CAROLE THERIAULT
Now, Matt claims that the videos are of consenting adults, right? And the cops are of course now in the process going, well, we're going to verify that info.
But can you imagine that conversation? Like, bing bong, hello, your local copy here. First, happy holidays. Second, is this your butt bouncing around in this video, sir? Right?
Unknown
Smashing Security, Episode 56: Peeping Toms, Prison Hacks, and Parliamentary Passwords with Carole Theriault and Graham Cluley.
Hello, hello, and welcome to another episode of Smashing Security, episode 56 for the 7th of December, 2017. My name's Graham Cluley.
CAROLE THERIAULT
And I'm Carole Theriault.
GRAHAM CLULEY
And we are joined today by a special returning guest all the way from New York. He's joining us over the interwebs. It's Iain Whalley from Google. Hi, Iain.
IAIN WHALLEY
That's correct. All the way over the interwebs.
GRAHAM CLULEY
Good to have you back on. Anything interesting going on in any of our lives? No? All right then. In which case, what we should do—
IAIN WHALLEY
We can talk about politics in the interim if you'd like.
GRAHAM CLULEY
Oh, go ahead, because we have politics here in the UK. In fact, I'm going to be talking about that after the break. But you're in America, right?
Is there anything going on with American politics, Iain?
IAIN WHALLEY
No, no, everything's fine.
CAROLE THERIAULT
Everything's been all quiet.
GRAHAM CLULEY
Humdrum, humdrum.
IAIN WHALLEY
All quiet. Yes, there's some news, but it seems to be pretty normal over here.
GRAHAM CLULEY
Okay. All right. Okay.
CAROLE THERIAULT
By normal, he means insane. I'm addicted to the news right now, and I think I need to check myself in. It's kind of an illness.
GRAHAM CLULEY
Yeah, it is a bit bad, isn't it?
CAROLE THERIAULT
I just get lost in kind of news cycles, looking at every different angle. So looking at everyone's different report of the same story.
So you're only gathering one extra crumb per 30 seconds of investment.
GRAHAM CLULEY
This isn't the best advert for our security news podcast, where we're going to be looking back over the last week and working out what's been happening and commenting on it.
I'm just saying, what you've just said suggests that our podcast is a bit shit.
GRAHAM CLULEY
This episode of Smashing Security is supported in part by Netsparker.
Netsparker is a web application security scanner that can automatically find security flaws in your website and fix them before hackers can exploit them.
If you want to automatically check your web applications for cross-site scripting, SQL injection, and other vulnerabilities and coding errors that can leave you and your business exposed, then you need Netsparker.
Try it out now by downloading a demo from www.netsparker.com/smashing.
CAROLE THERIAULT
Today's podcast is also sponsored in part by OneLogin. OneLogin provides single sign-on.
This allows IT to say which users have access to which applications at which time and also enforces two-factor authentication.
So even if credentials are compromised, hackers can't get access to those corporate services.
Find out more about OneLogin and download a free guide to identity access management at smashingsecurity.com/one-login. On with the show.
GRAHAM CLULEY
The Cling. And welcome back. So there's been an interesting situation going on in the British Parliament when it comes to computer security.
So I'll give you a little bit of background first, and then I'll tell you what the politicians have been doing lately.
GRAHAM CLULEY
Way back in 2008, a senior British politician by the name of Damian Green had his computer looked at by the cops, and nothing came of that, right?
They seized a computer, they took a look at it.
Now, a retired detective has now said, he's gone to the media and said that during that investigation they found thousands of legal, so nothing that naughty, pornographic images on Damian Green's Dell PC.
And obviously there's been uproar. How can he have thousands of images like that? Shouldn't he have been working a bit harder?
CAROLE THERIAULT
I don't think I've ever heard the term legal porn before.
GRAHAM CLULEY
Well, consider illegal porn, which would be things like, I don't know, sort of child abuse or snuff movies or, you know, I don't know, you know, coprophilia or, you know, something really very unpleasant.
I think this was sort of fairly standard sort of Razzle magazine kind of stuff.
IAIN WHALLEY
So there's been uproar that he has all this legal porn. Do you think that's just jealousy or what is that?
GRAHAM CLULEY
Well, I think there's been uproar about the allegation that he has all these images, but also that this retired police detective has gone public about it because the police never brought any charges and never made it public.
But now it's sort of come up and it's obviously potentially put his career in some jeopardy. And some of his colleagues in the Conservative Party have been jumping to his defence.
And one of them is Nadine Dorries, who aside from once being a contestant on I'm a Celebrity, Get Me Out of Here.
CAROLE THERIAULT
Oh dear.
IAIN WHALLEY
How do you know that?
GRAHAM CLULEY
Because I do my research, Iain.
IAIN WHALLEY
Oh, right, that's your trick. I got you there.
CAROLE THERIAULT
No, he reads Private Eye.
