A bad software update causes big headaches for Dutch police, but brings temporary freedom to criminals. SIM swaps are in the news again as fraudsters steal millions. And does your cloud photo storage service have a dirty little secret?
All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Rip Off Britain's David McClelland.
Visit https://www.smashingsecurity.com/128 to check out this episode’s show notes and episode links.
Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.
Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening!
Warning: This podcast may contain nuts, adult themes, and rude language.
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Special Guest: David McClelland.
Sponsored By:
- Gartner: Gartner's Security & Risk Management Summit, running from June 17-20 2019 in National Harbor, Maryland, is the premier cybersecurity conference for CISOs, IT Security & Risk Professionals. Get the latest unbiased research and advice on cyber attacks, and emerging technologies including AI, blockchain, machine-learning and more.
- Visit smashingsecurity.com/gartner to find out more. Smashing Security listeners can save $350 off the standard registration rate by using the code "SMASHING". Promo Code: SMASHING
- Recorded Future: For anyone who is baffled by threat intelligence, and the benefits that it can bring to your company, this is the book for you.
- "The Threat Intelligence Handbook" is an easy-to-read guide will help you understand why threat intelligence is an essential part of every organisation's defence against the latest cyber attacks.
- Download it for free at smashingsecurity.com/intelligence
- LastPass: LastPass Enterprise simplifies password management for companies of every size, with the right tools to secure your business with centralized control of employee passwords and apps.
- But, LastPass isn’t just for enterprises, it’s an equally great solution for business teams, families and single users.
- Go to lastpass.com/smashing to see why LastPass is the trusted enterprise password manager of over 33 thousand businesses.
Links:
- Vote for Smashing Security in the EU Security Blogger Awards
- Software update crashes police ankle monitors in the Netherlands — ZDNet.
- Irishman facing more than 100 years in US prison for alleged $2.5m cryptocurrency fraud — Independent.ie
- U.S. investor awarded $75 million in cryptocurrency crime case — Reuters.
- The SIM Swap Fix That the US Isn't Using — Wired.
- Everalbum Photo Organizing App — YouTube.
- Facial recognition's 'dirty little secret': Millions of online photos scraped without consent — NBC News.
- Everalbum Review — Good Housekeeping.
- OverSimplified — YouTube.
- CGP Grey — YouTube.
- The Difference between the United Kingdom, Great Britain and England Explained — YouTube.
- BBC One - Rip Off Britain, Series 11, Episode 3 — BBC iPlayer.
- All The Stations.
- Get a Spine! — This American Life.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
GRAHAM CLULEY. Newsflash!
CAROLE THERIAULT. Newsflash!
ROBOT. Smashing Security has made it to the finals of the European Security Blogger Awards. If you can be arsed, please go to smashingsecurity.com/vote and vote for your favorite security podcast. Voting closes on the 31st of May, so don't delay or I'll electrocute your eardrums. That's smashingsecurity.com/vote. Now, on with the show. Smashing Security, Episode 128: Shackled Ankles, Photo Scrapes, and SIM Card Swaps with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security, Episode 1000000. It's binary crawl. Episode 128. My name is Graham Cluley.
CAROLE THERIAULT. Thanks for that. I'm Carole Theriault. Mansplaining. Love it.
GRAHAM CLULEY. And we're joined by special guest broadcaster and binary expert and technology guru David McClelland. Hello, David. Hello. Hello.
DAVID MCCLELLAND. How are you doing?
CAROLE THERIAULT. Save me from Graham.
GRAHAM CLULEY. We're doing pretty gorgeous and we've got a fun-packed show ahead of us tonight.
DAVID MCCLELLAND. Well, you know, they do say, you know, speaking of binary There are, there are, oh no, gosh.
GRAHAM CLULEY. 1-0.
DAVID MCCLELLAND. Yes, I was going to go down that joke line, but I realised it doesn't quite sound as good when you say it out loud as it does when you see it written down on paper. Oh, making it up as we go along, folks, making it up.
GRAHAM CLULEY. Things can only get better. Carole, what have we got lined up on the show this week?
CAROLE THERIAULT. Oh, of course, another entertaining and dare I say it, pertinent episode. Of Smashing Security this week, thanks to our sponsors, Gartner, Recorded Future, and LastPass. Now Graham, you plan to prattle about Holland's use of ankle bracelets. David dishes out the dirty on the latest SIM swapping news. And strike a pose, kids, because I'm delving into the world of all things photo storage related, and it ain't pretty. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chaps, chaps, I've got a question for you. And is this— Whoa, whoa, whoa, whoa, whoa, whoa.
CAROLE THERIAULT. Okay, stop, stop.
GRAHAM CLULEY. What?
CAROLE THERIAULT. I have a joke first. Okay, no, I know, I know, I know, I know. But I have a really, really good joke. And if I don't tell it now, I'm gonna forget. And okay, you ready?
GRAHAM CLULEY. Okay, it's a really good joke. Is it? Go on then. Let's hear it.
CAROLE THERIAULT. Hey officer, how did the hackers get away? I don't know. Ransomware.
DAVID MCCLELLAND. Oh gosh.
CAROLE THERIAULT. You're welcome.
DAVID MCCLELLAND. How come I've never heard that before?
CAROLE THERIAULT. Thank you, Reddit.
GRAHAM CLULEY. That's quite good actually, Kroll.
CAROLE THERIAULT. I know. Okay, sorry, that's why I interrupted. Carry on.
GRAHAM CLULEY. Now, David Kroll, have you ever found yourself manacled?
CAROLE THERIAULT. I've manacled other people.
GRAHAM CLULEY. I bet you have. Have you ever been shackled, handcuffed to a midget on a stag weekend in Lithuania, David? Anything like that? Maybe you don't want to say too much. It's nothing to be ashamed of.
CAROLE THERIAULT. In this era of Fifty Shades of Grey, Don't give that piece of schlock an era title.
GRAHAM CLULEY. God.
CAROLE THERIAULT. Okay, carry on.
GRAHAM CLULEY. I've done my research into Fifty Shades of Grey, and it turns out it's not unusual for people to practice their reef knots, pop down the hardware store to pick up some cable ties and masking tape. This is what they're all up to these days. It was never like this when I was courting. It was all about milkshakes and going to the malt bar and mini golf and cucumber sandwiches. It was all an era of innocence back in my day, but the youngsters today are up to all kinds of kinky stuff, and maybe some of our listeners are as well. We're not going to judge. We're not the judging kind, right? We're not going to do that.
