This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

---

GRAHAM CLULEY. This is actually appalling behaviour, both by your friend and mine. I mean, it is absolutely diabolical. And listeners, do not do this.

---

CAROLE THERIAULT. No, no, this was 30 years ago when everyone was idiots.

---

UNKNOWN. Right. And of course, people are so much more sensible now. Yes. Smashing Security, Episode 396: Dishy DDoS Dramas and Mining Our Minds for Data with Carole Theriault and Graham Cluley.

Hello, hello, and welcome to Smashing Security, episode 396. My name's Graham Cluley.

---

CAROLE THERIAULT. And I'm Carole Theriault.

---

GRAHAM CLULEY. Carole, no guest today, just the two of us.

---

CAROLE THERIAULT. I know, and I'm very sorry for those listeners that love when we are a threesome on the show, but as we're nearing Christmas, people's schedules are getting busy. But you have us, we're here.

---

GRAHAM CLULEY. Yeah, we're still here.

---

CAROLE THERIAULT. Yeah. How about we kick this off? Let's thank this week's wonderful sponsors, 1Password, BlackBerry, and ThreatLocker. It's their support that help us give you this show for free.

Now, coming up on today's show, Graham, what do you got?

---

GRAHAM CLULEY. Well, you've heard of risky business. I'm going to tell you about dishy business instead.

---

CAROLE THERIAULT. And employees the world over are changing how we work, and it's not all rosy. All this and much more coming up on this episode of Smashing Security.

---

GRAHAM CLULEY. Now, chums, chums, 30-odd years ago, I had a friend.

---

CAROLE THERIAULT. Just one.

---

GRAHAM CLULEY. Well, yeah, just the one. That's pretty true actually. He was about 10 years older than me and I'd go and visit him in South London. He'd drive me around the town, you know, we'd get up to our antics.

---

CAROLE THERIAULT. He wasn't grooming you or anything?

---

GRAHAM CLULEY. No, no, no, no, no. Very nice guy. Very nice guy. Ayman, his name was.

And he'd be chuckling away. He'd be laughing away and everything. And I'd, you know, I was in the passenger seat and I'd think, what's he listening to on the radio? Because I could hear some sort of sitcom he was listening to, some sort of radio show. And I realised it was Dad's Army that he was listening to.

---

CAROLE THERIAULT. You couldn't hear it on the radio?

---

GRAHAM CLULEY. I was working out what it was. Dad's Army, as people will know, is an old vintage TV show from the UK, which did have a radio incarnation as well, but was mostly known for the TV. And I looked across at him and I saw he was balancing a tiny portable TV on his steering wheel.

While he was driving me around. And just chuckling away because he loved Dad's Army so much. And I obviously, I made representations. So I explained to him that maybe this wasn't a good thing to do. Maybe he should stop doing that. But he loved TV. He absolutely adored it. This was before the days of smartphones and things like this. This was a TV with an aerial.

---

CAROLE THERIAULT. You did say 30 years. I think we worked it out.

---

GRAHAM CLULEY. Yeah, 30 years. All right.

---

CAROLE THERIAULT. Okay. Is that better or worse? I had a teacher friend who regularly drove me home from where we taught English.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. And, but he then told me that when I wasn't in the car, when he drove, he would make cigarettes on his lap. Oh. Right?

---

GRAHAM CLULEY. Like roll them up?

---

CAROLE THERIAULT. He had this little weird mechanical machine that you'd kind of flip the lid, turn this, da da da, lick it, done. And so he would do this. And one day he literally went through someone's front window, like the bay window.

---

GRAHAM CLULEY. Oh my God.

---

CAROLE THERIAULT. He just, 'cause he lost control and he went over the front garden and into the house.

---

GRAHAM CLULEY. I mean, this is actually appalling behaviour, both by your friend and mine. I mean, it is absolutely diabolical. And listeners, do not do this, please.

---

CAROLE THERIAULT. No, no, this was 30 years ago when everyone was idiots.

---

GRAHAM CLULEY. Right. And of course, people are so much more sensible now.

---

CAROLE THERIAULT. Yes, very sensible.

---

GRAHAM CLULEY. But my friend Eamon, he loved TV. He adored it.

He had this garden office, bottom of the garden. You'd go down the path and he had hundreds and hundreds of videotapes of all kinds of shows that he'd recorded.

And because he was Syrian, he loved to know what was going on in the Middle East. And it was round about the time that Iraq invaded Kuwait.

