What's the problem with IoT-enabled pet feeders? Can hacking ever be illustrated without a hoodie? And just how are landlords using smart home technology to snoop upon their residents?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by technology journalist and broadcaster David McClelland.
Visit https://www.smashingsecurity.com/152 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: David McClelland.
Sponsored By:
- Immersive Labs: Immersive Labs provides the world's first fully interactive, on-demand, and gamified cyber skills platform.
- Try it for free at immersivelabs.com/lite/ and drive down your organisation’s cyber risk while reducing training costs.
- Code42: Code42 provides data loss protection for when employees quit. 60% of employees who quit their jobs admit to taking data. Your organization's data is more portable than ever and you have employees leaving everyday. Most organizations rely on prevention but there are simply too many ways for data to leave.
- To learn more about how to protect your company’s data from insider threats visit http://www.code42.com/smashing
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Security researcher gets access to all Xiaomi pet feeders around the world — ZDNet.
- Xiaomi crowdfunds the Furrytail Pet Smart Feeder with app control for 199 yuan ($28) — Gizmochina.
- How to say Xiaomi — BBC News.
- Xiaomi Furrytail Boss Cat Bed — YouTube.
- Remember that competition for non-hoodie hacker pics? Here's their best entries — The Register.
- Cybersecurity visuals challenge finalist catalog (PDF)
- SmartRent - Smart Apartment Solutions.
- Smart home tech can help evict renters, surveillance company tells landlords — CNet.
- SmartRent funding heralds new wave in 'smart home' market — Reuters.
- SmartRent's Privacy Policy.
- Sci-fi interfaces.
- Did Stanley Kubrick invent the iPad? — BFI.
- Factfulness: Ten Reasons We're Wrong About The World - And Why Things Are Better Than You Think by Hans Rosling — Amazon.
- The Joy of Stats, Hans Rosling's 200 countries, 200 years, 4 minutes — BBC Four.
- Joe Rogan Experience #1368 - Edward Snowden — YouTube.
- Joe Rogan Edward Snowden Podcast Interview Transcript: Rogan Spends Almost 3 Hours Interviewing Snowden.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
CAROLE THERIAULT. Now, a lot of people, it turns out, think this sounds pretty darn good.
GRAHAM CLULEY. Really?
CAROLE THERIAULT. For example, you might be thinking, oh, I can set the mood when I finally bring a date home, right? Dim the lights, heat the waterbed, ask Alexa to play some R&B all before we walk in.
GRAHAM CLULEY. Do people heat waterbeds, Carole Theriault?
CAROLE THERIAULT. Do they even exist anymore?
UNKNOWN. Smashing Security, Episode 152: Cats, Hoodies, and Rent with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 152. My name is Graham Cluley.
DAVID MCCLELLAND. Boo!
CAROLE THERIAULT. I'm Carole Theriault.
GRAHAM CLULEY. What was the boo for?
CAROLE THERIAULT. Halloween. It's today.
GRAHAM CLULEY. Oh yes.
CAROLE THERIAULT. Well, not today we're recording, but day it goes out. You see, smart thinking ahead. Strategic.
GRAHAM CLULEY. Oh, very good thinking, Crow. And we are joined by the not terribly ghoulish but wonderful technology journalist and broadcaster, David McClelland.
DAVID MCCLELLAND. My goodness gracious.
CAROLE THERIAULT. That's about as scary as it gets, guys.
DAVID MCCLELLAND. Don't worry. I just thought I would give you a ghoulish laugh to kick things off. And that is about as scary as I'm going to get.
GRAHAM CLULEY. You can tell he does pantomime.
DAVID MCCLELLAND. Oh no, I don't.
GRAHAM CLULEY. Yes, you do.
CAROLE THERIAULT. Oh God. It's not Christmas yet.
GRAHAM CLULEY. Crow, what's coming up on the show this week?
CAROLE THERIAULT. First, Thanks to this week's sponsors, Code42, LastPass, and Immersive Labs. Their support helps us give you the show for free. Now on today's Halloween non-special, Graham shows how tech is affecting our pets. David is taking us to a hackers with hoodies competition. And I'm seeing how some oh-so-modern landlords might be getting an extra edge if they ever wanted to evict their tenants. All this and loads more coming up on this very unspooky episode of Smashing Security.
GRAHAM CLULEY. Now, chums, chums, it's been 152 episodes and I feel like we're all friends. I think the audience knows me. I think you know me. I think there's things I can reveal about myself. And I don't think I've ever mentioned on the podcast before my little furry friend.
CAROLE THERIAULT. What, that thing in your office? That whatever it's called? The hairless thing?
GRAHAM CLULEY. Yeah, he'll often be there. What? He'll often be there between my feet while I'm recording the show. Oh dear. When I'm feeling low, he helps me get up.
CAROLE THERIAULT. It is a scary episode, guys. I'm sorry.
GRAHAM CLULEY. You know, you give him a stroke and up he pops, always eager to please, wagging away, putting a smile on your face. I mean, I look at him askance and I worry, you know, oh, you all right? You look a bit plumper than usual. Have you chubbed up or have you lost some of your girth?
CAROLE THERIAULT. Are you talking about Archie?
GRAHAM CLULEY. Yes, Archibald, the dog. And my concern is that he might have eaten too much or maybe too little. David, do you have a pet?
DAVID MCCLELLAND. Yes, I do. She is not in here right now, my little pussycat. She's currently in the kitchen asleep.
GRAHAM CLULEY. Oh, how lovely. Well, it's a real issue for some of us, isn't it, when we go away for business. If the pet gets left alone, what are you going to do? You're going to get someone in to house sit? Are you going to put her in a cattery or in a kennel?
DAVID MCCLELLAND. They do get depressed if you leave them alone. You know, we talk about animals feeling emotions and dogs get, you know, so sad when their owners aren't there. So sad.
GRAHAM CLULEY. My dog's Labradoodle eyes, it's the saddest thing you've ever seen when he's looking up, looking like that, you know, it's horrendous. So I don't like to leave him alone. So I like to leave him with the in-laws instead. But a lot of people might choose to get a feeder. And as if the world couldn't get worse enough, there are now smart versions of pet feeders, which will deliver food at set intervals.
CAROLE THERIAULT. I can see this. I can see people loving this.
GRAHAM CLULEY. Well, if you're living alone and you've got a pet and you're going off to work, you may well think, well, little diddums here, I have to, you know.
CAROLE THERIAULT. Yeah. Like my mom's dog recently passed away, but before he passed, he was quite ill and he needed to have pills at exact times every day.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. And, you know, she couldn't be like handcuffed to that schedule. So she had a kind of automated feeder that would open up. It wasn't IoT, She set it up in the morning and it would just, you know, do its thing.
GRAHAM CLULEY. And she'd hide a pill inside a piece of cheese or something.
CAROLE THERIAULT. Yeah, exactly. Inside some kind of dog thing. Yeah, yeah. Something scrummy. And then it opens up the little trap door. He gets his pill. He wants it because it's got yumminess and he'd take his pills.
