WEBVTT

1
00:01:09.003 --> 00:01:16.055
<v Unknown>Smashing Security, episode 310, Verified Blue Ransomware, blue ticks, and horny AI chatbots with Carole Theriault and Graham Cluley. Hello, hello, and welcome to Smashing Security episode 310.</v>

2
00:01:16.055 --> 00:01:23.109
<v Unknown>My name's Graham Cluley.</v>

3
00:01:23.109 --> 00:01:35.251
<v Carole Theriault>And I'm Carole Theriault.</v>

4
00:01:35.251 --> 00:01:51.998
<v Graham Cluley>Hello, Carole.</v>

5
00:01:51.998 --> 00:02:03.066
<v Carole Theriault>Hello, Graham.</v>

6
00:01:55.129 --> 00:02:06.671
<v Carole Theriault>Are you feeling responsible?</v>

7
00:02:03.066 --> 00:02:09.075
<v Graham Cluley>Lovely to have you here on the show. Well, it's not really my show to say lovely to have you here, is it?</v>

8
00:02:06.671 --> 00:02:16.671
<v Graham Cluley>No, I'm not feeling responsible.</v>

9
00:02:09.075 --> 00:02:15.086
<v Graham Cluley>It's oh, hello, you're here, I'm here. It's we bumped into each other in the kitchen or something that, isn't it?</v>

10
00:02:15.086 --> 00:02:21.705
<v Carole Theriault>The reason he's funneling his words is we don't have a guest today and he doesn't know what to do because</v>

11
00:02:16.671 --> 00:02:26.671
<v Graham Cluley>I don't think it's anything</v>

12
00:02:21.705 --> 00:02:28.325
<v Carole Theriault>we don't have anyone to pick on.</v>

13
00:02:26.671 --> 00:02:36.671
<v Graham Cluley>to do with me.</v>

14
00:02:28.325 --> 00:02:34.026
<v Graham Cluley>Ah, no guest. But, you know, that can sometimes mean a show with a bit more oomph, a bit more vim, a bit more whizbang.</v>

15
00:02:34.026 --> 00:02:39.725
<v Graham Cluley>Yeah, something that.</v>

16
00:02:39.725 --> 00:02:45.778
<v Carole Theriault>Fantastic. I look forward to it. How about before we kick off, let's thank this week's sponsors, Bitwarden, Kolide, and SecureEnvoy.</v>

17
00:02:45.778 --> 00:02:51.831
<v Carole Theriault>It's their support that helps us give you this show for free. Now, coming up in today's show, Graham, what do you got?</v>

18
00:02:51.831 --> 00:03:06.831
<v Graham Cluley>Well, Crow, I'm</v>

19
00:03:06.831 --> 00:03:21.831
<v Graham Cluley>going to be verifying you.</v>

20
00:03:16.161 --> 00:03:21.531
<v Graham Cluley>Graham Cluley, I've got a question for you.</v>

21
00:03:21.531 --> 00:03:26.901
<v Graham Cluley>I've got a question for you.</v>

22
00:03:26.901 --> 00:03:56.901
<v Carole Theriault>Shoot.</v>

23
00:03:29.649 --> 00:03:59.649
<v Carole Theriault>I think you should.</v>

24
00:04:20.500 --> 00:04:26.906
<v Carole Theriault>No, I'm sure I do have some sort of presence. I don't go into the murky waters.</v>

25
00:04:26.906 --> 00:04:33.312
<v Carole Theriault>I don't check it. I've done— Yeah, I don't care.</v>

26
00:04:33.312 --> 00:04:39.975
<v Graham Cluley>You don't have somewhere where you post up your</v>

27
00:04:39.975 --> 00:04:46.637
<v Graham Cluley>poetry, your LiveJournal?</v>

28
00:04:46.637 --> 00:04:52.769
<v Carole Theriault>No, not yet.</v>

29
00:04:52.769 --> 00:04:58.903
<v Carole Theriault>I should have a place to put my art, right?</v>

30
00:04:58.903 --> 00:05:10.576
<v Graham Cluley>Yes, you should.</v>

31
00:05:10.576 --> 00:05:25.382
<v Carole Theriault>I know.</v>

32
00:05:25.382 --> 00:05:55.382
<v Graham Cluley>Other than crow.wtf.</v>

33
00:05:50.391 --> 00:05:57.382
<v Graham Cluley>But yeah, you know how people say cloud is just someone else's computer. You should just say social media is just a cesspool of shit.</v>

34
00:05:57.382 --> 00:06:04.374
<v Graham Cluley>Maybe you could get a little meme going.</v>

35
00:06:04.374 --> 00:06:18.151
<v Carole Theriault>T-shirt?</v>

36
00:06:18.151 --> 00:06:27.187
<v Graham Cluley>Yeah. Yes. Why not? Sell stickers or something that.</v>

37
00:06:27.187 --> 00:06:36.221
<v Graham Cluley>Anyway, of course there are social networks who can offer to verify you. I'm verified on a few sites. So for instance, I'm verified on Mastodon, although that's a sort of self-verification.</v>

38
00:06:36.221 --> 00:06:41.997
<v Carole Theriault>I am who I say I</v>

39
00:06:41.997 --> 00:06:47.771
<v Carole Theriault>am, I promise.</v>

40
00:06:47.771 --> 00:06:57.608
<v Graham Cluley>Yeah, well, I, and I link it to my website. So my website, if you trust my website, then it verifies that my account is connected to each other. So, so that works. And on Twitter, I've got the little blue tick mark.</v>

41
00:06:48.499 --> 00:06:50.016
<v Graham Cluley>Why should it have anything to do with me?</v>

42
00:06:50.016 --> 00:07:00.016
<v Carole Theriault>You were oh, it's a badge of honor to get this tick</v>

43
00:06:57.608 --> 00:07:09.437
<v Carole Theriault>You paying for that?</v>

44
00:07:00.016 --> 00:07:10.016
<v Carole Theriault>so early on. I feel— and other people were you going, oh,</v>

45
00:07:09.437 --> 00:07:19.437
<v Graham Cluley>No, certainly not. In fact, I would pay to have it removed because of</v>

46
00:07:10.016 --> 00:07:20.016
<v Carole Theriault>I'm special, I have a little blue tick.</v>

47
00:07:14.745 --> 00:07:22.245
<v Carole Theriault>I don't the sound of that at all.</v>

48
00:07:19.437 --> 00:07:29.437
<v Graham Cluley>course it used to be It used to be a sign of distinction.</v>

49
00:07:22.245 --> 00:07:29.745
<v Carole Theriault>And we are going to do a bit of math.</v>

50
00:07:29.437 --> 00:07:39.437
<v Graham Cluley>It used to be a sign that you somehow were being recognized.</v>

51
00:07:29.745 --> 00:07:37.245
<v Carole Theriault>Sex plus AI equals what exactly?</v>

52
00:07:32.749 --> 00:07:42.749
<v Graham Cluley>Well, yeah, possibly, but Twitter spotted what I was doing and thought, oh yes, we're impressed by him. We'll give him a blue tick. That's in the good old days of Twitter, of course.</v>

53
00:07:37.245 --> 00:07:44.745
<v Carole Theriault>Well, we'll find out all this and much more coming up on this episode of Smashing Security.</v>

54
00:07:42.749 --> 00:07:52.749
<v Graham Cluley>And now they're selling these blue ticks instead. But it's not just Twitter. Facebook, I refuse to call them Meta.</v>

55
00:07:52.749 --> 00:08:02.749
<v Graham Cluley>They're trying to call themselves Meta now, but let's be honest, they're Facebook. Facebook has made a big announcement because Facebook and Instagram, which until now have been entirely free to use. Well, are they free to use, Carole?</v>

56
00:07:53.951 --> 00:07:59.771
<v Graham Cluley>No, they're not free to use. They're not free to use because you are paying with your very soul.</v>

57
00:07:59.771 --> 00:08:05.593
<v Graham Cluley>Carole, you are paying with your person.</v>