It was the Gulf War. It was all kicking off.

And he'd be up all night and he'd be recording all the news broadcasts. He'd be watching Middle Eastern comedy shows.

And he did this via this enormous satellite dish.

---

CAROLE THERIAULT. I was just gonna ask, did he have one of those massive, massive satellite dishes?

---

GRAHAM CLULEY. Yeah. He did.

And it was motorised.

---

CAROLE THERIAULT. Huge, those things were.

---

GRAHAM CLULEY. It was absolutely huge.

---

CAROLE THERIAULT. Yeah, I'm going to say 6 feet across. They're big things back then.

---

GRAHAM CLULEY. Yeah, it was really big. And in the UK, this was not something you normally saw in people's backyards.

---

CAROLE THERIAULT. No.

---

GRAHAM CLULEY. And so we'd tune into these shows, we'd watch news reports, we'd be videotaping everything that was going on. And it must have cost a small fortune, this dish.

And you don't really see satellite dishes around anymore, do you? You don't really— I mean, they're still attached to the side of buildings here in the UK.

Many people will have one which they had put up in the '90s, maybe. But a lot of people don't use satellite TV any longer, do they?

Because they're on broadband instead.

---

CAROLE THERIAULT. I don't know. Yeah, no idea.

---

GRAHAM CLULEY. I think that's the case. I think maybe your gran may have a telly dish attached to the side of a roof or down the bottom of the garden.

But most people are probably now streaming instead, rather than having TV beamed down from a satellite. What I didn't know was that South Korea, which is the home of K-pop and kimchi and things, is also apparently a hotbed for satellite receiver manufacturing till this day.

And there are companies out there still doing it, and they have been doing it for years. So this is the story of two companies.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. One was called Company A.

---

CAROLE THERIAULT. Imaginative.

---

GRAHAM CLULEY. And the other one, Company B. I agree.

These aren't the best names. These are the names which have been released by the police.

I don't know what their real names are. Let's call them Agatha and Barry.

All right? And Agatha is a corporation which is known for illegal broadcasting.

Okay? So, there are companies now who are beaming out, either via satellite dishes or via the internet, streams of TV channels and things which you normally would have to pay a subscription for.

---

CAROLE THERIAULT. You mean pirated TV type of thing?

---

GRAHAM CLULEY. Type stuff, right?

---

CAROLE THERIAULT. Yeah, that kind of thing. Okay, okay.

---

GRAHAM CLULEY. They're not licensed to do what they're doing, right? And the other company, Company B, or Barry as we call it, that is a South Korean firm that manufactures satellite dishes.

And according to Korean police, they are a mid-sized player in the global satellite dish market. Who knew Barry was such a big player?

And this week, South Korean police have arrested 5 key individuals from Barry. By the way, it's not Barry in South Wales.

This is, but Barry's just the code name for Company B. Yeah.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. And they've issued, you got that, have you? They've issued, I dunno if you've ever been to Barry in South Wales.

There's a little funfair there.

---

CAROLE THERIAULT. No.

---

GRAHAM CLULEY. It's all right. They've issued an international warrant for someone linked to Company A, Agatha, as well.

And they've frozen £6 billion Korean dollars belonging to Company Barry.

---

CAROLE THERIAULT. Right. So Barry's assets are all seized up, and Barry's saying, we need someone from Company A to chat about this, correct?

---

GRAHAM CLULEY. Well, what actually it turns out is that this money, 6 billion Korean dollars—I don't know how much that is, I think it's about £3 million—it said that these are the proceeds of illegal exports which Barry made to Agatha, selling the satellite dishes to Agatha. Now, what's wrong with exporting satellite dishes, you may ask?

Even if Agatha does end up using them illegally, you would think the sale of those satellite dishes is legal. I would think so.

---

CAROLE THERIAULT. Mm-hmm.

---

GRAHAM CLULEY. So it's up to the companies who buy them what they end up doing with them. I would think so. That's my hunch. I'm not a lawyer. I don't know for sure.

---

CAROLE THERIAULT. You know very little about these things.

---

GRAHAM CLULEY. I know extremely little about anything, really. These satellite dishes were being shipped for almost 6 years.

And it turns out that back in November 2018, Agatha, the illegal broadcast company I told you about, they believed they were being targeted by some of their business rivals. And so they made a special request of Barry, the Korean satellite dish manufacturer. And they said, "Here, Barry, can you build us a special satellite dish?"