CAROLE THERIAULT. Well, yeah, you certainly aren't. You're woke, right?
GRAHAM CLULEY. Absolutely. The world of lust and perversion may have passed me by, and that means that, you know, the best chance I have of feeling hard steel clamped around my extremities is if I get arrested one day, right? And that's the point of my story in today's podcast, because we are going to return to the land of the Dutch.
CAROLE THERIAULT. This is podjacking, isn't it? That's what you've just done.
GRAHAM CLULEY. Now, do you remember last week we talked about those chaps in Dutchland?
CAROLE THERIAULT. Yeah, so cool.
GRAHAM CLULEY. I love the Dutch. I do love the Dutch. And they seem to be becoming a regular feature of our show because, well, it turns out that they've been up to something again. From time to time, even in the free and easy Netherlands, police have reason to trouble criminals with a kindly reminder to behave themselves. Or if that doesn't work, because they're quite tough on law and order over there, they may force them to wear an ankle bracelet, which can monitor their movements. You know these kind of things, Carole? David, have you seen these?
CAROLE THERIAULT. Yeah, I think everyone in the universe knows what you're talking about.
GRAHAM CLULEY. Yeah, I'm not talking about Fitbits. These, if that's— Right? It's not one of those.
CAROLE THERIAULT. Funny. Well, it is. It is.
GRAHAM CLULEY. Well, maybe, but I mean, these are worn by people who are under house arrest or on parole, and it's sending a radio frequency signal containing their location back to HQ, right? And if an offender moves outside of their allowed geofence. It goes, "Brrp, brrp, brrp, brrp, brrp." Right? And the police get notified.
CAROLE THERIAULT. Or if they try and tamper with it or saw through it with a little hacksaw, it goes, "Brrp, brrp, brrp, brrp, brrp." Wouldn't it be better just to have like little mini spikes on the inside of the ankle bracelet that if they started screwing around, they would just start digging in slowly into the flesh?
GRAHAM CLULEY. This isn't Myanmar, Carole. You can't do things like that. Especially not in Netherlands.
CAROLE THERIAULT. Just thinking, you know. It's a police resource being wasted.
GRAHAM CLULEY. You're going back to a Fifty Shades of Grey, I think. That's the sort of thing they might want to do over there. Anyway, right. So have you ever considered what might happen if that monitoring technology goes a bit wonky?
DAVID MCCLELLAND. Oh.
GRAHAM CLULEY. What the impact may be on the criminals themselves?
CAROLE THERIAULT. No.
GRAHAM CLULEY. Guess what? It's just happened. Just happened. Dutch police. There was a Duff software update pushed out and it crashed hundreds of these devices. They were monitoring something like 750 people in the Netherlands.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. With these ankle monitoring devices, and they all kind of went—
DAVID MCCLELLAND. Thank goodness that none of them had Carole's spikes on there. Otherwise, that would have been pretty painful for a lot of criminals.
GRAHAM CLULEY. Goodness me.
CAROLE THERIAULT. Poor little criminal.
GRAHAM CLULEY. So according to the Dutch government, this disruption occurred and the signals weren't being received from the ankle bands last week.
CAROLE THERIAULT. So does that mean criminal could just go, okay, I can get out of my whatever, my limited geolocation pen?
GRAHAM CLULEY. Yeah, exactly. They could get outside of their sort of allowed area. They could, hey, hey, you know, even though it's 9 PM at night, I can go down the the Aldi or the Lidl or supermarket.
DAVID MCCLELLAND. I can't do anything.
GRAHAM CLULEY. Or I could go to the dodgy end of town, or I could go and visit those people I'm not supposed to visit, maybe intimidate some witnesses. You know, it's quite serious.
DAVID MCCLELLAND. But did they even know that their ankle bracelets had broken?
GRAHAM CLULEY. Well, I suppose word must have got round because the way in which the police responded to this was that they began to ring up criminals or began to ring up people who were wearing these things and made house visits and said, hey, look, we just want to make 'You're behaving yourselves and you stay inside your house.' Some people— 'Slime the Dutch.' Some people were actually preemptively arrested and jailed. They were rounded up by the authorities, the most high-risk suspects. So word must have got round that maybe these things weren't working. But I say, it's no laughing matter, really, especially for those who may have been fearful that someone who committed a crime against them may have not been monitored by the authorities.
CAROLE THERIAULT. I have a question.
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. Did the authorities let the residents know that basically there were some criminals that were not being monitored?
GRAHAM CLULEY. Yes. In fact, local media reported, "Schlagthoffers en neistabberbaren worden, ze schnell mojiglijk againvermerd," was actually what— sorry. Well, as our Dutch listener base knows, that is me explaining that people who have been victims of crime and people who were witnesses in cases were told that unfortunately the people we're monitoring, we're not currently monitoring. So, you know, keep away from your windows or keep your head down.
CAROLE THERIAULT. Yeah, think Mad Max, go nuts, guys.
GRAHAM CLULEY. Well, fortunately they did manage to fix the problem within about 24 hours. But astonishingly, this isn't the first time that the Dutch authorities have been caught with their clogs off over their ankle monitoring system.
CAROLE THERIAULT. That's a stupidly long time, 24 hours, do you not think?
GRAHAM CLULEY. Well, I don't know the exact— I'm just saying roughly cruel, but I mean, the thing was there was some sort of outage of the mobile phone system. These things are operating over the GSM network. And I suppose it's a bit like if here in the UK, for instance, was it T-Mobile or Orange or Vodafone or one of those anyway? They went out, didn't they, for about a day and a half?
DAVID MCCLELLAND. Yeah, I think it was O2 a little while ago as well.
GRAHAM CLULEY. I named everyone else. Okay, so maybe it was O2. Hey. You know, we get our facts straight here. But the impact was a bit like Mad Max, wasn't it, Kroll? It was a bit beyond the Thunderdome because people could not cope anymore because I don't have a data connection or I can't communicate with my family. Not the first time this has happened in the Netherlands. Last August, something similar happened. There was a widespread outage of the Dutch mobile phone network. Over half of the suspects the Ministry of Justice were monitoring at the time went dark. And so they didn't know where they were or what they were up to.
CAROLE THERIAULT. It's an interesting thing though, isn't it? Because you kind of want people out of jail. So electronic monitoring seems like a great way to be able to reduce costs, but also give people some kind of limitations on their freedoms. But not if it doesn't work.
