A bizarre case of political impersonation, where Trump’s top aide Susie Wiles is cloned (digitally, not biologically — we think), and high-ranking Republicans start getting invitations to link up with "her" on Telegram to share their Trump pardon wishlists. Was it a deepfake? Or just someone with a halfway decent impression and access to a shady data broker?
Meanwhile, we take a worryingly familiar journey into the mental health crisis in the UK — and how TikTok is stepping in with advice like “eat an orange in the shower” to cure your anxiety. Spoiler: it won’t. But it might make your bathroom smell nice.
Plus: a nostalgic tech support tale involving a CRT monitor, a wooden door, and an unexpected shade of brown.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Federal Authorities Probe Effort to Impersonate White House Chief of Staff - Wall Street Journal.
- FBI probes effort to impersonate White House chief of staff Susie Wiles, sources say - CBS News.
- The Trump Administration Accidentally Texted Me Its War Plans - The Atlantic.
- The Trump campaign is still being hacked - Popular Information.
- The Big Mental Health Report - Mind.
- Mental Health Pressures - British Medical Association.
- More than half of top 100 mental health TikToks contain misinformation, study finds - The Guardian.
- ‘They thought they were doing good but it made people worse’: why mental health apps are under scrutiny - The Guardian.
- How to find therapy or counselling - Mind.
- Carole in the shower with an orange? - Twitter.
- Matter - modern read-later app for iPhone, iPad, and web.
- Techie fixed a ‘brown monitor’ by closing a door - The Register.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- MetaCompliance - MetaCompliance's Security Awareness Planner is your free 12-month roadmap to reduce risk and build a culture of cyber awareness.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- Harmonic - Let your teams adopt AI tools safely by protecting sensitive data in real time with minimal effort. Harmonic Security gives you full control and stops leaks so your teams can innovate confidently.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
GRAHAM CLULEY. Eating an orange in the shower.
CAROLE THERIAULT. Yes, listeners, if anyone remembers, tell Graham, please. So this was a long— I don't even know how many years this is.
GRAHAM CLULEY. Oh, I've just found it. Episode 147.
CAROLE THERIAULT. There you go. A long time ago.
GRAHAM CLULEY. In fact, you posted a picture on Twitter.
CAROLE THERIAULT. Did I?
UNKNOWN. Smashing Security, episode 420. Smashing Security, Flawed Systems, and Fruity Fixes for Anxiety with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 420. My name's Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. What's coming up on the show this week, Carole?
CAROLE THERIAULT. Before we kick off, let's thank this week's wonderful sponsors, MetaCompliance, Harmonic, and Vanta. It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?
GRAHAM CLULEY. Someone has deepfaked Trump's top aide.
CAROLE THERIAULT. And we're going to find out where the kids are getting their mental health advice. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chums, chums, we all remember that witty chappy Oscar Wilde. Well, we don't actually necessarily remember it.
CAROLE THERIAULT. I never met him. I never met him.
GRAHAM CLULEY. No, exactly, exactly. Well, okay, all right, but we remember what he wrote, and most famously In The Importance of Being Earnest, he said that to lose one parent may be regarded as a misfortune. To lose both looks like carelessness. We went, ho ho ho, very funny, very funny. But what about if you keep suffering from a hack? Is that unfortunate or is that carelessness?
CAROLE THERIAULT. Don't know. I guess it depends on many of the situations you're going to tell us about. So the circumstances we need, we need the circumstances to make that decision.
GRAHAM CLULEY. What if you are working deep inside a place of paramount importance to keep secure. A place like the White House in the United States.
CAROLE THERIAULT. The White House. Okay.
GRAHAM CLULEY. The White House. The home of the President of the United States, the land of the free, God bless it, the home of the spear-phished. My story today is about a woman called Susie Wiles. Have you heard of Susie Wiles?
CAROLE THERIAULT. No.
GRAHAM CLULEY. She is the first ever female White House Chief of Staff. So she's Donald Trump's right-hand woman, his top aide.
CAROLE THERIAULT. Okay, see, shows you how much political press I'm reading.
