WEBVTT 00:03.544 --> 00:11.609 [SPEAKER_02]: You know what Jeff, I listened to two whole seasons of the Lazarus Highest, and there was nothing about the proper way to bake a potato. 00:11.649 --> 00:12.709 [SPEAKER_02]: No cooking advice. 00:12.749 --> 00:13.450 [SPEAKER_02]: King Jong-un? 00:13.510 --> 00:15.090 [SPEAKER_02]: Yes, didn't give any advice. 00:15.291 --> 00:16.811 [SPEAKER_02]: How is loyal subjects? 00:17.252 --> 00:19.233 [SPEAKER_02]: Should they be lucky enough to actually own a potato? 00:28.769 --> 00:37.658 [SPEAKER_00]: With smashing security, episode 438, when your mouse turns snitch, and hackers grow our conscience, with grand cluelay. 00:38.178 --> 00:42.322 [SPEAKER_02]: Hello, hello, and welcome to smashing security episode 438, my name is Grant Cluley. 00:42.923 --> 00:43.564 [SPEAKER_02]: And I'm Jeff White. 00:45.075 --> 00:48.177 [SPEAKER_02]: Jeff, welcome back to the show fabulous to have you here again. 00:48.197 --> 00:50.579 [SPEAKER_02]: Thanks for having me all of our listeners. 00:51.139 --> 00:59.765 [SPEAKER_02]: No, about you of course from the Lazarus Highest from resistance from crime.com Your on our TV screens your in our ears. 01:00.546 --> 01:01.026 [SPEAKER_02]: You're everywhere 01:01.286 --> 01:04.310 [SPEAKER_05]: By the way, thanks for membering my first book, Crime.com, which is interesting. 01:04.750 --> 01:07.113 [SPEAKER_05]: As that's got all that, it's just like fallen off the radar. 01:07.213 --> 01:08.755 [SPEAKER_05]: People are like, oh, you've written a couple of books. 01:08.775 --> 01:12.159 [SPEAKER_05]: They said, no, I did write a third or third, it's a bit old now, but it's still there. 01:12.580 --> 01:16.264 [SPEAKER_05]: And gradually, it just sort of has fallen off the edge of the cliff at the back. 01:16.324 --> 01:18.567 [SPEAKER_05]: So, well done for remembering that there was a third book. 01:19.207 --> 01:21.570 [SPEAKER_02]: I've got my copy and it's a great read too. 01:21.711 --> 01:22.191 [SPEAKER_05]: Ah, thank you. 01:22.231 --> 01:23.453 [SPEAKER_02]: What's keeping you busy at the moment? 01:24.174 --> 01:28.059 [SPEAKER_05]: I am working on a new BBC podcast. 01:28.460 --> 01:28.700 [SPEAKER_05]: Ooh. 01:29.101 --> 01:29.982 [SPEAKER_05]: Exciting news. 01:30.082 --> 01:34.528 [SPEAKER_05]: There are going to be not one but two new seasons in the Lazarus Highest feed. 01:34.628 --> 01:34.789 [SPEAKER_05]: Ooh. 01:35.089 --> 01:35.249 [SPEAKER_05]: Yes. 01:35.930 --> 01:39.892 [SPEAKER_05]: This is exciting, breaking news, and I think you'll probably first to get it. 01:39.912 --> 01:45.214 [SPEAKER_05]: Well, I think it's been announced on the BBC first, but... No one listens or watches the BBC. 01:45.254 --> 01:46.135 [SPEAKER_02]: But goodness. 01:46.215 --> 01:48.115 [SPEAKER_02]: Like, Jeff, everyone's listening to Smashing Security. 01:48.155 --> 01:52.878 [SPEAKER_02]: Let's claim that we've got the exclusive, it's got two new seasons of the Lazarus. 01:53.038 --> 01:53.738 [SPEAKER_05]: Yes, yes. 01:54.158 --> 01:58.760 [SPEAKER_05]: So, painfully aware that we did two seasons of Lazarus High Switch, which was exciting. 01:58.780 --> 01:59.701 [SPEAKER_05]: A lot of people liked it. 01:59.721 --> 02:04.763 [SPEAKER_05]: You know, with my co-host Jane, did really, really well about North Korea, and how North Korea became this computer hacking superpower. 02:05.722 --> 02:11.886 [SPEAKER_05]: We then sort of just left it and obviously you've got an audience of people who you've built up and who expecting things and we didn't give them anything. 02:11.926 --> 02:17.329 [SPEAKER_05]: So we're painfully aware, I think, particularly the BBC that, you know, probably shouldn't do something else. 02:18.190 --> 02:22.493 [SPEAKER_05]: So exciting news, Joe Tiety, the BBC's or Gus cybersecurity reporter. 02:22.673 --> 02:22.833 [SPEAKER_02]: Yes. 02:23.093 --> 02:26.656 [SPEAKER_05]: who's also done amazing stuff on ransomware, which we'll talk a bit about in this episode, I think, as well. 02:27.116 --> 02:37.044 [SPEAKER_05]: Has teamed up with the BBC's former, I think it's former, Russia editor Sarah Reinsford, and they are going to be doing a new podcast, which is going to go in the last rest-hised feed. 02:37.945 --> 02:41.048 [SPEAKER_05]: Ah, we are renaming that feed cyber hack. 02:41.608 --> 02:47.530 [SPEAKER_05]: which I'm not a massive fan of that name, but there you go, I think it makes sense to people in the general public. 