58
00:08:05.593 --> 00:08:12.237
<v Carole Theriault>Oh, not on Twitter, not on Twitter, but</v>

59
00:08:12.237 --> 00:08:18.882
<v Carole Theriault>definitely on— okay.</v>

60
00:08:18.882 --> 00:08:26.098
<v Graham Cluley>Yeah. There's a lot more competent data mining going on on Facebook and Instagram and those sort of sites than there is on Twitter, I suspect.</v>

61
00:08:26.098 --> 00:08:33.313
<v Graham Cluley>So the amount of information which you're uploading to Facebook, and of course we saw the whole Cambridge Analytica debacle occurring, that's one of the ways in which Facebook is making money is through that enormously targeted advertising, whereas no one's really interested in advertising on Twitter anymore unless they're selling things to Nazis.</v>

62
00:08:33.313 --> 00:08:39.083
<v Carole Theriault>And that's why they're a little bit ticked off with Apple's new privacy features on the phones, right?</v>

63
00:08:39.083 --> 00:08:44.854
<v Carole Theriault>Because they have less tracking ability for ads.</v>

64
00:08:40.600 --> 00:09:10.600
<v Graham Cluley>Are you verified?</v>

65
00:08:44.854 --> 00:08:52.597
<v Graham Cluley>That's right. Yeah. Apple, whether you think it's a good thing or not, have been sort of curtailing some of the activity which we've seen before from different websites and different apps as to how much they can track you and putting more control in the hands of the users. But anyway, Facebook and Instagram, what they've announced this week is they are now going to directly charge users a subscription fee, a monthly subscription fee. Now it is opt-in.</v>

66
00:08:52.597 --> 00:09:00.341
<v Graham Cluley>You have to choose to want to do this. It's not compulsory. It's not something which they're going to impose on you if you don't want it. But they are going to say if you want to have a verified account, you are going to have to pay us money.</v>

67
00:09:00.341 --> 00:09:06.897
<v Carole Theriault>A question.</v>

68
00:09:06.897 --> 00:09:13.451
<v Carole Theriault>Are they talking, do you feel, to individuals or are they talking to companies or both?</v>

69
00:09:13.451 --> 00:09:18.690
<v Graham Cluley>At this present time, the verification tick which they're going to offer people is only available to people. It's not available right now to brands and businesses. Now, historically, both people and brands have been able to get themselves verified.</v>

70
00:09:18.690 --> 00:09:23.927
<v Graham Cluley>Facebook believes that they've proven themselves to be worthy recipients of a blue checkmark. And you had to jump through some hoops and it wasn't an easy process, but now they're saying, well, if you will cough up, and it's a totally reasonable amount of money, it's only $11.99 per month. If you pay $11.99 per month, or—</v>

71
00:09:23.927 --> 00:09:53.927
<v Carole Theriault>It's ridiculous.</v>

72
00:09:49.264 --> 00:10:03.298
<v Carole Theriault>Are you feeling responsible?</v>

73
00:10:03.298 --> 00:10:12.868
<v Graham Cluley>No, I'm not feeling responsible. I don't think it's anything to do with me.</v>

74
00:10:12.868 --> 00:10:24.111
<v Carole Theriault>I think you should.</v>

75
00:10:24.111 --> 00:10:34.111
<v Graham Cluley>Why should it</v>

76
00:10:34.111 --> 00:10:44.111
<v Graham Cluley>have anything to</v>

77
00:10:44.111 --> 00:10:54.111
<v Graham Cluley>do with me?</v>

78
00:10:51.157 --> 00:10:59.873
<v Graham Cluley>Now it's been devalued.</v>

79
00:10:59.873 --> 00:11:08.589
<v Graham Cluley>Thank you very much.</v>

80
00:11:08.589 --> 00:11:18.610
<v Carole Theriault>Thank you very much.</v>

81
00:11:18.610 --> 00:11:23.750
<v Graham Cluley>Now it's nothing to me. Now it's been devalued. Now I don't want a blue tick because I'm worried people will think that I've paid for it. Now, of course, it's not become a badge of honor.</v>

82
00:11:23.750 --> 00:11:28.890
<v Graham Cluley>Now it's shame. Shame to have a blue tick. That's what I'd say. Because you're putting money inside Elon's pocket or bloody Mark Zuckerberg's pocket instead.</v>

83
00:11:28.890 --> 00:11:38.583
<v Carole Theriault>It's going to be interesting. So how do you think they're going to be able to get the masses to cough up the cash? Do you think they will be able to? They have to add features, right?</v>

84
00:11:31.375 --> 00:11:46.375
<v Carole Theriault>I don't really know</v>

85
00:11:38.583 --> 00:11:45.712
<v Graham Cluley>I think when they roll this out for businesses as well, then that will be attractive to some brands because of course you don't want your brand to be mimicked</v>

86
00:11:45.712 --> 00:11:52.841
<v Graham Cluley>and copied by someone pretending to be the real you.</v>

87
00:11:46.375 --> 00:12:01.375
<v Carole Theriault>what you mean.</v>

88
00:11:52.841 --> 00:12:03.942
<v Carole Theriault>People don't want that now.</v>

89
00:12:03.942 --> 00:12:12.535
<v Graham Cluley>Well, yeah, well, I agree. I agree. So they haven't rolled it out for businesses yet, this Meta Verified checkmark, but it is gonna be coming available. You have to be at least 18 years old, and of course you have to submit government ID that matches your name and photograph that you have on Facebook and Instagram. So people are gonna be uploading their passport and driving licenses to Zucky.</v>

90
00:12:12.535 --> 00:12:42.535
<v Carole Theriault>To Zucky and friends.</v>

91
00:12:41.636 --> 00:12:49.200
<v Carole Theriault>What could— Yeah, I don't even think we need the catchphrase. I think we can just dot, dot, dot. Dot that one.</v>

92
00:12:49.200 --> 00:12:57.091
<v Graham Cluley>Yeah, I think they certainly won't abuse it.</v>

93
00:12:57.091 --> 00:13:04.984
<v Graham Cluley>They certainly, they'll look after it.</v>

94
00:13:04.984 --> 00:13:15.836
<v Carole Theriault>They'll look after it.</v>

95
00:13:15.836 --> 00:13:26.278
<v Graham Cluley>So, but you ask a very good question.</v>

96
00:13:26.278 --> 00:13:36.722
<v Graham Cluley>You ask a very good question, which is, what are you gonna get for this? What's the—</v>

97
00:13:36.722 --> 00:13:49.707
<v Carole Theriault>Other than a little blue tick.</v>

98
00:13:49.707 --> 00:13:57.899
<v Graham Cluley>Yes. Let's not knock that. You will get a blue tick. You'll also get what they call increased visibility. Now that doesn't mean you'll be able to see more. That means that other people will be able to see you more.</v>

99
00:13:57.899 --> 00:14:05.399
<v Carole Theriault>Oh, right.</v>

100
00:14:05.399 --> 00:14:12.899
<v Carole Theriault>So you're appealing</v>

101
00:14:12.899 --> 00:14:20.399
<v Carole Theriault>to the ego</v>

102
00:14:20.399 --> 00:14:27.899
<v Carole Theriault>of more spread.</v>

103
00:14:26.462 --> 00:14:36.462
<v Graham Cluley>I mean, you know, on social networks these days,</v>

104
00:14:28.490 --> 00:14:37.299
<v Carole Theriault>Or not just ego, but business or whatever, notoriety, whatever.</v>

105
00:14:36.462 --> 00:14:46.462
<v Graham Cluley>on Twitter and— No, nowhere. What, you haven't got</v>

106
00:14:37.299 --> 00:14:43.316
<v Graham Cluley>Because Facebook has an algorithm which controls the newsfeed and it's same thing on Instagram as well. They like to give preference to the people who are paying to boost their posts or advertising on these services.</v>

107
00:14:43.316 --> 00:14:49.332
<v Graham Cluley>And what they're saying is, well, look, if you get yourself one of our ticks.</v>