GRAHAM CLULEY. I mean, what used to happen before all these technologies? Was there just like a really long rubber band or something that they would tie around people's ankles and so you couldn't get too far away from them?
CAROLE THERIAULT. Yes, that's exactly what they did.
GRAHAM CLULEY. Is it? Exactly, yes, yes.
CAROLE THERIAULT. You're so smart, Graham. Thank you very much.
DAVID MCCLELLAND. But I guess the other worrying thing here is that by the looks of it, all of this was caused by a dodgy software update. You know, it's as though once again someone's rolled out a new software patch to, you know, hundreds, thousands, whatever of devices, and somehow the testing just hasn't worked properly. So again, that's the thing that needs to be sorted out. I get that we can leverage technology to, you know, civil liberties, whatever you want to call it. But if you don't test it, then this stuff is gonna happen. That's the thing that's particularly upsetting here for me.
GRAHAM CLULEY. Right, so maybe if you're going to push out an update to the sort of ankle monitoring systems, for instance, don't send it out to everyone. Maybe you have a subset of less criminal people, people who've been jaywalking, people who, I don't know, didn't tip at the barbers. And those people— you wouldn't have a crime like that though in the Netherlands, would you? But you need to find some sort of lesser crime, try it with them first of all, and if they have a problem with them, don't roll it out to absolutely everybody.
CAROLE THERIAULT. Yeah, maybe the Dutch police could just kind of walk in and whoever the provider of this said, you know, technology is go, dudes, we're the police. We really need to up our game. You know, I think I'd pay attention.
GRAHAM CLULEY. Yes. Well, remember, it is Holland as well. So I mean, they are—
CAROLE THERIAULT. What, they just go out for a spliff afterwards?
GRAHAM CLULEY. They're just going to be quite relaxed, I think, for a moment.
DAVID MCCLELLAND. All of these stereotypes about the Dutch. I used to live in Amsterdam. Oh, interesting. 10, 11 years ago now. Yes, I was working out there and learnt as much of the language as I possibly could and really, really enjoyed it, you know, from a linguistic point of view, you know what I mean? I love my languages. Halfway between German and— obviously geographically halfway between German and English, but as soon as you kind of get out of the way of all the J's then, and a lot of K's there as well, as soon as you get those out of your head and learn, it just makes sense. The language is beautiful to speak. It doesn't really sound it necessarily, but as soon as you kind of get under the skin of it, I loved it.
CAROLE THERIAULT. Ooh, you see, Graham, that's what it really sounds like.
GRAHAM CLULEY. He should have done this story rather than me, shouldn't he?
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. David, what's your story for us this week?
DAVID MCCLELLAND. What do SIM cards and bitcoin have in common, Graham and Carole?
GRAHAM CLULEY. An I? Two syllables.
DAVID MCCLELLAND. Okay, okay. Let me enlighten you. So, first of all, Two-factor or multifactor authentication. I think we can all agree that in principle, that's a good thing.
CAROLE THERIAULT. Check.
DAVID MCCLELLAND. Exactly. Now, traditionally, sending a text message to a phone has been one of the more popular ways of doing this. And the logic being that if a scammer did manage to brute force, socially engineer, or otherwise get hold of potential victim's username and password, it's unlikely they'd have visibility of the victim's smartphone too. So that's why we've seen a number of service providers over the years, haven't we? Banks, financial services, warn enforcing this, relying on this to an extent to confirm logins or new payees or even password resets. Because text messages, mobile phones, they're infallible, right? Well, yeah, no, of course not. And this is where so-called SIM swap fraud is. It's really quite clever, I guess, inasmuch as our friends the fraudsters manage to hijack a victim's mobile phone number. And to do this, they pull a social engineering coup.
GRAHAM CLULEY. Woo!
DAVID MCCLELLAND. But not on the victim themselves, but on the mobile operator, and they call up the mobile network, pretend to be the victim, and they tell a story about how they've lost their phone or their SIM's got damaged, but it's okay because they've picked up another SIM, and could you just port that number onto my new SIM so I can get on with my life?
GRAHAM CLULEY. Shall we roleplay that? Shall we have a go at that and see how well it works? So, Kroll, would you be the mobile phone operator?
CAROLE THERIAULT. Absolutely.
GRAHAM CLULEY. Hi there. Please call. And I'll be— David, would you like to be the fraudster, or shall I be the fraudster?
DAVID MCCLELLAND. Oh no, no, no, you be the fraudster.
GRAHAM CLULEY. All right. Okay. Okay. So, Carole, pick up the phone.
CAROLE THERIAULT. Normally it takes about 4 hours before he fucking picks up. Yeah, I'm giving you the hold music. Hello, you've reached Carole Theriault at company. How can I help you?
GRAHAM CLULEY. Oh, hello, Carole. It's George Clooney here. You may have seen me in television programmes such as ER. Now, I've lost my phone. I've had it stolen.
CAROLE THERIAULT. Oh, Georgie!
GRAHAM CLULEY. Yeah, and it's a bit of a nuisance, to be honest. I've got a new phone with a new SIM, but what I really need, you see, is I need my number switched over, because everyone's trying to contact me, and so they want to have a word with me. So can we switch over my old number to this number, please?
CAROLE THERIAULT. We would need to answer a few security questions before we do that, I'm afraid.
GRAHAM CLULEY. Go ahead, go ahead, no problems at all.
CAROLE THERIAULT. "First off, can you give me the name of your pet?" "Yes, I can. Tiddles?" "Correct, correct. It is Tiddles. No problem. Here you are. You have a new number. Thank you very much." "Thank you very much.
GRAHAM CLULEY. And thank you, Wikipedia, as well, for giving me the information." And that's exactly how it works, people.
DAVID MCCLELLAND. Now, the first thing that George Clooney would know about this is when his phone doesn't work. Picks up his phone in the morning and it just says no service. And if you're anything like me, you'll just put it down to a dodgy network, you might eventually reboot your phone, wait a bit longer before—
CAROLE THERIAULT. I'd go back to bed being like, hallelujah.
DAVID MCCLELLAND. Exactly, before you drum up the mental strength to get onto the phone, probably speaking to the bozo who's just given your phone number away to somebody else. And all that time, the fraudsters have done their work and they are long, long gone. Now, this isn't new for many of us. And I first came across this, what, 3 or so years ago when it started to become fairly mainstream in the UK. Quite a big problem in the United States. Speaking of which, We've learned a little bit more in the last week or so about who it is who's been perpetrating these SIM swap frauds and what they've been doing them for, allegedly. I should stick allegedly in there somewhere. And so some of the sums of money that are involved as well.