02:48.070 --> 02:53.312 [SPEAKER_05]: And so it's going to be Cyberpunk, and then whatever the title of Joe and so series is, and that's going to go out imminently. 02:53.392 --> 02:55.372 [SPEAKER_05]: I mean, that's that's going to be very, very, very soon. 02:55.453 --> 02:55.653 [SPEAKER_05]: Okay. 02:55.733 --> 03:03.035 [SPEAKER_05]: And then the series I'm working on, which is going to be again, all about Cyberpunk, Cyberpunk, and particularly around things like ransomware, 03:03.295 --> 03:04.416 [SPEAKER_05]: is going to be going out next year. 03:04.436 --> 03:05.356 [SPEAKER_05]: We think in February. 03:05.456 --> 03:08.057 [SPEAKER_05]: So if you haven't subscribed already to the Lazarus size, do it now. 03:08.218 --> 03:14.000 [SPEAKER_05]: It may be called cyber hack by the time you're subscribed, but you'll be alerted up Joe and Sarah series and they'll be alerted to my series. 03:14.100 --> 03:18.062 [SPEAKER_05]: And honestly, the stuff we've got for my series is absolutely knock out amazing. 03:18.142 --> 03:21.924 [SPEAKER_05]: And I'm sure Joe and Sarah have got some fantastic stuff in there that show as well. 03:22.024 --> 03:22.905 [SPEAKER_05]: I can't wait to hear that. 03:23.005 --> 03:24.526 [SPEAKER_05]: So yes, exciting news. 03:24.646 --> 03:25.366 [SPEAKER_05]: New Lazarus size. 03:25.446 --> 03:26.026 [SPEAKER_05]: Very exciting. 03:26.286 --> 03:26.947 [SPEAKER_02]: Terrific stuff. 03:27.782 --> 03:32.264 [SPEAKER_02]: Before we kick off, let's thank this week's wonderful sponsors Vanta One Password and Drata. 03:32.625 --> 03:35.106 [SPEAKER_02]: We'll be hearing more about them later on the podcast. 03:54.273 --> 03:58.877 [SPEAKER_02]: How hackers link to North Korea are stealing record-breaking sums of crypto currency. 04:01.078 --> 04:12.007 [SPEAKER_02]: Then we won't even mention how the scattered lapses hunters gang is offering $10 in Bitcoin for people to harass executives of hacked companies to pressure them into paying ransoms. 04:15.808 --> 04:18.411 [SPEAKER_02]: So Jeff, what are you going to be talking about this week? 04:19.032 --> 04:25.460 [SPEAKER_05]: So I am going to be talking about ransomware and I'm going to be talking about the kiddo nursery ransomware attack. 04:25.661 --> 04:29.786 [SPEAKER_02]: And I'm going to be taking a mozi at the mousey spy on your desk. 04:30.427 --> 04:34.472 [SPEAKER_02]: Oh, all this and much more coming up on this episode of Smash and Security. 04:41.485 --> 04:44.768 [SPEAKER_02]: Right, first of all, a quick word about one of our sponsors today, Vanter. 04:44.928 --> 04:45.809 [SPEAKER_02]: Now, I know what you're thinking. 04:46.109 --> 04:46.470 [SPEAKER_02]: Oh, good. 04:46.690 --> 04:49.192 [SPEAKER_02]: Another bit of software promising to make my security easier. 04:49.433 --> 04:52.335 [SPEAKER_02]: But honestly, Vanter's actually pretty handy. 04:52.436 --> 04:53.156 [SPEAKER_02]: Here's the deal. 04:53.697 --> 05:03.987 [SPEAKER_02]: If you're spending half your week chasing down evidence for all of it, or updating in the spreadsheet, or trying to prove that, yes, you do take security seriously, Vanter automates all of that. 05:04.647 --> 05:11.609 [SPEAKER_02]: It paused everything together, keeps an iron your systems and basically make sure you're ready for an audit at any time. 05:12.170 --> 05:18.252 [SPEAKER_02]: No panic, no last minutes, scavenger hunts for screenshots or policies you've forgotten to upload six months ago. 05:18.932 --> 05:27.315 [SPEAKER_02]: It also plugs into the tools you're already using, and uses a bit of AI magic to flag up issues before they become a proper mess. 05:28.141 --> 05:40.268 [SPEAKER_02]: So, if that sounds like something that might save you from a few sleepless nights, check them out at vanter.com slash smashing that way there know that you heard about them on this show. 05:40.668 --> 05:44.611 [SPEAKER_02]: And if you use that link, you'll get a thousand dollars off, which is nice as well, isn't it? 05:45.231 --> 05:49.974 [SPEAKER_02]: So, thanks to vanter for sponsoring this week's episode, and let's crack them with the show. 05:52.441 --> 05:54.102 [SPEAKER_02]: Now, Jeff, I want to take you back in time. 05:54.623 --> 05:54.843 [SPEAKER_04]: Mm-hmm. 05:55.103 --> 05:56.564 [SPEAKER_02]: This is so far back in time. 05:56.604 --> 06:04.110 [SPEAKER_02]: You were probably wearing short trousers or out there on your chopper bike with your packet of spangles. 06:04.630 --> 06:05.271 [SPEAKER_02]: Do you remember 1997? 