GRAHAM CLULEY. Well, chiefs of staff, of course, they're the people who run the show behind the scenes. They crisis manage.
CAROLE THERIAULT. They're PAs that are paid properly.
GRAHAM CLULEY. Right. It's a big job. They gatekeep who gets access to the president. They coordinate messaging. They generally babysit the commander-in-chief's ego. And in recent weeks, according to the Wall Street Journal, a lot of people in Washington have been receiving messages from Susie Wiles. So, high-level Republicans, senators, governors, business executives, they've been receiving messages at their private phone numbers. These are some of the country's most influential people. They've been receiving messages from someone claiming to be Susie Wiles. And it's not just text messages. Some have received phone calls from her as well.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. And they say that the calls are from a voice identical to Wiles, originating from an unknown number. One imagines her private phone number.
CAROLE THERIAULT. Right. So they're getting these calls on their private number. That's not where they expect to hear from her. And it sounds like her on the phone. And— Right. And they're going, this is odd, because why are you calling me on my private number? For example.
GRAHAM CLULEY. Well, some of them are saying it's odd.
CAROLE THERIAULT. Right.
GRAHAM CLULEY. Some of them, however, are saying, well, it really sounds like her. And some of them, some of the ones who think it's odd are sort of squawking, deepfake, deepfake. They're assuming some shenanigans going on.
Some of the recipients apparently realised these messages were suspicious because the texts and calls came from a number which they hadn't previously seen. And also because the impersonator asked if the conversations could be continued on another platform, such as Telegram.
CAROLE THERIAULT. Which, to be honest, sounds like it could be the start of a cryptocurrency or a romance scam. You know, why don't you slip into my DMs over here and we can carry on chatting there?
GRAHAM CLULEY. Or Susie's going to tell you something that's very, very secret.
CAROLE THERIAULT. A bit juicy.
GRAHAM CLULEY. A bit juicy. Exactly.
CAROLE THERIAULT. It could be. So some of these impersonation attempts apparently, they appear to have had political goals. For instance, a member of Congress was asked, "Can you give me a list of people who you think Donald Trump should pardon?" And in another, the impersonator tried to get their target to transfer cash to them. I don't know if that was in exchange for something.
GRAHAM CLULEY. I'm having trouble. Donald wants me to wear a blue dress.
CAROLE THERIAULT. I don't have one. Maybe you can help me out. I've lost my wallet.
GRAHAM CLULEY. So, how did this impersonator get the details of so many Suzy Wiles's contacts? And the answer to that is, well, we don't know. We don't know yet for sure. It's still being looked into.
According to the Wall Street Journal, someone must have got hold of her contacts, either by hacking her phone or by doing something far more devious, I don't know, buying data from one of the 12,000 data brokers that are out there. Who'll sell your life for the price of tuppence ha'penny.
You know, there are these big companies who of course, or it could have been some past data leak, who knows, which could have occurred. Wiles herself, according to CBS News, has told people that her phone has been hacked. So it's a little bit, oh my God, you know, all these people have received this message, I better warn people.
You know, people do send out those warnings and quite right too, in my view, you should warn people if your phone or your email account has been hacked.
CAROLE THERIAULT. So basically she becomes aware that this is going on. She goes on to, what was that, CBS, you said?
GRAHAM CLULEY. And says, "I was hacked." Well, no, she hasn't been on CBS. She's been telling people privately, but according to the Wall Street Journal, according to CBS, they say that they've spoken to people who say Wiles told them that her phone had been hacked.
CAROLE THERIAULT. Right, okay, okay. So word on the street is her phone's been hacked, but she's making these phone calls that don't make much sense, and people are thinking that makes sense if she's been hacked, right?
GRAHAM CLULEY. Right, so people are thinking, "What is going on here, and how has she been hacked?" The FBI has launched an investigation. The White House says it's taking the matter very seriously.
Well, you know, I understand that. I take flossing very seriously. Once a year, in a blind panic, just before a dentist appointment, you know, I suddenly will start flossing so that when the dental nurse says, "Have you been flossing?" "Yes, I have," I say.
