A Mexican drug cartel spies on the FBI using traffic cameras and spyware — because "ubiquitous technical surveillance” is no longer just for dystopian thrillers. Graham digs into a chilling new US Justice Department report that shows how surveillance tech was weaponised to deadly effect.
Meanwhile, Carole checks the rear-view mirror on the driverless car industry. Whatever happened to those million Tesla robotaxis Elon Musk promised by 2020? Spoiler: they’re here — sort of — but they sometimes drive into oncoming traffic.
Plus: Leighton House, heatwave survival gadgets, and an unflushable toilet situation (not what you think).
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Mexican drug cartel hacker spied on FBI official’s phone to track and kill informants, report says - TechCrunch.
- Audit of the Federal Bureau of Investigation's Efforts to Mitigate the Effects of Ubiquitous Technical Surveillance - US Department of Justice Office of the Inspector General.
- Tesla driver tells police he was using 'self-drive' system when his car hit a parked police vehicle - AP News.
- ‘Lidar is lame’: why Elon Musk’s vision for a self-driving Tesla taxi faltered - The Guardian.
- Tesla invited influencers to test its robotaxi. Here's what they had to say - USA Today Europe.
- Elon Musk Hails 'Successful' Tesla Robotaxis Launch in Austin Amid Reported Glitches - eWEEK.
- A Fatal Tesla Crash Shows the Limits of Full Self-Driving - Bloomberg.
- The Arab Hall at Leighton House.
- Spandau Ballet’s “Gold” - shot at Leighton House!
- Shark FlexBreeze Fan With InstaCool Mist Attachment - Shark.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!
- Trelica by 1Password - Access Governance for every SaaS app. Discover, manage, and optimize access for any of your SaaS apps - whether managed or unmanaged.
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
GRAHAM CLULEY. No one, for instance, wants their country's police force or intelligence service to snoop upon. I imagine you don't want that either.
CAROLE THERIAULT. Well, it depends what I'm doing. If I'm doing something really amazing and they went off for being an MBE at the end of it, I'd be like, all right.
GRAHAM CLULEY. Do you think this is how—
CAROLE THERIAULT. That's how they do it.
UNKNOWN. They're just surveilling and say, oh, Carole was marvelous on this particular occasion. Smashing Security, Episode 424: Surveillance, Spyware, and Self-Driving Snafus with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 424. My name's Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. So what's coming up on the show this week, Carole?
CAROLE THERIAULT. First, let's thank this week's wonderful sponsors, 1Password and Vanta. It's their support that helps us give you this show for free. Now, coming up on today's show, Graham, I'm going to be going south of the border to explore UTS.
Sounds like a disease. And I'm looking at where we're at with the driverless car. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chums, it's funny you should ask, is UTS some sort of ransomware? Anyway, have you ever heard of UTS?
CAROLE THERIAULT. I don't think so.
GRAHAM CLULEY. Do you think it's maybe unexpected Tesla summoning? If a Tesla car drives up to you, the robots of the future waiting for you to jump in?
CAROLE THERIAULT. I hope not, because that's what my story is going to be about.
GRAHAM CLULEY. Oh, okay. Or could it be underground tunnel Sasquatch, maybe?
CAROLE THERIAULT. No, definitely not.
GRAHAM CLULEY. Lurking underneath your floorboards.
CAROLE THERIAULT. Definitely not.
GRAHAM CLULEY. Or a problem I think we've all suffered from, from time to time, unflushable toilet situation.
CAROLE THERIAULT. I think that's for another show. No, I don't think it means any of that.
GRAHAM CLULEY. Could leave you in a sticky pickle. Those are all serious and worrying problems, I think you would agree. But on this particular occasion, UTS refers to ubiquitous technical surveillance.
CAROLE THERIAULT. That's really unusual.
GRAHAM CLULEY. It's something that has been causing a lot of concern for people around the world. Ubiquitous technical surveillance, or UTS, that is where there's extensive collection and storage of data in order to analyse it later and then maybe connect individual people with other people or groups or activities. Why would people want to do that, I wonder?