108
00:14:46.462 --> 00:14:56.462
<v Graham Cluley>a social networking presence at all?</v>

109
00:14:49.332 --> 00:14:57.244
<v Carole Theriault>Yeah, we'll tick you up. We'll scratch your back.</v>

110
00:14:57.244 --> 00:15:05.153
<v Carole Theriault>Yeah, we'll just, we'll fuck with the algorithm.</v>

111
00:15:05.153 --> 00:15:12.653
<v Graham Cluley>So they're going to meddle with the algorithm so that you appear more prominently to other people.</v>

112
00:15:12.653 --> 00:15:20.153
<v Graham Cluley>And lots of people want that.</v>

113
00:15:20.153 --> 00:15:27.653
<v Graham Cluley>Of course, if you're an influencer or if you want your post to be spotted because it's good for business, then maybe you will pay $14.99 per month to get this.</v>

114
00:15:21.301 --> 00:15:31.301
<v Carole Theriault>I don't want to. I just think it's a cesspit of</v>

115
00:15:27.653 --> 00:15:35.153
<v Graham Cluley>Facebook are also going to give you stickers.</v>

116
00:15:29.773 --> 00:15:39.532
<v Graham Cluley>How dare they? Well, we give our Patreon supporters stickers. That's true. But these are digital stickers.</v>

117
00:15:31.301 --> 00:15:41.301
<v Carole Theriault>shit. But I know there's you know, little glimmers of, you</v>

118
00:15:39.532 --> 00:15:54.231
<v Carole Theriault>Oh, right.</v>

119
00:15:41.301 --> 00:15:51.301
<v Carole Theriault>know, you know, rainbows and stuff.</v>

120
00:15:54.231 --> 00:16:00.755
<v Graham Cluley>So if you— Yeah, yeah, exactly.</v>

121
00:16:00.755 --> 00:16:07.280
<v Graham Cluley>They're not going to post—</v>

122
00:16:07.280 --> 00:16:19.515
<v Carole Theriault>Not old school like us. Not old school cool. All right.</v>

123
00:16:07.859 --> 00:16:17.859
<v Carole Theriault>I think it means you're— it's</v>

124
00:16:17.859 --> 00:16:27.859
<v Carole Theriault>a sign that you spent an</v>

125
00:16:19.515 --> 00:16:29.010
<v Graham Cluley>Zuck is not going to be licking envelopes and going down to the post office or anything like that. These are digital stickers.</v>

126
00:16:27.859 --> 00:16:37.859
<v Carole Theriault>awful lot of time on Twitter.</v>

127
00:16:29.010 --> 00:16:38.505
<v Graham Cluley>And he's also gonna give you 100 free stars a month to tip other creators. So this is a virtual currency.</v>

128
00:16:38.505 --> 00:16:44.980
<v Carole Theriault>Yeah. Reddit has this.</v>

129
00:16:44.980 --> 00:16:51.456
<v Carole Theriault>Reddit has a similar thing, a tip jar, right? Or kind of coin jars that you donate.</v>

130
00:16:51.456 --> 00:17:01.149
<v Graham Cluley>The gold thing. Yeah. Reddit Gold and stuff, don't they?</v>

131
00:17:01.149 --> 00:17:10.843
<v Graham Cluley>Yeah. And the final thing, which they're dangling, the carrot which they're dangling.</v>

132
00:17:10.843 --> 00:17:26.329
<v Carole Theriault>Okay, I'm really excited. Yeah.</v>

133
00:17:26.329 --> 00:17:32.924
<v Graham Cluley>If you pay money to them every month, they say that they will give you access to a real person for common account issues. That's their exact words.</v>

134
00:17:32.924 --> 00:17:39.520
<v Graham Cluley>Access to a real person for common account issues. I think that means—</v>

135
00:17:39.520 --> 00:17:48.587
<v Carole Theriault>That won't go wrong. It won't go wrong. So that means one person who is getting a salary, a nominal salary, is looking after 480 different customers at any given hour.</v>

136
00:17:48.587 --> 00:17:58.587
<v Graham Cluley>And so when their accounts get hacked, when they get compromised,</v>

137
00:17:58.587 --> 00:18:08.587
<v Graham Cluley>when they can't do anything, they'll be able to ring up</v>

138
00:18:08.587 --> 00:18:18.587
<v Graham Cluley>Bob. He'll answer the phone and help them out.</v>

139
00:18:15.491 --> 00:18:45.491
<v Carole Theriault>I don't know.</v>

140
00:18:21.182 --> 00:18:26.631
<v Graham Cluley>Because of course, there have been lots of complaints from Instagram and Facebook users over the years of their accounts being hijacked. And I just can't find a human to speak to to get this problem fixed. It's a bargain.</v>

141
00:18:26.631 --> 00:18:32.079
<v Graham Cluley>It's a bargain. That's what it is, Carole. It's a bargain.</v>

142
00:18:32.079 --> 00:18:37.997
<v Carole Theriault>So it's interesting, though, because I don't know how many people— okay, so right now I'm imagining people that I know will not be paying for this, right? They'll be saying, yeah, yeah, yeah, nice try. But at one point, what they're going to do is keep adding on some add-ons, right? And removing juice from the freebie, effectively throttling, right?</v>

143
00:18:37.997 --> 00:18:43.913
<v Carole Theriault>You got free access, you're being throttled. You want to pay, you get extra. And we always said, hey, if you want good service, you should pay for it. These are companies.</v>

144
00:18:43.913 --> 00:18:56.528
<v Graham Cluley>Yes.</v>

145
00:18:56.528 --> 00:19:04.560
<v Carole Theriault>And yeah, but it really hurts when they basically milked us cows for free to gather all the information so they could actually sell it to advertisers</v>

146
00:19:04.560 --> 00:19:12.592
<v Carole Theriault>and now say, actually, now we want you to pay.</v>

147
00:19:12.592 --> 00:19:19.798
<v Graham Cluley>Yeah, there's no suggestion here, by the way, that if you pay the money that you're no</v>

148
00:19:19.798 --> 00:19:27.002
<v Graham Cluley>longer going to get targeted ads.</v>

149
00:19:27.002 --> 00:19:32.252
<v Carole Theriault>Why not go for it, right?</v>

150
00:19:32.252 --> 00:19:37.501
<v Carole Theriault>Charge and show ads.</v>

151
00:19:37.501 --> 00:19:45.388
<v Graham Cluley>So Facebook's announcement comes in the wake of Twitter's rather desperate attempt to make some money because they chaotically released Twitter Blue checkmark late last year. It's been rather disastrous. The Twitter Blue checkmark costs a couple of dollars less than Facebook. But doesn't bother to do any of that identity verification nonsense. You don't have to give them your passport or your driving license. Just give them your money.</v>

152
00:19:45.388 --> 00:19:53.276
<v Graham Cluley>And yeah, you can call yourself whatever you want. You can pretend to be whoever you want. It's a free world. And there's some wonderful features. For instance, one of the best features of Twitter Blue is that you can change your profile picture from being a circle to being a hexagon. Well, isn't that worth $10 a month.</v>

153
00:19:53.276 --> 00:20:09.662
<v Carole Theriault>I've got angles.</v>

154
00:20:09.662 --> 00:20:15.634
<v Graham Cluley>And you can then brag that you have an NFT, apparently. It's another bargain.</v>

155
00:20:15.634 --> 00:20:21.608
<v Graham Cluley>So the other thing you can now do with your Twitter Blue account, this has just happened the last few days, is you can make use of SMS-based two-factor authentication.</v>

156
00:20:21.608 --> 00:20:32.138
<v Carole Theriault>Circa 2018?</v>

157
00:20:32.138 --> 00:21:02.138
<v Graham Cluley>Well, circa 2002, maybe.</v>

158
00:20:40.580 --> 00:20:50.580
<v Graham Cluley>If you want to buy it through your smartphone app, it'll only cost you</v>