GRAHAM CLULEY. And the way in which they make this comes back to this issue of password resets and websites and services which use your mobile phone as a form of authentication. The point is, once they've grabbed the phone number off someone else, they get your texts rather rather than you getting them. So they're able to get those magic numbers which help them into a site.
CAROLE THERIAULT. It's almost like they are now in charge of getting the two-factor authentication.
DAVID MCCLELLAND. Exactly. And that's exactly what has been happening here. So there's been a couple of cases that have kind of risen to the top at the same time. Uh, one of them, there's a hacking group known as The Community that has been outed, and one of the suspects, um, is this 20-year-old Irish dude who was arrested last week, I think, who, if he's found guilty, could face 100 years in jail for stealing around $2.5 million worth of bitcoin. How did they steal it? Yeah, SIM swap fraud, targeting victims, assuming their mobile identity, and resetting their crypto wallet passwords. And other members of that community also include three former employees of mobile phone providers.
CAROLE THERIAULT. No way!
DAVID MCCLELLAND. Inside job, people.
CAROLE THERIAULT. Juicy, juicy.
DAVID MCCLELLAND. Inside job, yeah. But the numbers get bigger because also last week, in a separate case, entrepreneur and bitcoin investor was awarded a payout in the region of $75 million.
CAROLE THERIAULT. Unbelievable.
DAVID MCCLELLAND. I know, from a so-called bitcoin bandit. Him and his team stole $24 million worth of cryptocurrency. Obviously, the value of that particular cryptocurrency's inflated somewhat between the theft and the award. They don't actually say whether that cryptocurrency was bitcoin or not, I noted. But yes, so it's New Yorker Nicholas Trulia who has to pay compensation and punitive damages, according to Reuters. And the investor victim was Michael Terpin. And again, it was SIM swapping. They SIM swapped their way to that small fortune. But also, interestingly, the victim here, Michael Terpin, is launching a case to sue the mobile network AT&T for a whopping $224 million for gross negligence.
CAROLE THERIAULT. It's just ridiculous. It's like the guy I was talking a few weeks ago, the guy was suing Apple for a billion dollars. It's just, ah, it's such a joke.
GRAHAM CLULEY. Carole, what's your story for us this week?
CAROLE THERIAULT. How do you guys store photos? Like, do you use photo storage apps or anything like that?
DAVID MCCLELLAND. I do a few different things, but I must admit, I do use one very convenient cloud storage option.
CAROLE THERIAULT. You have a cloud storage option for your photos? I do too. Graham?
GRAHAM CLULEY. Yeah, we, we have an Amazon Prime account and that comes with something called Amazon Photos and I think they, they get uploaded to there.
CAROLE THERIAULT. There's a lot of big ones. There's like Google Drive, there's Microsoft OneDrive, there's Dropbox, all these. And but there's also a few smaller players, right, that provide additional services that go maybe above and beyond what you can get with these big players. And we're going to focus on one of these photo cloud storage players, one called EverAlb. Now I would like us to pretend that this is an app that has been recommended to us by a new Smashing Security listener. And let's say we mentioned the show that we were looking for a photo storage solution and they said, hey, check out EverAlbum, it's so great, it's so great. Let's say this just happened. Do you go and install it right away? This is a free app, so there's no money having to be exchanged.
GRAHAM CLULEY. It's been recommended by one of our listeners. I inherently trust them though, because they've already shown great quality, great taste.
CAROLE THERIAULT. Actually, I'm really hoping that Dave's a little bit more skeptical about doing that. Bit of digging. Where would you start in that situation? So you might kind of, I don't know, start at the website, just check out their webpage and see what they do. What is it? And, you know, it would say it helps you capture and rediscover your life's memories. And you're kind of thinking, okay, marketing spiel, right? And then you're kind of reading down and you kind of go, oh, it frees up space on my device by removing photos from your camera roll. And you're like, okay, that's cool.
GRAHAM CLULEY. That's cool.
CAROLE THERIAULT. And then you go, it also can grab pictures from all your feeds and store them in one container. You know, if you're on WhatsApp or Instagram, or if you're on, you know, your iMessage or whatever the equivalent of Android is.
GRAHAM CLULEY. Oh, I see. So if you're putting up photos on Facebook, for instance, they will also be backed up to EverAlbum.
CAROLE THERIAULT. Exactly, right? So all your pictures get up there and it's great for you as a user, they say, because, you know, all your stuff's in one place. Because I do find that annoying. There's pictures all over the place and they're not always, you know.
GRAHAM CLULEY. How much do you have to pay for this?
CAROLE THERIAULT. Free. Oh, it's free.
GRAHAM CLULEY. It's completely free. Excellent, excellent. I'm totally, totally convinced now that this is going to be a porn.
CAROLE THERIAULT. And they say things like high-resolution photo storage, get your space back, um, share your best moments. You can share photos and stuff with people. And they say secure and private backup, right? Your photos— quote— your photos are always private until you decide to share. Add an extra level of security with Touch ID protection. Okay, so So, so right now, so you're seeing that again, this is all what they are saying about themselves. That's what I'd be thinking at this stage, right? I'd be like, well, what other people say? What, what are third parties say? And you can see on the site that App Annie says one of the fastest growing photo apps worldwide in 2016. And Wired says ever a challenge to Google and Dropbox for storing photos online. Next Web bringing the emotion back to photos. So you're kind of thinking, okay.
GRAHAM CLULEY. I'm always nervous of quotes like this. It's a bit like the quotes which you see on the front of books or outside West End shows where it says, "A marvel," it says, and they leave out the word "hardly" in front of it.
CAROLE THERIAULT. Exactly, because it's on their website, right?
DAVID MCCLELLAND. Right. And heaven forbid that some journalists write those quotes just so that their own names get emblazoned on the front of, you know, books and posters and so on. That would never happen to a legitimate, you know, responsible journalist.
CAROLE THERIAULT. Stop jesting. Yeah, so at this point I might, I don't know about you guys, but I might go to the, you know, the Apple or the Android store just to see how the, you know, what people say about the app, how many ratings it has, that kind of thing, right? And say you saw 6,000 ratings and they had 4.5 out of 5 stars. Typical review would be like, digging it, I honestly love this app and literally use it repeatedly throughout each and every day.
GRAHAM CLULEY. Yeah, people are going to find that reassuring. Right?
