Should insurance companies be banned from helping companies pay ransomware demands? How has malware messed with motorcars in the United States? And how are cybercriminals exploiting alcohol drinking during the pandemic?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.
Visit https://www.smashingsecurity.com/223 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: Maria Varmazis.
Sponsored By:
- 1Password: With 1Password you only ever need to memorize one password. All your other passwords and important information are protected by your Master Password, which only you know. Take the 14 day free trial now.
- Duo: While remote work has been on the rise for years now, the recent rapid expansion of work-from-home culture presents new security challenges. Duo Security makes application access more secure for organizations of all sizes. Its modern access security is designed to safeguard all users, devices, and applications - so you can stay focused on what you do best.
- Proactively reduce the risk of a data breach, verify users' identities, gain visibility into every device and enforce polices to secure access to every application. Give your organization the peace-of-mind that only complete device visibility can bring. Visit Duo.com to sign-up for a free 30 day trial.
Links:
- Lessons of the SolarWinds hack — Article by Marcus Willett, IISS.
- Insurers defend covering ransomware payments — BBC News.
- Cyber insurance giant CNA hit by ransomware attack — Graham Cluley.
- FatFace pays out $2 million to Conti ransomware gang — Graham Cluley.
- How do we stamp out the ransomware business model? Ban insurance payouts for one, says ex-GCHQ director — The Register.
- Cyber Attack Forces Vehicle Emissions Testing Company to Halt Operations in 8 States — The Drive.
- Malware attack is preventing car inspections in eight US states — Bleeping Computer.
- Service Restoration Status Update — Applus Tech.
- Changes in Adult Alcohol Use and Consequences During the COVID-19 Pandemic in the US — JAMA Network.
- Rebalancing the ‘COVID-19 effect’ on alcohol sales — NielsenIQ.
- Alcohol does not protect against COVID-19; access should be restricted during lockdown — WHO.
- Lockdown Saw Rise in Wine Domains and Wine Scammers — Recorded Future.
- The Raven Remastered — THQ Nordic.
- The Raven Remastered trailer — YouTube.
- Westworld — HBO.
- Thermapen Fast, Accurate Instant-read Thermometers — Thermoworks.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
GRAHAM CLULEY. To pay or not to pay, that is the question. Whether 'tis nobler in the mind to suffer the slings and arrows of outrageous malware or to take armfuls of bitcoins and buy paying—
MARIA VARMAZIS. Damn it, it's done.
CAROLE THERIAULT. It sounds like a Dalek doing Shakespeare.
UNKNOWN. Smashing Security, episode 223. Doxing, nudes, and insurance dudes with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, episode 223. My name's Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. And Carole, we are joined this week by returning guest, family favorite, Maria Varmazis.
MARIA VARMAZIS. Hi!
CAROLE THERIAULT. And my sticky pickles BFF.
GRAHAM CLULEY. Hey! Wow, I think that could be a record. Only 12 seconds in, we've already got a plug for Sticky Pickles.
MARIA VARMAZIS. And it wasn't me who did it this time. Amazing.
CAROLE THERIAULT. Graham, you plug your website every time you say your name..com.
GRAHAM CLULEY. So, so what's new with you, Maria, or indeed with any podcast you may happen to co-host?
MARIA VARMAZIS. Well, our podcast is doing amazingly, so please listen to Sticky Pickles. That's exactly— I am half vaccinated. My kid is back in school.
GRAHAM CLULEY. Top half or lower half? Which, which half?
MARIA VARMAZIS. Oh, you'll have to guess. That's for me to know and you to find out.
CAROLE THERIAULT. Graham, if you're getting this shot in your ass cheek, something's wrong.
MARIA VARMAZIS. One can though, you can ask for that.
CAROLE THERIAULT. Oh gosh, can you?
MARIA VARMAZIS. Just needs to go in a muscle if you have any butt muscle left.
CAROLE THERIAULT. You don't tend to sit in your shoulder, you tend to sit in your ass. Says you.
GRAHAM CLULEY. Can I just remind you guys that I'm editing this part of the podcast?
MARIA VARMAZIS. We're making it extra difficult for you.
CAROLE THERIAULT. That was gold.
MARIA VARMAZIS. You're not gonna keep that banter?
CAROLE THERIAULT. Exactly. Um, so why don't we move on to thanking this week's sponsor, 1Password and Duo Security. Their support helps us give you this show for free. Now, coming up on today's show, Graham, what do you got?
GRAHAM CLULEY. I'm gonna get Shakespearean on your ass.
CAROLE THERIAULT. Lindsay, that's the word du jour. Um, Maria, what about you?
MARIA VARMAZIS. Okay, uh, cars, inspection, and malware.
CAROLE THERIAULT. Whoa, sounds super sexy. And mine is One for the boozers out there. Bad guys are after you. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chums, chums, after that rather tawdry beginning to the podcast, I feel like we need to raise the tone a little bit. We need a little bit of culture, maybe.
MARIA VARMAZIS. I'll leave the podcast.
GRAHAM CLULEY. So I wonder, maybe if So how about this? To pay or not to pay? That is the question. Whether 'tis nobler in the mind to suffer the slings and arrows of outrageous malware, or to take armfuls of bitcoins and by paying—
MARIA VARMAZIS. Exterminate, exterminate!
CAROLE THERIAULT. Yes, exactly! Sounds like a Dalek doing Shakespeare. Just watch it. Totally. Oh my God.
MARIA VARMAZIS. That was a journey you took us on, I just gotta say.
CAROLE THERIAULT. Did you see the sci-fi set?
GRAHAM CLULEY. I'm sorry, Maria, I should have said it in the original Klingon, shouldn't I?
MARIA VARMAZIS. Come on.
GRAHAM CLULEY. It is, of course, a huge debate. Should we pay ransom demands or not if we're hit by ransomware? And it's a struggle that many companies have. Paying a ransom can get you out of a sticky pickle for sure. But if you're— Oh, even I'm doing it now.
MARIA VARMAZIS. Oh, I love it.
GRAHAM CLULEY. No, because it can work, right? Because if your extortionists keep their word, you'll get a decryption key to recover your data and your files, unlock your computers, and hopefully they'll not release your stolen data to the wider world.
MARIA VARMAZIS. Well, rely on the honour of thieves, right? Yeah, sure, they'll keep their word.
GRAHAM CLULEY. But they're running a business, aren't they? It would be bad for their brand as criminals if they didn't keep their word, because they want to extort more money out of more people. It's simply good business for them.
CAROLE THERIAULT. It's so interesting, that concept, right? That they are going to follow good business practices, but they're an illegal company that just basically, you know, ransack you and then steal your data.
MARIA VARMAZIS. Politely.
CAROLE THERIAULT. Politely. And with, "Thank you very much for your payment.
GRAHAM CLULEY. Please rate us." Some ransomware gangs offer better customer service and support. Than legitimate companies. They will give you advice on how to better secure your business in the future. They just did that with Fatface.