06:07.030 --> 06:12.412 [SPEAKER_05]: Yeah, I was wearing very long trousers at that point, I wasn't Okay, wasn't in shorts on a chopper bike. 06:12.492 --> 06:14.253 [SPEAKER_05]: I'd definitely could just graduate from university. 06:14.273 --> 06:14.973 [SPEAKER_05]: But anyway, carry on. 06:15.193 --> 06:15.814 [SPEAKER_02]: Okay, all right. 06:16.114 --> 06:20.135 [SPEAKER_02]: Well, do you remember the horrifying thing that happened that year? 06:21.076 --> 06:23.457 [SPEAKER_05]: Other than the fact I graduated from university, had to find a job. 06:23.497 --> 06:24.177 [SPEAKER_05]: No, no, I don't. 06:24.804 --> 06:28.911 [SPEAKER_02]: That must have been terrifying for you, but scientists, for Lord knows what reason. 06:29.452 --> 06:34.820 [SPEAKER_02]: They decided to grow on the back of a laboratory mouse. 06:34.840 --> 06:36.884 [SPEAKER_02]: Oh, a human ear. 06:39.371 --> 06:41.533 [SPEAKER_01]: 1997 Boston Massachusetts. 06:42.214 --> 06:44.136 [SPEAKER_01]: At first glance, it seems impossible. 06:44.597 --> 06:50.283 [SPEAKER_01]: Yet like something out of science fiction, this animal may actually become a trailblazing hero. 06:50.884 --> 06:56.990 [SPEAKER_01]: American scientists have successfully grown and attached a human ear onto the back of a mouse. 06:57.591 --> 06:58.911 [SPEAKER_01]: The ethics are controversial. 06:58.951 --> 07:00.592 [SPEAKER_02]: God, of all the creepy things. 07:01.152 --> 07:03.373 [SPEAKER_02]: I mean, I'm still not sure why they did this. 07:03.453 --> 07:06.813 [SPEAKER_02]: That ghastly image was plastered all over the news. 07:06.853 --> 07:11.615 [SPEAKER_02]: There was footage of this mouse walking around with a human ear, grafted on the back of it. 07:11.655 --> 07:15.076 [SPEAKER_02]: You think, well, why have scientists done this? 07:15.136 --> 07:16.636 [SPEAKER_02]: Of all the things they could have done. 07:16.656 --> 07:19.757 [SPEAKER_02]: What are they trying to do other than to give us nightmares right now? 07:19.897 --> 07:24.118 [SPEAKER_05]: It was a felt quite sorry for the mouse, because all I could think was the mouse was like, shut up, just be quiet, shut up. 07:26.206 --> 07:28.507 [SPEAKER_02]: Well, we all thought that that was it. 07:28.627 --> 07:33.808 [SPEAKER_02]: That was the peak territory when it came to what conscientists do with mice? 07:34.428 --> 07:35.549 [SPEAKER_02]: With all that, you know, that's it. 07:35.589 --> 07:40.070 [SPEAKER_02]: That's as disturbing as the mouse situation is going to get. 07:40.430 --> 07:45.451 [SPEAKER_02]: But almost 30 years have now passed an old boy. 07:46.111 --> 07:48.372 [SPEAKER_02]: How naive we were. 07:48.972 --> 07:54.814 [SPEAKER_02]: Because now, and I want you to really appreciate the beautiful symmetry here in my storytelling. 07:55.874 --> 08:07.408 [SPEAKER_02]: We've gone from growing a human ear on a mouse to discovering that your computer mouse has essentially grown its own ears. 08:07.809 --> 08:08.670 [SPEAKER_02]: Oh, I see we did that. 08:09.010 --> 08:09.751 [SPEAKER_02]: Yes, thank you. 08:10.112 --> 08:11.333 [SPEAKER_02]: Yeah, glad you appreciate it. 08:12.254 --> 08:13.775 [SPEAKER_02]: So do you have a mouse in front of you? 08:14.196 --> 08:17.318 [SPEAKER_05]: Uh, I don't, but I can, I have a Bluetooth one in my drawer. 08:17.338 --> 08:19.259 [SPEAKER_05]: I'm getting it out now, just so we got a pop here. 08:19.359 --> 08:19.860 [SPEAKER_05]: Right, got it. 08:19.960 --> 08:20.900 [SPEAKER_05]: Okay, okay, all right. 08:21.301 --> 08:21.821 [SPEAKER_05]: Take a look at it. 08:22.041 --> 08:22.241 [SPEAKER_05]: Yes. 08:22.862 --> 08:26.364 [SPEAKER_02]: Can you tell that that mouse could be listening to you? 08:27.185 --> 08:27.285 [SPEAKER_05]: Uh... 08:28.433 --> 08:34.516 [SPEAKER_02]: I'm just, there's no, there's no, there's no, there's no, there's no, there's no, there's no, no, no, there's no microphone in it or anything that. 08:34.877 --> 08:42.841 [SPEAKER_02]: No, boffins from the University of California, Irvine have discovered that fancy hyperformance game in mice. 08:43.221 --> 08:53.006 [SPEAKER_02]: Oh, maybe you bought yourself because you absolutely needed a 20,000 DPI sensor to get you competitive advantage in Fortnite or Call of Duty or ever game it is, 08:56.248 --> 09:04.977 [SPEAKER_02]: They can now be turned into a microphone without any physical access to the mouse itself. 09:05.277 --> 09:05.738 [SPEAKER_03]: Really? 09:06.258 --> 09:07.380 [SPEAKER_02]: Yes, I'm not kidding. 