CAROLE THERIAULT. This is for socials, basically.
GRAHAM CLULEY. Well, that's one component of it. Yes, certainly that is an angle of it. But the other thing is, of course, it's very useful for police forces and intelligence services.
So widespread collection analysis of data clearly represents a threat to each of us as individuals. The storage of trillions of pieces of metadata, which can be stored for years and years, means that it could bite you in the bottom in the future.
No one, for instance, wants their country's police force or intelligence service to snoop upon what they're up to, do they? I don't want that. I imagine you don't want that either.
CAROLE THERIAULT. Well, it depends what I'm doing. If I'm doing something really amazing and they want to offer me an MBE at the end of it, I'd be like, all right.
GRAHAM CLULEY. Do you think this is how—
CAROLE THERIAULT. That's how they do it.
GRAHAM CLULEY. They're just surveilling and say, oh, Carole was marvellous on this particular occasion. She was fantastic, wasn't she? So I think a lot of people wouldn't really want this, especially if they live in some of the more oppressed parts of the world, or if you worry that your local intelligence service or government might be tempted to overreach a little bit.
CAROLE THERIAULT. What government would do that?
GRAHAM CLULEY. As if they would.
CAROLE THERIAULT. As if.
GRAHAM CLULEY. But of course, especially if you live in some of the more oppressed parts of the world, it could happen. Or you might, of course, be worried about your country's enemies. It's not just an enemy within that you have to worry about, your own population. What if a rival country or a faction uses technology to spy upon yours and use this ubiquitous technical surveillance or able to exploit it?
CAROLE THERIAULT. Are you suggesting that me and every listener out there start panicking about this and worry about all the enemies and the country's enemies and everything?
GRAHAM CLULEY. Listen to my story, then tell me if you're worried or not.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. Or whether you're more worried about the underground tunnel Sasquatch who could be living under your house.
CAROLE THERIAULT. Okay. Okay.
GRAHAM CLULEY. So if you are law enforcement, you can definitely see the advantages of widespread surveillance. And law enforcement agencies around the world have spent millions of dollars in the past using spyware made by the likes of the NSO Group to go after criminals as well as activists and dissidents. And journalists.
CAROLE THERIAULT. I would say for centuries in some way or another. But yes. Yeah.
GRAHAM CLULEY. So why am I talking about this today? You're wondering, why are you talking about this, Graham? Well, it's because there is a newly published report from the US Department of Justice, their Office of the Inspector General. They have laid out an extraordinary tale of how UTS, this ubiquitous technical surveillance, was used to not only spy on people, but ultimately led to people being murdered.
CAROLE THERIAULT. OK, listening, paying attention.
GRAHAM CLULEY. According to this report, back in 2018, the FBI were investigating a Mexican drugs cartel. Down there in Mexico, the Sinaloa drugs cartel, run by a notorious chap called El Chapo. I have to say, as nicknames go, being a chap called El Chapo I mean, mind you, if he'd been French, it could have been El Chapeau, couldn't it? They could have called him Henry the Hat.
CAROLE THERIAULT. I've never read anything about that that was kind of nonfiction, but I did see some show they streamed called El Chapo, and I watched that.
GRAHAM CLULEY. There was a real El Chapo drugs lord. Yeah. In Mexico, considered to be one of the most powerful drugs traffickers in the world. And don't worry, he's now locked up in a US prison. We're probably safe here on the Smashing Security podcast, even if we're making fun of his nickname. Anyway, an FBI contact told the FBI that the Sinaloa drugs cartel had hired a hacker. He told them that this hacker apparently offered a menu of services, a smorgasbord if you like, all to do with hacking mobile phones and other electronic devices. And according to this FBI informant. This hacker was keeping close tabs of who was going into and going out of the US Embassy in Mexico City. And he was doing that to identify, quote, people of interest to the drugs cartel.
CAROLE THERIAULT. What, so he set up CCTV?
GRAHAM CLULEY. Well, I don't know. I don't know if he was—
CAROLE THERIAULT. It's the US Embassy, right?
GRAHAM CLULEY. Well, he was watching people going in and out. I imagine there's some big gates, right? And actually, he's an informant.