"Yes, I flossed every morning and every evening in the last two days." That's so you.
CAROLE THERIAULT. That's very you.
GRAHAM CLULEY. Oh, come on, most people surely.
CAROLE THERIAULT. Jesus.
GRAHAM CLULEY. Do you do it every day?
CAROLE THERIAULT. Not every day, but a little bit more regularly than once a year. Yeah, quite a bit more.
GRAHAM CLULEY. Okay.
GRAHAM CLULEY. Well, apparently this impersonator, this fake Susie Wilder, I don't know if it's a deepfake or not. You know, I'm always suspicious when people say, "Oh, it was deepfake. It was definitely a deepfake who did this." And you think, well, it could just be someone who's really good at accents.
CAROLE THERIAULT. It could be a ventriloquist.
GRAHAM CLULEY. A ventriloquist on the phone. You know, that's— you can move your lips, you know, when you're speaking on the phone.
CAROLE THERIAULT. Not in a FaceTime call. Okay, okay.
GRAHAM CLULEY. It wasn't a FaceTime. It wasn't a FaceTime. But yes, I take your point. You're completely right.
Anyway, apparently the impersonator's still at it. They're texting away, even while the real Suzy Wales has been accompanying Trump when he popped over to the Middle East recently to pick up a gold-plated jumbo jet for himself.
In fact, the impersonator has been so prolific that some White House staffers are said to be joking about how busy the fake Suzy Wiles is, and have suggested that the fake should perhaps do the job of the real one because of the impressive work ethic. Right now, despite what you imagine—
CAROLE THERIAULT. Which is what exactly?
GRAHAM CLULEY. Right now, despite what you may imagine, the idea that a foreign government might be involved in this is being downplayed. But maybe that's because, you know, when they rang up their targets, they didn't have— again, I don't know how they know that.
CAROLE THERIAULT. Does she have a teenage kid?
GRAHAM CLULEY. Oh, I see what you mean. Or a grandchild, something like that.
CAROLE THERIAULT. Yeah, we've seen this. We've seen this before where, you know, kids in a strop will, who are much more au fait with the technology than the older counterparts, can make parents look a little bit silly in front of their work partners.
GRAHAM CLULEY. Yeah, because Auntie Susie or Grandma Susie or whatever, you know, has got a passcode of 1234 to unlock her phone. That may be the case.
Now, Donald Trump himself has been asked about this. He said, well, how do you feel about someone cloning Susie Wales? He was asked by the media. And he responded by saying, "No one could do her job better than her. She's the best. I don't believe it's happening. It's not possible. No one could copy her."
So I don't think he's completely understood what's going on. But as we've discussed before on the show, Trump's team have been in the crosshairs in the past over their cybersecurity. For instance, recently we spoke about how they carelessly shared plans for a military airstrike with a journalist from The Atlantic.
CAROLE THERIAULT. Wasn't it on Telegram?
GRAHAM CLULEY. It was on a Signal chat.
CAROLE THERIAULT. Oh, Signal, Signal. Yeah, similar, similar, similar kind of service. Yeah.
GRAHAM CLULEY. Yeah, absolutely. And supposedly, confidential messages sent by members of the cabinet ended up in the hands of hackers because they were using an app that was supposed to properly enforce end-to-end encryption, that was a separate incident, but didn't. And poor old Suzy Wales, even she has been hacked before.
During last year's presidential campaign, an Iranian hacking group broke into her email account and gained access to a research dossier on none other than JD Vance. They were trying to work out who Trump's running mate should be.
And so they're putting together sort of, you know, the pros and cons of everybody. And this document was leaked about JD Vance. And of course, that was embarrassing.
Now, at the time, US authorities, they blamed that hack and leak operation on, as I said, Iran's Islamic Revolutionary Guard Corps. They said that it was aimed at undermining Trump's campaign. So better luck next time, guys, with that.
So I think what we need to be clear on is that if you are in a position of political importance, your cybersecurity really, really matters. And if you are likely to receive a communication from someone in a position of authority, double-check. Some of these people apparently did. They rang up the real Suzy Wales, or they contacted her to say, was this really from you?