GRAHAM CLULEY. But she might be concerned, well, has the dog or whatever, or has the cat eaten what they should have eaten or have they ignored it? In which case you might want an internet-enabled pet feeder like the Xiaomi Furrytail. Now, Xiaomi, David, I'm sure they do smartphones and things like that. Xiaomi.
DAVID MCCLELLAND. Yes.
GRAHAM CLULEY. Is that how you say it, by the way? Xiaomi?
DAVID MCCLELLAND. Yes, yes, Xiaomi. They're a very big Chinese brand. They operate in the super mid-market with some really quirky phones.
GRAHAM CLULEY. Well, for the cost of just about $28, you can buy this gadget from Xiaomi, which delivers food at set intervals, helps to maintain and take care of your pet's healthy diet 3 times a day, feeding them while you go off on a business trip or gallivant with your friends. And via the connected furry tail smartphone app, you can monitor how much food your pet has eaten, and it'll even notify you if their food has run out.
CAROLE THERIAULT. So what, so what do you do? You run home, like, if they haven't eaten?
GRAHAM CLULEY. Well, well, first of all, what it will do is it lights up an LED light red, so it comes up a bit like an Alexa if it's talking to you, you know, a ping up a light, a different colored light, and that tells you and blinks continuously telling you it's empty. But it may tell you while you're out at work, you better when you get home, or get home quick with some food, or go stop off at the supermarket to go and get some, right?
CAROLE THERIAULT. So have you ever forgotten to feed your pet?
DAVID MCCLELLAND. Um, yes. Yeah.
GRAHAM CLULEY. Have you?
DAVID MCCLELLAND. Yes.
CAROLE THERIAULT. Grace, are you serious? I've never done that.
GRAHAM CLULEY. Really?
CAROLE THERIAULT. No, I'm not kidding. I really am not kidding. Maybe I'm really into food though.
DAVID MCCLELLAND. I love eating and all that, so maybe I mean, I've forgotten to feed myself several times, so it's not too, not too surprising. Yeah, yeah.
GRAHAM CLULEY. I've often— yes, exactly. I've often forgotten to feed the kids, so, you know, if that can happen, it can certainly happen with the dog as well.
DAVID MCCLELLAND. Wow.
GRAHAM CLULEY. Okay. It can happen.
CAROLE THERIAULT. So you guys are the target market for this.
GRAHAM CLULEY. The other thing is though, that if you are a couple, there may be confusion as to who has fed the pet or if either of you have. So my dog, for instance, as soon as food is put down, right, it's gone, right? The plate will be licked clean. And so you may come and you think there's no evidence whatsoever that he has been fed and he's looking at you with those puppy dog eyes and so you feed him again, right? In those cases, a tool like this might be useful. But beware, take heed, take heed, because according to ZDNet, a Russian security researcher called Anna Prosvatova from St. Petersburg, she says she has found a way to hijack control of the Xiaomi Furrytail pet feeders. And she has discovered that she could commandeer 10,950 of these pet feeders exploiting vulnerabilities in the backend API and the firmware. And so what could she do? Well, she could mess around.
CAROLE THERIAULT. Turn them into horror feeders.
GRAHAM CLULEY. Well, yes, because she could either starve your pets, right?
CAROLE THERIAULT. Or she could overfeed your pets. Okay. But you, would you not know through the app? Is the app misinforming you in those cases?
GRAHAM CLULEY. I suppose. I, I, I, I don't know. I, it depends on how you set it up, Carole. I don't know. Okay. That's a level of research which one hasn't done. But the point is, yes, this one hasn't done. But the point is that you're away and maybe the schedule has been changed. So rather than 3 times a day, it's happening 6 times a day.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. What is scarier? Is tiny, puny, hungry animals more dangerous or overfed Digby the dog, sheepdog, biggest dog in the world being given huge amounts of food? Is that more scary?
CAROLE THERIAULT. I think you're missing the point here completely.
GRAHAM CLULEY. Oh, please tell me.
CAROLE THERIAULT. Who the heck leaves their pets for days on end with only companion being an electronic feeder and they monitor their pet through an app?
GRAHAM CLULEY. Well, when I used to have a cat before I got a dog—
CAROLE THERIAULT. Oh, I didn't know this. You were a rages.
GRAHAM CLULEY. Well, I was at one point a single man and I'd sometimes be sent overseas on missions. We can't talk about it. On Her Majesty's Secret Service, that kind of thing. I'd be sent on some secret mission and it'd be like, well, do I want to put my cat in a cattery or do I want to have someone pop it in a couple of times a day and do I trust them? And so I think I had some kind of device which would sort of, it was clockwork rather than IoT enabled, which would slowly reveal more food to them. Or you'd leave them a mountain of biscuits to eat and you'd come back.
CAROLE THERIAULT. And leave them alone for 3 days.
GRAHAM CLULEY. Well, I would argue maybe that's less stressful actually for them than putting them in a cattery, depending on the cat.
CAROLE THERIAULT. Mm-hmm.
GRAHAM CLULEY. I mean, the fact is most cats have other houses.
CAROLE THERIAULT. They have no friends that would come and visit.
GRAHAM CLULEY. Yes, but they have other families to go and visit anyway, don't they? Most cats don't belong just to one family. 'Cause once they've had breakfast at your place, they think, well, now I'll go over to the Rogers. House and go and eat with them instead. And let's go and visit Mr. and Mrs. Williams because I'm also their pet. You know, every— everyone is sort of sharing animals, I think, in this way, at least with cats. It's different with dogs, but cats are solitary creatures. The point is, Anna Proseratova said that a vulnerability in the device's Wi-Fi chip meant that she could even have downloaded and installed new firmware and even hijack the pet feeders into, get this, an IoT DDoS botnet.
CAROLE THERIAULT. Well, this just underlines once again why we don't want willy-nilly companies playing around with internet-enabled stuff without baked-in security. Oh my gosh. So next time you leave your dog Archibald for 4 weeks, Well, I don't know. As you do.
GRAHAM CLULEY. Can I stress I do not leave my dog for that length of time. I might leave my dog for a few hours. Cats are different. Dogs I might leave for a few hours, but you know, I think dogs need much more human companionship than cats, who frankly look down upon us. At least look down upon me. So, Anna, you're both cat lovers now. You see, I've sort of turned to the dark side of being a dog lover. In recent years.
CAROLE THERIAULT. I like dogs.
GRAHAM CLULEY. Well, I like them both too.
CAROLE THERIAULT. Anything that's not human, it's a high five from me.
DAVID MCCLELLAND. We, we would love a dog, uh, and our kids would absolutely adore them, but it just doesn't fit in with our lifestyle. You know, I am that person who travels away an awful lot. My wife, uh, works a lot. You know, I kind of don't feel as though it'd be responsible for us to have a pooch left alone quite so much.