CAROLE THERIAULT. Yeah, that's right.
GRAHAM CLULEY. It's a UK retailer who just paid up a ransom.
MARIA VARMAZIS. Well, they probably get better paid consultants there on the illegal side.
GRAHAM CLULEY. But of course, by paying, you're sending out a clear message to other criminals that you're prepared to pay ransoms. You know, that's kind of useful to know, isn't it? If you're a an extortionist, it sends out a message that cybercrime does pay and encourages others to enter the world of extortion. So there's more criminals jumping into the ring thinking, oh, this seems like a pretty good thing to get involved with.
CAROLE THERIAULT. So what's missing? Why is this happening?
MARIA VARMAZIS. Why is ransomware happening? Yeah. Do you think—
CAROLE THERIAULT. I'm not saying it makes money.
GRAHAM CLULEY. No.
CAROLE THERIAULT. Yeah, it makes money because—
MARIA VARMAZIS. end of podcast.
CAROLE THERIAULT. Do you think— do you think it makes money because of lack of legislation? Surely, surely that's the problem.
GRAHAM CLULEY. It makes money because people pay it and the criminals don't get caught. You know, it's really simple. There's only two things which could change this is if nobody ever paid a ransom or if all the criminals were caught. And neither of those are terribly likely to happen, are they?
MARIA VARMAZIS. No, I don't think legislation is going to make criminals think twice about what they're doing.
GRAHAM CLULEY. So it continues. Ransomware demands can be pretty high, right?
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. But the cost of not paying can be devastating as well. And so I think some companies are paying because they think, well, We don't really want to pay, but it would be worse if we didn't. If you didn't pay, you can hold up your head and say, oh, we're proud of our decision. And you know, but what happens to your company? Can it survive? The cost may be higher than the ransom being demanded. What's going to happen to your staff, your business partners, your suppliers? What impact might it have on them as well as your organization? And what's to say you won't be hit by ransomware again and again and again? And have you learned the lesson from the past? So some Some do weather the storm, notably Norsk Hydro in 2019. They were hit by ransomware. Their profits plummeted 82%.
CAROLE THERIAULT. For how long?
GRAHAM CLULEY. Well, yeah, for a while. They weren't able to do any business. They basically shut down much of their business while they were dealing with it because it was a huge problem. They refused to pay the ransom demand, which would have cost it a lot less than the £45 million. The attack eventually cost them. Now, inevitably, with the rapid rise of ransomware, others, as I say, they've seen the opportunity to make a quick buck, including insurance firms.
CAROLE THERIAULT. Mm-hmm.
MARIA VARMAZIS. Huh.
CAROLE THERIAULT. We've talked about this.
MARIA VARMAZIS. Yeah.
GRAHAM CLULEY. It's now not uncommon for companies to not just have cyber insurance, but specific coverage for ransomware attacks to cover the cost of a ransom should one be demanded. And the British Association of Insurers, they say that paying the ransom is the cheapest and most effective option for companies. Well, they would say that, wouldn't they?
MARIA VARMAZIS. Ah, okay. Yeah. 'Cause yeah, they get a cut.
CAROLE THERIAULT. Yeah. The insurers say that.
GRAHAM CLULEY. The insurers say that. They say paying the ransom is cheaper and more effective for companies than anything else. They still think you should try and prevent it, but they think it's probably the sensible thing financially.
MARIA VARMAZIS. Wow.
CAROLE THERIAULT. That, that's mind-blowing.
GRAHAM CLULEY. Well, some people do agree that it's mind-blowing. For instance, Kieran Martin is the former head of the UK's National Cybercrime Centre. He's now a professor at Oxford University, just down the road. He says that insurers are, quote, funding organized crime by accepting ransomware claims. He says the insurers are doing that.
MARIA VARMAZIS. Mm-hmm.
GRAHAM CLULEY. Of course, the insurers are paying out. Marcus Willett, who's now at the International Institute for Strategic Studies, but used to be a bigwig at GCHQ, the UK, uh, snooping outpost.
MARIA VARMAZIS. Okay.
GRAHAM CLULEY. He has argued in a recently published article that payments fund criminal organizations and only make ransomware attacks more likely.
MARIA VARMAZIS. Yes.
GRAHAM CLULEY. And he says that what is needed is new laws which establish disincentives to pay ransoms.
CAROLE THERIAULT. Oh, so legislation.
MARIA VARMAZIS. So interesting legislation to punish businesses Who pay? Oh, jeez.
GRAHAM CLULEY. I think what he's actually saying is that the insurers shouldn't be able to offer ransomware insurance because it's currently too convenient for companies to use their insurance to pay up.
CAROLE THERIAULT. Okay, here, let me give you an example here, right? Let's assume that ransomware is like Mary Jane, which I know is legal in many places, but it's not legal in the UK, right?
GRAHAM CLULEY. Jazz cigarettes, you mean?
MARIA VARMAZIS. Jazz cigarettes.
CAROLE THERIAULT. Yes, right, right. Okay, right. So if I pay money to buy a bunch of jazz cigarettes, an illegal substance.
MARIA VARMAZIS. Why would you do such a thing?
CAROLE THERIAULT. I am at risk of being arrested. I am breaking the law.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. So why is it not the same for if you get ransomware?
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. I'm not saying it's your fault that you get ransomware, but you get ransomware and you're, you're kind of fucked and you're going to go fund an illegal operation in order to justify business proceedings.
MARIA VARMAZIS. It makes me think of, you know, the, the old mafia movie stereotype, I'm sure based in some reality, of, uh, you know, the guy showing up at your business going, you know, we provide protection on this street and you got to pay up, otherwise, you know, we're just going to make life very difficult for you. And then I'm imagining the grocer turning around to their landlord going, I need— or their, their insurance company going, can I have money to pay the mafia protection please? Uh, I mean, did that ever happen? Maybe it did. Maybe some listeners like, actually, that was a totally thing that happened. I don't know.
GRAHAM CLULEY. So Marcus Willett is saying that new laws are needed to establish disincentives to pay ransoms. And I was wondering, can you think of any disincentives that could be put in place?
MARIA VARMAZIS. Yeah, like you get fined a fucktonne, more so than just what the ransomware is asking.
GRAHAM CLULEY. Maybe that'd just get added on to the insurance though, would it? You know, it could just be increased, couldn't it, to cover the fine as well. I don't know.
MARIA VARMAZIS. Yeah, I think some, some companies, if they've got deep enough pockets, will say, well, cost of doing business. Of course, the little guys will get screwed. Yeah.
GRAHAM CLULEY. So I've thought of some disincentives. I've tried to work out, you know, if the government were to follow the advice of these former bigwigs involved in the UK's cybersecurity, well, how could they do that? So companies are paying ransoms because they think it's quicker and cheaper than the alternative of not paying ransoms, right?
MARIA VARMAZIS. And in some cases it is. Yeah.