CAROLE THERIAULT. But she works for United States government of America. Surely there is a very robust and intelligent cybersecurity team that has not been dismantled by a previous tech. Ah, yes. Oh, maybe that's the problem.
GRAHAM CLULEY. I think—
CAROLE THERIAULT. Darn it. All I'm saying is you're making it sound as though it's her fault that she's been hacked twice. But maybe she's being left to her own devices and doesn't know a lot about this stuff. She's really good at her job, potentially, but not good at the cyber stuff.
GRAHAM CLULEY. Maybe she should ask her grandkids for some help with that. Who knows if there's no one else in the office who can help her. Carole, what's your story this week?
CAROLE THERIAULT. Okay, well, bad news, clearly, because despite the advancement that we see day after day in tech these days, it seems that both adults and young people feel their well-being is getting worse. Yeah, this is according to Mind, one of the leading mental health charities in the UK dedicated to supporting people experiencing mental health problems.
And they put out a report last year that had pretty bleak findings. So in England, for instance, it's 1 in 4 will experience mental health problems at some point.
And there's a real life and death impact here because Mind's report says that life expectancy of people with severe mental illness will have a life expectancy of 15 to 20 years shorter.
GRAHAM CLULEY. That's a lot. That's huge.
CAROLE THERIAULT. It's a fifth of a life. So, okay, one might think if you're concerned that you have a mental illness, go get help. Well, the first thing is let's go private, for example. So private care is not cheap.
GRAHAM CLULEY. No.
CAROLE THERIAULT. So in-house care is at least £1,000 a week in the UK.
GRAHAM CLULEY. Sorry for being dim. What does in-house care, does that mean you are residential?
CAROLE THERIAULT. Yeah, they want to keep you in for a week or a month, or maybe say you had an addiction, you need to go and deal with that. It takes maybe 6 weeks, 8 weeks. Yeah, so that's £1,000 a week.
And non-residential rehab costs are around £200 to £500 for an initial assessment, and then between £80 and £300 for each follow-up appointment, which typically are weekly.
GRAHAM CLULEY. Oh, crumbs. That is pricey.
CAROLE THERIAULT. Right. And I think we can agree this is not available to the vast majority of UK residents because as of April 2024, the median gross annual salary, so this is before tax, for full-time employees in the UK was £37,430. So if you do the maths, it doesn't work out. There's no way the average person in the UK could pay for private if there was a serious mental health issue.
GRAHAM CLULEY. No, no.
CAROLE THERIAULT. But hey, lucky us, lucky us, in the UK we have the National Health Service, the NHS.
GRAHAM CLULEY. Thank goodness. Yes.
CAROLE THERIAULT. Right? But guess what? Right now they are not able to deal with the problem.
GRAHAM CLULEY. Because they're not given enough financial assistance by the government, right? There's not enough money being invested in the NHS.
CAROLE THERIAULT. Well, the supply-demand balance is off. And you're right, that is part of the reason. Mind says the scale and severity of mental health needs is spiraling. But many can't get the quality care that they need when they need it.
So for example, let's say you were feeling desperate, say something awful. And people would say to you, get some help, or you might even for weeks, I'm gonna, and you finally bring yourself to be able to ask for help. And you're told that you'll get an appointment in, I don't know, a month's time, two months' time.
GRAHAM CLULEY. Well, yeah, it could be longer than that even, couldn't it? It could be a long, long time before you get to see a professional.
CAROLE THERIAULT. And another problem to your point is there's not enough staff. And I hate saying thanks Brexit, but thanks Brexit. And oh, thanks coronavirus.
Neither of these positively impact the mental health services here in the UK. In Mind's report, they cited that there are more than 25,000 vacant posts in England for the mental health workforce.
And that has a domino effect because there's 2 million people on the waiting list for NHS mental health support in England alone. And it's worse for kids.
I know this is a joyous story, but you have to give the context before I get to my main bit. Mind says 1 in 5 school-age kids have mental health difficulties. That's 20 flipping percent.
