Apple announces a new privacy feature in iOS that will allow you to hide and lock away your apps - but will it be philanderers who benefit the most? And an ex-police officer is arrested for extortion.
All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Warning: This podcast may contain nuts, adult themes, and rude language.
Episode links:
- Graham’s video thanking people for voting for “Smashing Security” - Twitter.
- iOS 18 makes iPhone more personal, capable, and intelligent than ever - Apple.
- Apple's new iOS 18 feature is being called 'a cheater's paradise' - Daily Mail.
- 2 Accused In Internet Extortion Scheme Against Boss - Patch.
- District Attorney: Ex-police officer turned model among duo arrested in Orange County - Westchester News.
- Former N.Y. cop, internet model Ally Thueson arrested for extortion - NY Daily News.
- Extortion - FindLaw.
- Smile politely, nod awkwardly: greeting people you barely know - University Times.
- How to pass people in hallway without awkwardness? - Reddit.
- How Long Should a Great Kiss Last? - Psychology Today.
- Smashing Security merchandise (t-shirts, mugs, stickers and stuff)
Sponsored by:
- 1Password Extended Access Management - Secure every sign-in for every app on every device.
- Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 10% off!
SUPPORT THE SHOW:
Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.
Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!
FOLLOW US:
Follow us on Twitter at @SmashinSecurity, or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.
THANKS:
Theme tune: "Vinyl Memories" by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.
Privacy & Opt-Out: https://redcircle.com/privacy
Transcript +
This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.
CAROLE THERIAULT. Yeah, okay, but there are things such as throuples these days, Graham.
GRAHAM CLULEY. What? Throuples? Yes! Yes!
CAROLE THERIAULT. Suggest it to your partner, see what she says.
UNKNOWN. Okay, I'll give it a try. Smashing Security, episode 376. iOS 18 for cheaters and a model cop extortionist with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 376. My name's Graham Cluley.
CAROLE THERIAULT. And I'm Carole Theriault.
GRAHAM CLULEY. Carole, I hope you're enjoying— is it a question of enjoying when you're on an overseas top secret mission? I'm not sure if it is or not.
CAROLE THERIAULT. Occasionally. Wait for my pick of the week to find out.
GRAHAM CLULEY. Oh, I'll tell you something that you've missed while you've been away is that I went to InfoSec in London. And I know that's one sad thing about being away during that time is missing the wonderful award ceremony.
CAROLE THERIAULT. What happened?
GRAHAM CLULEY. It was the European Security Blogger Awards, which also looks after podcast awards, of course. And Smashing Security was named the best podcast for making cybersecurity accessible for all. Woo-hoo!
CAROLE THERIAULT. That's a great, you know, that's kind of one of our mantras, don't you think? Is, you know, educating.
GRAHAM CLULEY. I think so. We're not the nerdiest podcast.
CAROLE THERIAULT. No.
GRAHAM CLULEY. When it comes to cybersecurity.
CAROLE THERIAULT. Maybe a funnier one though.
GRAHAM CLULEY. Well, funnier looking. But anyway, thank you to all of our listeners for voting for us. Very much appreciated. We love you all.
CAROLE THERIAULT. Yes. Let's thank this week's wonderful sponsors, 1Password and Vanta. It's their support that help us give you this show for free. Now, coming up on today's show, Graham, what do you got?
GRAHAM CLULEY. I'm going to be talking about something hidden inside the new version of iOS.
CAROLE THERIAULT. Ooh, and I have the story of a hot ex-cop who landed herself in a spot of extortion bother. All this and much more coming up on this episode of Smashing Security.
GRAHAM CLULEY. Now, chums, chums, many of you, I know, have got smartphones. Many of you will have the Apple iPhone, of course, as well. And I don't know if you've heard, Carole, but it has been dubbed a cheater's paradise, the Apple iPhone, because they have announced—
CAROLE THERIAULT. Has it?