GRAHAM CLULEY. So maybe we need to make it more expensive to pay the ransom. Maybe the government should introduce a ransomware tax, just as it has on taxes on tobacco or vehicle fuel. So yes, you can pay your ransom, but you've also got to pay money to the government when you make that payment.
CAROLE THERIAULT. So what, you pay the mafia, you pay the mafia, and then pay the government?
MARIA VARMAZIS. Yeah, thank you very much.
GRAHAM CLULEY. This could get us out of lockdown. This could get us out of all Brexit mess. We could collect money from the ransomware business.
CAROLE THERIAULT. It's incredible to me. It's incredible to me that you are not a lead policymaker.
GRAHAM CLULEY. It is to me too.
MARIA VARMAZIS. Wow. Just, I'm in awe of that suggestion, Graham.
GRAHAM CLULEY. I thought all that money ends up in a big pot, right? Which could then be divvied out to the ransomware gangs themselves as protection money saying, hey, hey, leave the UK alone. And we'll keep this coming to you. Go and hit some other countries instead.
MARIA VARMAZIS. Oh yeah, the internet totally works that way.
CAROLE THERIAULT. Yeah, I've got a much better one. You get caught paying a ransom, you and everyone that works for you has to wear clown shoes for an entire month.
GRAHAM CLULEY. That is pretty good, right?
CAROLE THERIAULT. Because it'll be irritating and, you know.
GRAHAM CLULEY. Oh, what, what if you were forced to change your corporate logo to show that you'd caved in?
MARIA VARMAZIS. Yeah.
GRAHAM CLULEY. Imagine a fat face with a giant clucking chicken on the front of their store. I was going, "Bok, bok, bok, bok, bok, bok, we paid." That'd be pretty bad for the brand, wouldn't it? You just had to do that.
MARIA VARMAZIS. You have no sympathy for these guys. I feel really bad for these folks that have to pay the ransomware. In a lot of cases, they really feel like they have no choice.
GRAHAM CLULEY. Spoken like a real mum.
MARIA VARMAZIS. No, I just feel— A heart. I feel really bad for the smaller companies. The bigger ones, uh, a little less sympathy, but you know, shit can happen to anybody. But for all—
CAROLE THERIAULT. yeah, the mom-and-pop shops, mom-and-pop shops that get, get, get stung by this stuff and get hit hard and maybe have to close the business as a result suck. Like, it sucks, right?
GRAHAM CLULEY. Yeah, yeah.
MARIA VARMAZIS. Because every day that they're not doing business, they're hemorrhaging all that money. And you know, how, how long do they have before it becomes a 'we do one or the other, we're screwed either way'?
CAROLE THERIAULT. Yeah, but it's the equivalent of Ashley Madison got hit by ransomware.
MARIA VARMAZIS. Eh, I mean, okay, if I was working for them, maybe I wouldn't feel that way. Yeah, there but for the grace of God go we. I mean, this whole situation just sucks.
GRAHAM CLULEY. So in his article, Marcus, by the way, his article, you can't read it in a web browser. You have to download a PDF in order to read his article, which I have to say, when I thought I was being socially engineered into— I thought this is going to hit me. I don't know. But anyway, I'll put a link in the show notes and people can decide if they want to download it themselves or not. But he does make some good points about the need to take security more seriously, security awareness, better measures against phishing, you know, keep on top of patching and protection and all those sort of things. But what he hasn't done is explain how he's going to disincentivize or de-incentivize the paying of ransoms.
CAROLE THERIAULT. I don't know.
GRAHAM CLULEY. Because it feels to me that a whole lot of—
CAROLE THERIAULT. Oh yeah, it's super easy, Graham, as I think we've discovered during the length of your show.
GRAHAM CLULEY. Well, yeah, but I think we need to, you know, before you say, oh, this is what we should do, but not actually give any methods of doing it. At least I came up with a couple of methods, Crow, and you came up with clown shoes.
CAROLE THERIAULT. I think I said legislation. I think at minute 3, I said legislation, but anyway.
GRAHAM CLULEY. Yes, well done.
MARIA VARMAZIS. The idea of just punishing people that are stuck paying ransomware just feels just mean. Really, I mean, we're, God.
GRAHAM CLULEY. And how does it work multinationally anyway? Because everyone would have to agree, this is what we're going to do, so no one will ever pay. I think it's a good start.
CAROLE THERIAULT. Yeah, so, okay, what about if you had a standard, right? So if people meet a specific standard for their website or for their company in terms of security, which is, I guess, you know, if you're meeting certain, like, what are they called? What is it called?
GRAHAM CLULEY. You mean like cybersecurity essentials?
CAROLE THERIAULT. Yeah, compliance, compliance, right?
MARIA VARMAZIS. Yeah, that's going so well so far. No, but if you meet compliance, Right?
CAROLE THERIAULT. If you meet compliance, government stipulated compliance, and you're like, check, check, check, check, check, and we've got the signed seat of approval of this, then you get stuck by ransomware, maybe you're given a pass because that situation might have been—
MARIA VARMAZIS. Oh God.
GRAHAM CLULEY. The bar is so low to pass these things. Oh my God. Yeah.
CAROLE THERIAULT. They're not, you guys, I've read these things. They're pretty intense.
MARIA VARMAZIS. You don't think people fudge that stuff so much and just go by the absolute bare minimum to get the check box?
CAROLE THERIAULT. If they fudge, If they fudge, they do not get— but same as insurance, right? You fudge your insurance, you fudge your health insurance, good luck getting a payout.
GRAHAM CLULEY. The irony is now that we saw a company, we mentioned it a couple of weeks ago, CNA Hardy. So some of these cyber insurance companies are themselves getting hacked so that the hackers can identify who's got insurance.
MARIA VARMAZIS. Oh my God, of course they are.
GRAHAM CLULEY. Yeah, of course. They hack those customers and then they hack the insurance company and hit them with ransomware as well.
MARIA VARMAZIS. Yeah, the solution is to just disconnect your company entirely from the internet. Yes, really, that's the only way. Exactly. Yeah, just get off the internet completely. Go back to like the little paper things for credit cards.
CAROLE THERIAULT. And if anyone wants a CD-ROM of this episode, just let us know.
MARIA VARMAZIS. We only do paper copies now. This is actually transcribed.
CAROLE THERIAULT. We'll fax it to you.
GRAHAM CLULEY. Maria, over to you. What have you got for us?
MARIA VARMAZIS. Well, my story is actually kind of potentially ransomware related, but let me, let me take you to the first, to the glamorous world of car inspections. So, wow.
CAROLE THERIAULT. Words I never thought I'd hear together.
MARIA VARMAZIS. Yeah, it's a segue, right? So I'm going to just explain like you're 5 years old what a car inspection is, because I don't know how globally this is known. And I know we have listeners in all corners of the world.
GRAHAM CLULEY. Thank you so much, Maria. I really appreciate this.