GRAHAM CLULEY
Anyway, she is the British MP for Mid Bedfordshire, and she has done something very, very brave indeed because she's not only tried to defend Damian Green, but she's also bravely exposed the appalling computer security practices that she and her fellow politicians have in place.
Because what she tweeted the other day was that my staff log on to my computer on my desk with my login every day, including interns.
GRAHAM CLULEY
And so she said, oh yeah, we do this.
And so for anyone to say just because a computer on Damian Green's desk has got porn on it suggests that he was the one who downloaded or looked at it is completely outrageous, is her point of view.
Now, of course, when Nadine said this on Twitter, and I don't know if you guys have been on Twitter, but it's a very sort of calm, relaxing environment where people don't jump to judge each other.
CAROLE THERIAULT
Right, you're about to do now.
GRAHAM CLULEY
Just like I did when I saw that she'd tweeted this, and plenty of other cybersecurity professionals as well. Obviously, we said, you are bonkers, aren't you?
What a cavalier attitude to share your parliamentary login details.
Remember, just a few months ago, the UK Parliament was being targeted allegedly by Russian hackers who were trying to break into email accounts.
And there were also reports that bad guys were ringing up political staff members and just asking for passwords, pretending to be the IT team as well.
So there have been targeted attacks. But some of her colleagues jumped to her defence as everyone was saying, what do you like?
You know, you don't have to give out your email password. There are ways to delegate access to your email if you want to have your staff coping with your constituency email.
But a number of MPs sort of said, "Whoa, you know, I do exactly the same." Nick Bowles MP, for instance, said, "Oh, I often forget my password.
I have to ask my staff what it is." And then Nadine says, "Oh yeah, all of my staff have my login details.
It's a frequent shout in my office when I'm saying, 'What's the password?'" And a whole bunch of them have come out of the woodwork saying that they are entirely the same.
They don't know their passwords. They're telling all their staff their passwords. They're shouting them out in the office.
And in some cases, they admit— there's a guy called Will Quintz MP, and he says, it's not so much about sharing my logins.
I just leave my computer unlocked all the time so they can use it if they want.
CAROLE THERIAULT
I know, it's unbelievable. From our perspective, from our world, this is just gobsmacking.
GRAHAM CLULEY
Well, it's gobsmacking to us, isn't it? But Nadine, believes that we're being really, really unfair because we're in our ivory tower.
Just we criticize Amber Rudd, who's the Home Secretary, who's trying to bring in the Snooper's Charter. She claims also that this is sexism and we're just being sexist.
It's just no, you know, I'm taking the piss just as much out of the male MPs as the female ones. I don't think it has anything to do with sex whatsoever.
Well, apart from maybe the files found on their computer. But yeah, so I just laugh at my own joke.
CAROLE THERIAULT
No, but you know what? I don't know if it's fair to be poking at her and saying she's an idiot.
I think what she's shown is there's a huge lack of knowledge inside our government about cybersecurity best practices.
GRAHAM CLULEY
And imagine how frustrating it must be to be one of the people who works in the Westminster IT team.
CAROLE THERIAULT
I was just gonna say.
GRAHAM CLULEY
Who has to manage these morons And you don't even have the option of giving them the sack because it's down to an election whether they leave or not.
IAIN WHALLEY
I think once again, it's not really a question that they're morons. It's that they don't— this is going to sound terrible— they don't know any better.
They don't know that this is a terrible idea. And you can see that in some of these tweets.
GRAHAM CLULEY
You know what? I've heard this argument on Twitter over the last few days.
Oh, we're just— yeah, there we go as cybersecurity professionals again, looking down at them and sneering at them. And you know what?
I accept that to a point, but then I think, no, I think if you're an MP, and frankly you don't have to have any qualifications to be an MP, do you?
Just need to have gone to the right school.
CAROLE THERIAULT
Oh yeah, it must be such an easy job.
CAROLE THERIAULT
What a walk in the park.
GRAHAM CLULEY
Yeah.
But what you should be appreciative of is actually turning to experts and saying, you know what, thank you for that input, that's really useful to me, I will take that forward.
Not being close to it and just assuming that you know best, because Nadine Dorries clearly believes that she knows best.
If you read her tweets, she's saying, you know, there's— she's saying there is no one who would be interested in hacking me, she says.
You know, my email account is utterly unexciting, apart from of course the personal information from her constituents who are communicating with her, no doubt.
She has even said that she is sure that all of the computers, every MP's computer, if it was investigated, would have porn on it, she says.
IAIN WHALLEY
That sounds like an admission.
GRAHAM CLULEY
Which presumably includes hers, right?
CAROLE THERIAULT
But this comes back to Iain's point. All this points to that she doesn't know very much about computers or email or security.
GRAHAM CLULEY
All right, but if you know nothing about a subject, no doubt if you don't know anything about— so I don't know everything about every subject.
I know it's going to surprise you, right? I know nothing about cars, for instance, or snooker.
CAROLE THERIAULT
Oh, I do know that you know nothing about cars. When I watched you tie your radiator up with a piece of string. And then drive and be surprised that it got burned off. But yeah.