GRAHAM CLULEY. Yes, because they have announced the new privacy feature, which is coming down the tracks pretty darn quick in the form of iOS version 18. iOS, of course, is the operating system on iPhones. And that was unveiled this week by Apple at the WWDC conference. And folks are already playing around with the beta ahead of its general availability, which is gonna come in September. And there's some major updates in iOS 18. The one they're really sort of crowing about a lot, a range of new AI features that they claim will make Apple phones smarter and more capable and also able to generate emojis of the people you're speaking, all kinds of stupid stuff as well. But you know, they're putting rocket fuel into Siri to make it smarter and make it a bit more like ChatGPT. In fact, they've got some sort of relationship now with OpenAI just to try and make the Siri assistant a bit smarter, but do various other things as well. But we're not going to talk about the AI features. Instead, we're going to discuss a new privacy-related one because they announced they're going to let you lock or hide your iPhone and iPad apps, making them inaccessible unless you do a Face ID scan. So your phone or your iPad is already unlocked, but if you want to go into a particular app, you'll be able to say, oh, you need Face ID to access that one. All right.
CAROLE THERIAULT. So basically I can log into my phone, but I want to go to my banking app. I'd have to do the Face ID.
GRAHAM CLULEY. Yeah. If your banking app didn't already support Face ID, you'd now be able to do that at the operating system level. Or maybe you've got a messaging app and you wanted to put that behind Face ID for some reason, or your photos perhaps.
Maybe you don't want people looking at your photos if you lend them your phone, and that would then be protected by Face ID as well. Now it's already easy to hide apps on iOS by disabling the ability to search for them, or you could bury them deep in a folder or something like this.
But in this new iOS 18 coming in September, there's this whole new level of privacy protection. And what they're saying is that locked and hidden apps are going to offer users peace of mind.
The information they want to keep private, such as app notifications and content, won't inadvertently be seen by others. So you can lock the app, and for additional privacy, you can even hide an app as well.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. So when an app's locked or hidden, content like your messages, your emails inside the app, they're hidden from search notifications and other places across the system. Now, I don't think this is necessarily a bad idea because the other day—
CAROLE THERIAULT. Okay, yeah, I love a scenario, a use case.
GRAHAM CLULEY. Okay, so the other day, my partner and I, we were on a long car journey, and from the back seat came this plaintive voice, which was my son. "Oh, Dad, Dad, my phone battery's died. I want to listen to some music."
You know, he wanted to listen to something, so I lent him my phone.
CAROLE THERIAULT. I feel sorry for his voice. Well, it's—
GRAHAM CLULEY. He takes after his father. And so I lent him my phone so he could listen to his Spotify or whatever, you know, whatever band that he wanted to listen to.
And then I thought, shit, what's he going to do with that? Because although some of—
CAROLE THERIAULT. What do you mean?
GRAHAM CLULEY. Well, although some of my apps have got biometric protection on them and he'd need to point it at my face to unlock it, others wouldn't.
CAROLE THERIAULT. Well, what kind of apps are you worried about?
GRAHAM CLULEY. Well, maybe I don't want him seeing everything. Maybe I don't want him reading my email or sending emails from my account or tweeting nonsense to my followers.
It's not as though he would do that, but he could accidentally, or he could go into Twitter and like something inappropriate, or, you know, who knows?
CAROLE THERIAULT. I don't have a teenage son, but I'm just— the word trust issues is occurring to me slightly.
GRAHAM CLULEY. When you have a teenage son, sometimes you can trust them. It doesn't necessarily mean that you trust them to do something good.
Right. So I thought, oh darn, maybe I shouldn't have given it to him.
Wouldn't it have been great if some of my apps were locked from use? If my apps had their own bouncer, basically my face, that could lock them down like Fort Knox, only accessible after a stare down with my iPhone.
CAROLE THERIAULT. Right.
GRAHAM CLULEY. That would be great. So with iOS 18, if someone's using your phone and you've locked an app, when they try to open the app, they'll see this pop-up saying it can't be accessed without doing the Face ID check, which is really handy if you're down the pub and someone says, oh, can I just call someone?
Or can I just do this? And you don't want them going into your photos or something.
I think that's quite a good thing, right? Do you agree?
CAROLE THERIAULT. Yeah, yeah. I don't know how many times— I think the only times I can imagine you lending a phone is if you are a parent.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. I mean, I don't know. I suppose actually, yeah, you do lend your phone.