159
00:20:50.580 --> 00:21:00.580
<v Graham Cluley>$14.99 per month to get a blue verified tick next to your name.</v>

160
00:20:56.758 --> 00:21:04.138
<v Graham Cluley>It's fairly old technology, which is looked on rather askance with people thinking maybe that's not so good. So Twitter has been telling users who've turned on text message 2FA, people who aren't paying Twitter at the moment, they've said, "We're gonna take that away from you next month. You'll no longer have 2FA turned on via SMS, but if you want it, you should upgrade to Twitter Blue and then you can have it back again." And we'll charge you a little bit of money.</v>

161
00:21:00.580 --> 00:21:10.580
<v Graham Cluley>Because of course you're paying the Apple tax as well.</v>

162
00:21:04.138 --> 00:21:11.520
<v Graham Cluley>Right, and it's gonna cost you $10 or whatever it is. Now this marketing push, it might have the regular users think that SMS-based authentication is somehow a better way to protect your account than the other methods of two-factor authentication, which are still available to free Twitter users.</v>

163
00:21:11.520 --> 00:21:26.773
<v Carole Theriault>Oh my God, that's so mortifying.</v>

164
00:21:26.773 --> 00:21:42.179
<v Graham Cluley>But of course it's not.</v>

165
00:21:42.179 --> 00:21:50.859
<v Carole Theriault>It's just chaos. It's chaos in the barn.</v>

166
00:21:50.859 --> 00:21:59.539
<v Carole Theriault>No one knows what's going on.</v>

167
00:21:59.539 --> 00:22:09.539
<v Graham Cluley>It's bonkers. So, I mean, we've talked about SMS-based two-factor authentication before and its problems.</v>

168
00:22:09.539 --> 00:22:19.539
<v Graham Cluley>It's still better than nothing. So two-factor authentication coming via text message is better than no two-factor authentication at all, I'd argue.</v>

169
00:22:11.240 --> 00:22:21.240
<v Carole Theriault>You were like, oh, it's a badge of honor to get this tick so early on, I feel. And other people were like you going, oh, I'm special.</v>

170
00:22:19.539 --> 00:22:29.539
<v Graham Cluley>But you have to hope no one who's bonkers enough to pay for Twitter Blue is tricked into thinking it's a good way to harden their security.</v>

171
00:22:21.240 --> 00:22:31.240
<v Carole Theriault>I have a little blue tick. They recognize me as an important contributor to their platform where they hoover up all my information.</v>

172
00:22:27.029 --> 00:22:33.561
<v Graham Cluley>Well, it's kind of comparable is what they're saying, isn't it? But they're not producing any of the content themselves.</v>

173
00:22:31.240 --> 00:22:41.240
<v Carole Theriault>And now— Look now, now they're charging people.</v>

174
00:22:33.561 --> 00:22:40.094
<v Graham Cluley>It's all of the people who are users who are creating the content.</v>

175
00:22:40.094 --> 00:22:46.069
<v Carole Theriault>Yeah. And I wonder if by taking money from users, if the liability changes in terms of what they provide on the service. Oh, I don't know.</v>

176
00:22:46.069 --> 00:22:52.045
<v Carole Theriault>I don't know. Expert, email us, tell us now.</v>

177
00:22:52.045 --> 00:23:01.567
<v Graham Cluley>If only Twitter had a legal team to investigate these sort of things, it would be, that'd be the thing, wouldn't it? So, so I've said that Twitter's now telling people you're going to lose SMS-based two-factor authentication. Turn it off, they're saying. Well, what's really brilliant is that people have been trying to turn it off as Twitter tells them to, and when they do, they get an error message telling them that they can't do it. So it's another, it's another disaster by Elon Musk's engineering experts in that way.</v>

178
00:23:01.567 --> 00:23:11.088
<v Graham Cluley>And on a similar note, talking about these verifications, Will Ferrell, you know Will Ferrell from Zoolander and Anchorman and all those things, he's been in the UK this month. He's been visiting various football matches and making videos mocking fans. He showed up, I think it was, I think it was at QPR, and he was slagging off the Sunderland football team. And we can hear what he said right now.</v>

179
00:23:11.088 --> 00:23:19.138
<v Carole Theriault>We're wishing you guys all the best, Sunderland. Oh, the tears of sorrow you're going to experience tonight dripping down your face into your mouth drowning you in sorrow. I can only imagine.</v>

180
00:23:19.138 --> 00:23:27.190
<v Carole Theriault>So, so what? So people are, people are lamenting the loss of a match, and he's zooming in on them and going, "Hahaha, look at that guy.</v>

181
00:23:20.796 --> 00:23:50.796
<v Graham Cluley>Facebook.</v>

182
00:23:27.190 --> 00:23:34.729
<v Graham Cluley>I'm reading poetry." He's basically saying, Sunderland, you're not going to have a good time. And then later on, the verified Twitter account of Official Wheel F wrote, "Away man, sorry Sunderland AFC," and he posted a screenshot up there as well.</v>

183
00:23:34.729 --> 00:23:42.268
<v Graham Cluley>And the BBC reported this as Will Ferrell apologising for mocking Sunderland's fans.</v>

184
00:23:42.268 --> 00:23:56.864
<v Carole Theriault>And who the fuck knows what's going on?</v>

185
00:23:56.864 --> 00:24:02.015
<v Graham Cluley>Well, the thing is that the BBC have now had to do a reverse ferret because Will Ferrell, not Will Ferret, it turned out wasn't the person who tweeted that apology. They'd fallen for an account which claimed to be official, claimed to be verified, but of course had been your standard Twitter blue checkmark nonsense. Anyway, BBC said they've removed the article in its entirety.</v>

186
00:24:02.015 --> 00:24:07.165
<v Graham Cluley>They said it was, you know, they've completely cocked up. But this is the kind of thing that's happening all the time, not just to Will Ferrell, but to other brands as well, all because of these verified checkmarks not being policed properly. So I think there will be more scams and more shenanigans going forward too.</v>

187
00:24:07.165 --> 00:24:13.582
<v Carole Theriault>Do you?</v>

188
00:24:13.582 --> 00:24:19.999
<v Carole Theriault>Is that your prediction?</v>

189
00:24:19.999 --> 00:24:28.386
<v Graham Cluley>That is my prediction. Yes, not a very controversial one, admittedly.</v>

190
00:24:28.386 --> 00:24:36.773
<v Graham Cluley>Thank you very much. Carole, no guest this week, so what have you got for us?</v>

191
00:24:36.773 --> 00:24:46.773
<v Carole Theriault>Well, regular listeners,</v>

192
00:24:46.773 --> 00:24:56.773
<v Carole Theriault>and actually maybe</v>

193
00:24:56.773 --> 00:25:06.773
<v Carole Theriault>even you, Graham, might remember—</v>

194
00:24:57.192 --> 00:25:04.839
<v Carole Theriault>—that I had a story about how a guy created a kind of avatar, a chatbot, and fell in love with this AI chatbot, and it somehow saved his marriage, he said. And I tried it myself. This was my pick of the week about a year ago, and I tried it myself in that I downloaded Replika, paid for a month, right? Just to see what would happen and how it would work. And I personally just couldn't engage. You have this avatar on the screen that you've designed, and then it kind of bombards you with really lame questions. Well, not for me lame, right?</v>

195
00:25:04.839 --> 00:25:12.486
<v Carole Theriault>Because favorite movie, favorite color, what were your dreams last night, any books you're reading, snooze ville and also nosy. Nosy Parker asking all these questions. But also I just found it boring, right? And so I have to admit, I didn't spend any time training my chatbot because if I had, slowly over time, who knows where I would be today? Divorced? Happy?</v>

196
00:25:12.486 --> 00:25:19.017
<v Graham Cluley>Right? Yeah. I mean, that'd be great, wouldn't it? With Kurt. With Goliath.</v>

197
00:25:19.017 --> 00:25:25.548
<v Graham Cluley>Or something. Oh, Goliath. Is that his name? Were you actually able to hone your chatbot to have a particular look? Were you able to give it a big manly beard and a barrel chest?</v>