MARIA VARMAZIS. Yeah. Yeah, like at least one corner, right? Um, so at least here in the States, we have to do maybe every two years, or at least here in Massachusetts every year, a car inspection to make sure your car is roadworthy, safe to drive, and not emitting terrible extra levels of pollution from the tailpipe. So here in the States, it varies from state to state, but generally you get a little sticker on your car's windshield with a month on it saying that's the month you have to get your car inspected, and the color changes every year. And the cops love to pull people over whose car inspection has lapsed, uh, and and, uh, you get slapped with like a moving violation and your insurance rates go up if you don't get your car inspected. So you gotta do it, and it costs a little bit of money, but it's, it's an important part of owning a vehicle. Um, except here in 8 states in the United States, including the one I'm in, Massachusetts, car inspections have not been happening since about March 30th.
CAROLE THERIAULT. Um, because of the 'rona, I'm guessing?
MARIA VARMAZIS. Not because of the 'rona, no. It's because of malware. Oh, so here in Mass, they're still not expected to resume until April 17th at the earliest. And so that's over 2 weeks of no car inspections happening. And so that's about 15,000 cars a day in this state alone that aren't getting inspected. And these inspections happen at generally tiny little mom-and-pop auto shops that really depend on the income that these inspections bring in because it's like a flat fee and they Auto shops get the bulk of it. So there's a company in Wisconsin called A+ and they run an emissions technology business and they are the vendor that these 8 states officially use and are contracted to, to do the emissions test. So they hook up a pipe to a computer to the car's tailpipe and A+'s technology basically goes, this car is clean or it's not clean. So your car cannot pass inspection without that test. So A+ got hit with some kind of malware, and they're not telling us what. But because this malware attack of undisclosed nature—
GRAHAM CLULEY. it was ransomware, wasn't it? Let's be honest, it was almost certainly ransomware.
MARIA VARMAZIS. Almost certainly ransomware. Because it's so gnarly that all of these inspections across all these states have shut down. And again, as of right now, two weeks later, they're still not happening.
CAROLE THERIAULT. That's like 8 states. That's not— that's not— that's like 20% of the states almost.
MARIA VARMAZIS. And these are also big states. This is like Massachusetts, New York, Texas.
GRAHAM CLULEY. Oh, these are states which people live in, as opposed to some of your American states.
MARIA VARMAZIS. Yeah, it's not, it's not just like Wyoming and North Dakota, it's like the states with lots of people.
CAROLE THERIAULT. I thought it was a state of mind for a second.
MARIA VARMAZIS. Oh my God. Okay, so the A+ basically said they got hit with some kind of malware attack and they found out about it on March 30th of this year. So right, right at that month changeover. So whoever hit them was, was clever about the timing. We know that the attackers may have been able to steal bank account and other sensitive financial data, not from the car owners but from the tiny mom-and-pop auto shops. So, oh yeah, so basically A+ as a vendor that helps with the emissions, uh, testing, they get a tiny cut of every single inspection done. And it sounds like they get paid directly by ACH through the auto shop's business checking accounts. So it sounds like the breach was able to potentially pull the actual banking checking account information from every single one of these mom-and-pop shops.
GRAHAM CLULEY. Oh, that's terrible.
MARIA VARMAZIS. Yeah.
GRAHAM CLULEY. You know, I do know someone who runs a little garage in America, 'cause I used to watch the Dukes of Hazzard and Cooter, who—
CAROLE THERIAULT. Okay, that wonderfully sensitive show.
GRAHAM CLULEY. Yeah. Wow. Cooter used to—
CAROLE THERIAULT. He was the very appropriate Daisy Duke and Roscoe Sweeting.
MARIA VARMAZIS. Yeah, I know him. He lives down the street. I know. We all know everybody.
CAROLE THERIAULT. Did you always dream of being the big boss, Graham? Is that what you're trying to tell us? Boss hog. Ransomware.
GRAHAM CLULEY. I was more like Roscoe 'Bee' Coltrane. That's who I want to be.
CAROLE THERIAULT. Really?
GRAHAM CLULEY. Yeah, yeah, he was cool. He was cool.
MARIA VARMAZIS. Um, so what was the point you were trying to get to about—
GRAHAM CLULEY. No, well, I was just saying, because you've— this whole image of tiny mom-and-pop little auto, you know, it's not like big businesses necessarily who are going to be hugely impacted through no fault of their own cybersecurity.
CAROLE THERIAULT. Correct.
MARIA VARMAZIS. Yeah.
GRAHAM CLULEY. Or of Cooter.
MARIA VARMAZIS. Don't get me wrong, there are definitely bigger auto places or like, you know, car dealers that are also affected, but I mean, I live near a lot of places that are just like, they're tiny and the inspections really are the vast majority of their business. So not being able to do these for more than two weeks now is, is in the pandemic still, is killing them. So I'm sure as you could imagine, the, the fix is on and it's rather urgent. So what does it look like to fix a security problem with a car emissions tester was the question that I had.
CAROLE THERIAULT. Oh, oh, I can answer that.
MARIA VARMAZIS. Okay.
CAROLE THERIAULT. Yeah.
MARIA VARMAZIS. Do you, a quick rollout over, you know, the cloud?
CAROLE THERIAULT. What do you think it looks like? No idea. I'm kidding.
MARIA VARMAZIS. Oh my God. I was really, really excited about for you to tell me what it looked like. So apparently it requires shipping USB sticks with the software to nearly 2,000 auto shops in this state alone. What? And then walking each and every one of the auto shops over the phone through the reimaging and rebooting process for these industrial machines.
CAROLE THERIAULT. Oh my God. This is like the IoT nightmare. Nightmare. This is it, people.
GRAHAM CLULEY. And they won't necessarily be that tech savvy, will they? Because it's just like they've always used the computer in one particular way. So they're booting up Windows—
CAROLE THERIAULT. Windows 95, if they have a computer.
MARIA VARMAZIS. Yeah, I mean, there's a place that I take my car to that's right down the block from me. It's like this old Armenian family. They speak a little English, and I love them. And there is not a single computer in their entire building except for this tailpipe thing. I mean, it's— this place is like going back in time 50 years. I love it. And I'm just trying to imagine them walking through this process.
CAROLE THERIAULT. You better go over there and help them.
MARIA VARMAZIS. I don't speak Armenian.
GRAHAM CLULEY. Well, Maria, if you really liked them, you'd learn how to speak Armenian.
CAROLE THERIAULT. That's true.
MARIA VARMAZIS. That was my dad's argument for learning Greek. It sounds very familiar.
GRAHAM CLULEY. Kroll, tell us what have you got for us this week?
CAROLE THERIAULT. So we're hitting the boozer, kids. Has your alcohol consumption gone up at all during this pandemic?
GRAHAM CLULEY. I have started to drink tea.
CAROLE THERIAULT. Yeah, I'm suspecting actually from this little group of three, it's going to just be me, huh?
MARIA VARMAZIS. Yeah, yeah, I was gonna say, I actually kind of stopped drinking alcohol entirely.
CAROLE THERIAULT. Interesting.