Like if you're doing a music playlist or something and you've got connection to a speaker, everyone kind of gets their mitts on your phone.
GRAHAM CLULEY. Or someone says, oh, my phone's run out of battery. Can I just make a call or something? Or can I just borrow your phone for a sec? I think it does happen. Sometimes it happens quite casually. I mean, even with people you may not know that well.
CAROLE THERIAULT. But I would say no if I didn't totally trust the person.
GRAHAM CLULEY. You would?
CAROLE THERIAULT. I wouldn't say F off, but I'd say no.
GRAHAM CLULEY. Mm-hmm.
CAROLE THERIAULT. I'll make the call for you.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. Okay. Anyway, so interesting idea.
GRAHAM CLULEY. Let's cut to the chase, right? I've given you a scenario where it could be handy. What's the most common use case of this? How are people actually gonna use this?
CAROLE THERIAULT. Pervy things?
GRAHAM CLULEY. Exactly.
CAROLE THERIAULT. Oh.
GRAHAM CLULEY. People are going to use this to hide their Tinder or their Hinge app from their significant other.
CAROLE THERIAULT. Only if they're a dweeb.
GRAHAM CLULEY. I think that's how—
CAROLE THERIAULT. Right, it's not most people.
GRAHAM CLULEY. I think that's how— No, I'm not saying most people, but I'm suggesting that most of the people who actually use this feature are probably going to do it to hide some kind of activity on their phone, which they don't want someone in their household from seeing.
CAROLE THERIAULT. Well, in your case, it's just your fricking email.
GRAHAM CLULEY. Well, it might, it might be, but I'm sure there's plenty of people as well who may be having affairs or flirting or something like that. And wouldn't it be handy to hide the app from other people? And that's why plenty of folks have had a bee in their bonnet, taken their pitchforks and torches to Twitter, claiming that this feature is a way to keep affairs under the radar.
And by the way, I did some research. Apparently it's the case that nearly two-thirds of Tinder users who were surveyed said they were already in relationships. So there are a fair number of people in relationships who are using—
CAROLE THERIAULT. Yeah, okay, but there are things such as throuples these days, Graham.
GRAHAM CLULEY. What? Throuples? Yes. Yes.
CAROLE THERIAULT. Suggest it to your partner, see what she says.
GRAHAM CLULEY. Okay, I'll give it a try. So if you do this, your hidden apps get placed in a folder called Hidden. That actually exists even if there are no apps hidden inside it.
So that's because I wondered if you hide an app, how do you then find it to actually run the damn thing if you can't search for it and you can't see the icon? So there is a place where you can go and look. So that you might think that gives you a hint that someone has deliberately hidden apps, but apparently—
CAROLE THERIAULT. Do you open that up? Do you open that up with Face ID as well? The hidden folder?
GRAHAM CLULEY. Well, the folder actually exists even if you don't have anything hidden inside it. But I imagine it then gives you a sort of preview of, I don't know. Yeah, I guess you have to unlock it, don't you? With your Face ID.
CAROLE THERIAULT. That would be a really big, that would be a big slip-up, wouldn't it? You could just go in and— Unhide them.
GRAHAM CLULEY. Go, go. Yes, exactly. Now, there are arguably legitimate use cases to hide and/or protect an app.
For instance, maybe you're in an abusive relationship, you have an overly jealous partner that wishes to violate your privacy. Maybe you share a device with your son, in my case, or a partner. iOS still— I can't believe this is the case— it still doesn't do what desktop computers do, which is they give you user profile. You're able to log in as different people. I mean, surely things like iPhones and iPads should have that ability by now. So you can log in differently and have a different setup.
CAROLE THERIAULT. And I still haven't got my head around it. I'm not kidding. I don't get it at all.
GRAHAM CLULEY. Well, don't worry, because Apple has said that not every app is going to get this VIP lock and hide treatment. Apparently, iOS won't let you lock and hide Maps, Stocks, Clock, and the Calculator app.
CAROLE THERIAULT. Well, thank God Stocks is there. Well, because, you know, for my day-to-day needs in the world of where am I? What time is it? And how much is it? I'm glad that Stocks are at least a default.