---

CAROLE THERIAULT. One that can launch DDoS attacks, one that can retaliate against our business rivals. And because Agatha is such a valued customer, who is company Barry to say no?

---

GRAHAM CLULEY. Exactly. Barry said, "Yes, of course, sir." Yeah, you're gonna give us millions of pounds? Of course we'll do this. Billions of Korean dollars? Yeah, absolutely.

---

CAROLE THERIAULT. We're on it.

---

GRAHAM CLULEY. And they went ahead and integrated into the satellite dishes malicious functionality, which could launch DDoS attacks, which as you know, can bombard a system, can clog it up with so much traffic. You could do it against a website, you can do it with other things which are connected to the internet as well.

And it not only shipped satellite dishes which had this hidden DDoS attack functionality, but it also pushed out to other users, other customers of its devices, firmware updates, which added the DDoS functionality. I guess, my guess is that it's easier for a satellite device manufacturer to give everybody the same functionality. You just don't necessarily have to tell everyone about it. So it's there hidden away, but it doesn't necessarily have to be used. You don't have to advertise the fact that, oh, now it does DDoS too.

---

CAROLE THERIAULT. Sure, and what if customer Cecilia doesn't pay her bill? You know?

---

GRAHAM CLULEY. Oh yes.

---

CAROLE THERIAULT. Right?

---

GRAHAM CLULEY. Maybe. You could do something else. Maybe you could turn off the devices remotely. Maybe you could zonk them out.

So now the Korean police, they uncovered this scheme after—well, they received some intelligence from Interpol. And apparently one of the suspects was placed on an international wanted list. And so Korean police are all over this. They've arrested people. It turns out that between January 2019 to September 2024—

---

CAROLE THERIAULT. 5 years.

---

GRAHAM CLULEY. A bit more than 5 years, almost 6 years, the manufacturer shipped a quarter of a million satellite receivers.

---

CAROLE THERIAULT. Okay, well, I'm going to guess it's in all their satellites.

---

GRAHAM CLULEY. Yes. The ones which didn't have it built in, didn't have it pre-installed, they were updated, as it were, with a firmware update to include this DDoS functionality.

I would imagine many of these devices are connected to the internet because that's an easier way to update the firmware, but if they're not, it may be that the owners of these devices toddle out with a USB stick occasionally and install the latest firmware update and aren't aware of everything that it's doing.

---

CAROLE THERIAULT. But it was Company Agatha that is streaming all the non-paid-for stuff.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. Or whatever.

---

GRAHAM CLULEY. That's right. And Interpol are now after some of these remaining suspects connected with Company Agatha. I hope there's not a real Company Agatha, by the way.

---

CAROLE THERIAULT. That's why you don't know anything about this. Okay, good cover.

---

GRAHAM CLULEY. Yeah, they're still working on it. So I think the thing generally is most listeners to the show know that you need to be really careful about the software that you install. But I think most of us probably don't think so much about malware that can be brought in via hardware that you purchase.

I remember years and years ago working for a data recovery company where we bought a new hard drive. And the drivers which came with the hard drive were already infected with malware, whether accidentally or not.

I imagine it was accidental, but in this case it was deliberate, it was intentional, and to launch these criminal attacks. And I think often people just think, oh, I'm not even gonna worry about what the hardware brings in because it's so hard to manage and control that particular problem.

I'm gonna worry more about traditional attack vectors instead.

---

CAROLE THERIAULT. Yeah, you wouldn't think about satellite, but then I haven't thought about satellite dishes strapped to the side of a house in years. Right.

---

GRAHAM CLULEY. I think if you've got any friends who are out there in the Canadian outback, Carole, I think it's called the outback, isn't it? The boondocks or whatever you call it, out in the hinterland, who don't have a decent internet connection, they might have a satellite dish.

Mind you, if they don't have an internet connection, how are they launching the DDoS attack? Is it being beamed up to the satellite?

There's so many questions here. I want to know more.

---

CAROLE THERIAULT. We wish you knew.

---

GRAHAM CLULEY. I don't read Korean, Carole.

---

CAROLE THERIAULT. Have you heard of Google Translate?

---

GRAHAM CLULEY. Yeah, it's a bloody PDF. It's a PDF in Korean.

Trying to get that into Google Translate has been a nightmare. So I've done the best I can.