GRAHAM CLULEY
Hey, look, if all I had was a shoelace on me, I think that's a reasonable step anyway.
But the thing is that you should be prepared to say, okay, look, I'm clearly massively out of my depth here. I'm going to get the advice of an expert.
CAROLE THERIAULT
Surely the bigger issue is not her personality or how she's handling the issue, but surely the bigger issue is how do we get education for these people who are running our country?
GRAHAM CLULEY
How do we get them open to listening to those people who are trying to educate them? Just we've been trying to educate them about encryption backdoors.
IAIN WHALLEY
Yes, they need to have better training and there needs to be better education from however the IT in the Houses of Parliament works. I have no idea.
Are there security trainers there? I have no idea. But I don't think you can really fault her for not taking advice from randos on Twitter.
CAROLE THERIAULT
Yeah, Graham. Randos.
GRAHAM CLULEY
Oh, you mean random people. You don't mean randy people.
CAROLE THERIAULT
I'm just checking.
IAIN WHALLEY
Well, they may be too. I couldn't say, but I mean, random people. Yes.
CAROLE THERIAULT
Maybe get people trained up on how security, you know, at least the basics of security and what's valuable on their computers.
CAROLE THERIAULT
Because she doesn't even realize that email is a valuable thing.
GRAHAM CLULEY
Oh, I do have one defense for her, by the way.
GRAHAM CLULEY
It is possible that she wasn't the one who sent these tweets. Maybe it was just someone else using her password, perhaps.
Well, I just think that now if you want access to an incredible amount of porn, just go to any MP's computer because Nadine has— she's outed all of them.
Okay, Iain, what story have you got for us this week?
IAIN WHALLEY
I chose this one with the wonderful headline, Ann Arbor Man now we need to stop there for a second. It's not a man called Ann Arbor. Turns out Ann Arbor is a place in Michigan.
GRAHAM CLULEY
I think you're thinking of a harbour, aren't you?
IAIN WHALLEY
Ann Arbor man pleads guilty to computer intrusion case. Now this is a gentleman called Conrad something I can't pronounce, so we'll stick with Conrad.
It happened in a place called Washtenaw.
CAROLE THERIAULT
Washtenaw.
IAIN WHALLEY
Now I'm not going to try to pronounce that more than once, but the important thing about this place is the name of this county. It's a county in Michigan, ends with a W.
Okay, so what this gentleman Conrad did, he started by registering a domain. So this county's domain is ewashtenaw.org.
So he registered the same domain except without the W at the end. He registered it with two Vs. Ah, yeah.
Now you see, as my co-hosts have already realized, two Vs looks a bit like a W. In fact, it makes you wonder why W isn't called double V.
But anyway, so he registered this domain that looks like the real thing.
He then used that domain to send emails to employees of this county, claiming to be some guy that he wasn't, requesting help with, quote, court records, unquote.
IAIN WHALLEY
He also called other employees on the phone, and he impersonated two real county IT department employees.
And what he wanted the people to do, both the people he was emailing and the people he was calling on the phone, he wanted them to visit his fake website.
IAIN WHALLEY
To, quote, "upgrade the county's jail system," unquote.
Which doesn't really sound like the sort of thing you could do by visiting a website, but that's what he was wanting them to do.
GRAHAM CLULEY
Hang on, what? So he created this dodgy website with two Vs on the end rather than a W to trick these people. And he said upgrade your jail system.
GRAHAM CLULEY
Okay, well, so it's some piece of software used for managing jails, I imagine.
GRAHAM CLULEY
Okay. All right.
IAIN WHALLEY
And quoting now from the legal documents, quote, "Some county employees followed his directions." Okay. So they visited his dodgy website and they clicked on some links. Yeah.
And we know what wonderful things happen when you visit websites and click on links. So now, of course, the county network where these county employees were has malware on it.
He gets some login credentials. So now this Conrad character has access to basically everything on the county network.
So he has access to the personal information of the county employees, he has all the login information, he has search warrants, he has disciplinary records, he has all sorts of wonderful things.
And here comes the good bit. He also has access to this wonderfully named thing called ExJail, the county's system for tracking prison inmates.
So now what he does, and this appears to have been his goal all along, he modifies someone's release date.
CAROLE THERIAULT
Oh, Barry the headline!
IAIN WHALLEY
Well, so what he's doing is he's gone through all this, and it took him a couple of months to do this, maybe 6 weeks, something like that.
And at the end of it all, he modifies someone's prison release date, quote, "in an effort to get that inmate released early." So that was his main goal, you think?
That's what it appears, yes.
GRAHAM CLULEY
And I thought it was cool when Ferris Bueller hacked his school computer system to improve his grades. This is really taking things to another level, isn't it?
IAIN WHALLEY
Was that Ferris Bueller or was that WarGames?
GRAHAM CLULEY
I think it was Ferris Bueller.