GRAHAM CLULEY. I think it's an odd decision of theirs not to let you lock Stocks.
CAROLE THERIAULT. Oh, do you?
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. Oh yeah, of course.
GRAHAM CLULEY. Because Stocks, you could find out what stock someone is following, which could be a piece of private information, even if it doesn't share how much they may have invested in them. Similarly, clocks might give private information away. Like if you've associated names with your alarms going off at certain times. Alright, alright, you're dubious. What about maps? So they haven't allowed you to lock maps.
CAROLE THERIAULT. Yeah, maps is interesting.
GRAHAM CLULEY. Because maps, you can see recently searched places, places you've gone to, information you may not want to share. Or extreme example, what if you needed to travel out of state or to a different country because something like abortion was illegal where you lived. Maps could reveal where you went. So shouldn't you be able to lock behind—
CAROLE THERIAULT. But your phone's already locked.
GRAHAM CLULEY. Yes, but in the scenario, someone else has gained access to your phone. You've given them access, but you may want to lock recently searched history of Maps or pinned places in Google Maps. And Calculator is the worst of them all. The apps, it's filth, Calculator.
CAROLE THERIAULT. What, because of boobs?
GRAHAM CLULEY. Exactly. Just type in 5318008 and turn it upside down.
CAROLE THERIAULT. Every 8-year-old who's listening is loving it.
GRAHAM CLULEY. Like they've ever used—
CAROLE THERIAULT. They're like, what's a calculator?
GRAHAM CLULEY. Exactly. They don't know what we're talking about. Carole, what's your story for us this week?
CAROLE THERIAULT. Well, Graham, actually, you have the whiff of tech influencer about you.
GRAHAM CLULEY. Oh, well, thank you.
CAROLE THERIAULT. Don't you? And good for you. It's a proven way for the interesting or beautiful or gobby to market their services, right? And/or gobby.
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. To market their services. And these days, it's not the Yellow Pages that you need to be in, but on the web. You have a website.
GRAHAM CLULEY. I do.
CAROLE THERIAULT. A smattering of socials out there where you tap dance and showcase your services and skills and mouth skills. I don't know. Words.
GRAHAM CLULEY. Boy, oh boy.
CAROLE THERIAULT. Speaking presence. That's why I don't have it, Graham. That's why I don't have it. Okay, but let's say you are running a small business with a big personality.
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. And dang it, you found yourself in a spot of bother because someone is trying to extort you, trying to take some of your money or your property or stuff like this.
GRAHAM CLULEY. Oh dear. Yep.
CAROLE THERIAULT. Now a person can use a number of different tactics to extort. Okay, so there's the threat of violence, give me your website or I'll kneecap you. That could be one.
GRAHAM CLULEY. That seems extreme.
CAROLE THERIAULT. Right?
GRAHAM CLULEY. Yeah. Not very nice.
CAROLE THERIAULT. Seems a little extreme. I'm just saying, under extortion, that is a way that it has happened in the past.
GRAHAM CLULEY. I like that's where you've started. Presumably you're going to get worse.
CAROLE THERIAULT. Well, no, no, there's the threat of force. That's another one where I'm taking your website because I was able to bypass your security or dupe you into handing over your credentials. Something like that. There's property damage. Didn't the mafia infamously offer protection for like fire protection to ensure people around the neighborhood that their place wouldn't get burned down?
GRAHAM CLULEY. All the time. I mean, that's standard, isn't it? It's like, you know, nice place you got here. Real shame if something bad happened to it.
CAROLE THERIAULT. Exactly. Right.
GRAHAM CLULEY. So yeah.
CAROLE THERIAULT. So say someone could say, look, you know, when you go into your speaking events, Graham, 'You know, your tech speaking events, I'll make sure no one is in the audience ready with a cream pie.' Yes, or a milkshake. 'So you can pay me.' Yeah. Yeah, or a milkshake, right? Or lastly, you could extort someone by threatening their reputation. Like someone might write a review of, you know, our podcast saying it's full of hooey. But obviously, it's clearly extremely informative and entertaining, seeing as we just won a very important award.