CAROLE THERIAULT. He doesn't work for the FBI. He's an informant. So who knows who this guy is?
GRAHAM CLULEY. This is an informant who says he's found out about a hacker who is doing this, he tells the FBI. There's someone who is doing this and collecting information, seeing who's going in and who's going out.
I don't know if he's there in his Winnebago parked outside eating donuts with his binoculars. I don't know exactly how to do it.
But according to this report, amongst the people that this hacker is supposed to have spotted going in and out was an FBI assistant legal attaché. That is a federal agent who works with the law enforcement authorities in Mexico.
CAROLE THERIAULT. I quite like the name attaché. I don't know, I think it sounds quite— Quite classy, isn't it? Classy.
GRAHAM CLULEY. It's got that little e acute, which always makes it sound a little bit special, doesn't it? Yeah, it does, it's a lovely thing.
So there we are, right? We're in Mexico City, there's the US Embassy, there's someone keeping an eye on it, apparently a hacker, eating doughnuts, watching people going in and out.
And according to this report, somehow this hacker managed to exploit the legal attaché's mobile phone, which meant that they could see who they were calling, who they were getting calls from, as well as geolocation data. So I don't know if this was exploiting a known vulnerability or whether it was a piece of spyware, which we've talked about in the past, infecting smartphones.
Hard to say. But basically, this hacker could see where this legal attaché was and who they were calling and getting calls from.
CAROLE THERIAULT. Right. Okay.
GRAHAM CLULEY. And it went further than that, because get this, this sounds like something from The Italian Job, if you remember that movie from the '60s. The hacker was able to use Mexico City's traffic camera network and CCTV system to follow the attaché around the city.
CAROLE THERIAULT. So okay, why is he stalking the attaché?
GRAHAM CLULEY. Well, because he wanted to know who the attaché met with. The attaché is working with local law enforcement, the FBI are working on an operation to try and bring down this drugs cartel and capture El Chapo.
I mean, this seems extraordinary to me. It seems to me if they're following his phone, then can they not just locate him by his phone and follow him that way? But then, of course, maybe this legal attaché, maybe when he's going to meet a contact, maybe he turns off his mobile phone, maybe takes his SIM card out, who knows what he does?
CAROLE THERIAULT. Leaves his phone at home. It's possible.
GRAHAM CLULEY. Yep. Phone home, exactly as someone famously said. So, that information about who this legal attaché is meeting in Mexico City has been fed back to the drugs cartel.
And they then used that information, according to this official report, to intimidate and in some instances, let's put it this way, permanently silence people who might be cooperating a little bit too much with the authorities. You set them swimming with the fishies.
Okay. Exactly. Terrifying stuff.
And we've seen, of course, Trojans and spyware being used in the past in a way which results in people dying. There was a case where Israel's secret service Mossad infected a senior Hamas official's laptop with a Trojan horse.
They were able to identify that he was going to be staying in a Dubai hotel, and Mossad sent a troop of people out there disguised as though they were on a tennis trip. They went to visit his hotel room and dot, dot, dot.
Yeah, that was it. So judging by this newly released report, the US authorities are saying quite clearly they are concerned about UTS, ubiquitous technical surveillance.
They say that technological advances in commercially available technologies, which can be kind of bought off the shelf now, have made it easier than ever for less sophisticated nations and criminal enterprises to identify and exploit vulnerabilities, which can then cause this kind of problem. In other words, wouldn't it be a heck of a lot safer if we had no smartphones and no CCTV?
CAROLE THERIAULT. I'm kind of thinking the big point's a big duh moment. Like, yeah, obvs. No, don't you think?
GRAHAM CLULEY. Well, yeah, there haven't been many reported instances in the past though of people being killed as a consequence of this stuff. I think it really brings it home.
And the exploitation of— I mean, things like CCTV and traffic cameras are such an important part of many countries' infrastructure now and policing that we're not going to be able to backtrack on these. So you're right.
I mean, I think there are concerns here. It's like, how do you protect yourself from these kind of things?