MARIA VARMAZIS. Yeah, yeah.
CAROLE THERIAULT. Okay, so, but I know, I know in this little crew I'm alone, right? I get it. But in the broader crew of the world, I am not. I know that. That's true.
MARIA VARMAZIS. That's true.
GRAHAM CLULEY. That's what you keep telling yourself. Yeah. You're not alone getting sloshed.
CAROLE THERIAULT. Well, okay, so I thought I'd go check this out, right? Because I heard a number of people telling me just colloquially, oh yeah, I'm drinking way more, something like this, or worrying about their drinking. So first off, I went to Statista and they said the impact of COVID-19 on alcohol consumption in the UK 2020, right? So they said almost half of the consumers surveyed in the UK said their alcohol consumption habits were not affected.
GRAHAM CLULEY. Yeah, 'cause the ones who were pissed couldn't fill out the form. They couldn't fill out the survey. Right? Ridiculous survey.
CAROLE THERIAULT. Almost 20% up their drinking, okay, according to— and while 30% are drinking less or stopped completely. Okay. You have to understand this is research based on what people say they do, not necessarily what they actually do.
GRAHAM CLULEY. That's true.
CAROLE THERIAULT. So I thought, why not go check out the sales, right? So Nielsen is a big researcher in the domain de booze. And they reported a 54% increase in UK sales of alcohol for the week ending March 21, 2020, compared to a year before, it was an online sales increase of 262%.
GRAHAM CLULEY. Okay, can I be nerdy for a second?
CAROLE THERIAULT. Yep.
GRAHAM CLULEY. I have heard some people, in fact, I know of at least one person who has been buying alcohol in order to sanitize their post when it arrives, and they've been spraying their parcels With, like, Pinot Grigio? Because— because they've been worried.
CAROLE THERIAULT. So interesting you've just said that.
GRAHAM CLULEY. Really?
MARIA VARMAZIS. Yes.
CAROLE THERIAULT. Yeah, tell me, go on.
GRAHAM CLULEY. They believed that it would help protect them from COVID-19, and they also—
MARIA VARMAZIS. Oh, yeah.
GRAHAM CLULEY. I think they got some special lights. Was it infrared or something?
MARIA VARMAZIS. UV lights.
GRAHAM CLULEY. UV lights, absolutely right. It was UV lights. Although a lot which you buy online claim to be effective but actually don't emit the right level of UV.
MARIA VARMAZIS. Right. They're just sort of— they're just sort of black lights. Yeah. Yep, yep, yep.
CAROLE THERIAULT. Okay. So interesting, because when I saw the 262 rise on the first week of March, I was like, oh my God, people are panic buying, right? They're worried booze would run out. They didn't know how they'd cope. So they bought like 15 cases instead of their normal whatever, whatever. But apparently there was a rumor that started saying alcohol would protect against COVID, right?
MARIA VARMAZIS. Yeah, I remember that.
CAROLE THERIAULT. So, yes. So in fact, in April last year, the WHO, the World Health Organization, warned that alcohol use during the pandemic may potentially exacerbate health concerns and risk-taking behaviors. So a quote from the release says, fear and misinformation have generated a dangerous myth that consuming high-strength alcohol can kill the COVID-19 virus.
GRAHAM CLULEY. Oh, these were people who were actually trying to pickle themselves, pickle their bloodstream.
MARIA VARMAZIS. Yes, to prevent the infection.
GRAHAM CLULEY. Oh, not another pickle.
CAROLE THERIAULT. You see, it's such a good name.
MARIA VARMAZIS. We need a bell every time we say it. We do.
CAROLE THERIAULT. Yeah. Anyway, so, so, okay, so why am I talking about Lush on a technology podcast? Because with the booze at home market glowing with a new renewed financial resiliency, thanks to the pandemic, the drinking realm has seemed to have piqued the interest of scammers. So according to Recorded Future and Area 1 Security, they did some research they saw a rise in Zoom-related booze-based communions, if you will.
MARIA VARMAZIS. Right.
CAROLE THERIAULT. Like so wine—
MARIA VARMAZIS. sorry, wine, wine and communion. Yeah. Yes.
CAROLE THERIAULT. Zoom-related booze-based communions on Sundays specifically, or religious community. Well, no, like you commune with people, you know, like you get together, right?
MARIA VARMAZIS. Like, OK, OK. Yeah.
CAROLE THERIAULT. OK. So wine tastings, dates, catch up with old friends. Right. People, you know, go to grab the old bottle of, of whatever. Chablis or Chardonnay and have a little laugh.
MARIA VARMAZIS. The body and blood in Christ.
CAROLE THERIAULT. Yeah, okay, exactly. Okay, no, I get it. My God, I'm so slow. You did? Yes! Oh my God, I was so focused on my story, I missed the joke. I'm sorry. Oh my God.
MARIA VARMAZIS. Okay, wow.
CAROLE THERIAULT. So Recorded Future noted a super significant increase in the number of new wine-themed domains being registered at the start of April 2020. And it's continued through at least to March 2021, just, just passed.
MARIA VARMAZIS. Mm-hmm.
CAROLE THERIAULT. So they looked for these types of words like domain registrations containing one or more of the following, right? So wine, vino, champagne, Bordeaux, Burgundy, Merlot, Cabernet Sauvignon, and Pinot. And like, I'm reading this list, I'm like, they forgot a few. Like, what about plonk, gut rot, juice? You know? But then the next paragraph they said, oh no, no, we intentionally left out certain terms to avoid false positives. So I suppose juice and gut rot would be difficult to parse.
MARIA VARMAZIS. Yeah.
GRAHAM CLULEY. Burgundy could be Ron Burgundy as well. There's a few of those which, yeah.
CAROLE THERIAULT. That's right. Okay, so what do these guys see? So back in March 2020, right, the wine-themed domain registrations, these are people that are registering domains to kind of basically pretend or, you know, just, or legitimately to sell wine or to be in that industry market. So they'd see like 3,000 to 4,000 new wine-themed domains being registered every month. Okay. Yeah, that's what I thought. Now in March 2020, it climbed up to 5,500. Okay, that's quite a big climb. Then in April went up to 7,200. In May, 12,400. So it kind of screamed up. So that's 3 times what it was at the beginning of March.
GRAHAM CLULEY. And the reason why they're grabbing these— what is it, because people are buying wine online and they're hoping that—
CAROLE THERIAULT. Yeah, people aren't going to boozers anymore. They're not going to pubs to have a drink, right? So there's a decline in alcohol being sold in that market because pubs aren't buying, right?
MARIA VARMAZIS. Online shopping.
CAROLE THERIAULT. Yeah, exactly. People are buying at home. And so they're getting targeted with maybe malware, phishing. So what they found from their tests is at its peak, 7% of the total wine domains that were being tracked were malicious. So that's almost 1 in 10.
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. Right? Are we thinking, oh, who cares? I think that's pretty big because as a wine drinker, I would worry.