GRAHAM CLULEY. It'd be unfair. Yes, absolutely. Well, It's unclear whether Xiaomi are actually going to patch their pooch.
CAROLE THERIAULT. Oh, they haven't said, they haven't said whether they're—
GRAHAM CLULEY. Well, they've said they are going to release a fix, but it's unclear whether they've done it yet. But suddenly this researcher from St. Petersburg, she contacted them asking for a bug bounty and they said, get stuffed. We don't operate a bug bounty for this particular thing. So they're not even gonna throw her a bone.
CAROLE THERIAULT. That's really interesting though, because I bet that's gonna be happening a lot more.
GRAHAM CLULEY. Thank you, David.
CAROLE THERIAULT. I didn't hear. Sorry.
GRAHAM CLULEY. You didn't miss anything, Carole.
CAROLE THERIAULT. The thing that's interesting, though, is that you have all these companies that aren't used to responsible disclosure and maybe don't understand all the rules that we have kind of set up in the industry. And so when someone contacts them and they say, hey, look, you know, I found something serious, can you throw a bit of wadge my way? They don't know how to react to that.
DAVID MCCLELLAND. Xiaomi actually is a much bigger firm than I think we give them credit for, you know, not some itsy bitsy little supplier of IoT devices. 10% of smartphones in Europe last year that were sold were Xiaomi smartphones, which is quite, quite something. Yeah.
GRAHAM CLULEY. In Europe?
DAVID MCCLELLAND. In Europe. 10% in Europe. Yeah.
GRAHAM CLULEY. Even though no one knows how to say their name when they go into the store. They're doing all kinds of electronics and gadgets. I mean, I even saw the Xiaomi Furry Tail Boss Cat Bed, which basically gives your cat a chair a bit like the one in Austin Powers, one of those '60s egg chairs. So they've got all sorts, and it's not just pet-related, it's all kinds of technology. I mean, well, you're tempted, aren't you?
CAROLE THERIAULT. I see the picture, yeah. But that's not a smart-enabled chair, correct?
GRAHAM CLULEY. Not yet. But maybe you'll be thinking, oh, there I am, far away from my pet cat, and wouldn't I like to watch him over CCTV or spin him round or something, because he really likes that.
DAVID MCCLELLAND. It looks like a perfect solution for pet scales. You know, maybe if your feeder is feeding them too much and you are in danger of ending up with a bit of a Digby, then yes, this would be a great way of keeping them in one place long enough to get an accurate—
CAROLE THERIAULT. You could monitor their weight at every moment of every day.
GRAHAM CLULEY. Patent it, David. Fork roll stills it.
DAVID MCCLELLAND. Too late, too late.
GRAHAM CLULEY. It's a good idea, good idea. Right, David, what's your story for us this week?
DAVID MCCLELLAND. Right, so picture the scene, if you will. You are a tech journalist exhausted after a long shift on the news desk, and now just as you're about to close your laptop and head home, your editor taps you on the shoulder. Let's give this a go. One more before you go, he says. Breaking story.
CAROLE THERIAULT. Where is he from?
DAVID MCCLELLAND. Sorry, I have no idea.
GRAHAM CLULEY. Is he French?
DAVID MCCLELLAND. Breaking story, there's been a data breach. Millions of user accounts hacked and floating around the web. Credit card details doxed. Bunch of teenagers claim they did it. Make some sense of that for us, will ya? So you sigh inwardly. As conscientious a reporter as you are, you have a date night with your sofa and Mr. Robot Season 4 queued up on your TV for tonight. Your editor senses your dismay. Don't sweat it, normal stuff. Speak to an expert or two, give it some credibility. Try that Cluley fella if you're desperate, he's always game for a cheap quote.
GRAHAM CLULEY. You'd have to be desperate.
DAVID MCCLELLAND. I think I've been on the phone to you once or twice, Mr. Cluley, looking for a cheap quote, so thank you for that.
GRAHAM CLULEY. Yes. No other kind.
DAVID MCCLELLAND. Anyway, so what do you do as a journalist? You make a few phone calls, you get in touch with the press office of the hacked company, do some digging about, try and find out previous hacks, find out who leaked the data, speak to some experts, put together some "here's what you should do if you think that you are at risk" advice. 45 minutes later, you've got your 500 words, you're about to file them, and then it hits you, this realisation that strikes fear into the heart of a journalist. There's something missing, something vital to communicating the essence of the story to your readership, without which your work of art may go completely unread. You need a picture.
GRAHAM CLULEY. Oh no!
CAROLE THERIAULT. Are you in charge? Is the journalist in charge of choosing the picture?
DAVID MCCLELLAND. Oh, it depends on the title. You know, more often than not these days.
CAROLE THERIAULT. Oh, right, right.
DAVID MCCLELLAND. You know, not everywhere has a picture desk. So what do you do? Well, speaking as a journalist who, um, well, apparently what we do is we go to a folder on our desktop called "Hackers," we look inside, and we select from one of roughly 6 images, all of which have hackers in hoodies wearing jeans sat in front of a laptop with this binary rain somewhere behind us. So for all of our literary wordsmithery, our visual creativity extends no further, it seems, than this very narrow selection of stock imagery. Am I right? Am I right? You've seen these images?
GRAHAM CLULEY. Yes, yes, you're right, you're right.
DAVID MCCLELLAND. So it's been quite a long—
CAROLE THERIAULT. I think we've all seen them. There's some that are still there from like 15 years ago.
DAVID MCCLELLAND. I know, I know. And let's face it, Mr. Robot itself, you know, hasn't done much to move that story forward. Anyway, there's been a lot of chat about how we need to move this forward a little bit. So early this year, the team at long-standing Ideas and Design Factory, IDO, or more accurately, they've got this kind of crowdsourcing practice called OpenIDEO. They decided to hold a competition to try and move the visual language of cybersecurity forward a little. They opened the competition earlier in the summer and the results are in. So I invite you—
CAROLE THERIAULT. Visual language. Sorry, I'm just trying to— I'm still processing.
DAVID MCCLELLAND. Just to find some new ways visually that we can do. Yeah, exactly. Some pictures.
GRAHAM CLULEY. Less hoodies.
DAVID MCCLELLAND. So I invite you, Graham Cluley, and our dear listener to have a look at the show notes and to have a look at the finalists. Because the finalists have indeed been chosen. I think there are 5 kind of top finalists, lots of highly commended, and I'm interested in your thoughts on what's happened here because one of the reasons why an image like the hacker in the hoodie with the binary rain and so on has been used so much is that it's, as with all of these images, it's kind of a bit of shorthand in a way. It's how can we try and convey something that is a little bit eye-catching, but, you know, we're not having to do too much thought on it. And that's one way of looking at these images. There is, of course, a far greater amount of detail that I'm sure picture editors would talk about. And then trying to redefine that, trying to move it forward, is actually more than just choosing another picture. There's actually quite a lot of things that need to happen. So I was really interested to see what some of the designers around the world came up with to try and, you know, communicate hacking or cybersecurity in an image that isn't the archetype.