And you can't always, unfortunately, trust that the data which is being collected in other seemingly more benign ways or ways that you've been told are properly anonymized, even when there isn't the intention of any kind of law enforcement angle, that there still is threats here. In the past, there have been commercial companies who've regularly compiled information from credit card transactions, for instance, and they've built profiles of consumers and they sell that data to third parties.
And you may have a Nectar card or you may have your credit card information, and the companies say, well, we anonymize the data. But back in 2015, researchers from MIT found that with the data from just 4 transactions, they could positively identify cardholders 90% of the time.
So sometimes you just need a few bits of data and it's remarkable how easily you can identify somebody.
CAROLE THERIAULT. That's when they changed the word from anonymised to pseudo-anonymised. Yeah, they didn't—
GRAHAM CLULEY. But you imagine yourself, Carole. So you, for instance, you may have— Me?
Yeah. Yeah, so imagine you've made some payments on your debit card.
You've bought ingredients for marmalade. I make my own.
Yeah. You've bought some art supplies.
Right. Right?
Maybe you've bought a great big comb to comb the Yeti. Already I'm beginning to think, well, that's got to be Crow.
It's got to be Crow. So officials from both the FBI and CIA, they describe the threat posed by UTS as existential.
They love that word these days, don't they? Existential to the way the FBI does business, and that there could be national security consequences as well as the possibility of investigations into criminal organizations being compromised as well.
CAROLE THERIAULT. Sounds a bit like a CIA.
GRAHAM CLULEY. Doesn't it? CYA rather than CIA. Yeah, exactly.
CAROLE THERIAULT. Sounds like the CIA and the FBI are doing a CYA.
GRAHAM CLULEY. That's what I think. Well, yeah, I don't think covering your ass is actually going to stop you being identified, Carole. Normally you have to wear a Guy Fawkes mask or something like that. Carole, what's your story for us this week?
CAROLE THERIAULT. Okay, I'm going to take us back about 10 years, back to 2015, because this was the start of the driverless car hype. Okay, so companies like Google and Tesla and Uber and GM had all rolled up their sleeves and promised to revolutionize how we got around.
No longer would we have to shift any gears, which I love. I still have a manual car.
Love that. You know, you don't even have to look at the road or the signs or the lights.
I mean, you could literally, you know, trim your nose hairs on the way to the office.
GRAHAM CLULEY. I don't think that's—
CAROLE THERIAULT. The promise was that soon there'd be driverless cars that would give us back a wee bit of time. We could get from A to B and actually do something that we wanted or needed to do.
Right. And back in 2015 and '16 and up to about 2020, there wasn't just hope and fierce competition, but there was money.
Billions were invested with pilot programs dotted around the US and elsewhere. And, you know, we covered driverless car concerns, I would say probably a dozen times in our 8-year history.
We talked about cameras recording people, you know, outside Teslas. So they would be recording all the time.
And you'd be thinking, well, what if I'm outside? What if I'm being seen?
Remember Zoe came on?
GRAHAM CLULEY. Zoe Kleiman came on. Yes, yes. Because she'd been on a trip in a driverless car, hadn't she?
CAROLE THERIAULT. Around the M25 in a semi-autonomous car. Yeah. Because the Googles and the Ubers and the Teslas and the GMs said in just a few years they'll be here.
Elon Musk himself promised a million Tesla robotaxis by the end of 2020. So I have a question.
Where are they? Where are these Teslas that can drive themselves?
Where are they? It turns out that the early 2020s was a bit of a pivot point, that perhaps these forecasts were a teeny tiny bit too ambitious.
You know, the players overpromised. They hyped it up.
And they did this because it was an exciting time, sure, but also to line up some fans. And of course, investors.
These are big businesses with big money. But despite this enthusiasm, it didn't circumvent the big problems, namely urban unpredictability.
So pedestrians, weather, construction. That made full autonomy extremely difficult.
There's edge cases and what they call long-tail problems. So these are really rare but dangerous situations, right?
These prove hard to handle. And public trust and regulation, right, lag behind the tech development.