GRAHAM CLULEY. And I would think if you're a little bit sozzled, then you may be less careful about the website which you end up on. Right?
CAROLE THERIAULT. I don't know if people tend to buy booze when they're, when they're a little tipsy. Is that what happens?
GRAHAM CLULEY. Some people are permanently tipsy, Carole, aren't they?
MARIA VARMAZIS. I, I, I, I'm sort of chewing on this one a little bit because the, the times that I did buy some alcohol over the course of the last year, uh, it was from my local liquor store that I know well that does deliver. I mean, I was never going I mean, I'm just thinking through me, I wasn't going through like a brewery.
CAROLE THERIAULT. But what if you got an email from said place saying, hey, we've got a special deal, and then you click on the link and you end up on a phishing site that looks exactly the same as your local site? So a lot of people were buying things online, certainly in the UK, online purchasing was huge. I don't know if you guys can buy alcohol online in the States.
MARIA VARMAZIS. It varies from state to state. Yeah, it really varies.
CAROLE THERIAULT. I reached out to the senior security analyst behind this research, Allan Liska. I did that this morning and I was kind of saying, look, because the research is really good and the piece is really well written, so I recommend you guys go read it. But I had a little chat with him and I asked him what surprised him in it. And he said it was the staying power of these new domains, because often in these kind of situations, domains kind of come and go really quickly if they're spoofing. And these ones are just kind of sticking around. So that's kind of interesting. And, you know, maybe few people are looking at it as a potential phishing vector. It's the first time I've ever heard of it.
MARIA VARMAZIS. So yeah, that maybe that's why I'm sort of like stumped by this one because I'm just like, it's just not, it's not what I would expect, but maybe that's what makes it work so well.
CAROLE THERIAULT. Yeah. Because he said, what's the growth about? Is that because they're really making a ton of cash or is that because they're just following suit? And he said he couldn't say for sure, but he said that malicious actors are not always that smart. So sometimes one gets a good idea and then all the others follow suit.
MARIA VARMAZIS. I mean, registering domain names in bulk is not exactly expensive.
GRAHAM CLULEY. Had they seen similar behavior in regards to toilet paper?
CAROLE THERIAULT. Oh, I didn't ask him that one.
MARIA VARMAZIS. Yeah, that would be— yeah, that I'd— yeah, I'd be very curious to hear that.
CAROLE THERIAULT. The takeaway here is I know that there are going to be a few of you out there that are drinkers, unlike my two fellow wonderful mates here.
MARIA VARMAZIS. I drink, I just didn't I didn't up my consumption. Yeah, just to be clear, there's no judgment.
CAROLE THERIAULT. I, I'm jealous.
GRAHAM CLULEY. I do drink, I just don't swallow any of it.
MARIA VARMAZIS. Yeah, there you go.
CAROLE THERIAULT. Oh nice, you just spit it across the room. Nice, like a connoisseur. But to my fellow Lushers out there, don't be duped by an unexpected communiqué offering you a great deal on wine or vino, right? Because, uh, do like Maria, go to your local shop, right? Be embarrassed.
MARIA VARMAZIS. I'm here again.
CAROLE THERIAULT. Hi, it's me, Frank. If you want to learn more, there's a load of links in the show notes for you, including the research done by Record of Future and Area 1 Security. Oh yeah, you know what? Alanis said something else super important. He said he loved the show. Oh, he also said that I was definitely his number one favorite.
GRAHAM CLULEY. Oh, well, obviously you asked him, didn't you? Oh, okay.
CAROLE THERIAULT. I'm lying about one of these things. I'm lying about one of them.
MARIA VARMAZIS. He hates the show, but he loves curl. Gotcha.
CAROLE THERIAULT. Maybe.
GRAHAM CLULEY. Using a password manager like 1Password can help increase productivity and save you money. How does it do that? Well, a password generator tool creates strong, unique passwords that are saved and filled in automatically. Features like Watchtower alert you to any issues with your employees' accounts, giving you oversight and more security control. And you can get notified immediately when a breach occurs with domain breach reports. Find out more. Check out 1Password for yourself at 1Password.com. And thanks to 1Password for supporting the show.
CAROLE THERIAULT. Protect your workforce with simple, powerful access security from Duo, powered by Cisco. The rapid expansion of remote working has presented challenges for all of us. At Duo Security, it's their mission to make application access more secure for organizations of of all sizes. Its modern access security is designed to safeguard all users, devices, and applications so you can stay focused on what you do best. So, wanna proactively reduce the risk of a data breach, verify users' identities, gain visibility into every device, and enforce policies to secure access to every single application? Thought you would. Why not give your organization the peace of mind that only complete device visibility can bring? Visit Duo.com to sign up for a 30-day trial. That's Duo.com. I mean, how easy is that to remember?
GRAHAM CLULEY. And welcome back. And you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week.
MARIA VARMAZIS. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security-related necessarily.
CAROLE THERIAULT. I hope it's not.
GRAHAM CLULEY. Well, my pick of the week this week is not security-related. As many of you will know from recent picks of the week over the last year, I have chosen many computer games trying to keep my son entertained and me as well.
MARIA VARMAZIS. Mm-hmm.
GRAHAM CLULEY. A lot of computer games which we play and video games I'm rather rubbish at. So I quite like to sort of locate myself on the sofa and oversee and occasionally chip in with advice. And that doesn't work with the likes of Fortnite and games like that, but it does work remarkably well with the old point-and-click adventure games.
MARIA VARMAZIS. Oh, those are great. Yeah.
GRAHAM CLULEY. I love adventure games.
MARIA VARMAZIS. Yep.
GRAHAM CLULEY. And I think it's good for the kids as well. They get to read and, you know, they get to use their brain a bit and think about what's going on with characters and listen and pay attention.
MARIA VARMAZIS. Some of them are stupendously hard too.
GRAHAM CLULEY. Some of them are very tricky. Some of them are a bit buggy.
MARIA VARMAZIS. And/or annoying. Yeah. Yeah.
GRAHAM CLULEY. So you have to go onto the internet and think, "Argh, I know what to do, it just doesn't—" Doesn't work.
MARIA VARMAZIS. Yeah. Yes. Same. Yep.
GRAHAM CLULEY. I have been playing a game called The Raven Remastered, which first came out a few years ago. It's London. It's 1964. And an ancient ruby has been stolen from the British Museum. All that's left at the crime scene is a raven feather. Could the Raven have come back from the grave? He was killed years before. Has he returned, or is someone else posing as the legendary master thief? Hmm. And on your investigation, you will find yourself— I'm gripped. You will find yourself on the Orient Express going through the Swiss Alps. You'll find yourself in Venice, and you'll find yourself on a cruise ship going to Cairo. Wow. What are the graphics like?
CAROLE THERIAULT. Is it like—
GRAHAM CLULEY. The graphics are great. Yeah.
CAROLE THERIAULT. Oh, are they?
GRAHAM CLULEY. Yeah, it's not—
CAROLE THERIAULT. Like, compare it to Zelda.