09:08.020 --> 09:10.923 [SPEAKER_02]: Researchers are calling this particular technique. 09:11.404 --> 09:13.846 [SPEAKER_02]: And by the way, I have to congratulate them on this because this... 09:15.908 --> 09:23.371 [SPEAKER_02]: I always love the names which security researchers come up for vulnerability, or types of attack, or sometimes there's true inventiveness. 09:24.051 --> 09:30.414 [SPEAKER_02]: Sometimes there's a logo, sometimes they can even be a theme song, you know, but this one they just come up with a good name, and what they've 09:39.317 --> 09:43.319 [SPEAKER_02]: So, by research, paper standards, that's a pretty good pun art. 09:43.459 --> 09:44.320 [SPEAKER_04]: Yes, yeah. 09:44.480 --> 09:46.901 [SPEAKER_02]: In fact, Disney's lawyers aren't quite as impressed. 09:46.921 --> 09:50.863 [SPEAKER_02]: They're going to find out litigious that they can be as a result of this. 09:50.903 --> 10:06.011 [SPEAKER_02]: But the basic idea is this, these absurdly sensitive optical sensors, in modern gaming mice are so good at detecting the smallest little tweak, the smallest little movement that they can also detect 10:06.750 --> 10:08.913 [SPEAKER_02]: acoustic vibrations. 10:09.494 --> 10:09.674 [SPEAKER_05]: Oh! 10:09.955 --> 10:11.798 [SPEAKER_02]: Traveling through your desks. 10:11.918 --> 10:16.124 [SPEAKER_05]: So as you speak, if I break the desk, it vibrates the mouse and the mouse can pick that up. 10:16.585 --> 10:18.728 [SPEAKER_02]: That is exactly it. 10:19.088 --> 10:19.729 [SPEAKER_02]: God, out. 10:20.473 --> 10:42.442 [SPEAKER_02]: I don't know if you have a problem with acoustic vibrations in your home office, Jeff, if there are things emanating in your vicinity, but for many people, the most likely vibration would be your voice, like when you're having a conversation about, well, literally and if we are right now, people could actually hear what we're saying right now, what a disaster that would be, principally for them. 10:44.068 --> 10:47.470 [SPEAKER_02]: Yeah, a conversation, if we will think really being recorded right now. 10:47.510 --> 10:48.050 [SPEAKER_02]: Yeah, yeah, yeah, yeah. 10:48.070 --> 10:50.231 [SPEAKER_02]: It's been a private one to one conversation that we're having. 10:50.351 --> 10:50.571 [SPEAKER_04]: Hmm. 10:51.071 --> 10:56.254 [SPEAKER_02]: So to recap, the mouse that you used to click on things can now listen to you. 10:56.394 --> 10:56.834 [SPEAKER_02]: Whoa. 10:57.314 --> 10:59.195 [SPEAKER_02]: And I can't think, but of course, I can't. 10:59.676 --> 11:04.758 [SPEAKER_02]: Why should your smartphone, your smart speaker, your smart TV, your smart fridge, your smart toilet? 11:05.158 --> 11:06.799 [SPEAKER_02]: Why should they all have the fun? 11:08.300 --> 11:10.081 [SPEAKER_02]: The mouse is going to want into, isn't it? 11:10.181 --> 11:11.682 [SPEAKER_02]: Yes, so hang on, we don't forget about me. 11:12.022 --> 11:12.182 [SPEAKER_02]: Yes. 11:13.201 --> 11:21.145 [SPEAKER_02]: Now, the researchers are really quick to point out that these vulnerable mice, they can now be bored for under 50 US dollars. 11:21.725 --> 11:32.710 [SPEAKER_02]: So these aren't expensive, exotic pieces of spy equipment, but we're talking about this sort of thing that you're never asked for for Christmas, and here is the scary part, because I think it wasn't really that scary before. 11:32.810 --> 11:37.772 [SPEAKER_02]: I mean, it's not as though it actually had a graph idea, onto your computer mouse like their scientists did in 1997. 11:39.093 --> 11:48.515 [SPEAKER_02]: the scary thing is that the bad guys don't need to install any malware onto your computer to pull off the surveillance. 11:49.115 --> 11:49.495 [SPEAKER_02]: Okay. 11:50.215 --> 11:52.756 [SPEAKER_02]: And you're thinking, well hang on, they don't fiddle with the mouse. 11:53.156 --> 11:54.836 [SPEAKER_02]: They don't fiddle with your computer. 11:54.916 --> 11:56.057 [SPEAKER_02]: How can they do this? 11:56.257 --> 11:56.877 [SPEAKER_05]: Yes, yeah. 11:57.037 --> 11:59.597 [SPEAKER_02]: It sounds like a bit of a stretch gram quite frankly. 11:59.717 --> 12:00.478 [SPEAKER_05]: Yes, yeah. 12:00.558 --> 12:02.158 [SPEAKER_02]: But according to the researchers, 12:02.978 --> 12:09.062 [SPEAKER_02]: Yes, of course, you could be running compromise software on your computer, but you could also be doing something which seems entirely benign. 12:09.442 --> 12:21.289 [SPEAKER_02]: You could just be visiting a website and the website apparently can collect the mouse packet data and extract the audio waveform. 