And that's something that Elon Musk, at the moment, is still complaining about quite vociferously. And because of all this, several projects were scaled back.
Yep. Or refocused or shut down.
You know, Uber, for example, sold its self-driving unit in 2020. Okay.
So we fast forward. It's July 2025.
Yes. About 10 years on from the beginning of this hype, if you will.
And Elon Musk has just debuted his driverless car service in a limited public rollout in Austin, Texas.
GRAHAM CLULEY. Oh, these are the robotaxis or something he calls them, don't they? Yes.
CAROLE THERIAULT. These are the robotaxis he promised us 5 years ago. Back in 2020. And he'd better get his fancy trainers on double quick if he wants to be numero uno in the driverless space, because not only are other companies testing in Austin, rival company Alphabet with their Waymo has already deployed driverless taxis in Austin, Los Angeles, San Diego, and in other cities. And they use a completely different set of— well, not completely— a different set of technologies and got it to market faster. It recently completed its 10 millionth paid ride and has begun testing in San Antonio and other cities.
GRAHAM CLULEY. I've noticed that they tend to test these things in US cities. Now, one of the things that I've noticed whenever Americans come to Britain, they completely freak out about the width of our roads because we—
CAROLE THERIAULT. I've got to say, I'm very happy they're not testing here.
GRAHAM CLULEY. Well, me too. Absolutely.
CAROLE THERIAULT. I mean, unless they were doing it somewhere in a closed-off car park or in a, you know. But you have to test real road conditions somewhere.
GRAHAM CLULEY. Better to do it in America. Well, isn't that awful? And us be here. Yeah, you go ahead. Tell us when you fixed all the problems.
CAROLE THERIAULT. So how did Elon run this test? Well, he and his cohorts handpicked a group of guinea pigs and invited them for early rides in Tesla's autonomous, nearly driverless ride-hailing service. These were fans who posted regularly and enthusiastically about Tesla on the socials.
GRAHAM CLULEY. Yeah, I can imagine.
CAROLE THERIAULT. And they received invitations to download the Robotaxi app and then try the company's service in Austin. So there's a small fleet of 10 or 20 Model Y vehicles offering fully driverless rides. Well, kinda. Each apparently came with a human safety supervisor in the front passenger seat, and service was limited to clear weather and daylight hours.
But Musk posted on X celebrating the successful unveiling of the breakthrough technology, calling it the result of a decade of work by Tesla's AI and chip teams. And a triumph it was, because the following day, Tesla's stock rose nearly 10%. Very welcome as it's facing a little bit of a slump in recent times.
But what Musk hailed as successful does not mean flawless because federal traffic safety regulators are now looking into suspected problems with Elon Musk's test run of these robo-taxis after videos surfaced showing them behaving in let's say, unexpected ways. So I'm going to tell you what happens in the video, and I want you to basically give me a 1 out of 10 of how freaked out you would be. So 1 not being freaked out at all and 10 being rather freaked out.
GRAHAM CLULEY. So I'm sitting in the back of a robotaxi. There's no real driver.
CAROLE THERIAULT. You could be sitting anywhere, presumably, in a robotaxi. You could be hanging out in the trunk if you wanted to.
GRAHAM CLULEY. So there's not a human driving. That's the important thing.
CAROLE THERIAULT. No, there's not a human driving, but there is a safety person.
GRAHAM CLULEY. Who's sort of observing and making notes. He's observing.
CAROLE THERIAULT. Yeah, just making sure. So in one video, a Tesla moves into a lane with a big yellow arrow indicating it is for left turns only. But then goes straight through the intersection instead, entering an opposing lane on the other side. The car seems to realize it made some kind of mistake and begins to swerve several times with the steering wheel jerking back and forth.
GRAHAM CLULEY. Hang on. Before eventually settling down. The opposing lane?
CAROLE THERIAULT. That's traffic coming towards you. Yes. No. Now, there didn't happen to be any car. There was no oncoming traffic at this time. Right. But the Tesla proceeded in the opposing lane for 10 seconds. Ooh! Okay, yeah. Okay, but there's no car. There's no car.