GRAHAM CLULEY. Yes, it is.
CAROLE THERIAULT. 1 in 5. I did my maths right, right?
GRAHAM CLULEY. Yeah, you know, you did really well there, I have to say.
CAROLE THERIAULT. It gets even worse because those kiddos with mental health difficulties are significantly more likely to be bullied. So it's a nice double whammy.
Between us— between us, huddle everybody, huddle. But I have a friend with an 8-year-old who is in the process of getting help because there's been numerous accidents at school and at home because of a particular mental health issue.
And the kids, of course, bully and tease and cajole. And the teachers, even if they were desperate to help, wouldn't necessarily have the training or the time to devote to a single child in a class of God knows how many.
And they've been on waiting lists for professional help for more than a year, and they can't afford to go private. And they've been finally— they've been quoted privately $240 an hour, right?
And it needs to be weekly. It's heartbreaking.
I mean, of course, this kid is not alone. According to Mind, only a third of kids were able to access treatment last year in England, those that try to seek it out.
So all this to say, we have this kind of vacuum happening where kids and adults need to get help. So where do you go?
What do you do if you can't afford to go private and you are on a waiting list that is way too long for your particular requirement?
GRAHAM CLULEY. You go to the internet, use a search engine, right?
CAROLE THERIAULT. You hit the socials, Graham.
GRAHAM CLULEY. Of course. Okay.
CAROLE THERIAULT. And according to an article in The Guardian this past weekend, we don't want that for adults and especially not for kids. So the article's findings reveal that of the top mental health videos on TikTok, more than half were spewing huey.
GRAHAM CLULEY. Spewing? So they were spewing huey?
CAROLE THERIAULT. It's hard to say.
GRAHAM CLULEY. Spewing huey. Okay. Nonsense.
CAROLE THERIAULT. Yep. Some might seem innocuous, there's recommendations for eating an orange in the shower to cure anxiety. Now, you might remember that this was my pick of the week donkeys years ago.
GRAHAM CLULEY. What, eating an orange in the shower? That was your pick?
CAROLE THERIAULT. Yes. This was— yes. Listeners, if anyone remembers, tell Graham, please. So this was a long— I don't even know how many years. But the idea was not for anxiety. It was just because oranges are, you know, disgustingly messy. And often people love to eat them, but hate getting all gross, you know, that sticky juice all over them. So why not eat one in the shower like a primal being that you are, and then it just rinses off and delicious.
GRAHAM CLULEY. I've just found it. Episode 147.
CAROLE THERIAULT. There you go. A long time ago.
GRAHAM CLULEY. In fact, you posted a picture on Twitter.
CAROLE THERIAULT. Did I?
GRAHAM CLULEY. Are those your feet? I can see orange peel in a shower with your— I doubt it.
CAROLE THERIAULT. I doubt I would have put my actual feet. It's probably AI.
GRAHAM CLULEY. Hang on. I'm just going, all right. I'm just—
CAROLE THERIAULT. You do some recon?
GRAHAM CLULEY. I'm just wondering. There's actually a Reddit group all devoted to the—
CAROLE THERIAULT. I think that's where I learned it, because at the time I was on Reddit a bit too much.
GRAHAM CLULEY. Anyway, carry on, Carole.
CAROLE THERIAULT. Thank you. According to mental health experts, advice like this is not just wrong, but they can actually harm people who are seeking real help.
GRAHAM CLULEY. I'm sorry, I've been— I've slightly lost the thread. How is eating an orange in the shower supposed to help you? Isn't there a danger you could slip on the orange peel in the shower and do yourself harm.
CAROLE THERIAULT. It's not a banana.
GRAHAM CLULEY. No.
CAROLE THERIAULT. The idea is that they're just peddling basically snake oil.
GRAHAM CLULEY. Oh, I see.
CAROLE THERIAULT. To say, this is what's going to happen. This will help you with your anxiety if you just do this.
GRAHAM CLULEY. Okay, so it's not true. It's what I like to call spewing huey on TikTok.