This is what we have to do to get the show to you each week. Carole, what have you got for us this week?

---

CAROLE THERIAULT. So, work, working life. Yes.

And I would say I've not seen such a rapid change in such a short period of time in terms of the work ethic in the work environment. The number of people I speak to now who should be at the top of their game because they are talented and good at what they do—

---

GRAHAM CLULEY. Thank you—

---

CAROLE THERIAULT. They are dead nervous about losing their jobs.

---

GRAHAM CLULEY. Yes.

---

CAROLE THERIAULT. One was offered voluntary redundancy with a two-week severance, and on this side of the pond, that's considered pretty measly.

---

GRAHAM CLULEY. Yeah. No, you're not good at all.

---

CAROLE THERIAULT. Yeah. So the Institute for the Future of Work, so the IFOW, they have issued a very interesting report published this week, and it talks about the advancement in digital profiling thanks to algorithms and datasets.

And by digital profiling, they're talking about collating a glut of data on you and your activities for all manner of reasons.

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. So I want to talk about bossware. Now, Graham, you and I left work, you know, to work for ourselves before bossware became a thing or was very sophisticated.

I'm sure there were some ways they were monitoring us, but it was pretty rudimentary compared to what there is today.

---

GRAHAM CLULEY. They would have had to employ so many people to monitor us, Carole. Can you imagine how busy they would have been?

---

CAROLE THERIAULT. We did work hard.

---

GRAHAM CLULEY. Probably there were other people who were made redundant because they no longer had to employ people to keep an eye on us.

---

CAROLE THERIAULT. Well, the thing is, buzzword has been around, what, 5 years or more than that even?

---

GRAHAM CLULEY. A bit more, yeah, I think.

---

CAROLE THERIAULT. Yeah, you're right, because in 2019, Gartner surveyed hundreds of big corporations and more than half were using some form of non-traditional monitoring. Such as analyzing the text of workers' emails and social media use and even gathering some biometric data.

But of course, things accelerated, right? The rise of remote working and a reduction in human contact during COVID lockdown— God, I don't miss those days at all.

But anyway, so this was a big growth period for bossware, and presumably because bosses were panicking that their workers were going to take the mickey. They wanted to know who was working, what they were working on, how long they were working on it, et cetera, et cetera.

And why not use this wonderful bossware stuff to monitor all of this for you? So we have the obvious here of why they do this, right?

Keep tabs on worker productivity and work behaviors. But there are other rationales for bossware that have been made.

So there's health and safety, monitoring wellness and fitness. Protecting trade secrets, so make sure someone's not cutting and pasting something that they shouldn't be.

Spotting deviant offsite behavior. So I guess that's someone not showing up, not doing any work.

---

GRAHAM CLULEY. I don't like this phrasing, deviant offsite behavior.

---

CAROLE THERIAULT. The deviant. I know, I didn't like it either.

Yeah. Improving team performance.

And of course, security, right? Cybersecurity.

So remember earlier I mentioned the concern over advancement in digital profiling thanks to algorithms and datasets.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. So the paper raises concerns about this recent addition of affective algorithmic management, AAM. And AAM introduces new types of tracking.

So I'll list out a few that the paper outlines, and you tell me how uncomfortable you are with this, maybe from a scale of 1 to 5.

---

GRAHAM CLULEY. Okay.

---

CAROLE THERIAULT. 5 being the creepiest.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. Creepy, creepy.

---

GRAHAM CLULEY. All right, okay, or I'll make a bing or a bong depending on whether I'm happy.

---

CAROLE THERIAULT. Okay, so there's technology such as RFID tags and eye movement monitoring that can be used to check workplace practices and how specific procedures are undertaken. So, SenTrack and SwipeSense— that's a really bad name, SwipeSense— both have systems that can be deployed in hospitals to aid hygiene management.

---

GRAHAM CLULEY. Ooh, hence the swipe.

---

CAROLE THERIAULT. And staff's time management by monitoring how long nurses spend with patients or whether they're washing their hands enough.

---

GRAHAM CLULEY. Oh, or other parts of the body. Oh, dear me.

---

CAROLE THERIAULT. Can you imagine if there's a microphone sending little gentle reminders publicly, employee 839, wash your hands. Or maybe it's sing-song to keep spirits light.

Remember, you gotta wash your hands. What do you reckon?

---

GRAHAM CLULEY. Well, I guess that's more important in a health facility than maybe it is if you're working remotely at home.