GRAHAM CLULEY. No, but still, you would lose a certain amount of confidence at this point, wouldn't you?
CAROLE THERIAULT. Would you?
GRAHAM CLULEY. Yes, I think I would. I think I would.
CAROLE THERIAULT. Okay. Okay. Now what about this one? Another video showed a Tesla stopping twice suddenly in the middle of the road, possibly responding to the flashing lights of police cars. But the police were obviously not interested in the Tesla or traffic in front of it or behind it because they'd parked on the side road, not near the Tesla. And they were apparently responding to a completely unrelated event.
GRAHAM CLULEY. Oh. So it just suddenly stopped, thus potentially causing a road traffic accident. Well, yes.
CAROLE THERIAULT. Maybe there's not a lot of cars in Austin, Texas. Maybe there's a lot of space. Maybe there's a lot of cars, but a lot of space.
GRAHAM CLULEY. Maybe there's not many cars on the road in Austin, Texas, 'cause everyone knows Elon Musk is testing his bloody robo-taxis everywhere. Yeah. I wouldn't go out there either.
CAROLE THERIAULT. But the thing is, in this business, you kind of want as close to no false positives or false negatives as possible, right? The car can't react to something that's not there. And the car cannot ignore something that is there. Yeah. And with that in mind, at least these two incidents seem quite significant. Because how many rides did they do during a day of driving, and they have a fleet of 10 or 20 cars? It can't be that many. It seems statistically significant that these two things happened. And what I don't get is why federal traffic safety regulators, who are now looking into it, why wouldn't they be present at this kind of thing, right? Grabbing their own data and findings.
GRAHAM CLULEY. Why aren't they sitting in the passenger seat? Maybe they've got too much common sense.
CAROLE THERIAULT. Car nuts out there might remember that the federal regulators opened an investigation last year into how self-driving Teslas had responded in low visibility conditions after several accidents, including one that was fatal. And Tesla was forced to recall 2.4 million of its vehicles.
GRAHAM CLULEY. I mean, in fairness, human beings make a lot of mistakes on the road as well. You know, people are very fallible. And, you know, I've occasionally made a little goof while driving. I might have turned the wrong way occasionally. That's a good game.
CAROLE THERIAULT. We could have a game. Would be Tesla or Graham on the roads.
GRAHAM CLULEY. Maybe I should become a taxi driver.
CAROLE THERIAULT. I've been in the car with you. I wouldn't say I've always felt 100% safe. You're just a distracted driver, would you say?
GRAHAM CLULEY. Yes, I would. I don't think I'm a very good driver.
CAROLE THERIAULT. That's fair. But, you know, just his driverless cars, his stock has had a bit of a wobble since the federal traffic safety regulators have started an inquiry. And I suspect he has a long, windy road ahead. I'd offer him luck if I liked him, but yeah.
GRAHAM CLULEY. If you liked him.
CAROLE THERIAULT. If you're a security or IT professional, you've got a mountain of assets to protect: devices, identities, and applications. It's a lot, and it can create a mountain of security risks. Fortunately, you can conquer that mound with 1Password Extended Access Management.
GRAHAM CLULEY. Over half of IT pros say securing SaaS apps is their biggest challenge, with the growing problem of SaaS sprawl and shadow IT. It's not hard to see why. Thankfully, Trellika by 1Password can discover and secure access to all of your apps.
CAROLE THERIAULT. Trellika by 1Password inventories every app in use at your company. Then pre-populated app profiles assess SaaS risks, letting you manage access, optimize spend, and enforce security best practice across every app in your employees' use.
GRAHAM CLULEY. So take the first step to better security for your team by securing credentials and protecting every application. Even unmanaged shadow IT. Learn more at 1password.com/smashing. That's 1password.com/smashing. Now, Carole, according to Vanta's latest State of Trust report, cybersecurity is the number one concern for UK businesses. And of course, Vanta can help you with that.
CAROLE THERIAULT. Whether you're a startup growing fast or already established, Vanta can help you get ISO 27001 certified and more without any of the headaches.