MARIA VARMAZIS. Which one? Yeah, good.
GRAHAM CLULEY. Thank you. Thank you. That's— Shut her up.
CAROLE THERIAULT. I don't know. I don't know. I don't know, game nerd.
MARIA VARMAZIS. Anyway.
GRAHAM CLULEY. The graphics are great. The voice acting is terrific as well. But what I really liked are the twists and turns in the plot, because at one point I thought, "Oh, we've nearly finished this game." Oh no, we had not. And then—
CAROLE THERIAULT. You were happy about that, or were you like, "Oh God, that's not what I was—" I was very happy.
GRAHAM CLULEY. I was very happy that it was so inspired by sort of Agatha Christie. In fact, there was a character in the game— the main lead character is clearly a ripoff of Poirot.
MARIA VARMAZIS. I was wondering if that was just my imagination with the upturned moustache thing. Yes. Yeah, okay.
GRAHAM CLULEY. And there's also character who writes murder mysteries, an elderly lady who's observing everybody, who's clearly based on Christie as well. Super subtle. Yes. But it's inspired by Death on the Nile and Orient Express, and it's really good fun. It is available on the PlayStation, Xbox, PC, Mac, and we have been playing it on the Nintendo Switch. And The Raven Remastered gets the thumbs up from me, which is why it's my pick of the week.
CAROLE THERIAULT. What's your son think? He's loving it.
GRAHAM CLULEY. He's really enjoying it. Okay. I trust him more than I trust you. We haven't quite finished it yet, but we're probably about— I think we're over two-thirds of the way through. But yeah, it's some real good twists in the tail. It's clever. It's a clever game.
CAROLE THERIAULT. Well, for you. Yeah, it's all relative, Graham. Oh, for goodness' sake.
GRAHAM CLULEY. Maria, what's your pick of the week? That's rude.
MARIA VARMAZIS. Okay, so my pick of the week is a show that is not new, but it is still ongoing. And I searched Smashing Security archives because I could not believe nobody's recommended this before. So may I be the first person to announce for pick of the week Westworld? Have you heard of it?
GRAHAM CLULEY. The TV show, not the movie with Yul Brynner?
MARIA VARMAZIS. The TV— the TV show. The TV show. Yeah, I know, I know that's based on a book and there's been other things. Yep.
GRAHAM CLULEY. I heard it's a bit sexy. I've never seen it. Is it sexy? 'Cause that could get me to—
CAROLE THERIAULT. Is it like Firefly?
MARIA VARMAZIS. No. Oh God, no.
GRAHAM CLULEY. Okay. It's like cowboys and robots, isn't it?
MARIA VARMAZIS. Caveat that I've only seen season 1, and I know that it changes a lot in the subsequent seasons. But the Wild West part is just a part of it. The larger, broader story is way bigger than that, and it's not in the Wild West. It is very much about the nature of what it means to be a conscious living being, and it involves robots. And it is super, super fascinating. A lot of moral quandaries, the nature of creation, um, what does it mean to be human, what does it mean when our human creations like robots start to become self-aware, what kind of rights does that confer. I love this stuff. Um, in terms of is it sexy, I mean, yeah, uh, the robots themselves when they are not, um, spoiler alert, at the Wild West themed theme park that they're employed in, um, not employed, enslaved in really, uh, um, when they're not there, they're, they walk around totally naked. So you will see, uh, just like, oh, penises. Goodness gracious. Yeah, that— it is what separates them from their human keepers, is that the human keepers are always like fully clothed, and you'll just see the robots just sitting around naked and talking about stuff that happened to them.
CAROLE THERIAULT. Yeah, I was wondering if they bypassed the Garden of Eden. Is that like the— is that the story thread? So they're—
MARIA VARMAZIS. well, they're unshamed. My argument would be that the entire first season is about them trying to escape the Garden of Eden. This theme park that they're in is basically the walled garden. Yeah. And, uh, there's like an Adam and Eve robot pair, and, uh, it's, it's the religious overtones with like reincarnation and the nature of suffering and Adam and Eve and Genesis and all stuff is very overt. So I'm not like being super deep about this. I think most people with a passing knowledge of major religions of the world would understand that, um, the metaphors. Um, it's not hard to understand. I think the storyline is super fascinating. Uh, I, I would, I would heartily recommend it for people who like cerebral shows.
GRAHAM CLULEY. Yeah, but also looking at naked people.
MARIA VARMAZIS. And also naked people. And also naked people in various states of, uh, from the extremely sexy Hollywood actor body type to regular folk. Like, they're all in there.
CAROLE THERIAULT. So wasn't there a show, Naked Attraction, on Channel 4 or something, where basically this person would be standing in some kind of weird pill-like vessel and this, this screen would come up from their feet and you'd judge them based on their knees down, and then it would go up to their bits down and you judge them. Yeah. And then it would go up to halfway up their chest and then the whole thing, and you decide if you would package you wanted of the 5 naked boys you were looking at, or girls. That sounds like hell on Earth. Yep.
GRAHAM CLULEY. My God, it is hell on Earth.
CAROLE THERIAULT. Yeah, probably watched it 20 times each episode. I'm just— I just find it— no, it's like car crash TV to me. It's just, it's almost like watching The Office. It's just terrific.
GRAHAM CLULEY. They decide who to date based on their dong or doodle or whatever.
MARIA VARMAZIS. Yes. Yeah, yeah. I haven't watched this.
CAROLE THERIAULT. This sounds right up my street, but because it's on Sky and I don't have Sky, so I don't get to see any of the HBO programs.
MARIA VARMAZIS. Yeah, I, I was trying to figure out how to watch this outside of the US, and I— the only thing I could find was like you got to use a VPN. So, uh, that, that is a bummer. Um, it is. Yeah, it's a, it's a— I, I tried watching it when it first started, and for some reason I couldn't get into it. I don't know if like thanks to the pandemic I have more capacity to concentrate on a TV show now, but I— and now on this second attempt of watching it, I've been Oh, it's—
GRAHAM CLULEY. it is on Amazon Prime. You may have to pay, you may have to pay, yeah, like £20 for the season or something, but it is on Amazon Prime.
MARIA VARMAZIS. Yeah, okay, give it a shot, give it a shot.
CAROLE THERIAULT. Okay, thanks, I like it.
MARIA VARMAZIS. Yeah, yeah, good pick of the week.
CAROLE THERIAULT. What's your problem?
MARIA VARMAZIS. Well, I just, you know, cold naked people.
CAROLE THERIAULT. Oh right, oh yeah, we're back to the boobs. I forgot. Exactly.
GRAHAM CLULEY. Well, and besides Carole, what's your pick of the week?
CAROLE THERIAULT. What is your weather like if you guys look out a window at the moment? Is it nice, gorgeous, sunny day, or overcast? It is gorgeous. Okay, so Maria, close your eyes. Graham, look out the window. It's a beautiful sunny day. Okay. Birds are tweeting, bees are humming, and you're thinking it's time for a barbecue. And you are excited, but you're a little nervous because, you know, cooking, you know, you're you know, sausages and burgers on the barbecue, you want to make darn sure that they're cooked correctly, right?