IAIN WHALLEY
It definitely happened in WarGames 2.
GRAHAM CLULEY
Was there a WarGames 2? I thought there was no sequel. I thought after WarGames it was—
IAIN WHALLEY
Actually, there was a straight-to-video sequel, but it was terrible. We'll have to get the listeners to write in and tell us whether this also happened in Ferris Bueller.
So somehow the county noticed that he had changed this release date.
And they say, "Thanks to a careful review by employees, no inmates were released early," said the US Attorney for the Eastern District of Michigan's press release.
GRAHAM CLULEY
So maybe they had some guy in for 50 years for mass homicide or something.
And it's like, "Oh no, I'm actually leaving next Thursday." He was getting his suit on and they said, "Whoa, whoa, whoa, whoa, whoa, whoa." Hang on a minute, Mr. Manson.
Why have you been let out like this? What's going on?
IAIN WHALLEY
Now, it's unfortunate that the documents don't tell you who the inmate was that he was trying to release early.
IAIN WHALLEY
Right? And what the relationship was there. Because, you know, the gossipmonger in us really want to know that.
GRAHAM CLULEY
I'm imagining it's someone like Lex Luthor. Wouldn't that be cool if it was some real supervillain?
IAIN WHALLEY
Not really a real supervillain in this case.
GRAHAM CLULEY
Oh, how disappointing.
IAIN WHALLEY
So this is a great story because it's got social engineering, it's got fake domain names that look like the real thing, it's got malware, and it's got dodgy computer systems that are apparently easy to modify.
And in their defense, they noticed.
GRAHAM CLULEY
Although it sounds like they noticed at a sort of human level rather than the computer system had been breached. No, no, no.
CAROLE THERIAULT
They noticed straight away, I think, didn't they?
IAIN WHALLEY
It's not totally clear. They don't really make it very clear in the documents I read, which we'll put a link in the show notes. I'm sure the Register hopefully has the PDF.
GRAHAM CLULEY
All right, okay.
IAIN WHALLEY
And one more thing on the subject of XJAIL: it's an off-the-shelf software product. You can go buy it. Now, if you Google for XJAIL, or Bing, or whatever—
GRAHAM CLULEY
I can go and buy some jail management software.
IAIN WHALLEY
Well, I shouldn't say you can go and buy it.
CAROLE THERIAULT
It might cost you a pretty penny.
IAIN WHALLEY
It is an off-the-shelf product that you can buy. Right. Maybe you have to be a corrections officer.
IAIN WHALLEY
But it's interesting because if you Google for it, it's really hard to find the manufacturer of this product because you keep finding public-facing search pages to look up prison inmates.
IAIN WHALLEY
Use the search engine of your choice to search for XJAIL.
CAROLE THERIAULT
It just happened to me.
IAIN WHALLEY
And you'll find a bunch of web pages where you can look up inmates.
GRAHAM CLULEY
Lex Luthor.
IAIN WHALLEY
Which prison system are you checking in? Is Metropolis in there?
GRAHAM CLULEY
Oh, he's not found. How disappointing. He must have escaped.
IAIN WHALLEY
Yes, it does have special detection for when the employee— when the inmate escapes.
Also, the website for this software is, when you do find it, is appallingly full of grammatical errors and typos.
GRAHAM CLULEY
Oh, well, that is a crime in itself, isn't it?
IAIN WHALLEY
Which really should have been the headline, I think.
GRAHAM CLULEY
So when you read this story originally, it had the title "Ann Arbor Man Pleads Guilty to Computer Intrusion Case" rather than "This Hacker Almost Sprung a Villain or Felon or Something." Or rather than "Website Full of Spelling Mistakes." It's a pretty dire headline, actually.
CAROLE THERIAULT
I agree.
IAIN WHALLEY
It does. I believe the term of art is bury the lede.
CAROLE THERIAULT
But hey, you ended on a high. It's kind of a fascinating story, though. I didn't see it coming. Didn't see it coming.
GRAHAM CLULEY
Carole, don't bury your lede. Tell us what caught your attention this week.
CAROLE THERIAULT
So Airbnb, you guys ever use it?
GRAHAM CLULEY
Have I? Yes, I have. Yes, I have used it.
CAROLE THERIAULT
Okay, but not often.
GRAHAM CLULEY
No, not often, no.
IAIN WHALLEY
No, no, no, no. Don't use it. It's creepy.
CAROLE THERIAULT
Have you used it, Iain?
CAROLE THERIAULT
No? So I've used it quite a lot and I've always had a pretty good experience, right?
But okay, so question, have you ever worried about secret video cameras or microphones in hotel rooms or in Airbnb places that you've stayed in?
GRAHAM CLULEY
Well, not in an Airbnb place. I think we did once in an early podcast talk about the time I was in a restaurant in Boston and a video camera came under the bathroom door.
GRAHAM CLULEY
Bathroom door. Oh, that's right. But that wasn't so much a hidden camera as it was pointing directly at my private parts.