CAROLE THERIAULT. Now, I know we're not surprised by that, but if you're very desperate and need mental health advice, and you can't find it.
GRAHAM CLULEY. Or if you have a lot of oranges to sell, that'd be the other.
CAROLE THERIAULT. No, this is just one, but some of them are actually, you know, take these supplements, do these things.
GRAHAM CLULEY. Oh golly, right.
CAROLE THERIAULT. And it's a bit like a phishing scam but for your mental health, because there's short snappy videos that hook people with clickbaity tips, yeah, an orange in the shower for anxiety. But they oversimplify the serious issues of trauma, depression, anxiety. Eating disorders have ramped up hugely in the last 3 years in the UK.
GRAHAM CLULEY. I kind of feel like if you've got a mental health or anxiety issue, probably the last place on earth you want to be is on TikTok.
CAROLE THERIAULT. Where should they go, Graham?
GRAHAM CLULEY. Well, not on bloody TikTok.
CAROLE THERIAULT. I agree, but where are you gonna go if you're a kid? You're gonna go to TikTok. You're gonna go to Insta.
GRAHAM CLULEY. Oh, I suppose so.
CAROLE THERIAULT. YouTube.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. Mental health experts are concerned that some even pathologize normal feelings. So maybe you're nervous before an exam. Normal, normal.
Maybe you're sad because your parents are getting divorced. Normal. But they pathologize normal feelings, making people think they have disorders that they may not have.
So if you are feeling mentally in need, they may lead you down a rabbit hole of BS. And if you're not mentally ill, you might start thinking that you are. This is the concerns the experts have.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. The Guardian reports that politicians and mental health professionals are sounding the alarm here, and they are. So MPs called the situation damning and want stronger regulations to protect people from this digital content.
The UK Online Safety Act is supposed to help. I don't know what your views are on it or if you've worked with them recently, but word on the street is it's not super effective for tackling false or harmless content, right?
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. TikTok, for their part, say they're working with the World Health Organization and the NHS to remove dangerous posts, but— and they claim that they're taking down videos to discourage medical help, but experts say it's not enough because it's like patching one vulnerability, right? So you're just basically taking them down when they show up.
You take down one, 10 more show up. So your advice is right. If you're looking for mental health support online, don't go to TikTok because misinformation spreads faster than truth.
We know that. And for good advice, I will put a list of reputable online services in the show notes that you can check out.
Mind is very good in the UK. The NHS also has some really good pages on it.
It doesn't mean you necessarily can see someone directly, but they might be able to advise you on what to read, where to seek help until you get your appointment.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. But there you go. TikTok's not the place.
GRAHAM CLULEY. And your local library might be a great resource as well for information. And maybe there are support groups which you can join to, which may be advertised at the library.
CAROLE THERIAULT. This is a worry I have now, though, with the advent of AI, right? So in the older days when you had to write a book by literally writing it.
Putting in the information yourself. I think the amount of work it would demand from somebody would make it difficult to put out something that was just spewing garbage.
But today, couldn't anyone put a book together?
GRAHAM CLULEY. So look out, look for a book which was published before 2023, I think is your suggestion.
CAROLE THERIAULT. Exactly. Yes, basically. Yes.
GRAHAM CLULEY. AI tools are everywhere and employees are feeding them sensitive data, often without realizing the risks. And some of these tools train on that data, others store it insecurely.
CAROLE THERIAULT. And that's where Harmonic Security comes in. They give security teams total visibility into how AI is being used across their orgs while making sure sensitive data never leaks into GenAI or AI-powered SaaS.
GRAHAM CLULEY. Their secret? Specialized pre-trained small language models that detect sensitive data in real time without the endless false positives of traditional DLP.
No complicated regex, no training on customer data, just instant, accurate protection.
CAROLE THERIAULT. Yeah, because with Harmonic, you don't have to hope employees follow your AI policy. You can enforce secure, responsible GenAI use without slowing anyone down.
Help your workforce embrace GenAI securely. Visit Harmonic.security to learn more. That's Harmonic.security.
