This transcript was generated automatically, and has not been manually verified. It may contain errors and omissions. In particular, speaker labels, proper nouns, and attributions may be incorrect. Treat it as a helpful guide rather than a verbatim record — for the real thing, give the episode a listen.

---

---

ROBOT. This is Mikko Hypponen. I'm an infosec rock star and I listen to Smashing Security podcast every time I go to a sauna. And I go to a sauna a lot. Smashing Security, episode 287. Lost in Translation, Spiders, and Slapping Tortillas with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 287. My name's Graham Cluley.

---

CAROLE THERIAULT. Hi, and I'm Carole Theriault.

---

GRAHAM CLULEY. Welcome back, Carole. We've had our little summer holiday and we're back, folks, and we're joined by a special guest. Carole, who've we got in the hot seat this week?

---

CAROLE THERIAULT. We have cybersecurity czar Mikko Hypponen, who has just written a new book called If it's smart, it's vulnerable. And we're gonna chat all about that during your section, aren't we today, Mikko?

---

MIKKO HYPPONEN. Well, yes we are. And thanks for having me, both of you, Graham and Carole.

---

CAROLE THERIAULT. We love having you here, and especially on our first show after the holidays, which is gonna be probably a car crash. So we're glad someone like you's here to witness it.

---

GRAHAM CLULEY. We've forgotten how to make podcasts, haven't we?

---

CAROLE THERIAULT. Exactly.

---

GRAHAM CLULEY. 4 weeks off.

---

CAROLE THERIAULT. Exactly. But let's, what, should we kick off, Graham?

---

MIKKO HYPPONEN. Should we try this?

---

GRAHAM CLULEY. Sure, go for it. All right.

---

CAROLE THERIAULT. Well, now before we kick off, let's just thank this week's sponsors, Bitwarden. Kolide, and Gigamon. It's their support that helps us give you this show for free. Coming up on today's show, Graham, what do you got?

---

GRAHAM CLULEY. Oh, I'm going to be completely lost in translation.

---

CAROLE THERIAULT. Ooh, Mikko, what about you?

---

MIKKO HYPPONEN. Well, I'm just here to plug my new book.

---

GRAHAM CLULEY. That's good.

---

CAROLE THERIAULT. And I will be entering the world of creepy crawlies. All this and much more coming up on this episode of Smashing Security.

---

GRAHAM CLULEY. Ustavaat, ustaavaat, chums, chums. Pun sinuul panaan Google... I'm speaking to you today by Google Translate because Mikko Hypponen is in the room.

---

CAROLE THERIAULT. And Mikko... Did he make any sense?

---

MIKKO HYPPONEN. This is painful. Please make it end.

---

GRAHAM CLULEY. I'm trying to make you feel comfortable. I'm using Google Translate. To use some of those phrases you may be familiar with. I've done some research online. I found that Finns, they aren't ever in a very bad mood. They're "kuunpirsasin ammutukahu." Yeah, it's like a bear shot in the ass. Is that right?

---

CAROLE THERIAULT. Does he sound like a native, Mikko?

---

MIKKO HYPPONEN. Yes. No, he doesn't. No, no. It's actually, it's said "kuunpirsäsen ammutukahu." That's how you would say it.

---

GRAHAM CLULEY. Yeah, well, more or less.

---

CAROLE THERIAULT. It's kind of sexy the way he says it.

---

GRAHAM CLULEY. People aren't crazy. They have— one of the moulins has left the valley or something. Is the phrase, like having a coupon short of a toaster rack. All of these wonderful— Finns don't apparently get big-headed. They have piss coming up their head. Is that right? Nussekkusipahan?

---

MIKKO HYPPONEN. Nussekkusipahan, indeed.

---

GRAHAM CLULEY. Yes, yes.

---

CAROLE THERIAULT. How can you describe that? Can you explain piss coming up to their head?

---

MIKKO HYPPONEN. Yes, yes. Basically, you know, I suppose the idea is that if you never take a leak, eventually the piss will reach your brains.

---

CAROLE THERIAULT. And not taking a leak is big-headed?

---

MIKKO HYPPONEN. I don't know.

---

GRAHAM CLULEY. It's an unwise thing maybe in Finland, although you'd think with all that cold, it would actually be sensible not to have a wee sometimes. But Mikko, I've never failed to be impressed by people who speak another language fluently. You're at all impressed with me?

---

MIKKO HYPPONEN. I'm very impressed.

---

GRAHAM CLULEY. Thank you.

---

MIKKO HYPPONEN. Yes, this is amazing. Well, I have to add you one of the phrases we use here, maybe the most Finnish of them all. When we tell someone to get the hell out of here, we simply tell them to ski to a c—

---

GRAHAM CLULEY. And that beep you heard was for the benefit of our sponsors this week.

---

CAROLE THERIAULT. And our American listeners.

---

GRAHAM CLULEY. But the truth is, it's not very easy for some of us to take on a foreign language. And that's why many of us will use a translation tool like Google Translate. Google Translate is amazing. It's been around since 2006. We probably all take it for granted by now. It's been around over 15 years. Hundreds of millions of people are using it all of the time. It's not perfect, of course. Sometimes it struggles with some language combinations. I see that it's still not handling Klingon, for instance.

---

CAROLE THERIAULT. That's outrageous.

---

GRAHAM CLULEY. Well, Carole, I'm not surprised you're outraged, because of course you managed to convince the developers at Sophos to translate Sophos antivirus into Klingon not so many years ago. Well, I say not so many years ago, 2009. In the before times.

---

CAROLE THERIAULT. So that's what happened.

---

GRAHAM CLULEY. Antivirus companies were busy doing rather than stopping malware, translating their software into Klingon way back then. And just like Google, you know, people were suspicious of Google because they give you all these free tools, but of course they're really data mining you and finding out what you're up to and learning all about you.

---

CAROLE THERIAULT. Well, both are true. I don't think those are mutually exclusive things, right?

---

GRAHAM CLULEY. Well, no, but I mean it. I mean, with the Klingon antivirus, we were also using that in an underhand way to find information about our customers. Yes, yes.

---

CAROLE THERIAULT. Shut up.

---

GRAHAM CLULEY. You may have forgotten, Crow, that we did a press release naming the capital cities for Klingon speakers around the world. 'Cause we looked at— we analysed the data for where the Klingon antivirus was being downloaded.

---

CAROLE THERIAULT. Yes, where the next Klingon Empire might show up on Earth. We were ready.

---

GRAHAM CLULEY. And the number one city in the world? Helsinki. And who do we have here?

---

MIKKO HYPPONEN. Mikko!

---

GRAHAM CLULEY. Beating Manchester. And I can't—

---

MIKKO HYPPONEN. I can't explain that either, and I don't speak Klingon myself.