CAROLE THERIAULT. It's okay. So in the top ideas, 3 of them are like monsters, viri, viruses.
GRAHAM CLULEY. Yes, wormy kind of things.
CAROLE THERIAULT. That happened in the '80s. Well, early '90s. We certainly saw that kind of illustration of the virus. So I find that not very—
GRAHAM CLULEY. There's a lot of circuit boards here as well, isn't there?
CAROLE THERIAULT. A lot of circuit boards.
GRAHAM CLULEY. Yes, which isn't really what it's all about.
CAROLE THERIAULT. There's one with feet, which is making me interested. I don't know what that's about.
GRAHAM CLULEY. I think that says more about you, Carole, than I imagine, frankly.
CAROLE THERIAULT. I like Tiffany Baker's one. I guess that's probably deepfakes.
GRAHAM CLULEY. Oh, where's she? Oh, there.
CAROLE THERIAULT. Very bottom.
GRAHAM CLULEY. Yeah, it's, um, I mean, they're all right as one-offs, but I can't imagine these being reused. I'm not sure this really— the, the beauty of an image of someone crouched over a keyboard is it can be It feels rather generic, doesn't it?
DAVID MCCLELLAND. Yes.
GRAHAM CLULEY. And so it can be applied to lots of stories, whereas these, I think because they stand out a bit more and, you know, well done to the people for coming up with things which are slightly more imaginative, but I think these could get—
DAVID MCCLELLAND. Trojan.
GRAHAM CLULEY. I think these could get tired fairly— oh yes, these could get tired fairly quickly as well, couldn't they? So is the idea that any of us can just grab these and start repurposing them for our news articles now?
DAVID MCCLELLAND. Uh, yes, so if you have a look at the OpenIdea website and have a look on there, then they have got the Creative Commons usage, right, for them, which, let me just double-check, is Creative Commons Attribution 4 International license. These materials can be shared, repurposed, and used for free provided you include the correct contribution— I'm sorry, the correct attribution, right?
CAROLE THERIAULT. I think 25 is actually really nice. 25, Linda Graf.
GRAHAM CLULEY. This is great. This makes for a great podcast. But this, but, but I, I mean, I think what would be nice from this is if you did take a shine to any of these, a news organization could contact the artist and say, love that. Could you do 20 in the same style? And then, you know, we would own those and then we would be able to repurpose those and, you know, have some sort of overarching theme over our site.
CAROLE THERIAULT. I mean, hey, you know what? I can't think of an industry that needs art more, to be fair. Yeah, right. You've been to the trade shows more than I have, both of you. They are not sexy environments.
GRAHAM CLULEY. Well, the thing is that computers aren't very—
CAROLE THERIAULT. No, but that doesn't mean that technology is. And I find it dismal how most conventions and exhibitions look. Feels really old school and a bit sad. So maybe bridging the arts and technology a bit might add a bit more pep to the industry.
DAVID MCCLELLAND. It is certainly one of the challenges, whether it's pictures to accompany a feature or a news story, or even when you're putting together a technology piece for the television, you'll know this, actually finding a way to bring it visually to life that doesn't involve me or an expert or somebody sat behind a laptop screen can actually be very, very difficult. You need to apply an awful lot of creativity to bring these things to life and put them in terms, particularly for a non-techie audience, that people can understand, that people can relate to. It's a constant challenge, but particularly for tech.
GRAHAM CLULEY. I've just seen one of the finalists is making the comparison between a condom and putting antivirus on your computer. So they're sort of making the reference to Trojan. This is something I saw 30 years ago. I mean, this, that was lame even then.
CAROLE THERIAULT. But this is probably from kids though that weren't around then. That's the irony of it, right? They're probably feeling like they're cutting edge, but the idea, the fundamental idea is very much the same. Maybe we're just bored of it. Maybe it's very cool and we've just seen it so much we can't stand it anymore.
GRAHAM CLULEY. Maybe. I see a lot of sniping actually online on Twitter between some people when people post a story about some sort of breach and people say, oh, it's another hacker in a hoodie. And it's like, well, what, what else? Thank you very much for pointing that out to me as though I wasn't aware. But what else would you have used to illustrate this?
CAROLE THERIAULT. Imagine someone showed, you know, it's a DDoS story and you want to show that process. We have a lot of little dots, a lot of little lights, a lot of little, you know The artwork's good though.
GRAHAM CLULEY. Yeah, yeah, I think it may point people in the right direction, and maybe it'd be great to give some people who have artistic talent the ability to score a contract and do some work for people rather than everyone just ripping off this freely available imagery which is out there.
DAVID MCCLELLAND. But I think that's what I take away from this. There has been a lot of maligning of the archetypal hacker in a hoodie and a lot of, yeah, can't we just be more creative and do something else? But, you know, what even an organization the size of IDEO running a competition that hundreds of people have entered, actually there still doesn't seem to be something which everyone goes, "Oh yeah, okay, yeah, let's go off in this direction." That's way better. Yeah, exactly. So I think the next time I feel like sniping, which I would try not to do, or anyone feels like sniping, actually have a think about, well, okay, how would I address this? How would I come up with a creative image to tell this story?
GRAHAM CLULEY. Well, I'll tell you an innovative approach. Carole, she'll be too shy to mention this, but she is something of an artist. She's been working with watercolors recently. She's been doing some painting, but I've also seen some magnificent work she's done in the past with Microsoft Paint. And I think if she were to do the hacker in a hoodie over a keyboard in Microsoft Paint, that would be something the world has never seen the like of before.
CAROLE THERIAULT. TM Carole Theriault.
DAVID MCCLELLAND. Yeah, it's true.
GRAHAM CLULEY. Maybe you can do us one, Carole, and we'll post it up on Twitter so people can see it. Link to it in the show notes. No pressure. Carole, what's your story for us this week?
CAROLE THERIAULT. Well, I want you to imagine that you're young, fancy-free, and just arriving in New York City.
GRAHAM CLULEY. Sounds perfect.
CAROLE THERIAULT. And you are a total noob to city life. I mean, back home, your best friend was the fat cow living next door. I'm sorry, you know, an actual cow, like the four-legged dairy moo moo cow, right?
DAVID MCCLELLAND. Sheesh, literally a cow.
CAROLE THERIAULT. Okay, you're far from loaded, okay? I'm talking money-wise. You have no money, and most people's number one task in that case is secure a roof over your head. And the dream, especially in New York City of course, is to land yourself a rent-controlled apartment, right? This is the pinnacle of paradise. If you're a normal human being on a fixed budget.
GRAHAM CLULEY. Rent-controlled means they can't put your rent up too dramatically, is that right?
CAROLE THERIAULT. Well, I'm just going to tell you right now because I wasn't exactly sure what a rent-controlled apartment was, right? So it's a very tricky affair to find one because rent control happens when a tenant has been living continuously in their apartment since July 1st, 1971.