---

CAROLE THERIAULT. Sure. Yes.

I think a lot of these things we have to think about in terms of this is maybe why it was intended to exist. This was the use case.

But if we take it out of that use case, there's nothing stopping another company using these kind of stuff, right?

---

GRAHAM CLULEY. I suppose not. Yeah, it's— I don't really like this.

Yeah.

---

CAROLE THERIAULT. OK, well, what about fatigue monitoring technologies? This is used as a safety measure to prevent crashes or poor usage of heavy machinery by alerting workers that they're getting drowsy.

---

GRAHAM CLULEY. Oh, I thought it was going to be people sat at desks and are they looking tired enough? And if they're not—

---

CAROLE THERIAULT. That's what I thought too.

---

GRAHAM CLULEY. If they're not looking tired, then clearly they're not working hard enough.

---

CAROLE THERIAULT. But however, most of this fatigue monitoring technology comes with a connected cloud-based platform for managers to track workers in real time. And gain analytics on fatigue management initiatives and productivity optimisation.

George has yawned 10 times in the last 5 minutes.

---

GRAHAM CLULEY. I'm thinking if you get called to a Zoom call at 9 o'clock in the morning and you arrive there looking unshaven, slightly—

---

CAROLE THERIAULT. Bit of drool on the side of your face.

---

GRAHAM CLULEY. And you're yawning and all the rest of it.

---

CAROLE THERIAULT. Shirt untucked.

---

GRAHAM CLULEY. Yeah. Right. Are they going to be thinking, I think he's—I'm not even sure he's got out of bed.

---

CAROLE THERIAULT. And when you're saying they thinking, it's not anybody thinking. It's an algorithm assessing. Right. This is part of AAM. So out of 5, fatigue monitoring?

---

GRAHAM CLULEY. Yeah, I'm not keen on that.

---

CAROLE THERIAULT. Not keen?

---

GRAHAM CLULEY. I'm going to give that a slight bong.

---

CAROLE THERIAULT. Okay. What about tech that collects biometric data that can be deployed to enhance wellness programs or aid worker safety?

---

GRAHAM CLULEY. What?

---

CAROLE THERIAULT. So there's a company called Emotiv, with a V, offers a workplace wellness, safety, and productivity neurotech solution.

---

GRAHAM CLULEY. When you say Emotiv with a V, I can't think how else you would spell emotive. Do you mean there's no E on the end?

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. Oh, well, I'm okay. I'm against this then.

---

CAROLE THERIAULT. Yeah, well, you've got to get SEO somehow, Graham.

---

GRAHAM CLULEY. Well, purely, purely the domain name wasn't available. I'm not—I'm not—Yeah, I'm not having any of that.

---

CAROLE THERIAULT. Okay, I want you to check this little product out. You could buy this, Graham. You could buy this.

---

GRAHAM CLULEY. All right.

---

CAROLE THERIAULT. I'll put it into the show notes. So for our listeners, basically looks like very normal little earbuds, right?

---

GRAHAM CLULEY. Expensive though, $400.

---

CAROLE THERIAULT. Well, see what it does. And the idea is you wear these throughout the day. And what does it tell you can do if you buy these for yourself?

---

GRAHAM CLULEY. Get real-time brain data and insights regarding your cognitive fitness, stress balance, mental—Hang on. So you have to wear this and it's monitoring how hard your brain is working.

---

CAROLE THERIAULT. Yes. But people use the Apple Watches and being able to look at their data. But okay, now, now I've put another link in the show notes, right? This is what they tell enterprises because of course this is available for companies as well to buy for their employees. They say our team of PhD neuroscientists, data scientists, and EEG technologists are dedicated to accelerating your research and product development. Offering you a bridge to the untapped potential of the human mind. And guess who your guinea pigs are, Mr. Enterprise? Your workers.

---

GRAHAM CLULEY. So this is a little bit like wearing a headset.

---

CAROLE THERIAULT. Little earbuds. If you got them from an employer saying, oh, by the way, wear these. Yeah, they also have some with transistors across the head. The more advanced model.

---

GRAHAM CLULEY. It's wrapped all around the head. It's like a giant spider. It's scary.

---

CAROLE THERIAULT. Apparently, Graham, SAP, that German business process management platform. They've collaborated with Emotiv, with a V, no E, to integrate a computing interface to analyze workers' brain states and give real-time feedback on stress levels to employees and their managers.