---

GRAHAM CLULEY. Strange, isn't it? So why am I talking about Google Translate? Well, the boffins at Check Point have just released some research about some malware they've discovered just recently called NitroCod. What do you—

---

CAROLE THERIAULT. you obviously have something to say about the name. What do you think about that name?

---

GRAHAM CLULEY. What, NitroCod? Bit fishy. I could say that, maybe. It's— be an obvious one to do, but—

---

CAROLE THERIAULT. I missed you, Clue.

---

GRAHAM CLULEY. I missed you.

---

CAROLE THERIAULT. Yeah.

---

MIKKO HYPPONEN. Yeah, they picked the name because the domain was available.

---

GRAHAM CLULEY. Yes, probably. NitroCod, it sounds like a fish superhero really, doesn't it? Something from the Marvel Universe. But NitroCod is apparently a crypto mining— yes, people are still crypto mining— a crypto mining malware campaign which has infected computers in at least 11 countries. They reckon thousands of computers may have been infected. And what's interesting about it is that NitroCod has been distributed for years without anyone noticing on free software download sites. And these weren't download sites you'd never heard of at some dodgy domain.com, places like Softpedia, which is a fairly, you know, well-established place where millions and millions of downloads are happening every day. And so NitroCod was being downloaded, posing as tools with names like Google Translate Desktop. And the blurb for this download says that it's the desktop version of the free Google Translate online service that we all know and love. Says that it's 100% clean.

---

CAROLE THERIAULT. I trust that.

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. And Google would never say that.

---

GRAHAM CLULEY. Their lawyers wouldn't let them, probably. Exactly.

---

CAROLE THERIAULT. Exactly.

---

GRAHAM CLULEY. We guarantee you nothing. You know, it may well obliterate your drive. Who knows what? So why would you want a desktop version of Google Translate anyway?

---

MIKKO HYPPONEN. Yeah, why would you do that? I mean, if you have a computer, you could just go to the web.

---

GRAHAM CLULEY. Yeah.

---

CAROLE THERIAULT. That's what I do.

---

GRAHAM CLULEY. Yeah. You would if you have an internet connection. I mean, there are situations possibly where you don't have an internet connection. Maybe you're in the European Union, you've visited Europe, and your country has left the European Union, and so data plans are now very, very expensive when you go overseas. And so you think, I'm turning off my bloody internet while I'm over there. But you want to translate, you know, 'avez-vous' and 'baguette' or whatever it is into— Well, that was actually in French, wasn't it?

---

CAROLE THERIAULT. Do you have a baguette, Graham? Not at the moment.

---

GRAHAM CLULEY. No, Carole. I mean, it's not that sort of podcast. What do you— Just joking. But it'd be handy to translate something, even if you're offline sometimes. But the weird thing is this: this desktop app actually works. The way in which it works is it runs a Chromium browser inside an app. So it takes you to— What? Have you noticed there are quite a lot of these so-called apps which actually run a web browser inside a— sort of frame. No. Have you not seen this?

---

CAROLE THERIAULT. Well, I don't download enough apps, I guess. Like what? Can you give us examples?

---

GRAHAM CLULEY. Well, there are things like, for instance, you— there may be like, oh, so Gmail, right? People use Gmail, but— and people want the Gmail user experience, but they'd like it in an app for their particular flavour of computer. And so you install this app and then you find out, hang on a minute, this is so much like Gmail. Oh, it actually is Gmail. What they've done is they've put a Chromium browser inside the app, which is going to Gmail. What is the bloody point of this? I don't know. So you still need an internet connection for the darn thing to work. So not really as useful as you might imagine. Quite pointless, really. And of course, some people choose to download it because they think that's what they really need and it's free. And surprise, surprise, these particular desktop apps are malicious. They don't really come from Google, of course. And even though they do translate your words because they're just running Google Translate in a browser inside an app, what they're doing is something rather fishy underneath, which is that after 4 weeks or so of you running it, something like a month after you first install it, it is actually beginning to do the crypto mining. It's beginning to mine for cryptocurrency in the background, using up your Windows computer's resources. Chugging away while you're trying to translate, "My hovercraft is full of eels." Thank God you're here, Mikko.

---

CAROLE THERIAULT. Thank God.

---

GRAHAM CLULEY. Yeah, so it's doing all this dirty work, but it's deliberately taken a long time before it begins. And so the antivirus research labs, the people who are analyzing the malware or the automated systems which are analyzing files, trying to determine whether it's something malicious, Well, they're not running for a month. They're not doing multiple restarts of the device. They're not going to that extent to see if anything strange ever happens.

---

CAROLE THERIAULT. So what you're saying is they make it actually work for a long time and everyone's comfortable with how it works and then they start data mining.

---

GRAHAM CLULEY. Exactly. Well, not data mining. Crypto mining. Crypto mining. Yeah, crypto mining. Which I'm surprised, I didn't know anyone was still doing. I thought crypto mining was sort of A bit 2018.

---

CAROLE THERIAULT. It is a bit passé. It is, you know.

---

MIKKO HYPPONEN. Well, it depends on what they're mining for. Obviously not for bitcoin or Ethereum. It's going to be something more niche. But if there's money to be made, someone's going to try to make it like this.

---

CAROLE THERIAULT. Mm-hmm.

---

GRAHAM CLULEY. Yeah. Yeah. So it's an attempt to avoid detection in sandboxes. And it's also looking for known virtual machine processes to see if someone's trying to analyze what it does inside of sort of secure bubble. It's also looking for security products if they're on the computer, because if they are, it thinks, oh, I don't want anything behavioral picking up what I'm doing. And then it will just simply exploit. But according to Check Point, this has allowed this campaign to successfully operate under the radar for years, and it's been unnoticed. This Turkish developer, they say, NitroCod, has been popping it out.

---

MIKKO HYPPONEN. It's quite clever, actually. I mean, not just from the point of view of security companies, but also from the point of view of the victims. I mean, of course, they might notice that, you know, my fan is going crazy on my laptop and my machine is really hot, but they don't really realize what's what's going on and which app it might be because they didn't install anything recently. If they installed something a month ago, they're gonna forget all about it.

---

CAROLE THERIAULT. And also they're thinking, maybe I need to get a new laptop, it's not working properly.

---

GRAHAM CLULEY. Well, it occurs to me that you could write a piece of crypto mining malware which only activated during the summer months. So we've just had a heat wave across much of Europe. A piece of malware could do a lookup at a local weather site or something.

---

CAROLE THERIAULT. Oh, the climate crisis is actually a good thing. Is that what you're trying to say?

---

GRAHAM CLULEY. I think they're just going to say, oh, you know, well, this is an ideal time to turn on the fan and all the rest of it and use up lots of GPU or CPU and all cycles on the computer because their fan's going to be going hell for leather anyway, trying to keep cool in this weather.