GRAHAM CLULEY. You see, Vanta allows your company to centralize security workflows, complete questionnaires up to 5 times faster, and proactively manage vendor risk to help your team not only get compliant, but stay compliant.
CAROLE THERIAULT. So stop stressing over cybersecurity and start focusing on growing your business in 2025. Check out Vanta and let them handle the tough stuff. Head to vanta.com/smashing to learn more. That's Vanta, V-A-N-T-A,.com/smashing. And thanks to Vanta for sponsoring Smashing Security.
GRAHAM CLULEY. And welcome back, and you join us at our favorite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something that could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish, it doesn't have to be security related necessarily.
Better not be. Well, my pick of the week this week is not security related.
CAROLE THERIAULT. Very good.
GRAHAM CLULEY. My pick of the week this week is a little bit cultural, Carole.
CAROLE THERIAULT. Ooh, you've been doing this recently. You can get it.
GRAHAM CLULEY. Well, you know, it's strange, isn't it? But I mean, I know that you think that you are the artistic one. You've probably got a bit more of an artistic bent than me, I would say, because of your painting.
CAROLE THERIAULT. Can't believe you're calling me bent.
GRAHAM CLULEY. And last weekend, I visited the home of a Victorian artist, a famous Victorian artist. I believe the only artist who has been ennobled with the title of Lord. Oh, okay, whatever. Lord Frederick Leighton. Are you familiar with him?
CAROLE THERIAULT. Oh, I've heard the name, but I don't know his work. No, tell me more.
GRAHAM CLULEY. Well, he was a big cheese in the art world back in Victorian times, and he has an incredible house, which is in Holland Park in London. It's called Leighton House. And there you are, you travel down to West London. So I was in London for some other business, and I went to this place, and you think, I'm going into a fairly impressive looking house, but it's just on a regular street, right? It's on a regular street by Holland Park, stand.
CAROLE THERIAULT. Oh, that's London though. That's London. Yeah, okay.
GRAHAM CLULEY. But it's a very nice part of London. I mean, these houses must cost a fortune. But you walk into what looks like a regular house and somehow you are instantly transported to an opulent Arabian hall decorated in the most beautiful Islamic tiles, golden mosaics, and where you'd normally put a coffee table is a fountain that you would expect in a sultan's palace.
CAROLE THERIAULT. Wow. So he wasn't hurting, he wasn't hurting as an artist. I'm gonna have to read up on this guy.
GRAHAM CLULEY. The funny thing is that he actually, in some ways, lived very modestly. He loved the Middle East. He traveled around the world collecting beautiful things, and he had his house designed and then collected all these incredible tiles and things and said, "I want to have my house decorated this way." And when you go up into his bedroom—
CAROLE THERIAULT. He has a dome in his house. I'm looking at these pictures that you put in. He has a dome, and it's gold leaf, I imagine. That looks like gold leaf. He wasn't hurting at all, okay? It's not just he had a good eye, he had a nice fat wallet as well.
GRAHAM CLULEY. He is incredible.
CAROLE THERIAULT. He was ripping off somebody somewhere.
GRAHAM CLULEY. Carole. What? This is one of the most beautiful houses. You need to check it out.
CAROLE THERIAULT. I will go. I will definitely go. I do love tile works. You know, in Tunisia as well, I've been. Beautiful, beautiful, beautiful. No, so I'll go.
GRAHAM CLULEY. This is beautiful and— There's a number of rooms you can go and check out, as well as his paintings and drawings and the rest of it. He is famous, by the way, for painting Flaming June. Do you know Flaming June? Nope. You'll probably know it. It's a famous picture of some sort of redheaded woman with a blouse.
CAROLE THERIAULT. Oh, yes, yes.
GRAHAM CLULEY. You know the one? Oh, you see. Where she's sort of snoozing. It's hilarious.
CAROLE THERIAULT. I don't even know the names of my paintings. Literally, I don't know the names. People are, what is it called? I'm, I don't know.
GRAHAM CLULEY. Look in the back. So you'll be able to see where he actually painted that picture, but the entire house, absolute joy. The garden is fantastic as well. I'd really recommend it. If you are in London, terrific place to go with—
CAROLE THERIAULT. How much to get in?