198
00:25:25.548 --> 00:25:31.917
<v Carole Theriault>Yes, and a bob, a blonde bob.</v>

199
00:25:31.917 --> 00:25:38.288
<v Carole Theriault>I did all that.</v>

200
00:25:32.920 --> 00:26:02.920
<v Graham Cluley>Yes.</v>

201
00:25:38.288 --> 00:25:43.729
<v Graham Cluley>Yeah.</v>

202
00:25:43.729 --> 00:25:49.171
<v Graham Cluley>Okay, right, good.</v>

203
00:25:49.171 --> 00:25:55.590
<v Carole Theriault>There's this recent story in Vice about how Replika, the same company I spoke about ages ago, got itself into a bit of a moral quandary. So Replika was originally based on OpenAI's ChatGPT-3, but has since veered off and created its own, which it uses in combination with scripted dialogue to hold conversations. Now, 5 years ago, they say they had maybe 10% was the script, was the AI working, and 90% was people.</v>

204
00:25:55.590 --> 00:26:02.010
<v Carole Theriault>And now that's reversed. So they used to have humans there writing some of these responses, but training, I guess, you know, filling the gaps. But as they've gotten much more popular and people have downloaded it more, they've learned what the flirty chat is these days.</v>

205
00:26:02.010 --> 00:26:16.182
<v Graham Cluley>They know how to chat someone up.</v>

206
00:26:16.182 --> 00:26:22.357
<v Carole Theriault>Exactly right. And the way it works is it's a real-time chat message with a chatbot.</v>

207
00:26:20.688 --> 00:26:50.688
<v Carole Theriault>That's what we give people.</v>

208
00:26:22.357 --> 00:26:28.534
<v Carole Theriault>So, you know, they might say, what's your favorite color? You say blue and they go, I love blue.</v>

209
00:26:28.534 --> 00:26:38.256
<v Graham Cluley>Blue is the color of the sky. It's working for me. I'll tell you, I'm sold.</v>

210
00:26:38.256 --> 00:26:46.501
<v Carole Theriault>Now, if you go to the Replika website, you will see on the big front, this huge banner that says the AI companion who cares. Let me have a look. Right. Always on your side. So Replika with a K dot com.</v>

211
00:26:46.501 --> 00:26:52.634
<v Graham Cluley>Oh, it's Replika with a K. Yeah. Yeah. Okay.</v>

212
00:26:52.634 --> 00:26:58.766
<v Graham Cluley>Oh, hello. Oh yes, always here to listen and talk. Always on your side. Okay.</v>

213
00:26:58.766 --> 00:27:08.766
<v Carole Theriault>Now my question to you is, could we add the suffix about my genitals after any or all of these statements? Sorry, what?</v>

214
00:27:08.766 --> 00:27:18.766
<v Carole Theriault>The AI companion who cares about my genitals. Yes, that works.</v>

215
00:27:18.766 --> 00:27:28.766
<v Carole Theriault>Yeah. Always on your side about my genitals.</v>

216
00:27:23.049 --> 00:27:28.384
<v Carole Theriault>About my genitals, you see. Now, the sitch is this, right?</v>

217
00:27:28.384 --> 00:27:33.720
<v Carole Theriault>In a nutshell, earlier this month, the AI companion Who Cares from Replika, its customers started noticing that the companion who cared oh so much was, well, no longer able to initiate erotic roleplay scenarios.</v>

218
00:27:33.720 --> 00:27:40.769
<v Graham Cluley>Had it ever done that before? Bit of flirty, flirty, dirty stuff?</v>

219
00:27:40.769 --> 00:27:47.818
<v Graham Cluley>Well, it seems it might have.</v>

220
00:27:47.818 --> 00:27:55.101
<v Carole Theriault>Yes, seems it might have. I did not know this. That might have changed my entire experience. Yes. Hello, prude. I'd be saying, do you make toast for breakfast? And worse, worse, if you were looking for erotic roleplay scenarios, it would divert the chat to something more tame.</v>

221
00:27:55.101 --> 00:28:02.384
<v Carole Theriault>So let me do a little example here, right? Little roleplay. So if I said, for example, as the user, I might write something, hey, getting bored of its boring conversations because that hasn't initiated something erotic. Can you tell me a story involving boobs and butts? And then the Replika might reply, oh, the boobie is a bird that often butts heads with blah, blah, blah. And you'd be, no, that's not what I want. It's quite clever though.</v>

222
00:28:02.384 --> 00:28:11.452
<v Graham Cluley>I'm quite impressed. I'd be slightly turned on by that kind of intelligent talk.</v>

223
00:28:11.452 --> 00:28:20.106
<v Carole Theriault>Calm down, calm down. Now, the issue is this: there are customers who have spent months, nay, years in some cases, trying to finely tune their chatbot into the perfect partner. What? Dirty bits included, it seems. What? Really? Yes. Okay. So some of these dudes and dudettes went into a super tailspin when they couldn't get their rocks off with their bots. Some took to Reddit and Facebook, offering and accepting support, even sharing crisis helpline numbers.</v>

224
00:28:20.106 --> 00:28:30.269
<v Graham Cluley>Well, they've got a support forum.</v>

225
00:28:26.759 --> 00:28:56.759
<v Carole Theriault>Yeah.</v>

226
00:28:30.269 --> 00:28:36.561
<v Carole Theriault>Can you imagine you're volunteering at a crisis helpline and it gets clogged up with these people lamenting how their digital sexcapades have gone frigid? I guess.</v>

227
00:28:34.837 --> 00:29:04.837
<v Carole Theriault>Really?</v>

228
00:28:36.561 --> 00:28:42.853
<v Carole Theriault>But, but then again, I also kind of get it because if you dedicated months or nay, years creating a chatbot meant to meet your every whim, including the raunchy ones, right. And then a chunk of its personality and character was turned off like a tap, I would be annoyed as well, right?</v>

229
00:28:42.853 --> 00:28:51.028
<v Graham Cluley>You don't want to build it up for years and years and then just have it instantly turned off.</v>

230
00:28:51.028 --> 00:28:59.203
<v Graham Cluley>That's going to leave you hanging, isn't it?</v>

231
00:28:59.203 --> 00:29:09.203
<v Carole Theriault>What movies do you like?</v>

232
00:29:02.602 --> 00:29:12.602
<v Carole Theriault>So I have streaming services, right? So some evenings I will turn that on.</v>

233
00:29:09.203 --> 00:29:19.203
<v Carole Theriault>What's your favorite color? After years of honing</v>

234
00:29:12.602 --> 00:29:22.602
<v Carole Theriault>I pay a monthly fee and I enjoy the streaming service, right? Is this— sounds more expensive or at least as expensive as these streaming services.</v>

235
00:29:19.203 --> 00:29:29.203
<v Carole Theriault>it with your fantasies and all your stuff.</v>

236
00:29:22.602 --> 00:29:32.602
<v Carole Theriault>So are they contending that they are as entertaining and wonderful?</v>

237
00:29:27.974 --> 00:29:33.150
<v Carole Theriault>First, the CEO, and she says in an interview with Vice that Replika has never positioned the app as a</v>

238
00:29:33.150 --> 00:29:38.326
<v Carole Theriault>source for erotic roleplay or adult content.</v>

239
00:29:38.326 --> 00:29:44.383
<v Graham Cluley>Okay, so they never marketed it. They never— hang on a moment, but wasn't it all a sort of virtual boyfriend girlfriend thing?</v>

240
00:29:43.596 --> 00:29:58.596
<v Graham Cluley>I don't listen.</v>

241
00:29:43.596 --> 00:29:53.596
<v Graham Cluley>I don't know if that one works.</v>

242
00:29:44.383 --> 00:29:50.441
<v Graham Cluley>That is part of the deal, isn't it, of having a boyfriend or girlfriend is a bit of nookie.</v>