GRAHAM CLULEY. Oh, crumbs!
CAROLE THERIAULT. In a building constructed before 1947.
GRAHAM CLULEY. That narrows it down.
CAROLE THERIAULT. Narrows it down. Now, there's other rent subsidies and rent stabilized is the other word, but effectively, they're to help people live in a city that has huge, huge inflation in the market, right? Like, you wouldn't be able to live there otherwise. The neighborhoods have exploded in real estate value. So today, there's only 22,000 rent control apartments left in the city. Down from 2 million in the '50s. So say I lived in New York City and I had one of these apartments.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. If I died or moved, certain family members, including non-traditional family members like unmarried couples who have been living in the apartment, can take over the tenancy in some cases. So in your case, if someone left you a flat, you'd be sitting pretty. You'd be sitting there going, this is excellent. And the reason it's excellent is because you'd be paying $1,500 a month instead of $4,000 a month for the exact same apartment in the exact same building.
GRAHAM CLULEY. Carole, if I were you and you had this property, I'd be worried that your relatives might be trying to knock you off to get it. I mean, if it was that valuable, they'd think, oh, you know, put something in her tea.
CAROLE THERIAULT. Well, lucky for you, you have an Aunt Agatha that lives in New York City, and she's left you her cat saying, as long as this cat's alive, you can live here. For the beautiful rent of $1,500 a month instead of $4,000.
GRAHAM CLULEY. Easy, I'll set up a pet feeder.
CAROLE THERIAULT. No problem.
GRAHAM CLULEY. Exactly.
CAROLE THERIAULT. And you know, you of course don't hesitate, right? Because this is, you know, you plan to treat that cat like the Messiah because, you know, he's basically your ticket to party town.
GRAHAM CLULEY. Well, I wouldn't treat him exactly like the Messiah because, because yeah, yeah, we know what happens.
CAROLE THERIAULT. And you know, life is awesome. Cat stays alive. You sit on your balcony, Audrey Hepburn style, strumming your guitar.
GRAHAM CLULEY. Oh, lovely.
CAROLE THERIAULT. And one day you hear that your landlord is smartening up, quote unquote, all the apartments in the building. And by smart, I mean internet connections. We're talking facial recognition systems at the entrance, smart thermostats, leak sensors, voice control, smart plugs, smart lights, home assistants, et cetera, et cetera, et cetera. Now, a lot of people, it turns out, think this sounds pretty darn good.
GRAHAM CLULEY. Really?
CAROLE THERIAULT. For example, you might be thinking if you were young, like my protagonist in this story, you might be thinking, ooh, I can set the mood when I finally bring a date home, right? Dim the lights, heat the waterbed, ask Alexa to play some chill, you know, R&B, all before we walk in.
GRAHAM CLULEY. Do people heat waterbeds?
CAROLE THERIAULT. Do they even exist anymore? It's like, you know, you might be thinking, what landlord's going to go through all that, getting all that stuff hooked up and connected, and how are they going to make it all work? Well, there's a market vacuum happening because most landlords can't do that, and there's these companies, these tech firms, who are basically streamlining all these IoT services for multifamily properties or rentals. That's what they call them in the States, multifamily properties, right? So basically these companies would come and inspect the property, talk about what you need as a landlord, install all the tech. And of course, as with most things, the installation process is a bit of a pig, but the promise is smooth sailing for the landlord and tenant-like thereafter. So I'm going to give you an example here. Let's, let's take this as a case study. So this company called Smart Rent, Now, this is one about two dozen or so companies that offer similar services. So they roll up all the smart apps and stuff like from your thermometers and your door controls and your lights and all that stuff into a nice handy app. And the sales pitch to the renters is effectively exactly that. You can manage all your food deliveries and babysitters and dog walkers and cat feeders and, you know, your domestic cleaners and all that stuff can all get managed by the app. You know, you may have approved and they are legitimately allowed to go into your flat, but you don't have to be there.
GRAHAM CLULEY. Convenient, capital C, right?
DAVID MCCLELLAND. Oh, I see.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. And the pluses from the landlord are also many because, you know, they can see which flats are vacant and they can get immediate notifications of problems and manage work orders and manage leases and even coordinate moving in and out and turning off, you know, services and changing lock codes, Wi-Fi passwords, all that from a single app. Convenient with a capital C. So both sides see the benefits, but I'm looking at this and I'm thinking, what does Smart Rent get out of this, right? They could be able to collect quite a bit of information if they're just a wrapper around all this information.
GRAHAM CLULEY. You're so cynical.
CAROLE THERIAULT. I know. Well, you know me, can't resist checking out the privacy policy, right?
GRAHAM CLULEY. Gosh, you're so much fun at parties, Carole.
DAVID MCCLELLAND. You know what?
CAROLE THERIAULT. I am actually excellent at parties, and you've been to many. You've been to many, Mr. Cluley. And you'd be, you'd be wrong.
GRAHAM CLULEY. It always gets a bit wild when you get the privacy policy out. Go through the terms and conditions of the party.
CAROLE THERIAULT. Now look, I have pasted in for your amusement.
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. This is from their privacy policy and this is what they say the information they collect from the app.
GRAHAM CLULEY. All right.
CAROLE THERIAULT. Who they can share it with.
GRAHAM CLULEY. Okay. Yeah.
CAROLE THERIAULT. And this is including your personal information as well as information collected by some of the services you've chosen to use. Right. This can be shared with affiliates. Business partners, service providers, business transfers, landlords, roommates, in response to legal process. So if someone demands something to protect us and others, they say.
GRAHAM CLULEY. What does 'to protect us and others' mean? What do they mean by that?
CAROLE THERIAULT. We may also disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, fraud, situations involving potential threats to the safety of any person.
GRAHAM CLULEY. So if they suspect I'm up to something a bit dodgy, they'll be able to use all this. Yeah. Okay.
CAROLE THERIAULT. All right. So if you're a trailblazer, all this information, of course, this is maybe information that you may not want to share with all these people. And then this is printed really quite clearly in their privacy. It's not buried in the, you know, in the tiny Ts and Cs. It's pretty clear at the beginning of the front. But residents have to pay around $20, $25 a month for these services.
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. Wow.
DAVID MCCLELLAND. And we'll have very little say in whether they're paying for that or not. They have to pay if it's there. Yes.
CAROLE THERIAULT. We're gonna see some serious growth in this space. Smart Rent, this case study here, received $32 million from Bain Capital Ventures. Now the money is not huge, but Bain Capital Ventures are the owners of nearly 1 million US apartments, and they are very interested in all this. And Gartner, the analyst firm, recently listed smart spaces, which is basically office but same idea, as a top tech trend for 2020. So if we go back to our New York-based bald cat babysitter, and you know, this guy loves the convenience, loves the connectivity, but what if your landlord wanted you out? Because of course, if you get kicked out, they can get 3 times as much for the apartment. So doesn't that mean that you have to follow every single rule that's in your tenancy agreement? I fear this tech gives landlords a huge unfair advantage because we all have to become model tenants. Break any of the rules, right, that can be proven by a simple data log and you can get kicked out on the street.