CAROLE THERIAULT
Well, you were blinking for a long time, having one of your catnaps. It could have been.
So I've never had a bad experience, but I've never actually been in a place and actually thought, I wonder if they're actually spying on me.
And surprise, surprise, it turns out there are indeed dirtbags out there who secretly record their paying guests' private moments.
So an article penned by friend of the show Lisa Vaas pointed to a tweet that was sent last week by this guy called Jason Scott.
And he says, oh, in that's a thing now news, a colleague of mine thought it was odd when there was a single motion detector in his Airbnb in the bedroom, and voilà, it's an IP camera connected to the web.
And then he continues, he left at 3 AM, reported, host is suspended, colleague got refunded. And then just earlier this month, there was another one.
This is in Florida, a guy named Wayne Natt. Seriously, who names their babies Wayne?
GRAHAM CLULEY
Mr. and Mrs. Natt do, by the sound of things. I guess if you're a Natt and feel rather insignificant on the surface of the planet, you think, oh, a name like Wayne would be cool.
Hey, maybe it's Bruce Wayne, right? And he and Lex Luthor— sorry, I don't know where I am today.
IAIN WHALLEY
He and Lex Luthor what exactly?
GRAHAM CLULEY
Well, they could have a tussle or wonder where Superman is in my bizarre scenario. Carry on, Carole. Don't be distracted, Carole, by what Iain's talking about.
Iain keeps on butting in with these silly little comments. You keep going, Carole. Who's editing this one, by the way?
GRAHAM CLULEY
Oh, now you say that.
CAROLE THERIAULT
Anyway, this guy Wayne rents out his condo on Airbnb, and this place looked reputable. It had 40 reviews of other supposedly happy guests, right?
So this couple from Indiana go down, and they're vacationing at Wayne's pad, and they discover a hidden camera and microphone inside a smoke detector in the master bedroom with the camera pointing at the bed.
Oh yeah. And there was also another hidden camera in the smoke detector in the living room.
GRAHAM CLULEY
So that is a bit creepy, isn't it?
CAROLE THERIAULT
It's totally creepy.
GRAHAM CLULEY
I mean, I can kind of understand.
I can kind of understand that if you were an Airbnb property owner, you might be nervous of freaks coming in and causing damage and then trying to hide it or stealing something or something like that.
But it's still a bit weird, isn't it?
IAIN WHALLEY
I'm sure that's the reason why there was a camera pointing at the bed.
GRAHAM CLULEY
Well, exactly. What are you going to ever lose on a bed? Well, virginity.
CAROLE THERIAULT
Do you want to hear what Mr. Wayne Natt's reason is for having the camera there?
IAIN WHALLEY
I don't know, do I?
CAROLE THERIAULT
So he claims that the videos that he has, because they, you know, the police were called, they went looking and they found a big army of videos that date back to 2008 that are all a little bit salacious.
And he claims that the videos were made with consenting adults, right?
GRAHAM CLULEY
And that goes back to 2008.
GRAHAM CLULEY
He wasn't sharing these with a British member of parliament.
CAROLE THERIAULT
No, I doubt they knew each other. I doubt Wayne's left the country.
CAROLE THERIAULT
Now, Nat claims that the videos are of consenting adults, right? And the cops are, of course, now in the process going, well, we're going to verify that info.
But can you imagine that conversation? Like, bing bong, hello, your local cop here. First, happy holidays. Second, is this your butt bouncing around in this video, sir, right?
How do you go about doing that?
GRAHAM CLULEY
And even if they were consenting adults, they're consenting adults with each other. They weren't necessarily consenting with having their ass filmed, were they?
IAIN WHALLEY
Also, were these videos correctly timestamped? Because otherwise the policeman is going to have to say, no, not that one, how about this one?
I mean, it's just a terrible job for any policeman.
CAROLE THERIAULT
It is awful. So Wayne has been charged with video voyeurism, which I didn't know actually was even a thing, but there you are.
Airbnb are of course outraged and have kicked him out of the Airbnb family and claim to be helping the authorities as well.
Now, I was interested in what are the Airbnb rules when it comes to this kind of thing?
GRAHAM CLULEY
So make sure you have a QR code stamped on your bottom should images of you appear on the internet in future.
CAROLE THERIAULT
Well, no, but you made a good point earlier, right? If I were going to put my place or one of my places, one of my many, many houses on Airbnb—
GRAHAM CLULEY
Your property empire.
CAROLE THERIAULT
One of my many, yeah.
GRAHAM CLULEY
Theriault Towers.
CAROLE THERIAULT
Exactly, Theriault Towers, exactly. If I was going to put that out on Airbnb, I think I would be a little bit nervous, right? I'd be well, who's going to be coming in here?
But I can understand that.
So apparently if you're a host and you have any type of surveillance device in or around a listing, even if it's not turned on or hooked up, we require that—this is Airbnb speaking—they require that hosts let guests know by including this information clearly in the listing and photographs.