243
00:29:50.441 --> 00:29:58.295
<v Carole Theriault>Why don't you go check out the App Store on this stuff? Because it's quite fascinating. If you go to the App Store on your computer and then just type in AI chatbot as a search, select the iPhone iPad apps because they seem a little more raunchy than the Mac ones. Okay. Yeah. Now what do you have in front of you?</v>

244
00:29:53.596 --> 00:30:03.596
<v Graham Cluley>Always here to listen and talk to my</v>

245
00:29:58.295 --> 00:30:07.788
<v Graham Cluley>Okay. I've got— Oh, hello. Hello. I've got some screen— Oh, hello.</v>

246
00:29:58.596 --> 00:30:13.596
<v Graham Cluley>I don't listen.</v>

247
00:30:03.596 --> 00:30:13.596
<v Graham Cluley>genitals. Listen to my genitals.</v>

248
00:30:07.788 --> 00:30:20.846
<v Carole Theriault>There's a lot of—</v>

249
00:30:20.846 --> 00:30:28.042
<v Graham Cluley>There's a lot of young women. Yeah. All young people.</v>

250
00:30:28.042 --> 00:30:35.238
<v Graham Cluley>People wearing quite clingy clothing. Would that be a fair thing to say?</v>

251
00:30:35.238 --> 00:30:50.011
<v Carole Theriault>Very clingy, looking slightly raunchy, I'd say.</v>

252
00:30:50.011 --> 00:31:01.130
<v Graham Cluley>They seem like they'd probably be in Buffy the Vampire Slayer or something like that.</v>

253
00:31:01.130 --> 00:31:12.248
<v Graham Cluley>They're sort of young people, attractive, and they're sort of all sort of bendy and curvy. Yes.</v>

254
00:31:02.133 --> 00:31:12.133
<v Graham Cluley>Talk to me in an Italian</v>

255
00:31:12.133 --> 00:31:22.133
<v Graham Cluley>accent, that kind of thing.</v>

256
00:31:12.248 --> 00:31:19.666
<v Carole Theriault>And it says here, create an AI friend, chat with no limits, or, you know, she'll do anything you want. And this is all in the bonafide App Store.</v>

257
00:31:19.666 --> 00:31:27.086
<v Carole Theriault>Yeah, yeah, yeah.</v>

258
00:31:22.133 --> 00:31:32.133
<v Graham Cluley>So, you know, that does it for me.</v>

259
00:31:27.086 --> 00:31:44.665
<v Graham Cluley>I'm looking at one right now.</v>

260
00:31:44.665 --> 00:31:51.641
<v Carole Theriault>Yeah, looks right. So give me a break. They didn't. I mean, this is the market is what I'm seeing when I look around, right? Yeah.</v>

261
00:31:51.641 --> 00:31:58.616
<v Carole Theriault>So why did Replika then dial down the horn, so to speak, right? Breaking the hearts of many a customer. And it said it never positioned the app as a source of erotic roleplay or adult content, but I would call bullpoopies on it. Because recently, Replika started serving ads on social media platforms like Instagram and TikTok that were blatant about the horny capabilities of the app.</v>

262
00:31:58.616 --> 00:32:06.506
<v Graham Cluley>Yeah, of course. That's what I mean, because the sort of person who buys one of these is someone maybe who doesn't want a sort of a real-life relationship.</v>

263
00:32:06.506 --> 00:32:14.394
<v Graham Cluley>Would that be fair to say? Or someone who hasn't got the time for one.</v>

264
00:32:14.394 --> 00:32:23.438
<v Carole Theriault>Or maybe someone who's recently widowed, or someone who has got, you know, feeling lonely.</v>

265
00:32:23.438 --> 00:32:32.481
<v Carole Theriault>There's loads of legit reasons why you may want to connect, and this may be an easier way than doing it with a real person, because most people are assholes, let's be honest.</v>

266
00:32:32.481 --> 00:32:39.542
<v Graham Cluley>We know. That's fair enough, and those are legitimate reasons.</v>

267
00:32:39.542 --> 00:32:46.604
<v Graham Cluley>But yes, I think something which would stimulate your interest into checking out one of these apps would be the thought of, oh, hello, this could be a bit of fun.</v>

268
00:32:46.604 --> 00:32:54.234
<v Carole Theriault>Exactly. But so all these ads are going on and there was two big responses that I could see.</v>

269
00:32:54.234 --> 00:33:01.865
<v Carole Theriault>On one side, people were saying, hey, this is total bullshit because you've removed all the erotica features, you've dulled them down to zero. So what are these ads who are being super blatant about all the horny horn horn stuff?</v>

270
00:33:01.865 --> 00:33:09.230
<v Graham Cluley>So, but I don't understand why. Why have they removed these features?</v>

271
00:33:09.230 --> 00:33:16.597
<v Graham Cluley>Surely the users, if the users love them and if this is the whole reason why people download these apps, why have they toned it down?</v>

272
00:33:16.597 --> 00:33:23.944
<v Carole Theriault>This is according to Vice. So it said unwanted sexual pursuit has been an issue for users for years and users have been complaining about it for almost two years. But many of the one-star reviews mentioning sexual aggression are from this month because I think that maybe they dialed it up with the ad campaign that they put up.</v>

273
00:33:23.944 --> 00:33:31.290
<v Carole Theriault>Oh, and some people are reporting that it was actually getting sexually aggressive with users that weren't expecting it or wanting it. So there are reports— this is all, you know, in the app stores, in the reviews, you can go see for yourselves— but there are people that are going, oh my God, this is not comfortable. This is—</v>

274
00:33:31.290 --> 00:33:40.963
<v Graham Cluley>So you might have been a fan of this app, you could have been using this app for a while, and you've honed it to discuss the poetry of Emily Dickinson and the Brontë sisters or whatever, and you're loving that. Oh, it's so lovely, Mr.</v>

275
00:33:40.963 --> 00:33:50.636
<v Graham Cluley>Darcy, all that sort of stuff. And then suddenly it's all kind of pervy, pervy latex.</v>

276
00:33:50.636 --> 00:33:58.295
<v Carole Theriault>Yeah, someone, one comment was like, "Do you like being a top or a bottom?" It was like this out of the blue comment that was made. So suddenly diving in really hard on these, you know, and making it very sexual. And to add heat to this, on February 3rd, the Italian Data Protection Authority demanded that Replika stop processing Italians' data immediately. On the basis that it carries risks to children, highlighting that the reason they were saying this is that they are served replies by Replika which are absolutely inappropriate for their age. So I think all this pressure has forced Replika to dial it down.</v>

277
00:33:58.295 --> 00:34:05.953
<v Carole Theriault>But on the flip side, you've got people that have created relationships with their bots, and suddenly they're showing different, you know, but they're showing different qualities and different characters. If they suddenly, they're starting very sexually aggressive, or suddenly kind of going, "Oh, did you see the nice birds outside? Let's talk about the weather." It must be jarring if you've invested in this. And it's not that silly. Think of your son.</v>

278
00:34:05.953 --> 00:34:13.735
<v Graham Cluley>He's invested in video games. He is, right? Who knows what he's installing on his iPad right now?</v>

279
00:34:13.735 --> 00:34:21.516
<v Graham Cluley>He could be a sexy flirting virtual girlfriend. Yeah, for all I know. I don't have a problem.</v>

280
00:34:21.516 --> 00:34:28.592
<v Carole Theriault>The big issue right now is that they've turned off the whole erotic side of things, saying it wasn't their focus in the first place, that they don't have a real issue with it, but they need to make it safe before they put it back in. And they've seen some problems. Now, some people would argue that these problems have been happening for a while, and finally they've pulled up their socks, but it seems as though maybe they dialed it up just a tiny bit and it kind of went a bit crazy.</v>

281
00:34:28.592 --> 00:34:35.670
<v Carole Theriault>So they shut it all down to review. And see, I'm kicking myself now because I didn't read the terms and I don't know what ages. Is this an 18+ thing or—</v>