---

MIKKO HYPPONEN. Graham, once again, I hate the way you think.

---

CAROLE THERIAULT. Yes.

---

GRAHAM CLULEY. So—

---

CAROLE THERIAULT. Hear, hear.

---

GRAHAM CLULEY. My advice. Don't install—

---

CAROLE THERIAULT. Don't listen to his advice, people.

---

GRAHAM CLULEY. Don't install desktop translation software. If you need a quick translation offline, hire a Finnish person. Mikko's available in between plugging his book.

---

CAROLE THERIAULT. Yeah, hit him up on Twitter for translations.

---

GRAHAM CLULEY. Anyway, Mikko, mitä tarina sinula on niitä tala orkkojolla? Mikko, what story do you have for us this week?

---

MIKKO HYPPONEN. Well— I actually want to add something on top of what you just said about Chromium being embedded into applications. And it just reminded me of something I learned last week, which is that Google Chrome, the web browser, actually has a full-blown antivirus program built in. Oh, yes, it's the Chrome Cleanup, which you can actually access from the address bar by typing in chrome://settings/cleanup, and then it will scan your computer and find malicious programs and clean them up. Apparently they licensed this from ESET, so it is a real full-blown antivirus product. Our programs have become so huge, you can just throw in an additional antivirus and no one's going to notice.

---

GRAHAM CLULEY. I'm also surprised no cybersecurity companies have launched an antitrust suit against Google for, you know, shipping this antivirus in with all of their popular browsers. Maybe they could claim it's anti-competitive. I don't know.

---

MIKKO HYPPONEN. Well, they didn't know. They're going to learn about it now from the Smashing Security podcast.

---

CAROLE THERIAULT. Exactly. This is where news breaks, people. This is it.

---

MIKKO HYPPONEN. Anyway, I've been busy for the last two years on my book project, so I'm really happy I have a book out now. It was released in early August by Wiley globally in a language all of the listeners can understand, which is English. I did write the book originally in Finnish, and it came out here in Finland already last year, but now it's published by Wiley, and it's called "If It's Smart, It's Vulnerable." And that wasn't the original title either. The original name for the book here in Finland was simply "Internet," because surprisingly, nobody had written a book called "Internet" before, so I did.

---

GRAHAM CLULEY. But there might be a reason, Mikko, why they hadn't written a book called "Internet" before, because it It would be terrible search engine optimization for anyone trying to find it online.

---

MIKKO HYPPONEN. Oh, okay. Well, that's true. That's true. And I did get a couple of funny-looking screenshots from people who were downloading ebook version of my book, which simply says downloading internet. Please wait. Anyway, we had to change the title, not just because maybe of the reasons you mentioned, but my international publisher didn't like the title. We went through tons of different English titles. Finally, Wiley simply told me that, hold on, Mikko, there's a law named after you, the Hypponen Law. We should use that as the book title.

---

GRAHAM CLULEY. And this wasn't a law because you had done something wrong? It wasn't a law that was like, yeah, you're a murderer and we need— It wasn't throttling people with a ponytail or some sort of thing like that? No.

---

MIKKO HYPPONEN. Okay. No, Graham. No, it's not. Funnily enough, now that you mention it, Mikko Hypponen is not a rare name. There's plenty of people called Mikko Hypponen, including a convicted murderer.

---

CAROLE THERIAULT. So, oh, oh, that's interesting. Conspiracy theory, conspiracy theories.

---

MIKKO HYPPONEN. And this is one of the reasons why I've been trying to get verified on Twitter. Ah, but, uh, you know, no such luck.

---

CAROLE THERIAULT. So you've written a book for the last— so basically, while most of us were wearing pajamas for the last two years during the pandemic, uh, you wrote a book. And so, so what did you cover? Can you give us like an outline for our listeners that haven't, you know, Right. Yeah.

---

MIKKO HYPPONEN. Well, the title is a reference to smart devices and IoT devices, and that's one of the big themes of the books, like why everything is going online, why all the devices are becoming smart. How is that a problem for security? What could we be doing about it? However, it's not just about that. It's actually a combination of the things that I think I've learned over the last 31 years. So there's lots of topics covered— malware evolution, organized cybercrime gangs, online espionage, cyberwar, future of information security, and then tons of stories because I know people like stories and I've collected the best stories from my career.

---

CAROLE THERIAULT. Yeah. And anyone who's like, you know, listening to Mikko now and going, God, he sounds good, right? But does he really know his stuff? I can promise he does. And you could actually— didn't you do a TED Talk once?

---

MIKKO HYPPONEN. I did, yeah. Yeah, actually, this book project started after I did my TED Talk in 2011 because I was back then contacted by multiple publishers and they were all telling me that, you know, you should write a book, write a book, we'll publish it for you. All TED speakers publish a book. You should do a book, Mikko. And I tried for all this time, I tried, but with the travel rate I've been sustaining for the last 10 years, it wasn't going anywhere. So it did really take a pandemic for me to finish this project.

---

GRAHAM CLULEY. So Mikko, you've been working in the world of cybersecurity for so very long.

---

CAROLE THERIAULT. Well, he's not that old. He's not like ancient.

---

GRAHAM CLULEY. Well, he's about as old as me. I mean, what is—

---

CAROLE THERIAULT. Oh, he doesn't look it.

---

GRAHAM CLULEY. What are the—

---

MIKKO HYPPONEN. Carole, please behave.

---

GRAHAM CLULEY. What are some of the craziest things you've heard about? What sort of things have surprised you or just been shocking to you? Maybe when it comes to things like Well, you talked about Mikko's Law, which is that if it's smart, it's vulnerable. When it comes to IoT devices, what, what are some of the maddest things you've heard about there?

---

MIKKO HYPPONEN. Well, I remember when the first Mirai botnet versions came out, that was the first major botnet infecting IoT devices to build denial of service botnets. Before that, all denial of service botnets were being built from infected computers, and now these attackers were going after something else than computers. And we were fingerprinting infected devices and we found all kinds of weird things, including heat pumps. So these things people keep in their houses for AC and for heating. And while doing IP range scanning, we found infected heat pumps from this one company. And we actually were able to identify the company. So I called them up and I ended up speaking with this—

---

CAROLE THERIAULT. Did you call them up? You dialed the number?

---

GRAHAM CLULEY. Yep.

---

MIKKO HYPPONEN. Personally? I spoke to them. I spoke with them. And they were like, yeah, Hello, and I explained, hello, this is Mikko Hypponen, we work with information security.

---

GRAHAM CLULEY. They said, you're not the Mikko Hypponen who's the murderer, they said, you know, just reassurance.

---

CAROLE THERIAULT. I was going to say, Mikko what? Sorry?