GRAHAM CLULEY. If I was a Westworld robot, I definitely would not want to cook on the barbecue in case I, yes, might broil my sausage too much.
CAROLE THERIAULT. You know, I really get tired sometimes of—
GRAHAM CLULEY. It's Maria who brought all this smut to the episode.
CAROLE THERIAULT. I know, she did not. She did not. She just said nude people. That was you that went running with it. I'm sorry. That's very okay, Graham. I expect nothing less. Okay, so see, I've lost my train of thought now. For your fucking pathetic joke.
MARIA VARMAZIS. And that's it for Pick of the Week.
CAROLE THERIAULT. Yeah, that's it. Well done, Drew. So a lot of people, when they're excited about a barbecue, they're nervous about being the actual cook of the barbecue, right? Because you have to cook these sausages and burgers and stuff, and you wanna make sure they're cooked correctly. You don't want little burnt bits. Pucks. You don't want raw things, and you don't want to give people bouts of tummy trouble. Correct. Yeah. Like, I actually know people that cook everything beforehand, like in an oven, and then bring it and just kind of grill it for 5 seconds on a barbecue and just go, hey, I put some barbecue sauce. Yes, because they're so worried about having like a flamed, you know, food. Oh gosh, no. Well, I have a gadget. I've had this gadget for 5 years, but it is like indispensable to me, and I'm going to share it with you. It's called a ThermoPen. I have that! Right? How great is it?
MARIA VARMAZIS. How great is it? It's amazing. Highly recommend as well. Yep. Yep. Totally. Okay.
CAROLE THERIAULT. So I use all of— Hang on, for those of us who aren't you or Maria, what's a Thermometer? So it's like a needle that you stick into whatever you're cooking and you get a battery-operated, non-smart, okay, no IoT to be seen, insta-reading of the internal temperature of whatever you're cooking in either Celsius or Fahrenheit. So, you know, if you've hit the old 160°F, you're all right for your, you know, to take it off the Barbie or whatever. You can use it for anything. And it's great. I use it for baking all the time. Right. Side bread should be 200.
GRAHAM CLULEY. And you just make sure. Could it also be used as a personal thermometer?
CAROLE THERIAULT. If you wanted to stick that up your ass? Yeah, it's very pointy. It's pointy, Graham.
MARIA VARMAZIS. And you might puncture something. It is pointy and a very long needle. It's going to go too far. You're going to go too far. I don't know what you're into.
CAROLE THERIAULT. I don't even want to judge, but it wouldn't be my— There are better things than this. I think we can both recommend not doing that. And they are pretty, but they are pretty rugged, Graham, so you could have a crack at it. Okay. Because I drop mine all the time. Crack? Although I did, I would recommend, Maria, you can, I don't know what you did, but I bought a silicone sleeve for mine for a couple quid.
MARIA VARMAZIS. I have not done that. Washable.
CAROLE THERIAULT. The classic super fast thermo pen. Okay. Runs about $80 or about 50 quid. £60 maybe in the UK. Okay. Yeah, I have it in my kitchen drawer. I use it probably daily, more than once, and I think it's an amazing thing. Links in the show notes at thermoworks.com. You can learn all the other stuff at the online shop, but I am a big fan of the Thermapen. It's way better than Thom Langford's, you know, keep my tea hot gizmo.
MARIA VARMAZIS. Can I have— can I make a supplemental recommendation? Yes, because I, I also love their stuff. They make this, this thing called the Smoke which for people who, uh, are smoker— sorry, this is smokers— like they barbecue smoke, like American-style barbecue, slow and slow barbecue. Um, it, it allows— it has these probes that hook up to this, um, relay station. So basically if you're doing US-style barbecue, real low and slow, you can be smoking something for like 12+ hours. Uh, I, I have this for when I smoke pork or, or stuff like that, and it really, um, It's awesome if you can get accurate temperatures. And it tells me I don't have to like go outside and keep checking it all the damn time. It's great.
CAROLE THERIAULT. So that all of that is incredible because it is my 10-year anniversary, wedding anniversary is coming up and I am going to buy him that. Yes, you should. He doesn't listen to the show, so he will not know. Don't tell him if you know him.
MARIA VARMAZIS. I bought a cheaper, like, knockoff version of it and it lasted like maybe 1 or 2 smokes and then it just crapped out. This thing, I've had it, the Thermoworks smoke, for years and it's awesome. Awesome, awesome. Yep.
CAROLE THERIAULT. There you go. A twofer from me and Maria. Just like, because we're such a good team. So my pick of the week is the ThermoPen. Brilliant.
GRAHAM CLULEY. Well, on that culinary catch-up corner, we've just about wrapped up the show for this week. Maria, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
MARIA VARMAZIS. Honestly, listen to me on Sticky Pickles. StickyPickles.com. Like and subscribe. Unbelievable.
GRAHAM CLULEY. And you can follow us on Twitter at Smashing Security, no G. Twitter must have a G. And we're also up on Reddit as well. And don't forget, if you want to never miss another episode, follow Smashing Security in your favorite podcast app, such as Google Podcasts, Spotify, and Apple Podcasts.
CAROLE THERIAULT. And huge thank you to this episode's sponsors, Duo Security and 1Password, and to our wonderful Patreon community. It's thanks to them all that the show is free. For episode show notes, sponsorship information, guest list, and the entire back catalog of more than 222 episodes, check out smashingsecurity.com. Until then.
GRAHAM CLULEY. Cheerio, bye-bye. Why are you talking so weird?
CAROLE THERIAULT. I don't know, it's like, it's like David Caruso has just walked into the room.
MARIA VARMAZIS. I thought my, my My connection was bugging again or something. Everybody's pausing, giving their best William Shatner impressions. Bye.
CAROLE THERIAULT. Do you know, I just read, I think William Shatner is 90? Yes, he is.
GRAHAM CLULEY. Picture yourself on a boat, on a river.
CAROLE THERIAULT. He could still crank those tunes out though. See, he's a smart guy. He's a smart guy. He went for the long play. Smart. We should get him on the show. Rocket, rocket, good fucking luck.
MARIA VARMAZIS. Yeah, okay. If that happens, I want to be the fourth supplemental guest.
GRAHAM CLULEY. We've got Crichton from Red Dwarf. I know you did!
MARIA VARMAZIS. That's so amazing.
GRAHAM CLULEY. Is that such a big jump to get TJ Hooker on?
CAROLE THERIAULT. Exactly, Graham, with your clout and personality and charm.
MARIA VARMAZIS. You are verified on Twitter, after all. Oh, yeah. You have that in common with the chat.
CAROLE THERIAULT. Yeah. Monsieur Chat to you. Oh, well. He's Canadian.
MARIA VARMAZIS. This is true.
-- TRANSCRIPT ENDS --