GRAHAM CLULEY. Now, the folks at MetaCompliance know that real cybersecurity starts with your people. That's why their approach is different. They don't just deliver generic cybersecurity training, they personalize it.
CAROLE THERIAULT. That's right. Every employee gets content tailored to their role, location, and level of risk. It's engaging, it's relevant, and most importantly, it drives real behavior change. MetaCompliance has created a free security awareness planner, your 12-month roadmap to building a culture of cyber awareness. It's designed to save you time, increase staff engagement, and make it easy to plan meaningful campaigns that reduce risk.
GRAHAM CLULEY. Whether you're just starting out or looking to improve your current program, this planner gives you a clear, structured path to follow, and it's completely free. Download it today and take the first step towards smarter, more effective cyber awareness. Just visit metacompliance.com/planner. That's metacompliance.com/planner.
CAROLE THERIAULT. And thanks to MetaCompliance for sponsoring the show.
GRAHAM CLULEY. Now, Carole, according to Vanta's latest State of Trust report, cybersecurity is the number one concern for UK businesses. And of course, Vanta can help you with that.
CAROLE THERIAULT. Whether you're a startup growing fast or already established, Vanta can help you get ISO 27001 certified and more without any of the headaches.
GRAHAM CLULEY. You see, Vanta allows your company to centralize security workflows, complete questionnaires up to 5 times faster, and proactively manage vendor risk to help your team not only get compliant, but stay compliant.
CAROLE THERIAULT. So stop stressing over cybersecurity and start focusing on growing your business in 2025. Check out Vanta and let them handle the tough stuff. Head to vanta.com/smashing to learn more. That's Vanta, V-A-N-T-A.com/smashing. And thanks to Vanta for sponsoring Smashing Security.
GRAHAM CLULEY. And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security related necessarily.
CAROLE THERIAULT. Better not be.
GRAHAM CLULEY. Well, my pick of the week this week is not security related. My pick of the week this week is an app. Now, Carole, do you use any of those bookmarking or read-it-later type apps on your computer?
CAROLE THERIAULT. Okay, so I think I do.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. But I've never found the reading list where it's kept. I've never gone and looked, right?
GRAHAM CLULEY. Oh, so you bookmark things into something, but you never actually go to see what it is that you bookmarked?
CAROLE THERIAULT. No, because I'm a busy girl. You know, lots of stuff going on.
GRAHAM CLULEY. Well, I've been using for some time one called Pocket.
CAROLE THERIAULT. Yeah, I used Pocket for a decade. We used to use that when I used to work full-time.
GRAHAM CLULEY. Yeah. And Pocket was— it was bought up, I think, by Mozilla. But Mozilla has recently announced that it's shutting it down, closing it. Goodbye. And that's really sad because it not only kept things which I might want to read later, but it also presented them in a really attractive way rather than with loads of ads and pop-ups. You know, you could just read the bloody article, which is what you wanted to do, right? And you could read it offline if you wish to.
CAROLE THERIAULT. Yeah. So what I do, you're right. So I have often my— I do it kind of bespoke by slapping in information into Notes. Right. That's what I use. It doesn't work very well, but that's what I do.
GRAHAM CLULEY. Well, I've been looking for an alternative to Pocket, and I posted up on LinkedIn and Bluesky and all those sort of places saying, well, hey, look, Pocket's shutting down. What are people using? A number of people came out with suggestions and I have chosen one of them and I'm really rather happy with it.
CAROLE THERIAULT. Cute.
GRAHAM CLULEY. It is an app called Matter, which is a more modern read later app for the iPhone, iPad, and web. I think it isn't available at the moment for Android. Sorry, Android users. It lets you do the things you'd expect so you can save anything. Not just articles, but also threads and PDFs, and it will extract the text and present it in an attractive way for later reading offline if you wish on any of your devices. It will also read out articles for you.
CAROLE THERIAULT. Can you choose the voice like you used to be able to on Waze?