CAROLE THERIAULT. And so you're thinking, oh, would you install at this point? You've already installed, Graham. But Dave, would you— David, would you install at this point or?
DAVID MCCLELLAND. Well, I mean, apart from the fact that it's free, I'm just trying to think about what the red flags are here. I mean, clearly you've read the terms of service. You've been through those with a fine-tooth comb to make sure that you understand exactly what it is they're going to be doing with all of these photos. And if there's nothing naughty there, then yeah, you know, maybe it's good.
CAROLE THERIAULT. And until April 15th, you would have read that terms and conditions and thought, OK, I'm pretty cool with this. You might even have done some digging elsewhere and gone to Good Housekeeping, who gave it 4 out of 5 stars, or TechCrunch that said it was amazing. Right?
GRAHAM CLULEY. Good Housekeeping.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. I know. Get all your recommendations. Trust me.
DAVID MCCLELLAND. Their tech section's great, Graham. You should try it.
CAROLE THERIAULT. I think it's a trusted household brand. I think consumers would trust something like Good Housekeeping. I do.
DAVID MCCLELLAND. All right.
CAROLE THERIAULT. And then Gizmodo. So for people like you, Gizmodo said, listed it as one of the best photo album apps you've probably never heard of, right? As a kind of cool hipster app.
GRAHAM CLULEY. The fact that it's free isn't necessarily a bad thing because of course—
CAROLE THERIAULT. There's in-purchase things.
GRAHAM CLULEY. Yeah, exactly. Because there may be sort of professional tiers where you pay or something for more features, you know, and little crowns. I don't know what the feature would be, but it might be there's something which they're offering, which they say, look, you can do this, or you can print off albums or create collages of your pictures, but you have to have a silver membership to do that. So it's not necessarily a bad thing because there might be some kind of upsell. Carole, I have to say that if your answer is yes, we should feel comfortable installing this, this is possibly the dullest and weakest security you have ever brought to our podcast of 128 episodes, and that's saying something.
CAROLE THERIAULT. So back in your box, okay? Because just last week, MSNBC News delivered what I feel is an incredibly scoopy story.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. All about EverAlbum. And what they were really up to with all our photos, all 13, get this, 13 billion of them that they've collected from millions and millions of users.
DAVID MCCLELLAND. That's a lot of selfies, isn't it? Goodness me.
CAROLE THERIAULT. What MSNBC's investigation team uncovered is that the photos people were sharing were being and are being used to train the company's facial recognition system, and that Ever then touts this technology to private companies like law enforcement and the military.
GRAHAM CLULEY. Security.
CAROLE THERIAULT. So in other words, what began in 2013 as another cloud storage app has pivoted towards a much, much, much more lucrative business known as EverAI for artificial intelligence. And the clincher is all without telling the millions of users who own the copyright to all those photos.
GRAHAM CLULEY. Yes. Well, that would have ruined their business model, wouldn't it? Telling people that's what they were going to do with it. But you can't tell someone you're stealing from them.
CAROLE THERIAULT. That would defeat the purpose.
GRAHAM CLULEY. Especially when they'd already taken all the photographs and they said, oh, okay, although we've got these under the auspices of just being all friendly photo storage and all the rest of it, we're not going to tell the people that all those photos you've given us in the past, we're going to use those for facial recognition as well.
CAROLE THERIAULT. Yeah, Jake, uh, Jacob Snow, a civil liberties attorney, said they are taking images of people's families' photos from a private photo app and using it to build surveillance technology. Hugely concerning, he says. Now let's be clear, they are not being accused of sharing these photos with third parties. Rather, the billions of images that are, are being used to instruct an algorithm on how to identify faces. And every time an Ever user enables facial recognition, which is a feature in the app, and they enable that on their phones to group together images from disparate apps and technologies and services, Ever's facial recognition technology learns from the matches and trains. And that knowledge powers the company's commercial facial recognition products. So my question is, is this cool or not? What do you think, boys?
GRAHAM CLULEY. Well, I think they've been a bit wimpy. I don't know why they've stopped at this. Why haven't they taken people's photographs and begun to plaster them all over lunchboxes? Why don't they be, you know, there's a million ways in which they could exploit these photographs and this data if they wanted, just doing facial recognition. Where's their American entrepreneurial Spirit A, the swine. So what a ghastly, dastardly thing to do.
CAROLE THERIAULT. Yeah, I don't want to sound all conspiracy, but I'm willing to bet there's more than a smattering of startups out there and app firms that are touting for our attention today and are doing exactly, or something very similar to this. And they're doing it without our knowledge and consent because there's not enough liability laws in this space to help control this kind of behavior. Fear.
DAVID MCCLELLAND. Well, you mentioned tech startups. It's not just the tech startups that have been doing some interesting things in this area as well. So NBC and the amazing Olivia Solon, I think it was back in March, wasn't it? Yes. So they did an exposé on something that IBM has been doing with its facial recognition AI, where it's been taking a look at faces that are in the public domain, specifically from Flickr, photo sharing site ex of Yahoo, Flickr. And it's been basically taking a lot of the photos that were uploaded there under Creative Commons licenses, license terms, which in theory means that people are able to download them and start using them. But, and I think this is the thing, that the people who were uploading those images to Flickr didn't realize that their faces or the images they were uploading of their friends, family, whatever, would be used specifically for research purposes and for developing an even stronger AI for IBM. For IBM's Watson system. And, you know, there is now a way that photographers can request their images be removed from IBM's facial recognition AI system. So it's not just the startups, it's the big players that are in this as well, and they will get their hands on whatever dataset they can legitimately or illegitimately use to try and beef up their bots' brains.
CAROLE THERIAULT. Yeah, and that's really interesting because I'm just thinking actually while you were saying that, that from what I read, EverAlbum changed their privacy policies based on this MSNBC, you know, working on the story. So they did this prior to it and updated their privacy policy. I think it was April 15th, if I remember correctly. And I just wonder how that GDPR, that old favorite, how that applies because obviously a face, whether there's your names associated to it or not, it's obviously a pretty big identifier of who you are. So is your face anonymous? Or not. It was an interesting question. Anyway, we're going to see a lot more of this crop up as we descend into the stinky bowels of all things digital and technology. So watch this space. Clunk flush.