---

GRAHAM CLULEY. You're not verified on Twitter, you can't be, you know, who are you calling us?

---

MIKKO HYPPONEN. I should have never told them about the murderer, you know. Nevertheless, I explained to them that, you know, there's this massively large outbreak going around, they've built this botnet, which is right now launching an attack against the root DNS servers of the internet. So the whole internet has been slowed down because of this attack. And one of the nodes which is doing the attack is the heat pump in your office. And they were like, oh, well, interesting. And they were like, well, it works fine. They're not going to do anything about it. Like, why would we care as long as it works and pumps heat, why do I care? And that's when I realized that these kind of problems will not be fixed by the end users. It has to be fixed by the manufacturers.

---

CAROLE THERIAULT. Yeah, 100%. We had someone on recently who was talking about his relationship with law enforcement as a journalist. He was an investigative journalist. Have you been able to work with law enforcement to catch people. Do you talk about that in the book?

---

MIKKO HYPPONEN. Yep, there's stories in the book about that as well. I've been involved in multiple cases where we've tracked down people, at least, um, we believe the right persons behind various different cases. Then we worked with the law enforcement, and of course we can't arrest people. We're just company, you know, we're civilians. But there have been arrests and convictions based on the work we've done, and I cover some of those cases in the book. And that is very rewarding. But then again, I've also learned through these years that when you work with law enforcement with cases like this, it is a very one-way road. I mean, they're very happy to accept information and evidence and logs and things, but then they don't really tell you what they're doing until something like an arrest happens.

---

CAROLE THERIAULT. Oh, you see, so it's unfulfilling at the time. I imagine that because you pour your heart out trying to do the right thing and you hear nothing. You don't even pat on the head.

---

MIKKO HYPPONEN. Yep, yep.

---

GRAHAM CLULEY. Have you ever felt frustrated by that, Mikko? Have you ever wanted to go in Dirty Harry style and actually round— because it is frustrating, isn't it? If you, if you know who's behind an attack and maybe the law enforcement in that particular country are turning a blind eye, or maybe the process is taking far, far too long, have you ever thought, you know, there should be another way of dealing with this?

---

MIKKO HYPPONEN. Well, I've been frustrated especially with the sentences, especially in Western countries, let's say EU countries or European countries. It, it's, it's, um, we're not really giving the kind of sentences that we should be giving if we really would like to show the example to potential new online criminals that crime doesn't pay.

---

CAROLE THERIAULT. This is fascinating. What do you think the typical sentence is and what should it be?

---

MIKKO HYPPONEN. Well, I've worked with many cases where people have been caught for computer crime before, they've been sentenced before, they've got a probation sentence, they would have gotten jail time, but it's first-timers, so you go free. Then they get caught again, they get sentenced again. And me, as not an expert of law, I would always assume that if you are already sitting a probation sentence and you get caught again, now you're going to go to jail. Turns out that's not the case. There's been multiple cases where they get found again and sentenced again, and they're still not going to jail. And that's not really giving any kind of an example for potential newcomers. So yeah.

---

CAROLE THERIAULT. And it's scary for us because normally the people that get really hurt in these situations, like in ransomware situations or all this, it's the customer. It's the customer whose data has been stolen or computer has been infected from through some provider that they're using. And it can be difficult, right? Like no one's there to save you.

---

GRAHAM CLULEY. Yeah.

---

MIKKO HYPPONEN. And the upsides are so obvious. The last time I was here as your guest, we spoke about cybercrime unicorns and about how much money these biggest gangs are making. So there's plenty of young people seeing these criminal hackers as their heroes. Like these guys are driving around in Rolls-Royces and Lambos and, you know, they want to do the same. And that's not what we want to see happening.

---

CAROLE THERIAULT. I don't even want to see a Lamborghini on the roads. Like, I don't know if they know about the energy crisis, but yeah, can you just, can you just not? Electric cars, please.

---

GRAHAM CLULEY. So I've got a follow-on question from that. Sometimes what we've seen is cybercriminals who've become so notorious that they actually have a bit of a public image and they can then be the bad boys and they can start a career maybe as a security consultant or maybe as, dare I say, a TED speaker or a public speaker or something like that. So people— Yes, I know people who end up, they go from the criminal world to the good world, but they're almost trading on their past crimes. What do you think about that? Do you think, I mean, it's better than them carrying on committing crimes, I suppose, Does it leave a bad taste in the mouth?

---

CAROLE THERIAULT. You can say pass on that one.

---

GRAHAM CLULEY. It does for me.

---

MIKKO HYPPONEN. When someone gets caught for breaking the law and they get sentenced and they pay their dues, they pay their debt to the society, of course, we as a society should welcome them back as much as we can. That's why we want to rehabilitate all kinds of criminals, including cybercriminals. Criminals. So I might not be interested in hiring people with a criminal record, but if they can turn their past into a future career, I'm not really going to hold that against them.

---

CAROLE THERIAULT. Especially if it helps people, right? If they're providing good advice and solid information. It's okay, Graham. Some people do bad stuff. I've done bad stuff before. Now I'm good.

---

GRAHAM CLULEY. Oh, tell us, No! Well, please.

---

CAROLE THERIAULT. Of course I'm not going to.

---

GRAHAM CLULEY. Anyway, it's a great book. I've had a chance to read it. Thank you so much, Mikko.

---

CAROLE THERIAULT. Tell us again the name of the book.

---

MIKKO HYPPONEN. It is If It's Smart, It's Vulnerable.

---

CAROLE THERIAULT. If It's Smart, It's Vulnerable.

---

GRAHAM CLULEY. Available in all good bookshops and probably on Amazon as well.

---

MIKKO HYPPONEN. Excellent.

---

CAROLE THERIAULT. There you go, listeners. Run, don't dawdle.

---

GRAHAM CLULEY. Carole, what have you got for us this week?

---

CAROLE THERIAULT. So creepy crawlies, and more specifically the 8-legged kind. And I actually should probably issue a trigger warning, right? Because I'm sure some of our listeners might pale at the thought of a spider. And if that's the case, skip forward about 12 minutes to the Pick of the Week section. So let's start with you, Mikko. What's your relationship with spiders?

---

MIKKO HYPPONEN. Well, I do like the World Wide Web.

---

CAROLE THERIAULT. A C. And that's why you're on a comedy podcast. No, but if there was a big spider in the corner of your room in your house, what's your immediate reaction? And is it different from anyone else in your household?

---

MIKKO HYPPONEN. I don't know. I don't really mind them. There's plenty of spiders around here. I think my attitude changed a couple of years ago when I saw a photo special in some magazine or newspaper where they had close-ups of spiders and their faces, because spiders have faces and they look They look friendly. They don't look scary at all.

---

GRAHAM CLULEY. They've got a nice smile, haven't they? Yeah, they've got a glint in their eyes. Yeah, they're all right.