12:21.389 --> 12:23.931 [SPEAKER_02]: So if you're tricked into visiting the website, 12:24.211 --> 12:24.391 [SPEAKER_02]: What? 12:24.792 --> 12:27.815 [SPEAKER_02]: Well, because websites can collect so much information. 12:28.375 --> 12:35.863 [SPEAKER_02]: As to what you're doing, and of course, you could have a little applet running inside a website, which is tracking the movement of your mouse. 12:36.604 --> 12:44.552 [SPEAKER_02]: And if your mouse just happens to be residing on the window, and you don't think you're moving the cursor, but it did lead little movements happening. 12:44.952 --> 12:45.352 [SPEAKER_04]: Yes. 12:45.893 --> 12:47.934 [SPEAKER_02]: So basically, you visit the wrong website. 12:48.275 --> 12:48.995 [SPEAKER_02]: Congratulations. 12:49.035 --> 12:53.879 [SPEAKER_02]: Your mouse is now listening to every embarrassing thing or sensitive secret that you're sharing. 12:54.299 --> 12:54.940 [SPEAKER_02]: During course. 12:55.620 --> 12:56.481 [SPEAKER_02]: Unbelievable. 12:57.218 --> 12:58.278 [SPEAKER_02]: Isn't it sneaky? 12:58.458 --> 13:02.339 [SPEAKER_02]: I mean, there've been so many sneaky ways in the past to extract data. 13:02.459 --> 13:16.483 [SPEAKER_02]: I think we've spoken before on the podcast about spies who've been able to look at the vibrations of windows to find the conversations going on inside or there've been radio frequencies emanating from a monitor which can then be picked up. 13:17.223 --> 13:26.426 [SPEAKER_02]: Even if there's no physical wired connection to the device, they can actually pick that up remotely or listen to the sound of hard drives so mad. 13:27.066 --> 13:31.670 [SPEAKER_02]: But now, it looks like it's mice potentially, which could be leaking your information as well. 13:32.090 --> 13:32.711 [SPEAKER_05]: Unbelievable. 13:32.911 --> 13:37.615 [SPEAKER_05]: I know, I know, spies have always been able to read window vibrations. 13:37.695 --> 13:44.160 [SPEAKER_05]: So if you're in a room and you're speaking the window vibrates, and if they have a sense of trained carefully on the window, they can pick up the vibrations of the window. 13:44.180 --> 13:47.222 [SPEAKER_05]: So I guess this is a modern twist on that, but the idea that you can do is 13:50.658 --> 13:52.620 [SPEAKER_02]: And of course, the window vibration thing. 13:52.820 --> 14:06.512 [SPEAKER_02]: That's quite a lot of effort for the person to spy, and they have to target you specifically, whereas if they wanted to do this on scale for any reason, just get a lot of people to visit a website, or plant a piece of code on a website. 14:07.192 --> 14:13.297 [SPEAKER_02]: Now, I know what you're thinking, which is surely the audio quality must be absolutely rubbish, right? 14:13.317 --> 14:16.179 [SPEAKER_02]: Because we've got nice microphones in front of us right now. 14:16.600 --> 14:17.280 [SPEAKER_02]: And you'll be right. 14:17.921 --> 14:20.723 [SPEAKER_02]: It is sh**t. They've shared a video. 14:20.743 --> 14:23.605 [SPEAKER_05]: I was going to say they've actually showed this not just a theory. 14:23.625 --> 14:25.627 [SPEAKER_05]: They've actually done a proof of concept and actually got some audio. 14:25.987 --> 14:27.949 [SPEAKER_02]: Oh no, they've done this. 14:28.009 --> 14:34.394 [SPEAKER_02]: They've published the technical paper, they've published video, shown it, they've even shared code showing how this works. 14:34.814 --> 14:47.725 [SPEAKER_02]: So they've produced this video, and it's such awful audio that I can't actually include it in the podcast because the way we make our episodes of Smash and Security, it will automatically be removed as just like background noise. 14:47.765 --> 14:50.067 [SPEAKER_02]: You wouldn't be able to imagine that. 14:50.647 --> 14:59.694 [SPEAKER_02]: The researchers say that through successive signal processing and machine learning techniques in other words, they just threw a whole load of AI at it. 15:00.014 --> 15:06.139 [SPEAKER_02]: They can achieve 80 percent speaker recognition accuracy as to who is speaking. 15:06.819 --> 15:13.284 [SPEAKER_02]: And they also found that they had a word error rate of just 16.79 percent. 15:13.364 --> 15:17.788 [SPEAKER_02]: That means they make a mistake in about one in every six words. 15:18.468 --> 15:18.729 [SPEAKER_02]: Why? 15:19.430 --> 15:20.471 [SPEAKER_02]: I think he's okay. 15:20.772 --> 15:20.912 [SPEAKER_02]: Good. 15:20.932 --> 15:22.234 [SPEAKER_02]: Then it's a flipping mouse. 