So basically they're saying you need to let people know before.
But this is the punishment: if a host discloses the device after booking, Airbnb will allow the guest to cancel the reservation and receive a refund. So that's the punishment.
GRAHAM CLULEY
I wonder if there's some perverted exhibitionists who'd actually get a bit of a kick knowing that an Airbnb thing was being videoed.
CAROLE THERIAULT
Yeah, exactly. Maybe you get more money.
IAIN WHALLEY
That could be your thing.
GRAHAM CLULEY
Sort of people who go on that Naked Attraction Channel 4 program.
CAROLE THERIAULT
And you've talked about this show before.
IAIN WHALLEY
You seem very interested in this program, Graham. Is there anything you'd like to tell us?
GRAHAM CLULEY
I was just appalled by it.
CAROLE THERIAULT
Didn't your wife say that you found—she found this show a little bit too, you know, rude?
GRAHAM CLULEY
Well, I don't watch. I cannot physically be in the same room as it, but I do have friends who have seen it and have narrated what is going on through the doorway towards me.
IAIN WHALLEY
Oh, right. So it's Naked Attraction for the vision impaired.
GRAHAM CLULEY
For me, yes, it's the braille version of Playboy is what I'm experiencing.
CAROLE THERIAULT
So I was thinking, I wonder if I was an Airbnb host, how would I go about getting one of these surveillance cameras, especially if you want it to be secret?
And my first search brought up an article called 10 Best Security Cameras for Airbnb and Short-Term Rental Hosts.
And it starts with the rise in home sharing through Airbnb short-term renting comes a need to protect one's investment.
After all, if your home ends up trashed or mistreated by a guest, et cetera, et cetera. So they're, you know, feasting off this as well.
CAROLE THERIAULT
So what can you do if you are going to be an Airbnb or similar guest? Obviously, read the details carefully.
See if they say anything about surveillance, microphones, and video cameras on the premises. Consider disconnecting the router or the Wi-Fi. You know, why use it?
You can use your 3G, and then your traffic at least stays clean and doesn't— and also if they have any devices connected to Wi-Fi, they will not work.
And you can get these things called bug detectors. I had a bit of fun looking these up. So they can detect GPS trackers and RF transmitters and wired and wireless hidden cameras.
And they cost a pretty bob though, something like £300. But apparently they'll tell you if there's anything in a room. And of course you could always just stay in a hotel.
IAIN WHALLEY
And there'd never be a hidden camera.
CAROLE THERIAULT
Yeah, exactly. There would never, ever, ever be a hidden camera in a hotel room.
IAIN WHALLEY
I admit, even when I stay in hotels, I do kind of look around a bit going, is there a camera in here checking out my junk? So far I've not found a camera, but I do wonder.
CAROLE THERIAULT
We know people that never use kettles in hotel rooms.
GRAHAM CLULEY
I was about to mention that.
IAIN WHALLEY
I think I remember that.
CAROLE THERIAULT
Yes. Let's not say more. Let's not say more. Stay away from the kettles.
GRAHAM CLULEY
Okay. After the break, we'll be back with our picks of the week.
CAROLE THERIAULT
Today's podcast is sponsored in part by OneLogin. OneLogin provides single sign-on, which people think is a productivity tool, but it's very much a security tool.
Companies use hundreds of applications every day, with the average worker having to remember about 40 passwords.
Unless you use a product like OneLogin, passwords go into spreadsheets, into emails, and end up on Post-it notes.
OneLogin allows IT to say which users have access to which applications at what time. And also enforce two-factor authentication.
So even if credentials are compromised, hackers can't get access to those corporate services.
And by connecting to Active Directory, access to all of these services is deprovisioned as soon as someone leaves the organization.
OneLogin has customers like Airbus, Royal Mail, BSI, and Dun & Bradstreet.
Find out more about OneLogin and download a free guide to identity access management at smashingsecurity.com/onelogin. That's smashingsecurity.com/onelogin.
GRAHAM CLULEY
Are you worried that your website might be the backdoor through which hackers can access your information and steal data? Well, if so, you'll be interested in our sponsor today.
NetSparker is a web application security scanner. It can automatically find the flaws in your website security and fix them before hackers can exploit them.
You can try it out right now. Download a demo from www.netsparker.com/smashing. On with the show. And welcome back.
Well, it's that time of the show when we talk about things that we like.
Could be a funny story, a book that we've read, a TV show, movie, record, an app, a website, a podcast, whatever.
CAROLE THERIAULT
A piece of fruit.
GRAHAM CLULEY
Doesn't have to be security. It could be a piece of fruit. It doesn't have to be security-related fruit, however, necessarily. And we'd like to call it Pick of the Week.
CAROLE THERIAULT
Pick of the Week.
IAIN WHALLEY
Pick of the Week.
GRAHAM CLULEY
My Pick of the Week this week is this.
We've all seen photographic images from World War II or World War I, or maybe even Victorian times that have been colorized and somehow it makes everything, it makes the past feel more real, doesn't it?