GRAHAM CLULEY. Descend into the stinky bowels. Clunk flush. Thank you, Carole Theriault. Excellent. Oh, I think we need a little refresh now, don't we? Need something just to cleanse the palate a little bit. Something like a sponsor break. If you're baffled by threat intelligence and how it might be able to help secure your company, the Threat Intelligence Handbook from Recorded Future is the book for you. It'll tell you what threat intelligence is and what it isn't, and you'll learn how other firms are applying threat intelligence inside their organizations. Grab it now for free at smashingsecurity.com/intelligence.
CAROLE THERIAULT. We are also sponsored this week by our friends at LastPass. Now, Graham, isn't it something like 90% of security breaches involve a stolen password or a poor password?
GRAHAM CLULEY. Yeah, stolen passwords, poorly chosen passwords, reused passwords. Passwords are really sort of the hinge pin of so many security attacks which happen, which means that you probably want an enterprise password manager like the one offered by LastPass.
CAROLE THERIAULT. Listeners can learn all about LastPass Enterprise at lastpass.com/smashingsecurity. Smashing Security.
GRAHAM CLULEY. You don't have to say forward slash, by the way, Kian, just say slash, just so you know.
CAROLE THERIAULT. And last but not least, we are supported this week by Gartner. Gartner is the world leading research and advisory company, and they are having a big event.
GRAHAM CLULEY. It's massivo, I'll tell you. All of the big security vendors are gonna be there. They're gonna be talking about cyberattacks, artificial intelligence, blockchain, machine learning, and much more. It's all taking place between June 17th and 19th. 19th at the Gaylord National Convention Center in National Harbor, Maryland. So I'd really recommend that if you are a CISO, IT security and risk professional, you probably want to go to the Gartner Security and Risk Management Summit.
CAROLE THERIAULT. And listen up, listeners, you can receive $350 off the registration fee by using the code SMASHING with a G. To learn more, visit smashingsecurity.com/gartner.
GRAHAM CLULEY. And welcome back. Can you join us on our favorite part of the show, the part of the show that we like cool. Pick of the Week.
CAROLE THERIAULT. Pick of the Week.
DAVID MCCLELLAND. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security-related necessarily.
CAROLE THERIAULT. Should never be.
GRAHAM CLULEY. And my Pick of the Week this week is not security-related.
CAROLE THERIAULT. Good.
GRAHAM CLULEY. Now, my son Yes, well, my son, he's a young lad, and like every other young lad, he's rather addicted to screens, and I'm trying to manage that with some success sometimes and disastrous consequences other times. But one of the things which I found him watching is a YouTube channel which I actually approve of, which is not true of most of the YouTube channels he watches. They're mostly full of cretins with purple hair and screaming all the time, getting very excited, lots of fast editing. I'm just like, oh, this is horrible and ghastly. But what is wonderful is a YouTube channel called Oversimplified, and the person behind Oversimplified— yeah, well, as a fellow artist, now I was about to say, Carole, because his artwork does remind me of another celebrated artist who has exhibited recently at the Oxford Art Week. Yes, we just finished. It is a stick figure kind of artwork work. And what he does is he will take something from history and he will explain it in a fashion which is both understood by an 8-year-old boy and his middle-aged father. Brilliant! I love this. It is wonderful and it's entertaining and it's educational. And so my son will be sat there eating his cornflakes in the morning and he will be watching videos about the Cold War. Or World War II.
CAROLE THERIAULT. Or the Emu War.
GRAHAM CLULEY. Or the Emu War. I haven't watched that one yet. I don't know about that. Um, and American Revolution is there. Yeah. Yes.
DAVID MCCLELLAND. Yes.
GRAHAM CLULEY. He's watched that one. In the space of 10 or 15 minutes, he's suddenly become an expert in these things. And they're, it's very family friendly. Uh, it's amusing, but it, it really, and it's absolutely ignited this love of history within him. And he finds them both amusing.
CAROLE THERIAULT. Oh, listen to the proud dad in Graham.
GRAHAM CLULEY. It's nice. It's nice. There you go.
CAROLE THERIAULT. There you go.
GRAHAM CLULEY. So my pick of the week is the Oversimplified channel on YouTube, and we will include a link in the show notes. If you go to smashingsecurity.com on each episode, you will find our show notes there if they're not displayed properly inside your podcast app. Oversimplified on YouTube.
DAVID MCCLELLAND. And looking at these videos on here, there aren't that many of them. What are there, about 15 or so there? Probably less than that. But I can tell from the animation that a lot of care goes into creating these.
GRAHAM CLULEY. Oh yes.
DAVID MCCLELLAND. And there's another edutuber, CGP Grey, who I'm sure many people have come across before. He's great. And I follow another podcast called Cortex that he works on with Mike. And yeah, hearing the stories of how much research goes into the creating of these and making sure that the scripts are absolutely correct before you get anywhere near the animation, it's very easy to dismiss cartoony-type educational videos on YouTube. A, because they're on YouTube. B, because they're, you know, cartoon animation, whatever. But actually, if what I think from what you're saying and what I get from similar channels is true, then actually these are priceless. So yeah, I'll certainly be taking a look through these myself.
CAROLE THERIAULT. Let's put David's suggestions in these notes as well.
GRAHAM CLULEY. Yes, CJ P Grey, that's his name, isn't it?
DAVID MCCLELLAND. CJ P Grey, yes.
GRAHAM CLULEY. Yes, with Mike Hurley. He does the Cortex podcast, which is good stuff. I think he did the video about the difference between England, the United Kingdom, and Great Britain, which I remember got lots of—
DAVID MCCLELLAND. Yes, he did.
GRAHAM CLULEY. Lots and lots of views. You know, something even us people who live in the UK, we really struggle to answer those questions.
DAVID MCCLELLAND. What is the difference?
GRAHAM CLULEY. I can't tell. British Isles, who knows? David, what's your pick of the week?
DAVID MCCLELLAND. Well, I guess I'm going to cheat a little bit in the means of self-promotion and say that BBC Rip Off Britain is on television at the moment. This is a series that I've been working on since 2012. LastPass 12 as their tech face. And I know we're not meant to be talking about security-related things, but there are a few security stories that I've been covering this series, including things along the lines of Facebook and how some fraudsters are copying Facebook pages and how, as consumers, you can tell the difference between a business's genuine Facebook page and a fraudster's copycat version of them. And obviously, there can be some pretty big money that gets lost as a result of that. And also this scam called brushing, which, if you haven't come across it before. It's quite counterintuitive. Well, it is. Let's say that you order stuff from Amazon, and then all of a sudden you start getting stuff arriving on your doorstep that you haven't ordered. And you're thinking, "What on earth is all this about?" And you're thinking, "Well, do I send it back to Amazon, or do I keep it?" And then more and more and more stuff starts to arrive. Now, you are a "victim," in inverted commas, of a brushing scam. It doesn't sound too bad because you're receiving free stuff on the face of it. But what's actually happening there is that it's all about gaming the online review systems. And, you know, in a marketplace where there's lots and lots of traders selling fairly similar things, it's those who shout loudest or have the most 5-star reviews and glowing reviews that tend to go to the top of the pile and make the most sales. So the long and short of it is this is a way of getting verified purchase reviews. These items have been, in theory, fraudulently bought, fake purchases, but they're verified purchases. They just send them out to random people, let's face it, and then post glowing reviews of them, those glowing reviews force those items through to the top of the searches on Amazon or other marketplaces as well.