15:22.314 --> 15:22.535 [SPEAKER_05]: Yes. 15:22.915 --> 15:25.379 [SPEAKER_05]: I mean, I've done far worse than that in articles that I've written. 15:25.559 --> 15:27.582 [SPEAKER_05]: With a journalist, so you know, good on them. 15:29.225 --> 15:45.202 [SPEAKER_02]: Your mouse, which used to click on cat videos, can now listen to your conversations and correctly transcribe about 83% of what you are saying and these gaming mice are getting cheaper all the time, you know they're about $50 over time, everyone's mice is going to be that accurate. 15:45.282 --> 15:45.602 [SPEAKER_02]: Yes. 15:46.383 --> 15:50.087 [SPEAKER_02]: And potentially, I guess you could have a touchpad, couldn't you, or something like that? 15:50.487 --> 16:01.593 [SPEAKER_05]: Well, you know what I'm thinking right now is the best time to start investing in the research and technology known as the mouse mat. 16:01.633 --> 16:03.033 [SPEAKER_05]: Do you know when we have mouse mats? 16:03.073 --> 16:13.819 [SPEAKER_05]: Yeah, yes, because if you're too much vibrations past the surface upon which the mouse is resting, surely a mouse mat would insulate and buffer against that potentially. 16:14.453 --> 16:16.535 [SPEAKER_02]: Yes, it's like suspension for your mouse. 16:16.595 --> 16:17.476 [SPEAKER_05]: Exactly. 16:17.516 --> 16:20.819 [SPEAKER_05]: So I think mouse maps are going to make a bit of a revival. 16:20.839 --> 16:22.420 [SPEAKER_05]: And maybe there's mouse maps. 16:22.440 --> 16:25.743 [SPEAKER_05]: You know, it ones with the Whist support on them as well, or Whist support, never think? 16:25.904 --> 16:26.264 [SPEAKER_02]: Yes, yes. 16:26.284 --> 16:27.505 [SPEAKER_05]: Some of them, you know? 16:27.585 --> 16:27.785 [SPEAKER_05]: Yes. 16:27.865 --> 16:29.727 [SPEAKER_05]: Yeah, like, what amp to mouse maps? 16:29.787 --> 16:30.888 [SPEAKER_05]: Why don't we have them anymore? 16:30.908 --> 16:32.109 [SPEAKER_05]: And can we have them back, thank you? 16:32.129 --> 16:38.035 [SPEAKER_02]: Maybe we could get like a little muffler for our mice to sort of wrap around it, something furry. 16:38.535 --> 16:39.156 [SPEAKER_05]: A mouse muffler. 16:39.682 --> 16:43.563 [SPEAKER_05]: a mouse, but do not Google that, right? 16:43.923 --> 16:48.465 [SPEAKER_02]: I don't know what would come up on Google, but I'm pretty sure it wouldn't be good if you Google mouse muffler. 16:48.885 --> 16:52.026 [SPEAKER_02]: Now, the good news is the research has been very responsible, of course. 16:52.046 --> 16:55.147 [SPEAKER_02]: I've made their code and their data available to review us through. 16:55.807 --> 16:57.949 [SPEAKER_02]: anonymous repository so you can go and grab it. 16:58.309 --> 17:00.550 [SPEAKER_02]: I'm sure that's going to stay nice and contained. 17:00.630 --> 17:04.513 [SPEAKER_02]: It's not like people ever abuse security research from their various purposes. 17:05.354 --> 17:06.134 [SPEAKER_02]: That never happens. 17:06.174 --> 17:06.835 [SPEAKER_02]: That never happens. 17:07.235 --> 17:08.456 [SPEAKER_02]: But here's my advice. 17:08.496 --> 17:15.661 [SPEAKER_02]: If you're having a sensitive conversation, maybe don't do it at your desk or near your desk or in the same room as your desk. 17:16.541 --> 17:17.222 [SPEAKER_02]: It's going to be difficult. 17:17.522 --> 17:19.643 [SPEAKER_02]: I mean, I'll try it right now. 17:19.743 --> 17:21.424 [SPEAKER_02]: I'm going to get under my desk, Jeff. 17:21.885 --> 17:22.205 [SPEAKER_02]: Okay. 17:22.585 --> 17:22.845 [SPEAKER_02]: Okay. 17:22.925 --> 17:24.066 [SPEAKER_02]: You can hear me right now, right? 17:24.106 --> 17:24.767 [SPEAKER_02]: I can hear you right now. 17:25.267 --> 17:27.610 [SPEAKER_02]: Okay, I'm gonna tell you what my password is okay. 17:28.170 --> 17:31.554 [SPEAKER_02]: Okay, I'm gonna and see if you can pick it up You just entertain the audience. 17:31.574 --> 17:32.715 [SPEAKER_02]: Well, I'm just getting down, chap. 17:33.235 --> 17:33.936 [SPEAKER_02]: I'm just getting down. 17:34.357 --> 17:37.680 [SPEAKER_05]: Okay, I can still here you go I am you can still hear me. 17:38.080 --> 17:38.781 [SPEAKER_02]: I might still clear. 17:39.101 --> 17:39.902 [SPEAKER_02]: Yes, password 1, 2, 3. 17:40.002 --> 17:40.383 [SPEAKER_02]: Let me in. 17:45.943 --> 17:46.463 [SPEAKER_02]: I'm coming back. 17:46.563 --> 17:47.124 [SPEAKER_02]: I'm coming back. 17:47.344 --> 17:49.985 [SPEAKER_05]: I don't know if my mouse moved at all, or whether you picked it up. 17:50.105 --> 17:56.648 [SPEAKER_05]: I've received 83% of your passwords through the website, but I tricked you into looking out while we're doing this. 17:57.609 --> 18:03.451 [SPEAKER_05]: So I know that it features the words A, W, O, D, and S. The rest of it I've no idea about. 