GRAHAM CLULEY. Which has never happened at one of your parties, has it, Carole? Remember there was a party once in your hotel room at a virus bulletin conference which, Yeah, yes, one of those boring parties where I pulled out my T's and C's. I remember I only had—
CAROLE THERIAULT. and we got kicked out. But yeah, do you remember how we got kicked out?
DAVID MCCLELLAND. Go on, go on.
CAROLE THERIAULT. So there was a knock at the door and the guys had a big tray of champagne. They'd called up a lot of times telling us to shut up and we hadn't listened, basically. We were in the penthouse, blah blah blah. Um, so there's a knock at the door and we open it, we're like, oh great, empty glasses, no champagne. They storm the room and get us all out.
DAVID MCCLELLAND. No! And they made—
CAROLE THERIAULT. they made me at 3 in the morning, go sit in the lobby for an hour to cool down, chill my boots. Yeah. Wow.
DAVID MCCLELLAND. This technology sounds like, and I know I'm going to use a sports term here, so I apologize for that, Graham. It sounds like VAR for landlords in a way.
GRAHAM CLULEY. Sorry, sorry, I'm lost. What are you talking about, David?
DAVID MCCLELLAND. VAR, video assistant referee. It's a bit like in the rugby, the Rugby World Cup TMO.
GRAHAM CLULEY. I didn't know what TMO stood for, but I saw this on the rugby at the weekend. Yes, they go to a big screen.
CAROLE THERIAULT. Maybe you should explain it for everyone else.
GRAHAM CLULEY. Well, rugby is a game where you have a ball which is shaped to— oh, you're talking to David, not me. Okay.
DAVID MCCLELLAND. Yeah, so as Graham said, but in many of these sports, whether it's cricket or football or rugby or tennis with Hawkeye and so on, because human eyes are fallible and because balls move very quickly sometimes, television technology and slow motion video technology is being employed, particularly for high profile matches, so that nobody can get away with anything. And what may once upon a time have been way waved on as, yeah, it's just a thing, it's fine, using the referee's better judgment. Now every single little thing gets picked up and people get sent off on yellow cards and games get interrupted and it's a lot less fun as a result. And, well, not that renting should or should not be fun here, but that seems to be similar to what we're talking about here, Carole.
CAROLE THERIAULT. Yeah, yeah. And, you know, but no, they're not hiding this. There's this company called Team and GateGuard and they do internet-enabled telecoms and they've been pitching their surveillance tech to landlords in New York. And CNET got a hold of the emails. So I guess this was promo emails that they were sending out to landlords. And they're basically telling landlords that they can use this GateGuard AI doorman intercom to photograph every visitor in the building to see if tenants are illegally subletting units or if tenants are, you know, renting out their places as Airbnbs. With that information, they'll be able to vacate the unit. And they say, quote, combine a $950 a month studio and a $1,400 month, one-bed studio into a $4,200 deregulated two-bedroom. So they're actively encouraging landlords to find ways to be able to kick out these rent-controlled tenants.
GRAHAM CLULEY. Crikey. So, and of course, it's not just a problem of who this data might be shared with, but also potentially security breaches and leaks. And, you know, all this has been, are these people looking to take over the cat feeders as well, Carole?
CAROLE THERIAULT. Exactly. It's really quite scary when you go to a site like the one I was visiting to see how many different third parties they work with. And there are a lot. And I'm sure that's increasing all the time. And I don't believe they're necessarily doing the right, you know, why would they be doing all the right vetting processes every single time for each one of their partners?
GRAHAM CLULEY. They would never clue, would they? They wouldn't have a clue.
CAROLE THERIAULT. And when I read the privacy, because you know, I love reading privacy agreements. So I read it. In full, that whole bit, they were very cagey about what security they were offering. They were saying, look, we do our, you know, we do reasonably well at security, but you're responsible for making sure blah, blah, blah, blah, blah.
GRAHAM CLULEY. Usual story.
DAVID MCCLELLAND. Just taking a look at the SmartRent website, I was interested to see what their promise to users are. And on their data security privacy page of their site, they're just under a heading, keeping your information private is our top priority. Priority. SmartRent is committed to protecting the security of personal information. Rest assured, we do not sell your data, full stop, to anyone, full stop, no matter how nicely they ask, full stop.
GRAHAM CLULEY. So, you know, all I can tell you is that whenever a company says it takes security seriously, I feel very, very reassured. Normally they say after a data breach, of course, but in the press release. But when they say that, then I have no problems whatsoever.
CAROLE THERIAULT. I feel much Don't you love a win-win situation? Imagine if you could have both enterprise-wide password management with single sign-on.
DAVID MCCLELLAND. What is single sign-on?
CAROLE THERIAULT. Well, Graham, let me dazzle you. Single sign-on is designed to connect employees to high-priority apps, all without needing the user to log in at every single hurdle. Now, by combining these two services, our friends at LastPass may have just revolutionized security at the enterprise level. Learn more at lastpass.com/smashing.
DAVID MCCLELLAND. You don't need to say the forward slash.
GRAHAM CLULEY. Ah! So you've got an IT security team, but you want to turn them into security superstars? How can you best provide each employee with the opportunity to upskill themselves? Immersive Labs provides a cloud-based system. I mean, it's available 24 hours a day, whenever is convenient. Convenient for them to learn. It provides hands-on experience with tools, technology, and even sandboxed malware. The platform provides story-based threat simulations. It lets teams enhance their skills while stopping an online banking breach or the hack of industrial control systems. Lots of fun to be had there. Check out Immersive Labs' skills development platform to drive down your organization's cyber risk while reducing training costs. Check them out. Out at immersive labs.com/light. immersive labs.com/l-i-t-e.
CAROLE THERIAULT. Okay, so it turns out that we are all bad people. Well, not all of us. Most of us though, because 60% of employees who quit their jobs admit to taking data. That's why Code42 provides data loss protection for when employees quit. It can help you detect insider threats, investigate file activity, and respond before damage is A really cool aspect is that at any time Code42 can tell you what data lives where, when it leaves, where it goes, and who has access to it. To learn more about how you can protect your company from insider threats, visit code42.com/smashingsecurity. Now on with the show.
GRAHAM CLULEY. And welcome back. And you join us on our favorite part of the show, the part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. Doesn't have to be security-related necessarily.
CAROLE THERIAULT. It shouldn't be normally.
GRAHAM CLULEY. What shouldn't be normally, Crow?
CAROLE THERIAULT. Nothing.
DAVID MCCLELLAND. It shouldn't normally—
GRAHAM CLULEY. you say it shouldn't— it definitely shouldn't be security-related.
CAROLE THERIAULT. Oh, well, maybe I have a surprise for you.