Well, yes, it does. What are you laughing at? Of course it does.
CAROLE THERIAULT
Wait, look, black and white, when's a fake past?
GRAHAM CLULEY
No, I think sometimes you can feel slightly distanced from a black and white picture, or you imagine it's some Calvin Klein advert that you're looking at.
So, you know, seeing something color makes you go, oh, look at that, it's in colour, crikey. It somehow feels more real. You know, pictures of World War I or whatever.
So I'm going to introduce to you a Twitter bot, and it's not a Twitter bot which is being controlled by Vladimir Putin. Instead, it is called the Colorize bot.
Colorize without a U, with an S. I'm sorry about this.
IAIN WHALLEY
That's an interesting combination, isn't it?
GRAHAM CLULEY
And what it does is if you tweet a black and white image to Colorize bot on Twitter, it will churn away, does a little bit of machine learning magic, and it will come back with what it believes is a colorized version of the image.
GRAHAM CLULEY
And it's rather fun.
So when I first discovered this a few weeks ago, I did what most other Doctor Who fans were, which we basically started bombarding it with images from 1960s black and white Doctor Who, which we wanted to see in color.
Sometimes because we were curious as to what a particular alien actually looked like, what color it was in the Dalek master plan, for instance.
I won't go into the scene and details of it, but anyway, to see if the machine knew best. And sure enough, it does come back with colorized images.
Now, sometimes they are a little bit sepia-ish. Things can get a little bit orange on occasions, but it's quite fun. And that is why Colorize Bot is my pick of the week.
IAIN WHALLEY
I'm looking at it.
CAROLE THERIAULT
It's really, really cute.
GRAHAM CLULEY
Ah, you see?
GRAHAM CLULEY
I've been doing well on my picks of the week recently, haven't I? Anyway, it's a lot of fun. So there you go. And Iain, what's your pick of the week?
IAIN WHALLEY
My pick of the week is a TV series. It's called The Leftovers. Now there's several good things about this. Firstly, it's finished. So you know how much time you're committing to it.
You're committing to 28 episodes.
GRAHAM CLULEY
All right. That's good to know.
CAROLE THERIAULT
Do people do that if there was too many series that people would just go, I'm not going to invest the time in that?
GRAHAM CLULEY
I know people who won't watch Doctor Who because they think they have to watch it from episode 1, which means 54 years of catching up.
CAROLE THERIAULT
Every time you say Doctor Who, you break a little bit of my heart that I have to— I'm on a podcast where it's mentioned regularly.
IAIN WHALLEY
So some people don't like to start series that are halfway through or 6 seasons in just because you don't know.
You don't know, am I now committing to 12 years of trying to follow this program?
IAIN WHALLEY
You don't know, and how many series have actually just dwindled at the end? It's just, just flutters like a dying fish on the side of a pool.
IAIN WHALLEY
So this one, it's 28 episodes, about an hour long each. It was on HBO in the US. I think it was on Sky in Britain. And it's a very interesting program.
It's created by one of the people behind Lost. But don't let that put you off. This one does have a good ending, unlike Lost.
And the premise of the show, and there's no spoilers here, the premise of the show is that it starts immediately after something that comes to be called the sudden departure, when 2% of the world's population just disappears.
And there's no explanation for why this happens. There's no explanation for who disappears and who doesn't.
And it's an interesting premise because it doesn't lead to your normal post-apocalyptic situation where there's hardly anybody left, right? Because most people are left, right?
It does cause all sorts of societal problems and panic and people wondering why this happened and all of that stuff. And it's a character-driven program.
There's some very interesting characters in it. The two leads are Justin Theroux and Carrie Coon, who you may not have heard of, but she was also in season 3 of Fargo.
And she's very good. And it's super interesting. You should definitely watch it.
GRAHAM CLULEY
I have actually watched a trailer for this. And I saw, because I recognized the name of the guy who's behind it, who is the same guy who's behind Lost.
And yes, I have to say that put me off.
So I'm quite encouraged by what you've just said in so much as the series has ended and you said it has a proper ending because often with these sort of shows, I think, oh, this is just going to be ridiculous, which is kind of what I didn't watch Lost after a while because I just thought they are never going to explain any of this, which I believe was the case that they just sort of left it and just annoyed everybody.
IAIN WHALLEY
Well, they did try to explain it in Lost, but in this they don't really try to explain it.
There are several theories proposed, but it's left very ambiguous at the end of the third season. The third season is insanely weird, but very, very fun.
I liked it very much, so you should watch it. And it does meet one of the Cluley conditions for appearing on the podcast.
Christopher Eccleston is in it, and he played one of the Doctors.
IAIN WHALLEY
So if it wasn't for that, I wouldn't have been allowed to mention this program. So there you go.
GRAHAM CLULEY
Don't worry, Carole, we'll take that out.
IAIN WHALLEY
That's the end of my references to that TV program that Graham likes.