18:03.471 --> 18:04.492 [SPEAKER_05]: No idea about. 18:12.210 --> 18:19.477 [SPEAKER_02]: Alright, then quick shout out to one of our sponsors this week, one password, and most specifically something that they've got called Treleka. 18:20.037 --> 18:24.481 [SPEAKER_02]: Now, be honest, do you actually know how many SATs apps your companies using right now? 18:25.002 --> 18:26.603 [SPEAKER_02]: Probably dozens, maybe hundreds! 18:27.143 --> 18:31.828 [SPEAKER_02]: Half of them signed up for by some guy in marketing, with the company credit card. 18:32.448 --> 18:42.057 [SPEAKER_02]: That's what Trellaker's for if finds all of those apps even the sneaky ones nobody admits to using and gives you a proper overview of who's got access to what. 18:42.678 --> 18:51.946 [SPEAKER_02]: So, no more abandoned accounts sitting around waiting to be hacked, no more paying for licenses that no one's touched for years, it also makes it dead simple to them. 18:52.066 --> 19:02.870 [SPEAKER_02]: Bring new people on board, remove folks when they leave, keep track of who's got access to what, and stop your IT from turning into a tangled mess of old forgotten accounts. 19:03.531 --> 19:13.655 [SPEAKER_02]: I've used one password for years, they've always been great at taking the hassle out of security, and now with Trellaka, they're going after the whole SaaS sprawl problem. 19:14.435 --> 19:26.985 [SPEAKER_02]: If you want to tidy up your company's app chaos, take a look at onepassword.com slash smashing that onepassword.com slash smashing and thanks to onepassword for supporting this ship. 19:33.490 --> 19:34.991 [SPEAKER_02]: Jeff, what's your story for us this week? 19:42.464 --> 19:50.046 [SPEAKER_05]: By the way, for folks affected by this, you have not just my sympathy, but the sympathy, I think, of lots of people in the country, and indeed in the cybersecurity industry. 19:50.086 --> 19:54.487 [SPEAKER_05]: So this was the hacking by ransomware operatives of nursery chain called Kido Nursery. 19:54.727 --> 19:55.127 [SPEAKER_05]: Oh, yeah. 19:55.887 --> 19:59.508 [SPEAKER_05]: And it was targeted by cybercriminals as lots of businesses are these days. 20:00.268 --> 20:07.270 [SPEAKER_05]: And the criminals that were targeted by warfsy ransomware operatives scrambled the nurseries files and demanded a ransom to get the information back. 20:07.410 --> 20:08.850 [SPEAKER_05]: ransom was reported about 600,000 quid, 20:12.371 --> 20:12.931 [SPEAKER_05]: used to pay? 20:13.252 --> 20:15.954 [SPEAKER_02]: Well, they even have had 600,000 quid to pay. 20:15.994 --> 20:17.355 [SPEAKER_02]: That's the thing if you don't know. 20:17.455 --> 20:17.955 [SPEAKER_05]: Exactly. 20:17.995 --> 20:18.136 [SPEAKER_05]: Yeah. 20:18.276 --> 20:18.496 [SPEAKER_05]: Yeah. 20:18.776 --> 20:22.319 [SPEAKER_05]: You know, the sort of setting of the rantsons with these gangs is really interesting. 20:22.339 --> 20:28.404 [SPEAKER_05]: And obviously, I've been looking a lot into this as part of the podcast series up and down for the BBC, which could be out next year. 20:28.984 --> 20:32.106 [SPEAKER_05]: And that the calculation, the rantsome calculation is a whole part of this. 20:33.147 --> 20:43.735 [SPEAKER_05]: I'll be honest, in the podcast I just don't know how much of this we're going to be able to get over where we're scripting it at the moment, but there's entire conversations which thanks to the leaks from the internal chats with the news ransomware gangs. 20:44.055 --> 20:45.536 [SPEAKER_05]: We've got a huge amount of insight into. 20:46.197 --> 20:56.584 [SPEAKER_05]: There's conversations around how to set the ransom and what the market capitalization of this company is, and therefore how we should set the ransom and how the ransom should be negotiated and where the limits are. 20:56.784 --> 21:00.247 [SPEAKER_05]: They know absolutely what a target's going to be worth and what to hit them for. 21:00.727 --> 21:00.947 [SPEAKER_05]: Yes. 21:01.587 --> 21:10.550 [SPEAKER_05]: At least people like Contitu who are experienced in this, other gangs who are less experienced and other affiliates working for these gangs may be less experienced. 