CAROLE THERIAULT. I give up.
DAVID MCCLELLAND. I know, it's crazy.
CAROLE THERIAULT. It's just so gross. Everything's so gross.
GRAHAM CLULEY. I think something like this has been happening at my house because we get regular deliveries from Amazon, which are a complete mystery to me. But it's like 4 times a day someone comes along delivering a parcel or something. I'll have to speak to my wife to find out if that's—
DAVID MCCLELLAND. Anyway, so that's not really my pick of the week. Oh, okay.
GRAHAM CLULEY. Right. Right.
DAVID MCCLELLAND. My real pick of the week, I guess, is— so I have a friend called Geoff, and a couple of years ago he traveled around the UK visiting every single train station, or 2,563 railway stations in Great Britain.
CAROLE THERIAULT. Okay.
DAVID MCCLELLAND. And this was part of a big Kickstarter campaign, and he made videos on all of them. This sounds like Trainspotting stuff, but it's not.
GRAHAM CLULEY. I've watched a lot of these. Is it Geoff Marshall?
DAVID MCCLELLAND. It is Geoff Marshall. Indeed.
GRAHAM CLULEY. He's your cohort on the podcast you used to do, and maybe hopefully will come back, Fraculous.
DAVID MCCLELLAND. Indeed, of course he is, yes.
GRAHAM CLULEY. And he's a complete train nutter, isn't he?
DAVID MCCLELLAND. He's a complete train nutter. He's obsessed with the underground to the extent that he's held the world record for what's called the London Tube Challenge. And this is where you have to visit every station on the London Underground in a shorter amount of time as possible. And it's no mean feat, but let me tell you, it's very, very competitive.
CAROLE THERIAULT. How long did it take It would take half a day.
DAVID MCCLELLAND. I think it's, off the top of my head, 16 hours or something like that. So literally, you are catching the first tube.
GRAHAM CLULEY. Carole, seriously, this is brilliant. You've got to look up this guy on YouTube.
CAROLE THERIAULT. And listeners should too.
GRAHAM CLULEY. Yeah, absolutely, because it's very interesting. I mean, I'm not into trains, but I have been quite obsessed in my time with some of Geoff's videos. They're really enjoyable.
DAVID MCCLELLAND. So a couple of years ago, he travelled around to all 2,563 railway stations in Great Britain along with his his now wife, Vicky. And this year he visited—
GRAHAM CLULEY. What a woman!
DAVID MCCLELLAND. She's great. So let me just say that—
GRAHAM CLULEY. She must be.
DAVID MCCLELLAND. While Geoff goes away and does train stuff, she goes exploring. You know, they get off in all the various towns and she'll find the local castle or whatever it is, and/or local beauty spot, and she'll tell some terrific history stories about that. It's very engaging viewing. They're both lovely, lovely people. I love them to bits. And This year they went and did the same thing, but in Ireland. They visited all— hang on, let me get this right— 198 stations in Ireland and Northern Ireland. And once again, they did a Kickstarter campaign, and people are very, very happy to donate to this. And a load of videos came out as a result of it. Very, very different to the UK inasmuch as they're visiting stations that— obviously I'm talking to viewers or listeners to Smashing Security around the UK. They're stations you may be familiar with. In Ireland, it's a different country, different culture in many ways. And you learn so much about the history of a culture and its people through how they get to work, through how they travel from place to place. And these historical train stations are fascinating.
CAROLE THERIAULT. If you watch A to Z, all the movies and shows he's put out, would you see every single station that's in Ireland and Northern Ireland.
DAVID MCCLELLAND. Yes, indeed. He's managed to get a video tag of every single station.
CAROLE THERIAULT. So, he would have Coleraine train station, where I spent many, many a night trying to get into a town to go into a club.
DAVID MCCLELLAND. Yes, I remember it well.
CAROLE THERIAULT. I will locate that.
GRAHAM CLULEY. I don't think he's put all the videos online just yet. I'm just looking at the website. Looks like Northern Ireland main may not have been updated all the videos yet, but he's obviously been to all of them and taken videos.
CAROLE THERIAULT. Yeah, look forward to seeing that.
GRAHAM CLULEY. He's a serious chap. I mean, you know, this was Kickstarted. It's going to be the business, right?
DAVID MCCLELLAND. Yes. And he also put out a feature-length documentary on that as well. So, so yeah, look it up. It is youtube.com/allthestations, all one word. And yeah, there's a load of stuff on there, you know. I couldn't be happier to support Geoff in what he does because I think he loves going on adventures and certainly does he do that. Cool.
GRAHAM CLULEY. Well, he's got that great characteristic about him, which is sheer enthusiasm. And when someone is as enthusiastic about a topic, even if it's something which doesn't appeal to your own heart, you can be carried along with it, can't you? And I think he's definitely got that about him.
DAVID MCCLELLAND. And that's why tuning into anything on BBC Four, television channel BBC Four, history documentary, whatever it is, you're watching people who are so passionate about their subject. You can't help but go along on whatever their story is.
GRAHAM CLULEY. Fantastic. Well, great pick of the week. Thank you very much, David. Carole, no pressure, but that was a good one. What have you got for us?
CAROLE THERIAULT. Apologies, Graham. So I am sure you have something to apologise to me for, something big. Okay, so just do your thing. Go ahead, show everyone how you would normally deliver a solid Full apology.
GRAHAM CLULEY. Go ahead. What? Carole, I'd like to apologise for, oh, there've been so many things. What, something recently? Is there something in particular you're thinking of?
CAROLE THERIAULT. No, I'm just looking at the method. Just go ahead. Just go ahead.
GRAHAM CLULEY. Carole, I'm sorry that you thought that I made a mistake and somehow you have taken offence offense by what I did when I did it in the best interests of the podcast.
