the second one 2022.
It's starring and created, written, made by Diane Morgan, who many people might know as Philomena Cunk. She did a lot of work with Charlie Brooker, had her own mockumentary series, which was also great.
CAROLE THERIAULT. Yeah.
JOHN HAWES. She's been in quite a few other things as well, but this is her own series. And the first two series were excellent.
They were. The Christmas special was fantastic.
And Series 3 has now come out. And I was delighted to find the first episode was basically Mandy on a plane in a big dumb action movie scenario.
And it was fantastic and great. And I haven't watched the rest of it yet, but I'm very much looking forward to because it's going to be amazing.
GRAHAM CLULEY. It's a very, very funny show. I didn't know there was a new series.
I'm very much looking forward to catching this. Yeah. Because I particularly it.
I it so much, in fact, that it was my Pick of the Week a couple of years ago. So we have had this before.
CAROLE THERIAULT. Not Series 3.
GRAHAM CLULEY. Not Series 3. No, John.
John, as it's such a good TV programme, I think it's well worth renewing. I'm going to allow it.
I'm going to allow it.
CAROLE THERIAULT. Yeah, because Graham's the boss.
JOHN HAWES. That's good.
CAROLE THERIAULT. Self-declared.
GRAHAM CLULEY. I had some criticism in my Pick of the Week slash Nitpick of the Week. So, you know, I'm just, you know, I'm— but well done, John.
I think Mandy is a terrific TV programme. It's lovely.
JOHN HAWES. Definitely. It's 15 minutes per episode as well.
You can watch a whole series in an hour or two.
GRAHAM CLULEY. Fantastic.
JOHN HAWES. Brilliant.
GRAHAM CLULEY. Carole, what's your pick of the week?
CAROLE THERIAULT. Mine is a book by bestselling author Xochitl González. And the book is called Anita de Monte Laughs Last.
And it's centered around a first-generation Ivy League art history student who uncovers the genius work of a female artist Anna De Monte, who is a rising star in the '80s. Now, the novel, while fiction, is inspired by a very real mystery involving Cuban-born conceptual artist Ana Mendieta, who in 1985 was found splattered on the New York streets, having either jumped in a suicide attempt, which people are saying super unlikely.
Or perhaps more likely, was pushed by her minimalist artist husband, Carl Andre. He was the darling of New York art scene at the time.
And rumor has had it, he was being driven mad by her rising success.
GRAHAM CLULEY. He could have argued it was performance art that he was actually doing this for, perhaps.
JOHN HAWES. Not very minimalist if she was splattered.
GRAHAM CLULEY. No, no, not minimalist. Good point.
CAROLE THERIAULT. This is a guy that would put 3 bricks in a room, and everyone would go, "Oh my God, it's so good. That's so deep."
GRAHAM CLULEY. Do you see what he's doing there? As long as he doesn't set the bricks on fire. In a different time period, I'm all right with it.
CAROLE THERIAULT. Well, I think I had a pick a week earlier that had a podcast about this whole story with Anna Demendieta and Carl Andre, but the name escapes me now.
JOHN HAWES. Oh yeah.
CAROLE THERIAULT. Anyway, this book, so Anita de Monte Laughs Last, is basically the novelization of this New York's big art mystery, right? And González uses a two-pronged approach, one telling the firsthand story of Anna de Monte in her own words, but the other protagonist is a young art history student, also Cuban, who decades after Anita's death learns about this whole mystery and death while researching the husband's art career for her degree. So the book delves into being a minority in elite environments, power, privilege, or lack thereof, and of course, the complexities of affirmative action.
And there's even an unexpected touch of magic realism in them. But the reason it's my pick of the week is because I did not read this book, I experienced it via audiobook.
Which is how I do things. And this telling of this novel is unlike anything I've heard before.
You have some seriously powerful performances by 3 different readers who make up all the different characters. And it is just— when I first— it opens extremely strongly.
So you could listen to the sample at the beginning and go, this is for me or not for me. But for me, it kind of cracks the door open of what audiobooks could become.
So I love the story, I love the writing, love the audiobook, highly recommend. So my pick of the week this week is Xóchitl González: Anita de Monte Laughs Last.
GRAHAM CLULEY. I think we've been very highbrow in our choice of picks of the week. I went to the Royal Opera House.
CAROLE THERIAULT. I didn't— no, no, you didn't have a pick of the week. You just bitched about the fact that they were dressed in '70s clothing.
GRAHAM CLULEY. No, no, I know I— it was a pick of the week combined with a nitpick week. Yeah.
JOHN HAWES. He said the music was nice.
GRAHAM CLULEY. Yeah. The singing was great. You know, I had no complaints to that.
JOHN HAWES. How were the facilities?
GRAHAM CLULEY. Facilities were fantastic. It's amazing, the Royal Opera House.
JOHN HAWES. Well, there we go.
GRAHAM CLULEY. And John, you chose Mandy, which again is high-class art. I think we'll all agree.
CAROLE THERIAULT. I would agree.
JOHN HAWES. Extremely. It's up there with Denzel on a Plane.
GRAHAM CLULEY. Yeah. Yeah. I think we've all done very well. John, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
JOHN HAWES. I'm on LinkedIn. I'm the one with the beard. Or if you want to get in touch directly, you can send Carole an email and she'll forward it on.
GRAHAM CLULEY. And you can follow us on Twitter @SmashingSecurity, no G. Twitter allows to have a G. And don't forget to ensure you never miss an episode. Follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Pocket Casts.
CAROLE THERIAULT. And huge thank you to our episode sponsors, Fanta, Kolide, and Kite Networks, and of course to our wonderful Patreon community. It's thanks to them all that this show is free. For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 365 episodes, check out smashingsecurity.com.
GRAHAM CLULEY. Until next time, cheerio. Bye-bye.
JOHN HAWES. Bye.
GRAHAM CLULEY. Bye-bye.
CAROLE THERIAULT. But you know, I'm in a difficult situation right now because you said nitpick of the week and pick of the week about 80,000 times.
GRAHAM CLULEY. Oh right.
CAROLE THERIAULT. Do you really want me to play music each time?
GRAHAM CLULEY. No, no.
CAROLE THERIAULT. Okay, yeah, so maybe I'll cut it down.
GRAHAM CLULEY. Use your discretion.
CAROLE THERIAULT. I will. But I think we need— I know you enjoy saying those words, but I think we need to just watch it. The Pick of the Week.
GRAHAM CLULEY. No, no, no, no, no, no, no. It's no, no, no. We don't, we wouldn't ever do that.
CAROLE THERIAULT. We don't drive people crazy.
GRAHAM CLULEY. We wouldn't ever do that. No, no, we would do it to the right amount. What we think sounds right. It's not a—
CAROLE THERIAULT. Okay. Thank you very much, John, for coming on the show. I know you're busy today.
GRAHAM CLULEY. John, thank you.
JOHN HAWES. No problem.
CAROLE THERIAULT. John, what are you doing? Are you reading already?
JOHN HAWES. No, I'm just taking all these weird boards down off my window.
CAROLE THERIAULT. Oh yes.
GRAHAM CLULEY. I'll put my track in the folder now, Carole, if you're working on it.
CAROLE THERIAULT. Yeah, I'll do the same.
GRAHAM CLULEY. All right. Okay.
CAROLE THERIAULT. Okay. Thanks so much.
GRAHAM CLULEY. All right.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. Thanks. Bye. Bye.
-- TRANSCRIPT ENDS --