GRAHAM CLULEY. We have had some bad reviews. As well as lots of lovely good ones.
CAROLE THERIAULT. So in this specific fictitious scenario featuring you, what do you think would be the most likely extortion attempt that someone would want to— someone would do on you?
GRAHAM CLULEY. Ooh.
CAROLE THERIAULT. So you've got kneecapping, violence, force, property damage, or phishing.
GRAHAM CLULEY. I really don't want to be kneecapped.
CAROLE THERIAULT. No, it would put a serious dent in your park run fund.
GRAHAM CLULEY. I've had some nasty threats before. People have said they're gonna shoot me. I have had people say they're gonna burn down my house before. I didn't really take them very seriously, 'cause I think they were just sort of teenage virus writer types.
CAROLE THERIAULT. Were they suggesting that unless you give me money?
GRAHAM CLULEY. No, I think it was regardless of whether I gave them money.
CAROLE THERIAULT. It was just trolling. It was just trolling.
GRAHAM CLULEY. I just think just trying to put the frighteners on me.
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Oh, crumbs. What would make me pay? Well, there's ransomware, of course, I suppose. You know, if I didn't have a backup, if I found my backup didn't work and all my information was encrypted, then I'd have to think long and hard as to, well, how do I get my business up and running again?
CAROLE THERIAULT. Yeah.
GRAHAM CLULEY. Sorry, a bit of a boring answer, but, no, no, no, but, well, you know, no surprise there.
CAROLE THERIAULT. No, no, no. I was thinking more of threat to reputation would be the thing because it's a big one. Like, especially if you're reliant on a specific community for growth. Right. If you imagine you trained horses and someone like the horsey version of shit went around on all the horse forums and horsey whatever saying, I heard of a mysterious horsey flu happening on your training grounds, you wouldn't be a happy camper.
GRAHAM CLULEY. I wouldn't be happy. Or if they said that I ate horses or something.
CAROLE THERIAULT. Oh, God, that's way worse.
GRAHAM CLULEY. Why didn't that occur to me?
CAROLE THERIAULT. I saw him—
GRAHAM CLULEY. I saw him munching on a horse burger the other day and licking his lips saying, this is really yummy.
CAROLE THERIAULT. Oh my God, I was gonna marry a horse once, remember that?
GRAHAM CLULEY. I remember. Sorry it didn't work out for you.
CAROLE THERIAULT. But I digress. So you might say it's just some idiotic internet troll, you know, who's getting their kicks from screwing about online, whatever. But what if the person turned out to be, considered to be rather upstanding, like an ex-cop, a former cop?
GRAHAM CLULEY. Okay.
CAROLE THERIAULT. And a rather attractive one as well. So this is what allegedly happened in Orange County. A 32-year-old former deputy of the Orange County Sheriff's Office turned model—okay, because she's a former cop turned model named Ali—she's in cahoots with a conspirator, Elizabeth, and the two of them managed to extort $9,000 from a small cosmetology business.
Now I know you're thinking, oh, small potatoes, small potatoes, but if you think of it, I don't know what size their potatoes were.
GRAHAM CLULEY. I have no idea.
CAROLE THERIAULT. 9K can be life-threatening to a small business in terms of the business surviving, because if there's nothing in the coffers and that money is needed to pay your few employees, and then someone comes along like an ex-cop/model with her sidekick, and they allegedly managed to nab the 9K by threatening to make false statements on the internet that would harm this small cosmetology business.
GRAHAM CLULEY. Cosmetology? Sorry, I—
CAROLE THERIAULT. That makeup.
GRAHAM CLULEY. Oh, I thought you were saying to do with the cosmos or astrology. I thought it was—
CAROLE THERIAULT. No, it's more like, hey, I used this cream and it gave me a rash.
GRAHAM CLULEY. Okay, okay. I thought they were saying—
CAROLE THERIAULT. I'm imagining.
GRAHAM CLULEY. I was imagining Uranus rising or something.
CAROLE THERIAULT. Yeah. Apparently the duo threatened to slander, report fictitious violations to the New York State Board of Cosmetology, and file complaints to the Department of Labor for alleged employee violations against a business that were untrue.