GRAHAM CLULEY. How much to get in? Well, I've got an art pass, which allows me in for free to this particular place. Normally there probably is a fee of, I don't know, £10 or something like that, I'd imagine.
CAROLE THERIAULT. But worth it?
GRAHAM CLULEY. Absolutely worth it. Really good. And I think for anyone like you who's into their art, I would strongly recommend it. So Leighton House in Holland Park in London is my pick of the week. Carole, what's your pick of the week?
CAROLE THERIAULT. As we were just discussing, it's been rather warm.
GRAHAM CLULEY. It has been warm. Very warm.
CAROLE THERIAULT. Very warm. And unlike our North American friends, few of us have air conditioning.
GRAHAM CLULEY. Correct.
CAROLE THERIAULT. Yes. Even if the temperatures hit the 30s or the 40s. Celsius, this is. Or the '80s and the '90s and the '00s. And as you know, I have a cute little cat who wears a fur coat all the time. Yes, yes. Did you know I recently learned that domestic cats hail from the desert? So still, I'm still thinking poor thing, right?
GRAHAM CLULEY. Full of fur, hot, hot, hot. Egyptians, the pharaohs, they loved their cats.
CAROLE THERIAULT. That's right. That's true. The Sphinx. That's true. So what do we do, right? So hot, you can't even sleep at night. It's just still hot, hot, hot. We pull out our rusty fans from the attic, but they're about 20 years old, brought from a fancy emporium called Argos that we have here in the UK. And basically it had become a noisy electrical hazard. Desperately in need of an upgrade. So maybe it was the heat, but boy, did we buy an upgrade.
GRAHAM CLULEY. Oh. Did you?
CAROLE THERIAULT. Yes. We got a Shark fan called Flex Breeze.
GRAHAM CLULEY. Hang on. Let's have a look at this.
CAROLE THERIAULT. Lordy, it's a marvel. It's on right now.
GRAHAM CLULEY. Can you hear it? I can't hear yours.
CAROLE THERIAULT. No, no, I can't even hear it. Corded or cordless? Has a battery that charges up when it's connected to the base. Okay, 12 hours cordless runtime.
So say you're outside and you just wanted to have just a bit of a breeze, if it was really still, you could do that. Super quiet, under 2 kilos.
You can carry it around, not to the park. You can carry it around your house or up the stairs. And it keeps you cool.
Plus it has a feature I haven't used yet, an ultra-fine misting.
GRAHAM CLULEY. Oh, your cat would love that.
CAROLE THERIAULT. For outdoor and indoor use. No, no, it doesn't make you wet.
It's just tiny bit of water just to kind of cool you down. You know, like when you're near the vegetable department in a fancy supermarket, they'll have a mister to make all the vegetables gleam.
So how much, right? My original one was probably £20 from the emporium that is Argos.
This one was more like 100 squids. So significantly more, but so far I love this fan.
So my pick of the week, the Flex Breeze from Shark.
GRAHAM CLULEY. Well, I'm sure that'll help out many people in Britain and Europe at the moment.
CAROLE THERIAULT. I've bought mine, so I don't mind now. You know, I wanted to make sure I had it.
GRAHAM CLULEY. Yes, exactly. Yeah, you wanted to make sure you had it before you created a rush of other people buying them.
CAROLE THERIAULT. Of course, I had to test it out, right?
GRAHAM CLULEY. Always test out the picks of the week. Exactly, that's a great choice.
CAROLE THERIAULT. Thank you.
GRAHAM CLULEY. Well, that just about wraps up the show for this week. You can find Smashing Security on Bluesky, unlike Twitter, which wouldn't let us have a G.
And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.
CAROLE THERIAULT. And massive shout out to our episode sponsors, 1Password and Vanta, and of course to our wonderful Patreon community. It's their support that helps us give you this show for free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 423 episodes, check out smashingsecurity.com.
GRAHAM CLULEY. Until next time, cheerio, bye-bye. Bye, I'm losing my voice.
-- TRANSCRIPT ENDS --