---

CAROLE THERIAULT. They've got a smile.

---

MIKKO HYPPONEN. Yeah. So I don't mind. I don't mind them.

---

GRAHAM CLULEY. They're good at tap dancing as well.

---

CAROLE THERIAULT. Clue, what about you? If there's a spider in the corner of your house?

---

GRAHAM CLULEY. Well, yeah, I mean, I'm in England, which means that, you know, the spiders are completely harmless. So I'm fine with that.

---

CAROLE THERIAULT. Oh, you think so?

---

GRAHAM CLULEY. Interesting. I think they are, aren't they?

---

CAROLE THERIAULT. Interesting. Yeah, no, we're going to talk about that later. Because we've had a friend, Graham, actually, do you remember? About 10 years ago, a friend, we were still at work and a colleague called us in a panic because they wanted to have a barbecue, but they had a great massive huge spider that made the barbecue lid its home.

---

GRAHAM CLULEY. Yeah, we won't name her, but it's Yogi you're talking about, isn't it? Yeah.

---

CAROLE THERIAULT. And we drove over like, like in an emergency because she was panicked to, you know, and tiny, tiny little spider in the lid of a barbecue, like whatever, right?

---

GRAHAM CLULEY. At least it wasn't a butterfly. Those she was particularly terrified of.

---

CAROLE THERIAULT. Anyway, I want to introduce you to an arachnologist at McGill University in Montreal named Catherine Scott, Dr. Catherine Scott. And apparently when she tells people she's an arachnologist, she often gets told the story about how that one time the spider bit me. Hmm. And the thing is, Dr. Scott told Annette, if you don't see a crushed up spider near you or you don't see one on your body, it's very likely the bite mark came from something else because there's like an estimated 50,000 known species of spiders in the world and only a very few can hurt humans. And it turns out that these fears and misunderstandings about our eight-legged friends are reflected in the news, which is probably why we have such fears of them.

---

GRAHAM CLULEY. Right? Yeah.

---

CAROLE THERIAULT. So recently, more than 60 researchers from around the world, including Dr. Scott, collected more than 5,000 news stories about spider bites published online between 2010 and 2020. And this is from 81 countries in 40 different languages. And the idea was whether or not the article had a factual error or emotionally fraught language. And the aim was to find out how much misinformation about spiders was actually spreading and what could that tell us about our world today, which feels inundated with misinformation.

---

GRAHAM CLULEY. Yeah. Ah.

---

MIKKO HYPPONEN. Well, I was wondering where this is going. So you're going towards misinformation.

---

GRAHAM CLULEY. Uh-huh.

---

CAROLE THERIAULT. Suddenly you thought you were like on National Geographic or something.

---

MIKKO HYPPONEN. I was about to change the channel.

---

CAROLE THERIAULT. No, hey, hey, hey. Okay, you guys, now you guys, it's now active time, Mikko. So you guys have to guess the percentage. So what percentage of articles of this 5,000 they looked at do you think they rated as sensationalistic?

---

GRAHAM CLULEY. Oh, but hang on, hang on.

---

CAROLE THERIAULT. These are I'll tell you what sensationalism means if you want.

---

GRAHAM CLULEY. No, you don't need to. You don't need to. I know what it means. But the thing is— well, you can if you want.

---

CAROLE THERIAULT. No, no, I'm just saying they had a method of measuring it because all 60 researchers had to do the same thing.

---

GRAHAM CLULEY. All right, all right. But it's just— so what you've said is they were analyzing stories to find out which of them were sensational, which had a factual error or something like that. I can just imagine some spider nerd saying, oh, they've called it Arachnus minuscus, and in fact it's Arachnus moroscus. You know, it's a lovely outside, lovely outside.

---

CAROLE THERIAULT. And do you know what's really funny? That actually happened. I thought that when I was reading actually the stuff, because at one point they said they called it an insect and actually it was a rat. So that does happen.

---

GRAHAM CLULEY. And similarly, we in the cybersecurity industry might say, oh well, they called it a virus, actually it's a Trojan horse, you know. And it's just, of course they're going to be sensational because they're trying to sell newspapers. So you will cyber attack, you know, rather than a cyber infection.

---

CAROLE THERIAULT. You're defending your way of doing news, right?

---

GRAHAM CLULEY. No, I'm defending the way news— I mean, news has to be interesting to get people to read it in order to learn something. And sometimes you have to use a little— you don't want to be completely and utterly dull and academic. And similarly, some of the details—

---

CAROLE THERIAULT. Like, yeah, why— yeah, get rid of the truth, guys. Just make it fun.

---

GRAHAM CLULEY. No, no, I'm not saying get rid of the truth. I'm just saying that I suspect the spider industry, the spider academic world, is probably similar to the cybersecurity world in being a little bit nerdy and precious about some of this.

---

CAROLE THERIAULT. Okay, I wanna know what you think. If I say killer spider loose in London, okay? That's my title, okay? Would you say that saying killer is actually like he has killed something before 'cause he has to eat?

---

GRAHAM CLULEY. Yeah, he's killed flies.

---

CAROLE THERIAULT. You know?

---

GRAHAM CLULEY. Yeah, killed flies. That's fair enough.

---

CAROLE THERIAULT. Exactly. So you would argue that and you'd think that was okay? Not clickjacky at all.

---

MIKKO HYPPONEN. Is this a headline from the Daily Mail?

---

GRAHAM CLULEY. I made it up.

---

CAROLE THERIAULT. I made it up.

---

MIKKO HYPPONEN. Also, Graham, I don't think there actually is a spider industry.

---

GRAHAM CLULEY. Oh, right.

---

CAROLE THERIAULT. Okay. I'm going to quote the New York Times here. Okay. So errors, which tended to cluster around sensationalized stories, of which they were almost 50%, right? So 50% of them almost were either rated sensationalistic because they had words like murder or night nightmare, terror, nasty devil killer, that kind of thing.

---

GRAHAM CLULEY. Spiders are murdering now as well, are they?

---

CAROLE THERIAULT. Exactly. So these sensationalized stories would shoot around the world in days, from India to China to Poland to Argentina to the US. And these would often start at a very regional level, where the story would then be amplified by national and then international news outlets. And I think we could— we can attest to that, because when I used to I work for a blog, news blog, we would be looking around for a brand new angle or weird way to explain something. And we found something in Kathmandu that happened to someone that was related to our news blog, we would have probably tried to report it and say, you know. Now according to misinformation scientists, this is a defining characteristic of modern misinformation, the magnification of small errors that support a certain narrative. So basically like what we used to call Chinese whispers. That sounds terribly inappropriate now. But you know that idea that as you tell someone and then they tell someone and they tell someone, the story morphs into something completely new. Now Mikko, this is fascinating for both you and Graham because the coverage of spiders differed wildly by country, or widely and wildly by country. In the US, we'll start there where spider coverage was mixed, right? So there was publications with an international or national audience. They were more likely to sensationalize nationalized spider news than the regional ones. Okay, in the U.S. Australia, the home to more dangerous spiders than almost anywhere other country in the entire world, publications was consistently accurate, rarely charged with emotion.