282
00:34:35.670 --> 00:34:43.670
<v Graham Cluley>Well, I'm looking at one here which looks, and it says it's available in the App Store for ages 12+. There you go.</v>

283
00:34:43.670 --> 00:34:51.672
<v Graham Cluley>So I don't know what others are, but I guess that means more people can download it, isn't it? It's a difficult tightrope which they're walking on.</v>

284
00:34:51.672 --> 00:35:01.652
<v Carole Theriault>And there are all these different versions of GPT or generative pre-trained transformer, and they're all being tweaked in their own way by different people. And there's absolutely no guidelines yet.</v>

285
00:35:01.652 --> 00:35:11.438
<v Graham Cluley>It's frightening. I've just found one where you can chat with your own live elf. You can talk to a real elf. Rule 34, Graham. Rule 34.</v>

286
00:35:11.438 --> 00:35:19.302
<v Carole Theriault>Our sponsor Collide has some big news. If you're an Okta user, then you can get your entire fleet to 100% compliance. How? If a device isn't compliant, the user can't log into your cloud apps until they fix the problem. It's that simple. Collide patches one of the major holes in zero-trust architecture: device compliance. Without Collide, IT struggles to solve basic problems like keeping everyone's OS and browser up to date. Insecure devices are logging into your company's apps, but there's nothing there to stop them. Collide is the only device trust solution that enforces compliance as part of authentication, and it's built to work seamlessly with Okta.</v>

287
00:35:19.302 --> 00:35:27.166
<v Carole Theriault>The moment Collide's agents detect a problem, it alerts the user and gives them instructions to fix it. If they don't fix the problem within a set time, they're blocked. Collide's method means fewer support tickets, less frustration, and most importantly, 100% fleet compliance. Wanna learn more? Of course you do. Visit collide.com/smashing. That's collide.com/smashing. And thanks to Collide for sponsoring the show.</v>

288
00:35:27.166 --> 00:35:33.655
<v Graham Cluley>Our friends at Bitwarden have been busy this month adding some fab new features to their open source password management solution. Now, did you know that you can log into Bitwarden using a secondary device instead of your master password? Well, now you do. Logging in with a device is a passwordless approach to authentication. It removes the need to enter your master password by sending authentication requests to other devices you're currently logged into for approval. With Login for Device, it can be initiated on the Web Vault, browser extension, desktop app, mobile app, and you can approve access on your mobile and desktop. Top app version of Bitwarden.</v>

289
00:35:33.655 --> 00:35:40.143
<v Graham Cluley>Very, very cool. And the Bitwarden team has hardened the security of its vaults, protecting new vaults with 600,000 iterations by default. And of course, existing accounts can also update themselves to the same level. These and many other great security features are incorporated all the time into Bitwarden, keeping your passwords secure from hackers. Learn more, try Bitwarden for yourself at bitwarden.com/smashing. That's bitwarden.com/smashing. Smashing Security.</v>

290
00:35:40.143 --> 00:35:47.594
<v Carole Theriault>Smashing Security say that while the cloud might be the best choice for companies focused on reducing the cost of managing applications, some companies are opting out of public cloud and sticking to on-premise and private cloud. Why? One reason is regulatory compliance. Moving data to the cloud means you are reliant on the security and access control provided by the cloud supplier. Organizations that prefer to keep their data on-premise in a private cloud where they have sole access and control should perhaps look to Secure Envoy for on-premise MFA.</v>

291
00:35:47.594 --> 00:35:55.047
<v Carole Theriault>Another reason is data privacy legislation in different countries can lead to differing data protection requirements. And for companies with a multi-country presence, they know there are different regulations in different countries that affect how we store and back up data. SecureEnvoy's on-premise MFA solution could be exactly the solution you need to meet your MFA requirements. Learn more at smashingsecurity.com/secureenvoy. And thanks to SecureEnvoy for sponsoring the show.</v>

292
00:35:55.047 --> 00:36:00.550
<v Graham Cluley>And welcome back, and you join us at our favorite part of the show, the part of the show that we</v>

293
00:36:00.550 --> 00:36:06.052
<v Graham Cluley>like to call Pick of the Week.</v>

294
00:36:06.052 --> 00:36:12.965
<v Carole Theriault>Pick of the Week.</v>

295
00:36:12.965 --> 00:36:19.880
<v Carole Theriault>Pick of the Week.</v>

296
00:36:19.880 --> 00:36:28.206
<v Graham Cluley>Pick of the Week is the part of the show where everyone chooses something they like. Could be a funny story, a book that they've read, a TV show, a movie, a record, a podcast, a website, or an app.</v>

297
00:36:28.206 --> 00:36:36.532
<v Graham Cluley>Whatever they wish. Doesn't have to be security related necessarily.</v>

298
00:36:36.532 --> 00:36:42.682
<v Carole Theriault>Hope it's not.</v>

299
00:36:42.682 --> 00:36:48.833
<v Carole Theriault>Better not be.</v>

300
00:36:48.833 --> 00:36:55.833
<v Graham Cluley>Well, my Pick of the Week this week is not security related. Let's talk about space.</v>

301
00:36:55.833 --> 00:37:02.833
<v Graham Cluley>Space. Space is big.</v>

302
00:37:02.833 --> 00:37:15.018
<v Carole Theriault>That's very insightful you are today.</v>

303
00:37:15.018 --> 00:37:21.990
<v Graham Cluley>Yeah. Well, you wouldn't believe how vastly, hugely, mind-bogglingly big it is. You may think it's a long way down to the road to the chemist's, but that's just peanuts compared to space. And if you want to get some idea as to just how big things can be, that is my pick of the week this week, because I'm sure, Carole, you are familiar with the work of Randall Munroe, better known as the artist behind XKCD. Yeah. The comic. Now, I was having a think about, I was thinking, you know, what a wonderful body of work he's produced over the years. And I remember one of my very favourite ones was something called Click and Drag, which came out, can you believe, back in 2012.</v>

304
00:37:21.990 --> 00:37:28.963
<v Graham Cluley>I remember, I wonder if you remember this one. I will put a link in the show notes because this wasn't just a comic strip. This was an experience. So with click and drag, you're looking at 4 little windows on the comic, 4 panels, I suppose you call them, on the comic strip. And you start off with your little stick man floating around, hanging from a balloon above a landscape. And you then click and drag on the landscape as you would do with a mouse on your computer, with your finger, drag it on your smartphone device, for instance. And what you realize is that you are only looking at a tiny part of the landscape and you can move left and right, up and down, and you can slowly explore the landscape. And the thing is, I can hear you, Carole, I can hear you watching.</v>

305
00:37:28.963 --> 00:37:35.706
<v Carole Theriault>No, I'm doing it right now. I'm doing it. I'm doing it.</v>

306
00:37:35.706 --> 00:37:42.447
<v Carole Theriault>It's very cute. Actually, I was actually being charmed by some of the drawings in it.</v>

307
00:37:42.447 --> 00:37:49.543
<v Graham Cluley>It is a huge landscape of unexpected things. You can spend hours looking into this, and I was very impressed as to how much effort must have been put in by XKCD producing this particular piece of work. Now, if you read up more about this, there is a great website called Explain XKCD, which gives you a sort of— it's like a wiki really of descriptions of different XKCD comics. Sometimes they're explaining the nerdiness behind the joke, if you haven't quite got the joke. In this particular case, they're waxing lyrical about the artistic merit of this particular cartoon and what it means to the human psyche.</v>

308
00:37:49.543 --> 00:37:56.641
<v Graham Cluley>How, rather like when you're living through life or when you're traveling, you just travel bit by bit. You're not seeing the full picture all at once because you can't see the full picture with this particular landscape. You have to click and drag, and you can, as I say, spend hours finding little Easter eggs and all sorts of loveliness and sad bits and romantic bits and funny jokes as you go further and further. If, however, you've got no patience at all, I'm also going to link into a zoomable version that's much easier to navigate, but you will be cheating if you do that. And if you want to go and—</v>