---

GRAHAM CLULEY. Surely it's going to be quite stressful knowing that your employer is monitoring your—Oh, interesting.

---

CAROLE THERIAULT. Interesting you think that. There's just a few more. Microsoft's Copilot can be configured to allow employers to monitor workers' health with an integrated wellbeing function. Zoom has added a feature that detects emotional states via Emotion AI, which involves machine learning to detect and analyze human emotions, typically through facial expressions, voice tones, and body language in virtual communication. I'm sure they never get it wrong.

---

GRAHAM CLULEY. Am I just old-fashioned? Am I just a bit of a curmudgeon that I kind of think there's no real need for this?

---

CAROLE THERIAULT. I was going to ask you if you were a bit jealous that you couldn't work in one of these environments now. You could go back to the office, have a young boss, a whippersnapper boss.

---

GRAHAM CLULEY. Oh, can you imagine?

---

CAROLE THERIAULT. Giving you a little headset. Oh, Graham, God, you're huffing and puffing a lot over there. You seem really grumpy.

---

GRAHAM CLULEY. Here's your cubicle, Graham. Go and sit over there. Put this on your head.

---

CAROLE THERIAULT. But that's the truth.

---

GRAHAM CLULEY. Leap on the treadmill while you're working.

---

CAROLE THERIAULT. Millions and millions of people are having to do this kind of shit. And the thing, as you say, right, as you say, you can guess and listeners have guessed that all this monitoring and prompting and analyzing is not necessarily very good for the well-being of the worker. And the report states as much. It seems that most employees believe that AAM has forced them to work faster, to do more than they can handle, and to meet tighter deadlines, and to change their work habits. Slightly more than half of the respondents believe their personal life is invaded by work technologies.

---

GRAHAM CLULEY. I expect the other half are too nervous to actually think such a thing in case it gets picked up by the device they're wearing.

---

CAROLE THERIAULT. Right? But isn't that a weird catch-22? So the surveillance tech stresses you out and then they measure that you're stressed out and they gather that information, process it to tell you you're stressed out and that you're not performing. Like, you know, there's the loop of it.

---

GRAHAM CLULEY. It's been like, don't panic, don't panic, don't panic anybody, or don't get stressed. Don't worry, shh, shh, shh, stop stressing, calm down, calm down. Because that's how you get people de-stressed, calm down.

---

CAROLE THERIAULT. And just before the show, we were talking about that Apple employee who is basically suing Apple for its effective bossware stuff, saying it's breaking California law by, you know, preventing me from doing things. I think they stopped him from putting information on LinkedIn that he actually worked at Apple.

---

GRAHAM CLULEY. Wow. Because they installed this on his personal device, I believe. And, you know, that I presume that's their condition of employment. Yeah, you're going to have to install this on your devices.

---

CAROLE THERIAULT. Exactly. And that seems to be true for a lot of companies. It's like, look, we're not going to ship you a computer, but here, can you just install this stuff?

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. And there are many questions about the legality of it all. Some people were questioning it very strongly. Some people were saying there are already laws in place that people could be using. There's actually a fab long-form blog from our friends at 1Password that's worth checking out. Links in the show notes. All about this and legality of it. But in short, I'm not a fan. I think bossware might be an AKA spyware. I mean, let's be honest.

---

GRAHAM CLULEY. Oh, yeah. Yeah, yeah.

---

CAROLE THERIAULT. It's spyware. They just gave it a gentler name. And why are orgs doing it? Because data is a gold mine. And right now, whether or not there are laws in place, no one seems serious about stopping it yet. I haven't seen any big kind of we're going after the bossware dude.

---

GRAHAM CLULEY. I mean, you can argue that there are legitimate uses for this.

---

CAROLE THERIAULT. Sure.

---

GRAHAM CLULEY. It could be helpful in some circumstances, but unfortunately, there will be pressure upon employees to go along with it and agree to do this because they think otherwise they won't have a job.

---

CAROLE THERIAULT. I wonder how many employees have explicitly given their consent for the myriad of surveillance technologies the company has imposed upon them.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. They may just say, do you mind if we watch you a bit? You know, check here. Great.

---

GRAHAM CLULEY. Thank goodness we left industry when we did Carole to work for ourselves because we would be in so much trouble.