GRAHAM CLULEY. Yes, you can choose. Yeah, you can't have Elvis or something reading you the articles. It doesn't do that. But yeah, you can read out the articles for you, which is sometimes nice. So actually what I can now do— You know how we all love to listen to podcasts. I listen to podcasts when I'm going to sleep. I can put an article on and I've listened to it and it can carry on playing. It also lets you highlight parts of the article you're interested in.
And this may interest you. It will also take your favorite podcasts or YouTube videos and not only transcribe them so you can quickly skip through, you can just see where the bit you're interested in and say, play it from here by looking at the text. It can summarize them for you. So if, for instance, Smashing Security has been going on for 45 minutes and you wanted to know if it was worth listening to or not, it will summarize the interesting bits for you. And you can even use AI to ask questions about the content of these articles or podcasts or YouTube videos, which I think is pretty handy.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. So I'm now a signed-up subscriber to Matter. It's also a very elegant app. It's beautiful. I'm really impressed with it. It's really easy to use. I'm paying, I think, $79.99 for my annual subscription.
CAROLE THERIAULT. Geez, you're fancy.
GRAHAM CLULEY. Well, I like to read, you know, I like to read things and it's useful for my work as well. And you can even import your old Pocket archive before they shut it down completely and close it off forevermore. And that is why Matter is my pick of the week.
CAROLE THERIAULT. Interesting.
GRAHAM CLULEY. Carole, what's your pick of the week?
CAROLE THERIAULT. Well, my pick of the week is not security related, but it's kind of technologically related. It's from The Register that have this cute wee regular-ish feature that showcases tech support snafus. And this one gave me a bit of a giggle. So our hero is referred to as Neville, and Neville told The Register about a job he took back in the '90s in which he supported systems that produced 3D images from CAT and MRI scanners.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. Now because this was the '90s, the systems displayed these images on a 19-inch cathode ray tube monitor. Big beige giant boxes that radiated heat fiercely. You remember. I remember.
GRAHAM CLULEY. Yes. Oh, yeah, yeah, yeah.
CAROLE THERIAULT.
LULU. Yeah. Now despite the inelegant hardware—I don't know, it was pretty elegant at the time. But radiographers, radiologists, and surgeons found the images very useful, right, to help diagnose patients, plan surgical operations, the whole lot. Yes.
So anyway, a client calls in one day, presumably from a medical outfit, complaining about their ginormous monitor. It seems it would sometimes render the images in shades of brown that made it hard for the medics to do their work.
Okay, so Neville sends someone out to swap the monitor out because important client. But a day later, the problem recurs.
So Neville's company dispatches another new display. Again, a complaint.
So Neville decides it's time for the big guns, right? He's the only man for the job. And he goes there personally to fix the problem once and for all.
You're right. So he arrives, right?
And he sits down in front of the offending screen and finds it in perfect condition. And then this doctor comes in and closes the door and you see, you see, it's brown.
It's brown. And Neville responded by opening the door, at which point the brown disappeared.
When he closed the door, the brown hue returned because it was basically just reflecting the door's unpainted wooded finish. Oh.
So you can imagine he escaped the room, you know, mortified the doctor. But you see, in the old days, my point of this being my pick of the week is in the old days, see, our computer dramas were pretty manageable, right?
They're even sweet. They were sweet.
Not like today's digital Armageddon. You know?
So my pick of the week's to the good old days and to this cute, cute, cute little support call that ended in—can you imagine driving home after handling that?
GRAHAM CLULEY. Oh my goodness. You'd be giggling your butt off. Tremendous.
Well, that just about wraps up the show for this week. You can find Smashing Security on Bluesky, unlike Twitter, which wouldn't let us have a G.
And don't forget, don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
CAROLE THERIAULT. And huge, huge shout out to our episode sponsors, MetaCompliance, Fanta, and Harmonic. And of course, to our wonderful Patreon community.
It's their support that helps us give you this show for free. For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 419 episodes, check out smashingsecurity.com.
GRAHAM CLULEY. Until next time, cheerio. Bye-bye. Bye.
CAROLE THERIAULT. Mm-hmm.
-- TRANSCRIPT ENDS --