CAROLE THERIAULT. You see what I mean, folks? And we've all received— we've all received shitty apologies. Uh, did you remember receiving a really excellent one? Because I have. When you get a really excellent apology, basically forgive the perpetrator or the apologist. So just this morning, I was cleaning up my pigsty that was my house following a few weeks of art gallery parties and art production and all kinds of crazy things. And I was listening to the latest, uh, TAL podcast.
GRAHAM CLULEY. Graham, sorry, TAL, This American Life.
CAROLE THERIAULT. You're supposed to know these things. Oh, um, episodes 674, entitled Get a Spine. You have a bad back, right, Graham?
GRAHAM CLULEY. Uh, it's a little bit wonky.
CAROLE THERIAULT. Yeah, so it made me think of you. Get a spine, right? Now, after a very cute intro about asking people what, uh, like they do this little intro interviewing people asking them why they've ghosted people in their life that they've been dating. They go into this apology and it, it's an 8-minute apology. And Nancy Updike, she's a fab producer on This American Life, and she says it's startling because it was not curt or vague. It wasn't a lawyered-up mess of non-contrition in a passive voice. It is a true reckoning, and it's great. So I'm telling everyone, go listen to this episode. Again, it's episode 674 from This American Life. And I think more apologies like this that are heartfelt and vulnerable and strong are needed in this world. So there you go. That's my pick of the week. Apologies. Good ones, Graham. Good ones.
GRAHAM CLULEY. Okay, well, I will go and find it. I have, while you've been speaking, I have dug out from my little notepad how to say sorry, because sometimes I sometimes I do have to say sorry, and I have a little 3-part guide as to how to say sorry. Now, I don't know how often I put this into practice, but would you like me to explain what the 3 stages are?
CAROLE THERIAULT. Well, act them out. Act them out to David. Say you've done David an injustice.
GRAHAM CLULEY. That's too much imagination. I'm going to explain to you how it's done right, and for the benefit of the listeners as well.
CAROLE THERIAULT. Okay, go ahead.
GRAHAM CLULEY. Shoot. Number 1, right, first thing you do: acknowledge how your action affected the other person, right? So you say, you know, that must have sucked. I can see that the fridge has fallen on your foot and you've hurt yourself or something like that. Number 2, and this is an important one, say you're sorry. I'm sorry I dropped the fridge on your foot, which has caused pain. Number 3, describe what you're going to do to make it right or make sure it doesn't happen It won't happen again. Next time, I won't try and pick up the fridge, or I'll ask a competent adult to pick it up instead, and I'll ask you to move your foot and step away beforehand.
CAROLE THERIAULT. You know what? That is nothing compared to this apology.
GRAHAM CLULEY. Okay. And the final thing is don't excuse or explain. And that's it. And that apparently, those 3 steps, I've been told—
CAROLE THERIAULT. No, no, no, no, no. Well, say for example, this whole apology is actually about sexual harassment, right? So that's a big deal. And, uh, yes, the woman called them out publicly, and he then apologized publicly, and that apology was received and accepted by the person who he sexually harassed because that's how good it is. So take a listen to it.
GRAHAM CLULEY. That's a pretty good apology because that's a pretty—
CAROLE THERIAULT. me listening to it also forgave him. Like, from my own— if I was thinking in my head, if this were happening to me and this was the apology I got, I would have I would take it. I'd be like, okay, done. For real. I'm not kidding. So take a listen. It's good. And I'm, you know, well done to This American Life for publishing something so cool.
GRAHAM CLULEY. Interesting. Well, with that insight into a little chink inside Carole's heart where empathy lies.
CAROLE THERIAULT. Can I just say one more thing actually to make this a little bit more interesting? The guy who delivers this apology is someone a little bit famous. He is a co-creator the creator of one of my preferred TV shows, Rik and Morty. And he was also NBC comedy show called Community. And that's where it all happened.
GRAHAM CLULEY. Not the community, the hacking community.
CAROLE THERIAULT. No, no, not the community. That's why I smirked earlier. But there you go. Interesting. So it kind of gives it all a bit of a little twist. There you go.
GRAHAM CLULEY. Well, you know what? What a great show it's been this week. All kinds of things for us to explore and for listeners to check out. Listen to things, watch videos.
CAROLE THERIAULT. Yeah, you did great, Graham.
GRAHAM CLULEY. Discover. No, I'm not talking about me. I'm saying, you know, we've had Geoff Marshall's train videos. We've got your episode of This American Life. I call it your episode.
CAROLE THERIAULT. I wish I produced it.
GRAHAM CLULEY. But I think on that note, it's a perfect time to wrap things up. David, thank you so much for joining us on the show this week. I'm sure lots of our listeners would love to follow you online. What's the best way for folks to do that?
DAVID MCCLELLAND. Well, it's probably on Twitter where I am @DavidMcClelland. David McClelland, all the C's, all the L's.
GRAHAM CLULEY. And you can follow us on Twitter @SmashingSecurity, no G, Twitter won't allow us to have a G. And you can also join us on Reddit. We have a Smashing Security Reddit up there as well. And, uh, if you want to cover yourself with t-shirts and stickers and mugs and things like that to promote our podcast, go to smashingsecurity.com/store.
CAROLE THERIAULT. Not if you have a skin condition. We are hugely obliged this week. Smashing Security security sponsors: LastPass, Gartner, and Recorded Future. Their support helps us give you this show for free, so be sure to check out their offers. And high five to all you listeners out there! Check out smashingsecurity.com for past episodes, sponsorship details, and info on how to get in touch with us.
GRAHAM CLULEY. Terrific! Until next time, cheerio, bye-bye, bye-bye, everyone!
CAROLE THERIAULT. David, David, I have a question for you.
GRAHAM CLULEY. Shoot.
CAROLE THERIAULT. Who is your favorite? Julia Somerville, Angela Rippon, or Gloria Hunniford?
DAVID MCCLELLAND. Oh, you can't say that.
CAROLE THERIAULT. I'm just asking, he might say it. Why are you ruining my podcast?
GRAHAM CLULEY. Shut up.
DAVID MCCLELLAND. I could not possibly say that. I will say that all three of the ladies are amazing. Amazing in their own ways, and they all bring something very different to the show. And Angela Rippon is as formidable in real life as she comes across on screen. She does not suffer fools gladly. But yeah, they're all great.
CAROLE THERIAULT. You handled that beautifully.
-- TRANSCRIPT ENDS --