---

GRAHAM CLULEY. Right.

---

CAROLE THERIAULT. Spider stories in Mexico were deemed almost entirely sensational, while spider news in Finland—

---

MIKKO HYPPONEN. Mikko, hey—

---

CAROLE THERIAULT. was wholly anachronologist-approved. Like 100%.

---

MIKKO HYPPONEN. Ah, even the story I read about the photos of the close-ups of spiders, I'm sure was scientifically accurate.

---

CAROLE THERIAULT. I just wonder—

---

GRAHAM CLULEY. There you go. There's a huge spider industry in Finland. That's why. It's like telecoms. Nokia then expanded into spiders. That's what they did.

---

MIKKO HYPPONEN. Stop it.

---

CAROLE THERIAULT. Now we head to Old Blighty, Graham, which is apparently the source of the greatest amount of spider misinformation. Despite having very few dangerously venomous spider species. So again, to quote the New York Times about speaking about the UK, they have had to close schools many times because of reports of this false black widow, Dr. Mamola said, noting that black widows are almost never found in Britain or confused notably with the false widow, which has much less venomous bite. And there were cases of people burning down their houses because of spiders.

---

GRAHAM CLULEY. What?

---

CAROLE THERIAULT. This is what he says. Now, Finland versus UK, does that say anything about your characters, do you think, as well? Because misinformation land versus, you know, proper information, or our media maybe.

---

GRAHAM CLULEY. Yes.

---

MIKKO HYPPONEN. Yeah, yeah, it's the Mirror and the Daily Mail. That's what you have to blame for.

---

CAROLE THERIAULT. Yes, I agree. I agree. So someone, Javin West, an information scientist at the University of Washington, sees parallels between this, you know, spread of sensationalized spider news and the circulation of misinformation in the 2020 American election.

---

GRAHAM CLULEY. Oh.

---

CAROLE THERIAULT. But now we have the 2022 election, which is upcoming, and people are kind of concerned about misinformation circling again, because many of the most circulated articles in 2020 were picked up by national publications, television shows, and social media. So it makes sense to us, right? So tiny little news stories get kind of magnified. And studies show that people often trust their local publications more than national ones because it tells you about recent relevant events in your community. But as that information goes national, factual errors end up adding to a narrative of misinformation because you want to add sensationalism, as you were arguing earlier, right? Because you want clicks, you want people to read your article. So what do you do? Do you have any advice on how to avoid falling in a trap of misinformation?

---

GRAHAM CLULEY. I do. I do have some advice, which I'm very happy to share. Mikko has his law, which is, "If it's smart, it's vulnerable." I'd like to introduce you to Cluley's law now, which is—

---

MIKKO HYPPONEN. I'm making notes.

---

GRAHAM CLULEY. If you see the word "spider" in a headline, replace it with "guinea pig" and see if you still think it makes sense. If it says, "Killer guinea pig rampages across London," you instantly think, "No, that's probably not true." Or man dies after being bitten by guinea pig. Probably not true, right? Or radioactive guinea pig attacks nuclear power station. It's again, not true. So that would be my suggestion.

---

CAROLE THERIAULT. I love that.

---

GRAHAM CLULEY. Exactly. Because you've already got a lovely view of a guinea pig. A guinea pig's a gorgeous thing with a little fluffy little thing going around eating grass and all that.

---

CAROLE THERIAULT. Now, what if it was a political leader or incumbent? Can we still replace it with the word guinea pig?

---

GRAHAM CLULEY. In some cases, a guinea pig would be a better choice. So why not? Might have similar hair. Who knows?

---

MIKKO HYPPONEN. Might be, might be. But of course, the real advice regarding misinformation and fake news and all of that is to double-check the news, check the sources, make a Google search, don't believe everything by first sighting. And I'm glad to tell you that in my In my experience, the younger generation is much better to be suspicious of news which might not be true. When the internet came around, it was the parents warning their children not to believe everything you read online. Now it seems to be the other way around, and it's the parents who fall for every single goddamn conspiracy theory.

---

CAROLE THERIAULT. Yeah, listen to your kids. They're always right 100% of the time. They're never bullshitting you ever.

---

MIKKO HYPPONEN. That's Carole Theriault's law.

---

CAROLE THERIAULT. Yes, right.

---

GRAHAM CLULEY. Anyone who's listened to Smashing Security over the years will know that we believe that everyone, whether you're a single end user or a business, should use a password manager. And the password manager we're recommending is Bitwarden. Millions of users around the world, including many of the world's largest organizations, trust Bitwarden to protect their online information using a transparent, open-source approach to password management. You can effortlessly manage all your passwords and logins backed by end-to-end 256-bit encryption. And for the enterprises out there, Bitwarden recently added SCIM support, making it even easier to provision and manage users. For password security you can trust, get started today with Bitwarden. Learn more at bitwarden.com/smashing. Take security of your passwords and logins more seriously by visiting bitwarden.com/smashing. And thanks to Bitwarden, they're great folks for supporting the show. Gigamon is the leading deep observability company. It offers a deep observability pipeline that harnesses actionable network-level intelligence to amplify the power of observability tools, enabling companies to conquer blind spots and overcome the threat of today's sophisticated ransomware attacks. Gigamon's latest report into the state of ransomware reveals how insider threats are evolving, what impact cyber insurance and blame culture are having on the cybersecurity industry, and why deep observability is the new frontier for tackling The ransomware crisis. So what are you waiting for? Download the report today at www.gigamon.com/smashing. That's www.gigamon.com/smashing. And thanks to Gigamon for supporting the show. Collide sends employees important, timely, and relevant security recommendations for their Linux, Mac, and Windows devices right inside Slack. Kolide is perfect for organizations that care deeply about compliance and security, but don't want to get there by locking down devices to the point where they become unusable. So instead of frustrating your employees, Kolide educates them about security and device management while directing them to fix important problems. Sign up today by visiting smashingsecurity.com/kolide. That's smashingsecurity.com/kolide. K-o-l-i-d-e. Enter your email when prompted, and you will receive a free Kolide goodie bag after your trial activates. You can try Kolide with all of its features on an unlimited number of devices for free, no credit card required. Try it out at smashingsecurity.com/kolide. That's smashingsecurity.com/k-o-l-i-d-e. And thanks to Kolide Smashing Security for supporting the show. And welcome back. Can you join us at our favorite part of the show? The part of the show that we like to call Pick of the Week.