GRAHAM CLULEY. Right.
CAROLE THERIAULT. Now, this is all according to local prosecutors, as the two have now been charged with grand larceny in the third degree and coercion in the third degree. But I wanted to share it because you did mention ransomware earlier, but we rarely hear about this type of extortion anymore.
Right? Because these days it's all ransomware. You rarely hear about someone kind of saying, look, unless you do this, I'm going to go online and say bad things.
GRAHAM CLULEY. And I guess because she's a former police person and a model, people will listen to her.
CAROLE THERIAULT. Yeah, model police officer. You got to get it in the right order.
GRAHAM CLULEY. Oh, I thought you meant like—
CAROLE THERIAULT. No, no, no, you were right.
GRAHAM CLULEY. Oh, okay. I thought you meant a really good police officer.
CAROLE THERIAULT. Cop slash turned model.
GRAHAM CLULEY. Oh, okay.
CAROLE THERIAULT. Okay.
GRAHAM CLULEY. Right. Okay.
CAROLE THERIAULT. All right.
GRAHAM CLULEY. Fair enough.
CAROLE THERIAULT. She was on the beautiful person list on Maxim magazine or something. Anyway, but what's interesting to me is I wondered whether prosecutors would have even looked at the case had the small business not paid up.
Because in other words, if someone threatens you and you don't pay, but you report it, right? Is it considered a crime? Because extortion is actually you've managed to get money out of them by threatening them. Do you know what I mean?
GRAHAM CLULEY. But it should be a crime, shouldn't it? Because you're still making a threat. Surely that is still a crime.
CAROLE THERIAULT. I'd like to think so. Depends, I guess, where you live.
You know, years back I had this archaeologist friend that tried to blackmail me. What? Yeah, it turned out he had a lot of dirt on me. That's why we're award-winning!
GRAHAM CLULEY. In a perfect world, end users would only work on managed devices with IT-approved apps. But every day, employees use personal devices and unapproved apps that aren't protected by MDM, IAM, or any other security tool. There's a giant gap between the security tools we have and the way we actually work. 1Password calls it the Access Trust Gap, and they've also created the first-ever solution to fill it.
1Password Extended Access Management secures every sign-in for every app on every device. Includes the password manager that you know and love and the device trust solution you've probably heard of on this podcast back when it was called Kolide.
1Password Extended Access Management cares about user experience and privacy, which means it can go places other tools can't, like personal and contractor devices. It ensures that every device is known and healthy and every login is protected.
So stop trying to ban BYOD or shadow IT and start protecting them with 1Password Extended Access Management. Check it out at 1password.com/smashing. And thanks to 1Password for supporting the show.
CAROLE THERIAULT. When it comes to ensuring your company has top-notch security practices, things can get complicated fast. Vanta automates compliance for ISO 27001, SOC 2, GDPR, and more, saving you time and money.
With Vanta, you can unify your security program management with a built-in risk register and reporting, and proactively manage security reviews with AI-powered security questionnaires. Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to build trust and prove security in real time.
Our listeners get 10% off Vanta at vanta.com/smashing. That's vanta.com/smashing for 10% off. And thanks to Vanta for sponsoring the show.
GRAHAM CLULEY. And welcome back. Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.
CAROLE THERIAULT. Pick of the Week. Pick of the Week.
GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security related necessarily.
CAROLE THERIAULT. Better not be.
GRAHAM CLULEY. Well, my Pick of the Week this week is not security related. In fact, it's not a Pick of the Week. It's a Nitpick of the Week.
Because as I mentioned earlier today, I was at the InfoSec show at the Excel Centre in London this week, or last week, or whenever it was recently, the other day. And there were lots of people there, and it's always the case.
I don't know if you remember, Carole, but when you go to one of these big industry shindigs, you see lots of people who you know, right? And that's lovely. I had loads of people come up and say, "Hey, Graham," you know, and it's like, oh yes, yes, come on, hello, how are you? And all this chit-chat, chit-chat.