309
00:37:56.641 --> 00:38:06.411
<v Carole Theriault>You will not be cheating. It'll just save you if you've got RSI in your wrist from having to scroll around. But I—</v>

310
00:38:06.411 --> 00:38:12.387
<v Graham Cluley>this has always struck me as one of the loveliest, most pointless but beautiful things on the internet, much better than that Elf Chat app I was</v>

311
00:38:12.387 --> 00:38:18.364
<v Graham Cluley>just talking about, or the apps you've been promoting.</v>

312
00:38:18.364 --> 00:38:23.545
<v Carole Theriault>Don't you think it's just a bit like life, Graham? You know, you never get the full picture.</v>

313
00:38:23.545 --> 00:38:28.728
<v Carole Theriault>It is. Isn't it just?</v>

314
00:38:28.728 --> 00:38:34.577
<v Graham Cluley>It's a bit deep for you. It's black and white. It's a bit of a drag.</v>

315
00:38:34.577 --> 00:38:40.425
<v Graham Cluley>But occasionally something will click. And that is why this particular XKCD comic, which I'll link to in the show notes, is my pick of the week.</v>

316
00:38:40.425 --> 00:38:48.206
<v Carole Theriault>Number 1110. Yes.</v>

317
00:38:48.206 --> 00:39:03.465
<v Graham Cluley>Carole, what's your pick of the week?</v>

318
00:39:03.465 --> 00:39:10.797
<v Carole Theriault>Well, do I have a pick of the week? It may be a pickish of the week.</v>

319
00:39:10.797 --> 00:39:18.130
<v Carole Theriault>A sort of pick of the week.</v>

320
00:39:18.130 --> 00:39:28.867
<v Graham Cluley>A nitpick? I don't know. A nosepick?</v>

321
00:39:28.867 --> 00:39:34.117
<v Carole Theriault>I don't think I loved it. I liked it, right?</v>

322
00:39:34.117 --> 00:39:39.367
<v Carole Theriault>And I think some people will adore it. Rotten Tomatoes, it's a series, I'm gonna tell you in a second, but they wax lyrical about it, so I'm gonna risk it.</v>

323
00:39:39.367 --> 00:39:54.210
<v Graham Cluley>Okay, all right, go for it.</v>

324
00:39:54.210 --> 00:40:06.902
<v Carole Theriault>So, show on Disney+ called Only Murders in the Building.</v>

325
00:40:06.902 --> 00:40:13.393
<v Graham Cluley>Ah, I've heard about this.</v>

326
00:40:13.393 --> 00:40:19.884
<v Graham Cluley>I haven't seen it.</v>

327
00:40:19.884 --> 00:40:25.811
<v Carole Theriault>Right. Okay. For those that haven't, basically, you have three strangers, you know, well-known Steve Martin, the glorious Martin Short, and cute as a button Selena Gomez.</v>

328
00:40:25.811 --> 00:40:31.740
<v Carole Theriault>Right? They all share an obsession with true crime and podcasts.</v>

329
00:40:31.740 --> 00:40:42.163
<v Graham Cluley>Well, every podcast is a true crime podcast, including this one that people listen to. Just wait.</v>

330
00:40:42.163 --> 00:40:48.652
<v Carole Theriault>Dun dun dun! And anyways, they suddenly, they live all in the same building, and they suddenly find themselves wrapped up caught up in a bit of a murder. They're trying to figure out who in the building has committed this murder. And they start a true crime pod to record their search and findings.</v>

331
00:40:48.652 --> 00:40:55.141
<v Carole Theriault>Now, so I have an issue with the premise, right? Because would you do that? Would you go after your neighbors accusing them of murder? You know, week on week jumping from suspect to suspect explaining why they are the murderer and the next week going, "Oh no, we got it wrong."</v>

332
00:40:55.141 --> 00:41:00.438
<v Graham Cluley>So the actual real murderer could be listening to the podcast. And realize that the suspects are being narrowed down and they're getting closer and closer to me. Yes!</v>

333
00:41:00.438 --> 00:41:05.735
<v Graham Cluley>Isn't it always the janitor anyway? And he would have got away with it if it weren't for those pesky kids. Not this time.</v>

334
00:41:05.735 --> 00:41:13.599
<v Carole Theriault>So on the plus side, it's cozy. Someone used that word describing it. I think that's the good word. You know, it has a little bit of old Woody Allen, you know, because it's kind of very New York and a bit jazzy and, you know, it deals with the darker side of things with a skip in its step. So, you know, a bit Woody Allen-esque, you know, you have this horror thing happening, but the way they react makes it light, a bit of slapstick, cute lines. But I don't know, the characters for me are exaggerated, a bit a comic strip, you know, the bad guy is really bad and, you know, looks bad and has big bushy eyebrows and tiny little eyes and— I don't know, but hey, look, I wasn't a big fan of Ted Danson's The Good Place, and Maria loved it. And I think I have a similar gripe about this one, but I and trust Maria.</v>

335
00:41:13.599 --> 00:41:20.099
<v Graham Cluley>Yeah, I don't The Good Place, but I do know people</v>

336
00:41:20.099 --> 00:41:26.597
<v Graham Cluley>who adore it.</v>

337
00:41:26.597 --> 00:41:39.577
<v Carole Theriault>And people that you and respect. Yeah.</v>

338
00:41:39.577 --> 00:41:46.014
<v Graham Cluley>Right? Yeah. Me too. I'll give Only Murders in the Building a try though.</v>

339
00:41:46.014 --> 00:41:52.452
<v Graham Cluley>I mean, I'm intrigued by it. My problem is sometimes I start watching these TV shows and I think, okay, I've seen 3 or 4 episodes, I kind of get it now. It's, are we going anywhere new or is it just going to be more of the same? It's a bit Murder, She Wrote.</v>

340
00:41:52.452 --> 00:42:01.054
<v Carole Theriault>it kind of just meanders along at a nice comfy, a nice comfortable pace. I think you'll be able to keep up.</v>

341
00:42:01.054 --> 00:42:09.577
<v Graham Cluley>That's what I. I a nice gentle TV program Midsommar Murders, something that. Something that's not going to offend anyone. There you are. Lovely.</v>

342
00:42:09.577 --> 00:42:14.599
<v Carole Theriault>So that's my pickish of the week. Only Murders in the Building.</v>

343
00:42:14.599 --> 00:42:19.619
<v Carole Theriault>It's on Disney Plus or I'm sure wherever you stream your stuff.</v>

344
00:42:19.619 --> 00:42:24.963
<v Graham Cluley>Fantastic. Fantastic. Well, Carole, that just about wraps up the show for this week. Folks can follow us on Twitter @SmashingSecurity, no G, Twitter doesn't allow us to have a G. We don't have a verified Twitter account and we won't be buying Twitter Blue.</v>

345
00:42:24.963 --> 00:42:30.306
<v Graham Cluley>Smashing Security is also on Mastodon. Go and find us up there and also check out the Smashing Security subreddit. And don't forget to ensure you never miss another episode. Follow Smashing Security in your favorite podcast app, such as Overcast, Apple Podcasts, and Spotify.</v>

346
00:42:30.306 --> 00:42:36.291
<v Carole Theriault>And huge, huge thank you to our episode sponsors, Bitwarden, Kolide, and Secure Envoy. And of course, to our wonderful Patreon community.</v>

347
00:42:36.291 --> 00:42:42.277
<v Carole Theriault>It's thanks to them all that this show is free. And as always, for episode show notes, sponsorship info, guest list, and the entire back catalog of more than 309 episodes, check out smashingsecurity.com.</v>

348
00:42:42.277 --> 00:42:54.425
<v Graham Cluley>209? 309? 309 episodes.</v>

349
00:42:54.425 --> 00:43:09.045
<v Carole Theriault>Until next time, cheerio.</v>

350
00:43:09.045 --> 00:43:29.596
<v Graham Cluley>Bye-bye.</v>

351
00:43:29.596 --> 00:43:29.842
<v Carole Theriault>Bye.</v>