---

CAROLE THERIAULT. Pick of the Week.

---

MIKKO HYPPONEN. Pick of the Week.

---

GRAHAM CLULEY. Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app. Whatever they wish. It doesn't have to be security related necessarily.

---

CAROLE THERIAULT. Better not be.

---

GRAHAM CLULEY. Well, my Pick of the Week this week is not security related. It's also not a book that I've read, a funny story, a TV show, a movie, a record, a podcast, a website, or an app. Oh. What it is, is I was out. I popped round to a friend's house the other evening, and I was chatting to some other people there I hadn't met before. And they were telling me about a party game that they'd played.

---

MIKKO HYPPONEN. Hmm.

---

GRAHAM CLULEY. I didn't— I haven't actually played this party game yet, but they described it to me. They'd been at a party.

---

MIKKO HYPPONEN. Go on.

---

GRAHAM CLULEY. And it sounded like it was a bit of fun. And I thought maybe some of our listeners, like me, are intrigued and might want to try it. Try it next time they have a party. Or maybe some listeners have already tried this.

---

CAROLE THERIAULT. And they can report to us what happened.

---

GRAHAM CLULEY. They can report back to me whether I should bother doing it.

---

MIKKO HYPPONEN. Or maybe someone should invite Graham to a party.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. That would be nice.

---

CAROLE THERIAULT. Yeah, and meanwhile, Graham will attest that it's fantastic and give it a huge amount of advertising. Let's go, Graham.

---

GRAHAM CLULEY. My pick of the week this week is not a game you can buy. It's a game you can just play. All you need to do is buy some tortilla wraps, okay? Okay. Get yourself some tortilla wraps and a quantity of water. And what you do is you fill up your mouth with water, right? So, so your mouth is full of water, right? Imagine that. I can't speak while my mouth is actually full of water, so I'm, I'm asking you to use your imagination at this point.

---

CAROLE THERIAULT. I'm picturing it right now. It looks beautiful.

---

GRAHAM CLULEY. You and the other person have got their mouths full of water, right? Like almost to bursting.

---

CAROLE THERIAULT. Yeah.

---

GRAHAM CLULEY. And the important thing is that you should not laugh and you should not drink the water or of course spew it out. Out, and then you take a tortilla wrap and you put it in your hand, and you play with the other hand, you play rock-paper-scissors. So, you know, like rock, rock, rock, scissors, or whatever, you know. And whichever one beats the other one— you know how rock-paper-scissors works.

---

CAROLE THERIAULT. So you're holding a tortilla in one hand, you're holding water in your mouth.

---

GRAHAM CLULEY. Water in your mouth, yes.

---

CAROLE THERIAULT. Yeah. And with the other hand, you're playing rock-paper-scissors.

---

GRAHAM CLULEY. Rock-paper-scissors.

---

CAROLE THERIAULT. You know how to party. My Oh my freaking God.

---

GRAHAM CLULEY. Right, and one of you is going to win the game of rock-paper-scissors.

---

CAROLE THERIAULT. Okay.

---

GRAHAM CLULEY. At which point you slap the other person round the face with the tortilla wrap.

---

CAROLE THERIAULT. Okay, now it's got more fun.

---

GRAHAM CLULEY. Their job— Their job is not to laugh or spew out the water. And indeed, you mustn't laugh at their reaction of being slapped with the tortilla wrap. That, ladies and gentlemen, is what the middle classes are playing in England today. And I thought I would share that with the world.

---

CAROLE THERIAULT. Don't you think that 3 weeks off was fantastic for you? Look!

---

GRAHAM CLULEY. It's a lot better than some of my past Picks of the Week, let's be honest.

---

CAROLE THERIAULT. What's really sad is you didn't even frickin' play this! You had 3 weeks off, you're just recording! I'm going to.

---

GRAHAM CLULEY. I'm going to next time I'm at a party and have some tortilla wraps, I'm gonna say, "Ooh, I know what we should do now." I'll come round to yours, Carole. Have you got tortilla wraps at your place? Mikko, would you play this?

---

CAROLE THERIAULT. Ugh, no, no.

---

MIKKO HYPPONEN. I would not.

---

CAROLE THERIAULT. Why? Because the hair or dignity?

---

MIKKO HYPPONEN. I'm sure we can come up with much better party games, I'm sure.

---

CAROLE THERIAULT. I look forward to you coming on the show again and telling us what your new party game is.

---

MIKKO HYPPONEN. It's going to be my pick of the week next time.

---

CAROLE THERIAULT. Fantastic.

---

GRAHAM CLULEY. Mikko, what's your pick of the week?

---

MIKKO HYPPONEN. Well, my pick of the week is actually going to be a movie because I spent the beginning of August doing the full hacker summer camp in Las Vegas. So that's B-Sides Las Vegas, then Black Hat and then DEF CON. And that's, that's like a week in Vegas.

---

CAROLE THERIAULT. That's enough.

---

MIKKO HYPPONEN. Well, you know, Vegas is, it's, it's a tough place to be for a week, but actually this time around it wasn't that bad. My favorite place to hang out in Vegas is Pinball Hall of Fame, which has 400 pinballs. I'm a big pinball fan and they've moved, they actually built a whole new facility on the Strip. So it's actually now close. It's actually walkable from the Mandalay Bay Hotel, which is where the Black Hat is, is held nowadays.

---

CAROLE THERIAULT. So does, does anyone walk in Vegas though? Seriously?

---

MIKKO HYPPONEN. Well, no, it's, it's, it's very hard. In fact, my step counter for the first day of DEF CON told me I did like 16 kilometers of walking, which was just going back and forth between the different hotels. So it's, it's quite crazy how big it is. But nevertheless, Pinball Hall of Fame is walkable from Mandalay Bay. That's what all that mattered to me. Now, my pick of the week isn't going to be Pinball Hall of Fame. It's going to be a DEF CON movie, a movie called called DEF CON: The Documentary. Um, let me read the description from here. DEF CON is the world's largest hacking conference held in Las Vegas. In 2012, it was held for the 20th time. The conference has strict no-filming policies, but for DEF CON 20, a documentary crew was allowed full access to the event. The film follows the 4 days of the conference, the events, and the people, and covers the history and philosophy behind DEF CON. So that was 10 years ago, and I spent the return flight from Vegas watching this film, and it's great. It's almost 2 hours going through the history and how DEF CON works, and it interviews everybody who's involved. Obviously, Geoff Moss, who founded DEF CON, Geoff who wrote the foreword for my book, is of course very much in there. And this whole project was organized by Jason Scott, which some of you and some of the listeners would know from his work at the Internet Archive, which is the place where you can download this documentary for free. We'll have a link in the show notes.

---

CAROLE THERIAULT. Amazing.