But there's some people, there's some people you see and you recognise their face and you reckon, you think, oh, I know them, that's— and you think, I know you, I did used to work in the same company as you for about 10 years, but I don't think we ever actually spoke in the company. And if I acknowledge your presence now by talking to you, it's going to be really awkward because I won't have anything to say other than, I know your name, and we worked at the same company. And then they will say to me, I know who you are, and yes, we did.
CAROLE THERIAULT. This is basically you saying, oh, I have celebrity problems. People come up to me and say, well, hi, Graham. And you're like, I don't remember them.
GRAHAM CLULEY. No, no, no. This is someone who did not come up to me, who's someone who I passed. I'm not gonna name any names. I'm gonna tell you though. Right? Never spoke to her at Sophos. Right?
CAROLE THERIAULT. I think you're overthinking this. I think you just go, "Hey, how's it going?" "Great, great." "Yeah, yeah. Cool, cool." You don't have to chase after her. But if she raises an eyebrow and gives you a nod, you just nod back, Lou.
GRAHAM CLULEY. We made eye contact. And then there was that—
CAROLE THERIAULT. Did you smile or just pretend she didn't know you? No, no. You just ran past her. You scarpered.
GRAHAM CLULEY. All I'm talking about is there is this awkward dance you do trying to avoid eye contact with someone who you barely know on the street, or in my case, at InfoSec. And it makes me feel awkward. And that is my nitpick of the week. Because I think something needs to be done about it.
CAROLE THERIAULT. Your awkwardness. That's what's wrong. The awkwardness.
GRAHAM CLULEY. Well, maybe it is.
CAROLE THERIAULT. Your awkwardness is your nitpick of the week.
GRAHAM CLULEY. Maybe it is.
CAROLE THERIAULT. I agree.
GRAHAM CLULEY. Maybe my nitpick of the week is me and my inability to deal with social situations. And if any readers have any suggestions as to how I can solve this problem, maybe—
CAROLE THERIAULT. Please.
GRAHAM CLULEY. Maybe just stay at home and not go out in public, then that'd be great. But there is this— the worst thing in the world is going down a corridor, a long corridor, a long, thin corridor, and you see someone coming towards you who you kind of know, but don't really know enough to say much to, and then you have to decide the optimum point where to go, huh, you sort of smile at each other, all right, yeah, you're all right. Because of course you don't want to stop and have a conversation because you really do have nothing to say.
CAROLE THERIAULT. To be you, to live in your brain.
GRAHAM CLULEY. I'm sure lots of our listeners, I'm sure lots of our listeners have exactly the same problem, and it's only the brave people like me who are identifying this and aren't afraid to bring it out into the daylight because this is the kind of thing we need to have a national debate about. And that is why it is my nitpick Pick of the Week.
CAROLE THERIAULT. We look forward to your book, 6 Steps to Overcome Anxiety When Walking Down Long Hallways.
GRAHAM CLULEY. Carole, what's your Pick of the Week?
CAROLE THERIAULT. Well, I think this is going to make you more anxious and awkward.
GRAHAM CLULEY. Oh, God.
CAROLE THERIAULT. Now, a few weeks ago, you were talking about being a healthier human, you know, with your park runs and box fits and whatnot.
GRAHAM CLULEY. Thank you.
CAROLE THERIAULT. And I too have been looking into a little self-improvement.
GRAHAM CLULEY. Yes.
CAROLE THERIAULT. Even though I'm pretty near there. No, I'm kidding. But I wanted to share with you and our dear listeners a little exercise that I've been trying out for the last 27 hours.
GRAHAM CLULEY. Oh, is it— does it involve your pelvic floor?
CAROLE THERIAULT. No, no, no.
GRAHAM CLULEY. Not interested.
CAROLE THERIAULT. Shall I tell you some of the claimed benefits and you can see if you can guess?
GRAHAM CLULEY. Go ahead.
CAROLE THERIAULT. Reduces stress.
GRAHAM CLULEY. Masturbation.
CAROLE THERIAULT. Improves physical health. No.
GRAHAM CLULEY. Okay, carry on.
CAROLE THERIAULT. And improves your relationship.
GRAHAM CLULEY. Masturbation.
CAROLE THERIAULT. Nothing to do with my pelvic floor.
GRAHAM CLULEY. Is it badminton? I don't know. What is it?