GRAHAM CLULEY. Oh, some hypocrisy perhaps. Well, my Pick of the Week this week Concerns this. In real life, user interfaces are pretty dull, aren't they? They're pretty boring, pedestrian.
CAROLE THERIAULT. What is dull?
GRAHAM CLULEY. User interfaces.
CAROLE THERIAULT. UIs?
GRAHAM CLULEY. Yeah, UIs on software or hardware.
CAROLE THERIAULT. Much more boring than privacy agreements, yes.
GRAHAM CLULEY. But if you— hey, you know, if someone wanted to get their user interface out at one of your parties, Carole, that would liven things up considerably. But if you watched the movies— depends on the person— if you watch the movies you would believe that user interfaces are completely cool in a batshit crazy bonkers kind of way.
CAROLE THERIAULT. That's true.
GRAHAM CLULEY. You watch one of those Thom Cruise science fiction movies where he's sort of, you know, scouring the database.
CAROLE THERIAULT. Yeah, I watch crime stuff all the time, right?
GRAHAM CLULEY. Yeah, well, Magnify, the website sci-fiinterfaces.com chronicles the user interfaces which are used in movies and television shows for your fun and education. And it's really quite fun because normally these user interfaces are designed in movies so that the audience will go, you know, they'll spit out their popcorn and say, that was awesome, man! I wish we're, you know, like in Swordfish, you remember when he's trying to hack into the database and John Travolta and Halle Berry are trying to put him off or trying to encourage him? I can't remember. You didn't miss much, Carl. Well, you know, you kind of think, what is that? That's no way is hacking like that. No way is the interface like like that. But this website doesn't critique the believability of the user interfaces, but instead looks at how the characters interact with them. And it's quite fun. So there's lots of sci-fi movies listed up there, and if you were ever interested in what the Terminator's user interface, or the user interfaces used in Star Wars movies, or one of my favorites is 2001: A Space Odyssey, the most amazing film ever. If you remember, he even had iPads pads perhaps in 2001. I think Leonard Rosseter or some of the other characters hadn't quite had that.
CAROLE THERIAULT. Do you really geek out at this stuff?
GRAHAM CLULEY. Yes, I do. I find it quite cool actually. I find it very, very good. It's quite cool. So you can go and check out sci-fiinterfaces.com and who knows, maybe it might carry on influencing and encouraging future user interface design to be more like in the movies and that could be quite funky if not entirely practical. Cool. So that is my recommendation.
DAVID MCCLELLAND. I have to say, the guy Christopher Newsall who has been populating sci-fiinterfaces.com, wow, the amount of detail and care that he's gone into with this. It is absolutely fascinating. He really knows his stuff around this. This is the gift that keeps on giving and it goes back He's like posting every few days with different stuff from different films that I remember as I was growing up. I mean, wow, this is good bedtime reading for a number of nights.
GRAHAM CLULEY. Oh yeah, I mean, I saw for instance a movie we talked about, we mentioned a few episodes ago, was Logan's Run from the 1970s. And sure enough, Logan's Run is in there. And he doesn't just put up a couple of screenshots, you know, he talks about these things and writes about them at length. So it's—
CAROLE THERIAULT. he has 21 posts on Barbarella. There you go. There you go.
GRAHAM CLULEY. There you go, Carole.
CAROLE THERIAULT. Well, what, someone's obsessed with something? I'll take a look. I don't know, this is kind of— it's— these things kind of weird me out a bit.
GRAHAM CLULEY. Okay, all right. Well, we look forward to your pick of the week. But in the meantime, let's hear what David's pick of the week is.
DAVID MCCLELLAND. I guess we've been talking a little bit about cynicism, so I'm going to promote an antidote to that. So last time I was on the pod here, I recommended a book by Walter Isaacson called The Innovators, and that seemed to resonate with quite a few Smashing Security listeners. So thanks to those of you got in touch for that. I've got another book recommendation this time. This is by Hans Rosling, and it's called Factfulness: 10 Reasons We're Wrong About the World and Why Things Are Better Than You Think.
GRAHAM CLULEY. Wonderful.
CAROLE THERIAULT. I've read this.
DAVID MCCLELLAND. Oh, have you? Interesting. Right, so I was first introduced to Hans Rosling's work by one of his TED Talks. He's done a few of those. And then later on by a BBC TV show called The Joy of Stats. It's fascinating. 200 years of life expectancy across 200 countries in just 4 minutes using his signature flair, energy, and visualization. So my first recommendation to whet your appetite for book is to watch that Joy of Stats clip. What Hans does, apart from sword swallowing, he brings data to life in a way that we can absolutely all relate to. And Factfulness, this book, is a culmination in many ways of his life's work as a professor of international health and how data illuminates things about us and our world that we cannot see. And I remember when I was talking, you know, at IT events years ago about big data, actually how Hans Rosling and his work was a real inspiration and a really good case study. Now, the big thing in his book, as you'll know, Carole, is that as humans we are all hampered by this overly dramatic worldview, he calls it. One in which, as humans, we are for various reasons predisposed to think that the world is this awful, awful place where things aren't what they used to be.
GRAHAM CLULEY. Never on this podcast.
DAVID MCCLELLAND. Right, exactly, which is why I thought it was a good antidote. So what Hans Rosling proposes is that we have so much baggage, whether it's from years of reading the Daily Mail or The Sun or reading the Bible or—
GRAHAM CLULEY. He's talking to me, Crow.
DAVID MCCLELLAND. Because of all of this baggage, it's impossible for us to see the world for what it is and therefore crucially for us to make good decisions. And he's right, you know, we are all guilty of this overly dramatic worldview because bad news sticks and we've all got this rosy nostalgic view of the past. And there are lots of reasons for that that go back to human evolution and development and so on.
CAROLE THERIAULT. Right, right.
DAVID MCCLELLAND. It's that baggage which he's addressing. So what can save us, Carole? Data. Data can save us.
CAROLE THERIAULT. Oh yes, feel-good book, isn't it? It's the feel-good book for those of us that feel horrifically guilty for killing the world, killing the planet.
DAVID MCCLELLAND. Well, I would say so, inasmuch as, well, actually, we aren't half as bad as we thought we were. So in, in one of the stories, um, he talks about He's on stage at Davos, the big World Economic Forum event. It was about 3 or 4 years ago, and he asked the audience, which is supposed to be the world's most informed audience of leaders and politicians and journalists, he asked them 3 multiple choice questions with 3 answers, and they're about things like how many people live in extreme poverty, the number of children in the world receiving vaccinations, and children in the world by the end of the century, and so on. These are questions about our world that could very easily be clouded by, like I say, this misguided outdated worldview view. And the thing is that the humans, even at the World Economic Forum, did worse at getting these questions right than the chimpanzees he asked at the zoo. That's right, chimps. Chimps guessing numbers at random did better than these supposedly worldly-wise humans. Um, and it's because it's shocking.