---

GRAHAM CLULEY. Fantastic. Sounds like a really good watch. Thank you for that, Mikko. Carole, what's your pick of the week?

---

CAROLE THERIAULT. Okay, I'm kind of regretting my pick of the week now.

---

MIKKO HYPPONEN. Oh.

---

CAROLE THERIAULT. Because it's me. It's me.

---

GRAHAM CLULEY. What? You're picking yourself?

---

CAROLE THERIAULT. Yes, because listeners, I'm not talking to Graham. I've got my blinders on. As you know, as you know, I've been working on, you know, doing art stuff and becoming an artist in the last few years. And earlier this year, I was part of like Oxford Art Weeks and sold some paintings, and that was exciting. And largely because many of you sent me words of support and encouragement, I thought, screw it, I'm going to enter a few paintings into the Oxford Art Society Open Exhibition. And one of them got selected, and it was like a super big honor. And Graham, you even came, didn't you?

---

GRAHAM CLULEY. I did. I came to the exhibition. And can I— what a great special. Your art, it was fantastic, by the way, Carole. I haven't told you this yet. It was so great seeing your art up there on the wall.

---

CAROLE THERIAULT. I was so excited. I was so excited.

---

GRAHAM CLULEY. All alongside these other childish scribblings by other artists.

---

CAROLE THERIAULT. Oh, come on, there's so much great stuff.

---

GRAHAM CLULEY. No, to be honest, there were— everything was— well, no, there was a couple of rubbish things, but most of it was really good. Um, and I was very, very impressed by the, uh, selection of art which are up there, and very proud as well to see one of your paintings It was tremendous.

---

CAROLE THERIAULT. Thanks, buddy.

---

MIKKO HYPPONEN. Well, Carole, I'm browsing through your website right now. Actually, you are good. And, you know, this is great.

---

GRAHAM CLULEY. Thank you.

---

CAROLE THERIAULT. Mikko, I'm blushing. Now, what makes the story even cuter is the painting was inspired by a snap that my mom took of her neighborhood in Ottawa, Canada over the summer. And even better is the first time in 4 years my parents are visiting me in the UK and they're going to get to see the painting. Of her photo in the show, and she doesn't know yet.

---

GRAHAM CLULEY. Ah, yes.

---

CAROLE THERIAULT. Um, so as Mikko said, if you want to see my art, you can. Okay, carole.wtf. That's a website, really. carole.wtf. And it works. And but I would suggest also, and I'll put this in the show notes, the Oxford Art Society has the whole exhibition online. Um, I wouldn't say it's a super slick, uh, user experience, but you can totally see all the art that's there, and you can even buy And if you're in Oxford, get your butt down to SJE on Iffley Road and go see more than 200 paintings of Oxford artists. And it's really— caliber's high. It's quite cool.

---

GRAHAM CLULEY. It was really good. It was really good.

---

CAROLE THERIAULT. And can I have two more minutes? I want to say thank you really for helping me. So I have a painting called Treehouse Two, which I'm going to send the original to a lucky listener.

---

GRAHAM CLULEY. Listener.

---

CAROLE THERIAULT. So if you like the stuff and you think it's cool and you would like to own an original, okay, that was painted just last week, all you gotta do is write a 4-line poem about Mikko or Smashing Security. Your choice.

---

MIKKO HYPPONEN. What?

---

CAROLE THERIAULT. Yeah, Mikko or Smashing Security or both.

---

GRAHAM CLULEY. Nothing rhymes with Mikko.

---

CAROLE THERIAULT. Send your entry to by Monday, September 5th at midnight, and the winner will be announced on the show. And maybe, Mikko, if we get a winner, you'll want to send them one of your books as well.

---

MIKKO HYPPONEN. Yeah, absolutely.

---

GRAHAM CLULEY. We will.

---

MIKKO HYPPONEN. We will. With an autograph and dedication. Absolutely.

---

CAROLE THERIAULT. Exactly.

---

MIKKO HYPPONEN. All right.

---

CAROLE THERIAULT. This is now becoming a goodie bag.

---

MIKKO HYPPONEN. But the poem thingy, because nobody can come up with a word which rhymes with Mikko unless they're some kind of a weird sicko.

---

GRAHAM CLULEY. Make it rhyme with Hypponen instead. That'd be smart. So much easier.

---

CAROLE THERIAULT. Anyway, that's my pick of the week. Me and the Oxford Art Society, which has been a brilliant experience.

---

GRAHAM CLULEY. Okay, so get your poems about the podcast, about Mikko, or about Carole's art or whatever to by the end of Monday the 5th.

---

MIKKO HYPPONEN. Yep.

---

GRAHAM CLULEY. To be in with a chance. Terrific. Yay. Well, that just about wraps up the podcast this week. Mikko, I'm sure Lots of our listeners would love to follow you online, find out more about your book. What's the best way for folks to do that?

---

MIKKO HYPPONEN. That's mikko.com, M-I-K-K-O.com.

---

GRAHAM CLULEY. Fantastic. And you can follow us on Twitter @SmashInSecurity, no G, Twitter won't allow us to have a G. And we've also got a Smashing Security subreddit as well. So find us up there and don't forget to ensure that you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Apple Podcasts, Spotify, and Google Podcasts.

---

CAROLE THERIAULT. And massive, massive thank you to this episode's sponsors, Bitwarden, Kolide, and Gigamon. And of course, to our wonderful Patreon community. It's thanks to them all this show is free. If you want to see episode show notes, sponsorship information, guest list, and the entire back catalog of more than 286 episodes, check out smashingsecurity.com.

---

GRAHAM CLULEY. Until next time, cheerio. Bye-bye. Bye.

---

MIKKO HYPPONEN. Thank you.

---

GRAHAM CLULEY. Bye-bye. Cheers, Mikko!

---

MIKKO HYPPONEN. Oh, that was painful.

---

CAROLE THERIAULT. Was it?

---

MIKKO HYPPONEN. No, it was fine. That was great.

---

CAROLE THERIAULT. It was You were great. We talked a lot about your book. We had a cute angle, right? I think the angle's cute there.

---

MIKKO HYPPONEN. The angle for this episode is self-promotion.

---

GRAHAM CLULEY. I think you'll find my pick of the week was the best this week. I'll just say that.

---

MIKKO HYPPONEN. Slap a tortilla.

---

CAROLE THERIAULT. I'm going to try that with my parents tonight. Okay, bye.

---

GRAHAM CLULEY. Thank you. Thank you so much, Mikko. I really appreciate it.

---

CAROLE THERIAULT. Yeah, you're a god. Thank you. Cheers.

---

GRAHAM CLULEY. Bye-bye.

---

MIKKO HYPPONEN. Cheers.

-- TRANSCRIPT ENDS --