---

CAROLE THERIAULT. Wouldn't it be nice to have secure communications through a critical event, be it a cyberattack, an extreme weather event, or even civil unrest? Wouldn't it be nice to know that you were communicating to the right people so you can deploy resources to areas where they are most needed? And wouldn't it be nice to have all this delivered out-of-band so there is continued communication even if your own infrastructure is compromised?

The answer is yes, yes it would. Say hello to BlackBerry's SecuSuite. Certified to meet the highest security requirements, SecuSuite protects against threats to enterprise and local and national security by enabling secure communications on conventional mobile devices.

With BlackBerry's SecuSuite, employees can make secure phone calls and exchange secure messages, including group chats, on the devices that they already carry. How cool is that? Find out more at smashingsecurity.com/blackberry. And thanks to BlackBerry for sponsoring the show.

---

GRAHAM CLULEY. Quick question. Do your end users always, and I mean always without exception, work on company-owned devices and IT-approved apps? I didn't think so.

So my next question is, how do you keep your company's data safe when it's sitting on all of those unmanaged apps and devices? Well, 1Password has an answer to this question, and it's called Extended Access Management. 1Password Extended Access Management helps you secure every sign-in for every app on every device because it solves the problems traditional IAM and MDM can't touch.

Go and check it out for yourself at 1password.com/smashing. That's 1password.com/smashing. And thanks to the folks at 1Password for supporting the show.

---

CAROLE THERIAULT. Do zero-day exploits and supply chain attacks keep you up at night? Worry no more. You can harden your security with ThreatLocker.

Imagine taking a proactive deny-by-default approach to cybersecurity, blocking every action, process, and user unless specifically authorized by your team. ThreatLocker helps you do this and provides a full audit of every action for risk management and compliance. Onboarding and operation is fully supported by their US-based support team.

Stop the exploitation of trusted applications within your organization to keep you running efficiently and securely. Worldwide, companies like JetBlue trust ThreatLocker to secure their data and keep their business operations flying high. To learn more about how ThreatLocker can mitigate unknown threats and ensure compliance for your organization, visit smashingsecurity.com/threatlocker. That's smashingsecurity.com/threatlocker. And thank you to ThreatLocker for sponsoring the show.

---

GRAHAM CLULEY. And welcome back. Can you join us for our favorite part of the show? The part of the show that we like to call Pick of the Week.

---

CAROLE THERIAULT. Pick of the Week.

---

GRAHAM CLULEY. Pick of the Week. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security related necessarily.

---

CAROLE THERIAULT. Better not be.

---

GRAHAM CLULEY. Well, my Pick of the Week this week is not security related.

---

CAROLE THERIAULT. Good.

---

GRAHAM CLULEY. My pick of the week this week is a documentary, a couple of documentaries actually. I think I was on Blue Sky checking out the feed, loving Blue Sky, and someone posted a link to a documentary all about a retail department store in the United States.

Now, most retail stores are pretty bland, aren't they, these days? Corporate and dull, you know, if you've been to one Tesco's or Walmart, you've been to them all. Turns out, doesn't have to be that way.

There was, between the mid-'70s and the 1990s, a company which had over 200 stores across America, and its feature stores were quite unique in terms of their bizarre architecture.

---

CAROLE THERIAULT. I want to know what it is, because I might have been there.

---

GRAHAM CLULEY. Have you ever been to—

---

CAROLE THERIAULT. McDonald's?

---

GRAHAM CLULEY. No. Okay.

---

CAROLE THERIAULT. They have a weird architecture, back then anyway.

---

GRAHAM CLULEY. Best Products Company. Have you heard of Best Products?

---

CAROLE THERIAULT. That's the name that they would have outside there.

---

GRAHAM CLULEY. Would have been terrible for SEO, wouldn't it? I mean, you'd never have been able to find it.

---

CAROLE THERIAULT. No, I don't know them. I don't know them.

---

GRAHAM CLULEY. They went bankrupt in the 1990s. And sadly, the buildings were not preserved, which is a shame because the buildings were extraordinary.

And there are a few documentaries up on YouTube about these buildings. And Carole, what I've done is I'm sharing a few photographs of some of these buildings with you so you can check them out.

And— Oh, wow. Yeah. Yeah, yeah.

So, you are looking, for instance, right now at an image of a big concrete store, right? You can imagine that great big cube or rectangle, you know, cuboid kind of thing.

And it's like a piece of Lego. There's a corner of it which has been sort of ripped out.