CAROLE THERIAULT. We're talking the daily smooch.
GRAHAM CLULEY. Oh.
CAROLE THERIAULT. Or the daily kiss.
GRAHAM CLULEY. Your pick of the week is kissing every day.
CAROLE THERIAULT. Well, it's a specific kiss because someone did some science. And they decided there's an ideal length of smooch in order for a connection to happen between the two people. Can you guess how long that is?
GRAHAM CLULEY. 17 minutes.
CAROLE THERIAULT. 6 seconds.
GRAHAM CLULEY. 6 seconds.
CAROLE THERIAULT. Now let's— okay, let's just do dead air for 6 seconds.
GRAHAM CLULEY. Okay. I'll count down. So, ready? 2, 3, go.
CAROLE THERIAULT. See, it's already really long.
GRAHAM CLULEY. You see, it's long.
CAROLE THERIAULT. Now, the idea is this: 6 seconds makes you feel more connected to a person, or apparently a yeti, says my friend therapist. You're able to navigate and overcome conflict if you feel a strong connection with someone.
And if the connection's really strong, this is according to John Gottman, the psychotherapist dude who came up with all this, you're in positive sentiment override, Graham.
GRAHAM CLULEY. Oh, PSO. Yeah, okay.
CAROLE THERIAULT. Apparently, this is where you have a positive perspective on your relationship because you have a strong connection. So it all kind of feedback loop.
Anyway, so I was jokingly challenged by a therapist friend to try this out 27 hours ago.
GRAHAM CLULEY. All right.
CAROLE THERIAULT. And, you know, it seemed pretty straightforward, you know, exercise to get your head around it. Right?
Daily 6-second smooch. Not difficult. But, you know, in order to make my pick of the week, I ended up on Psychology Today, which actually gives a detailed kissing homework assignment. Would you like it?
GRAHAM CLULEY. Yes, I flippin' well would.
CAROLE THERIAULT. Okay. Quote, try out timing your 6-second kiss once you get a feel for the length.
GRAHAM CLULEY. Because that's really sexy, isn't it? Have a stopwatch.
CAROLE THERIAULT. You can't count 6 seconds in your head, seriously? Grab your partner, set a timer on your phone, and get kissing.
You can make it a game by guessing when you've hit 6 seconds or seeing the longest kiss you can do without taking a breath.
GRAHAM CLULEY. Oh, how fun it is to be in love.
CAROLE THERIAULT. What else can you do for less than a minute a week that will improve your relationship?
GRAHAM CLULEY. It's not that kind of podcast.
CAROLE THERIAULT. So there you go. There you have it.
My pick of the week, the 6-second daily Yeti smooch in my case. Enjoy. It lasts a long time.
GRAHAM CLULEY. But hang on, you haven't answered the most important question. Has your relationship improved since you've been conducting this experiment?
CAROLE THERIAULT. 27 hours ago?
GRAHAM CLULEY. Yeah.
CAROLE THERIAULT. I haven't really seen him since, so it's been brilliant. No, I'm kidding.
I'm about— I'm actually— I'm timed in. I better go. I have to leave this podcast to go do my 6-second Daily Smashing Security.
GRAHAM CLULEY. Well, I guess we better wrap up things then. Listeners, you can follow us on Twitter @SmashingSecurity, no G, Twitter isn't allowed to have a G.
And don't forget to ensure you never miss another episode, follow Smashing Security in your favorite podcast apps such as Apple Podcasts, Spotify, and Pocket Casts.
CAROLE THERIAULT. And huge, huge thank you to our episode sponsors, Vanta and 1Password, and of course to our wonderful Patreon community. It's thanks to them all that this show is free.
For episode show notes, sponsorship info, guest lists, and the entire back catalog of more than 375 episodes, check out smashingsecurity.com.
GRAHAM CLULEY. Until next time, cheerio, bye-bye.
CAROLE THERIAULT. Bye-bye.
GRAHAM CLULEY. Safe journey home, Carole.
CAROLE THERIAULT. Thanks. Can't believe I will pelvic floor.
GRAHAM CLULEY. I can't talk about that.
-- TRANSCRIPT ENDS --