GRAHAM CLULEY
So, okay, so basically you've spoiled this show. You've said that there is no explanation at the end, right?
GRAHAM CLULEY
Well done. So anyone beginning it, don't expect—
IAIN WHALLEY
I think it's pretty clear from the beginning that there's not. Oh, really?
It's not the sort of program that is going to try to say, ah, well, it happened because there was a fluctuation in the neutron flow in... You know, no.
GRAHAM CLULEY
But despite that, you weren't frustrated by it. You still found it a good show. Okay.
IAIN WHALLEY
No, because the point of the show isn't why did this happen? It's about these people and what they do and the crazy, crazy things that happen to them.
IAIN WHALLEY
And I'm certainly not going to promise everybody's going to like it, but I liked it very much.
CAROLE THERIAULT
I'm going to take that as a promise.
GRAHAM CLULEY
Iain, I've heard of worse picks of the week. I mean, do you remember The Red Pill? Suddenly this sounds, this sounds more promising.
IAIN WHALLEY
High praise. Thank you, Graham.
GRAHAM CLULEY
Carole, what's your pick of the week?
CAROLE THERIAULT
Okay, so my pick of the week has to do with Christmas coming, and I think everyone over the age of 30 is getting very stressed out already about it.
So I say you need just a bit of old school fun. So let me introduce you to littlealchemy2.com. So you guys can go there if you want while I'm talking. So this is a game.
And it's a bit of a time waster. I seriously spent an hour there today, and I'm embarrassed to say that, but it's kind of addictive.
Now, it came out earlier this autumn, and it's very simple in concept and design. It's a bit like a flash game where you combine elements.
So if you're there, you'll see that you have water and fire and air and other things like that, and if you take two of them and put them on top of each other, you can create a new element.
And you can go and create life, universe. So there's things like you can even, if you get a unicorn and you can combine it with the sea and you can get a narwhal. Kind of cool.
A rainbow and a bird make a peacock. So there's kind of cute humor in the combinations that you pull together.
GRAHAM CLULEY
I'm trying it right now, Carole. And, right, I haven't made a unicorn. I have, oh, I've just made gunpowder.
CAROLE THERIAULT
There you go.
GRAHAM CLULEY
Oh, there we go. I think I made it anyway.
CAROLE THERIAULT
So basically there's 600, 700 things that you can create and you can go up, you go up a kind of, like almost a pyramid.
GRAHAM CLULEY
Excuse me, I've just, I've just erupted. My volcano has just sneezed.
GRAHAM CLULEY
And I've created granite through the process of it.
CAROLE THERIAULT
There you go. Anyway, have fun. I think it's cute. I think kids would like, I like it too.
It's great to have around, especially during the holidays if you're sitting with family and need a little distraction. And you're welcome.
GRAHAM CLULEY
Thank you very much, Carole. Little Alchemy 2.
IAIN WHALLEY
I'm sorry, I'm just playing it, so—
CAROLE THERIAULT
Yeah, and it's an app as well. See, it's addictive. I knew this would happen. I knew you guys would get in. I fell right in as well.
GRAHAM CLULEY
Maybe all those politicians who've got porn on their computers, they could be better wasting their time doing this instead.
CAROLE THERIAULT
Yes! It's the new solitaire, boys.
GRAHAM CLULEY
And then their volcano can erupt as well.
CAROLE THERIAULT
Oh God. I don't know what he ate for dinner. I don't know.
GRAHAM CLULEY
It's a late night recording. That just about wraps it up for this week.
You can follow us on Twitter @SmashingSecurity, no G, and we also have a Facebook group as well where you can find us and you can buy swag. You can buy a t-shirt, a mug, a cushion.
All kinds of gorgeous things from smashingsecurity.com/store.
CAROLE THERIAULT
The mugs are great.
IAIN WHALLEY
The mugs are great. Is it a particularly amusing cushion?
CAROLE THERIAULT
No, no, it's not. Okay. It's really not. I just say stick with the mug.
GRAHAM CLULEY
Iain, if people want to follow you online, where's the best place to do that? Is there anywhere they should do that?
IAIN WHALLEY
Ah, no, I don't do online.
CAROLE THERIAULT
Contact us and we'll get a message to him via the secret pigeon.
IAIN WHALLEY
I've heard of the internet and I'm not having any truck with this modern stuff.
GRAHAM CLULEY
So, until next time, thank you very much for listening to the show. If you know someone else who might like the show, please tell them about it.
And if you don't know anyone else at all, go to Apple Podcasts and leave us a nice review. We don't want any of those nasty ones.
Until next time, cheerio, bye-bye, bye everyone, bye-bye. So seriously, I meant to do this, am I?
CAROLE THERIAULT
Yeah, because you're the one who's kind of made this crazy. So yeah, you're editing.
IAIN WHALLEY
Yeah, well, it wasn't me.
This transcript was generated automatically, probably contains mistakes, and has not been manually verified.