You can see all the jagged pieces, right? You're actually looking at a photograph there of the opening day when they let off loads of balloons.

---

CAROLE THERIAULT. Can I just say, really, really wonderful pic of the week. And this is basically Graham trying to get you to follow him on Blue Sky, 'cause I'm sure he'll share the images.

---

GRAHAM CLULEY. But one of the interesting things was the guy who was in charge of the stores said, if I want to protect my store from people breaking in at night, what better way than to have concrete walls all the way around the building rather than doors? So that bit you can see of the corner used to come out on tracks at the opening of the store and then would close to make a perfect—

---

CAROLE THERIAULT. Oh, that's quite cool.

---

GRAHAM CLULEY. Yeah, isn't it? There was another building where everything's all slanty on the outside.

There was another one where it looks like the building's fallen apart. There was another one I saw, which was actually sort of built in a forest.

So you have the front of the store, and behind it is the forest. So you go through the front of the store, and then you're in a forest, and you carry on, and then you walk into the store.

And it's all open up to the elements.

---

CAROLE THERIAULT. It is disgusting that these weren't preserved in any way. There must have been some legal quagmire as to why, but—

---

GRAHAM CLULEY. I don't know. I don't know. They are works of art. And they're— in the documentaries, you hear about people who used to go to the fire brigade, because they'd have driven past, they'd be a stranger to the town, and say, oh my God, I think this building is falling down. It's sort of peeling away from itself. And they'd say, oh no, hang on. No, no, no, you don't have to worry.

---

CAROLE THERIAULT. Wow.

---

GRAHAM CLULEY. That's how the building looks. It's been built like that. And I think it's fantastic. I didn't know about this before.

---

CAROLE THERIAULT. No, me neither.

---

GRAHAM CLULEY. Loved watching the documentaries.

---

CAROLE THERIAULT. Super creative.

---

GRAHAM CLULEY. I'll put the links in the show notes where people can learn more. Carole, what's your pick of the week?

---

CAROLE THERIAULT. So my pick of the week was inspired by one of our listeners, one of you out there. A shout out to Mark O from BC, a fellow Canuck. And fellow cribbage lover who wrote in about a recent pick of the week of mine, the card game cribbage, which I still play very regularly.

And he also recently learned about the game during COVID lockdown and is pretty enthusiastic, just like me. And Mark O recommends a book called Play Winning Cribbage by Delynn Colvert.

So link in the show notes. And he's advising me to read this so I can kick my husband's butt at the game. So love that strategy.

Because we're planning a mini tournament over the Crimbo Halls.

---

GRAHAM CLULEY. Don't let your husband know that you've got the book.

---

CAROLE THERIAULT. He doesn't listen to the show anymore. He's much too busy, so I don't have to worry. But I can let you guys all know, and you guys can do the same.

And as an extra pick of the week, I have found a much better cribbage app than the one I recommended about, I don't know, two months ago, where you can play with hints or with muggins. Muggins is where you get penalized if you can't count properly, which turns out that happens to me all the time.

But the app is called Cribbage Classic by Games by Post LLC. So link in the show notes for that too.

---

GRAHAM CLULEY. And that's on smartphones, is it?

---

CAROLE THERIAULT. Yeah, that's on smartphones. You can get it for Android and Apple for sure. So cool.

The Cribbage Classic app and Play Winning Cribbage by Delynn Colvert. Thank you very much, Mark. Oh, that's my pick of weeks.

---

GRAHAM CLULEY. Lovely stuff. And that just about wraps up the show for this week. You can find Smashing Security on Bluesky, unlike Twitter, which wouldn't let us have a G.

And don't forget, to ensure you never miss another episode, follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Pocket Casts.

---

CAROLE THERIAULT. And shout out to our episode sponsors, ThreatLocker, BlackBerry, and 1Password. And of course, to our wonderful Patreon community.

It's their support that helps us give you this show for free. For episode show notes, sponsorship info, guest list, and the entire back catalog, more than 394 episodes, check out smashingsecurity.com.

Smashingsecurity.com.

---

GRAHAM CLULEY. Until next time. Cheerio. Bye-bye.

---

CAROLE THERIAULT. Bye-bye. Oh, shit. I got that wrong.

395 episodes.

---

GRAHAM CLULEY. Is it too many episodes, Graham?

---

CAROLE THERIAULT. There's too many. There's too many.

-- TRANSCRIPT ENDS --