CAROLE THERIAULT. It's a shocking fact, right? I remember it is like, whoa.
DAVID MCCLELLAND. And also, he also asked this same questionnaire to a number of different demographics in different countries, and he found out that basically people in the United States answer very differently— I need to be diplomatic how I say this— answer very differently to people in Sweden, for example, where he's from, again because of these clouded judgments that we all have. Anyway, so long story short, this book is important because it helps us to challenge our view of the world, our preconceptions, our influences, and hands gives us lots of tips on how to see past all this political bluster, this media dramatization and PR fluff. I'm still working through it, but if you want another opinion, Bill Gates— you may have heard of him— along with Melinda Gates became very good friends with Hans Rosling. Bill called it one of the most important books that he's ever read, so much so he's paid for a copy of this book for every single US college graduate. Which is quite a statement about how important he thinks it is. Now, very sadly, Hans Rosling died fairly recently, but his work feels very much active, so on, and this book's been posthumously published, so weirdly I feel very comfortable talking about him and it in the present tense. So, Hans Rosling, Factfulness: 10 Reasons We're Wrong About the World and Why Things Are Better Than You Think. If you're in the US, you might be able to blag a free copy from Bill. Otherwise, It's in all good bookstores, and I can heartily recommend just to expand your view of the world. Whether you agree with it all or not is up to you, but certainly it is mind-expanding.
GRAHAM CLULEY. I think that's an excellent pick of the week. Sounds very intriguing. Thank you very much, David.
CAROLE THERIAULT. It's for you, Graham. It'll cheer you up.
GRAHAM CLULEY. Yes, well, I don't need cheering up, thank you very much. But, you know, well, I don't think so. Carole, I know what's going to cheer me up. It will be your pick of the week.
CAROLE THERIAULT. Well, I was lying. It's not Sir Carole. Security related per se, more privacy related.
GRAHAM CLULEY. Right, okay.
CAROLE THERIAULT. My pick of the week is a snippet from a recent Joe Rogan podcast with Edward Snowden. Now I am not a regular Joe Rogan listener, but, um, someone on Reddit was waxing lyrical about this 30 minutes, the last 30 minutes of a 3-hour podcast with Edward Snowden. Right, no, I'm totally gonna watch it all, but I haven't watched watched it all before this, right? And I can say that I do not disagree with anything within his explanation of— on the kind of insecurity around phones, why we're slaves to them, and why the data hoovering machines behind them aren't necessarily playing fair. It's probably the best way to say it. Now, it's 3 hours, um, and he doesn't really— I mean, I'm just thinking, if I'd been talking to Joe Rogan for 2 and a half right? And then had to deliver this almost effectively a kind of soapbox speech about explaining how this works. I don't think I could have done it nearly as well. Like, it's succinct, it's intelligent, it's accurate. And I find it a formidable feat, actually. I watched it on YouTube rather than just listen to it, which I advise as well. But somehow it felt more powerful, which I don't normally think with podcasts. Near the end of this segment, just to give you a taste, He says, quote, this data is about human lives. It's data about people. These records are about you. It's not data that's being exploited, it's people that are being exploited. It's not data that's being manipulated, it's you that's being manipulated. And this is something I think a lot of people are beginning to understand. Now the problem is that companies and governments are still pretending they don't understand. And he goes on to share a quote from one of his friends from the Freedom of Press Foundation, quote, you Awaken someone who's pretending to be asleep, which I found pretty deep. Oh, you didn't follow me at all, did you?
GRAHAM CLULEY. No, no, no. Sleep?
CAROLE THERIAULT. Are you pretending to be asleep?
GRAHAM CLULEY. No, Carole, I was—
CAROLE THERIAULT. wake up!
GRAHAM CLULEY. I was just thinking, from the optimism of David's pick of the week to the doom and gloom of yours, maybe, maybe, maybe we should reorder and put me first so that people can cheer up afterwards.
CAROLE THERIAULT. Anyway, it's apt, it's deep, it's interesting, it And I learned stuff listening to it. So I recommend that people give it a listen or actually have a watch. I'll put the links in the show notes. You can find it on YouTube or in your favorite podcast app.
GRAHAM CLULEY. Sounds great. I think Edward Snowden's quite an interesting chap. He is. And I think he expresses himself often quite well.
CAROLE THERIAULT. He talked at one point about how he laments the use of the old phones because the old phones you could always take the battery out. Right? And new phones you can't.
GRAHAM CLULEY. You can in some cases. Well, not in your iPhones, but in some of your Androids you can, I think. Is that right, David? You're our mobile expert.
DAVID MCCLELLAND. Yeah, not so much anymore. It used to be the case, but since they've become more water resistant, they need to be more sealed units. So yeah, it's more and more difficult to find a phone that you can take the battery out of now.
CAROLE THERIAULT. I mean, who doesn't use a phone in the bath, right?
GRAHAM CLULEY. Well, on that cheery note and that delightful image, Carole Theriault on the phone in the bath, hopefully lots of bubbles. We've just about wrapped it up. David, I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
DAVID MCCLELLAND. It is probably on Twitter @DavidMcClelland, all the C's, all the L's, with a couple of vowels stuck in there for good measure.
GRAHAM CLULEY. And you can follow us on Twitter @SmashInSecurity, no G, Twitter allows no G, and you can follow the discussions even more on Reddit. Go to smashingsecurity.com/reddit and it'll take you straight to our subreddit.
CAROLE THERIAULT. And once again, thanks to this week's Smashing Security sponsors: Immersive Labs, LastPass, and Code42. Their fantabulous support helps us give you this show for free. And thank you, lovely listeners and supporters, and welcome new Patreon supporters. You too help us make this show for free, available to all those who can't afford to pay. Feel good because you're doing good. Check out smashingsecurity.com for past episodes, sponsorship details, and info on how to get in touch with us.
GRAHAM CLULEY. Until next time, cheerio, bye-bye. Bye bye bye bye bye.
CAROLE THERIAULT. Toodaloo. Did you like my little guilt trip there?
GRAHAM CLULEY. Yes. About the Patreon.
CAROLE THERIAULT. I was just saying, because they do, right? The Patreon supporters help us give the show for free to all those people that can't pay.
GRAHAM CLULEY. Yeah.
DAVID MCCLELLAND. Making me feel guilty now.
CAROLE THERIAULT. Oh, oh, well, David, there's like 10 Davids who are supporting.
GRAHAM CLULEY. Yeah, you could be any of those.
CAROLE THERIAULT. David, you should have just kept quiet there.
GRAHAM CLULEY. Wow, we've got more Davids than any other.
CAROLE THERIAULT. You know what, you don't have to give us money. You give us your time, your love, and your brain, which is worth it.
GRAHAM CLULEY. David, you were top quality tonight, can I say. You were very entertaining. Not only was your pick of the week excellent, but I really enjoyed your story.
CAROLE THERIAULT. Yeah, and you made me look bad.
-- TRANSCRIPT ENDS --