21:10.630 --> 21:14.852 [SPEAKER_05]: So they would have come up with a figure of four kiddo nurseries for this. 21:15.632 --> 21:21.774 [SPEAKER_05]: The hackers then obviously went to the next stage of their sort of extortion demands which is we have stolen data from you. 21:21.794 --> 21:22.994 [SPEAKER_05]: We haven't just scrambled your files. 21:23.034 --> 21:25.675 [SPEAKER_05]: We've stolen some of these files and we will start leaking them 21:28.336 --> 21:42.983 [SPEAKER_05]: serious because they have information on children looked after by the nursery, including photographs these kids, names and other very personal details, which is obviously the thing as a nursery that you do not want out there and addresses as well of these. 21:43.303 --> 21:50.747 [SPEAKER_05]: They claimed about 8,000 of these, including a few, I think it's 10 or so, they actually leaked onto their dark website. 21:53.188 --> 21:58.831 [SPEAKER_05]: I hadn't heard of Radiant before, but, frankly, these ransomware gangs come and go very frequently now. 21:58.851 --> 22:07.175 [SPEAKER_02]: Yeah, sometimes seem to sort of disappear a little maybe when the heat's on them, and then you see a very similar ransomware group open up. 22:07.195 --> 22:10.117 [SPEAKER_02]: Yeah, I wonder if you've just rebranded yourself. 22:10.277 --> 22:14.979 [SPEAKER_05]: Yes, yes, particularly when he claimed war, a lot of these ransomware gangs started getting sanctioned. 22:15.279 --> 22:22.702 [SPEAKER_05]: So the US government was like, you are now a sanctioned entity, which means the victim, well, if they pay, they are breaching sanctions and you go to prison for that. 22:22.842 --> 22:33.846 [SPEAKER_05]: So that was a significant impact to the way the ransomware gangs got around that, sometimes, was setting up under a new name and say, well, yes, you know, come to you wherever, maybe sanctioned, you know, black bastard, but we're not there. 22:33.926 --> 22:35.147 [SPEAKER_05]: We're different, you can pay us. 22:36.007 --> 22:38.309 [SPEAKER_05]: The issue with that is is reputation. 22:38.990 --> 22:46.558 [SPEAKER_05]: If you've been around in ransomware for a while, under a particular name and you do decrypt people's files and delete their data or claim to when they pay up. 22:46.578 --> 22:56.007 [SPEAKER_05]: If you sort of do what you say you're going to do when someone pays you, you have a reputation online and in the community that you are going to do the do when the ransom is paid. 22:56.768 --> 23:14.245 [SPEAKER_05]: And you gradually work up that reputation over time, sometimes over years, if you then suddenly hop into a new name and say, oh, now this new ransomware gang X, the victims are going to try and Google you and ask around and say, well, if we pay the ransomware, these guys are going to perform a normal note because we don't know these guys are new gangs. 23:14.325 --> 23:20.331 [SPEAKER_05]: So, operating under a name gets you in an enduring reputation, which is important for your victims to pay up. 23:20.831 --> 23:33.600 [SPEAKER_05]: But these guys were agent, as I say, I had not come across them before, obviously the leaking of kids, incredibly sensitive personal data, photos of them attracted universal condemnation for almost every birth, understandably. 23:33.800 --> 23:38.243 [SPEAKER_05]: This was seen as being even among the panels of cybercrime, particularly at Hainus attack. 23:39.204 --> 23:48.311 [SPEAKER_05]: Then the gang started contacting families of these kids and saying, oh boy, this nursery is refusing to pay, you know, you should put some pressure on them. 23:48.971 --> 24:02.799 [SPEAKER_05]: Which again, Harks back to, in fact, I'm going to mention Joe Tidey again, the BBC side report who put out a book recently called Control Out the Chaos, which was mainly about a young lad called Julius Kivimaki, who was a Finnish guy. 24:03.419 --> 24:07.421 [SPEAKER_02]: That's right, he's the guy targeted the Vastamo psychotherapy clinic, wasn't he? 24:07.441 --> 24:13.085 [SPEAKER_05]: Precisely, so yeah, so he managed to extricate swathes of incredibly sensitive therapy 24:15.546 --> 24:17.107 [SPEAKER_05]: for this fast ammo operation. 24:17.187 --> 24:22.990 [SPEAKER_05]: He obviously tried to blackmail for Stamo, but he also contacted patients and said, look, I've got your top secret notes. 24:23.390 --> 24:25.811 [SPEAKER_05]: You need to get in touch with these people and urge them to pay. 24:25.912 --> 24:29.393 [SPEAKER_05]: So it's a particularly venal tactic, but it's not without a precedent. 24:30.054 --> 24:34.976 [SPEAKER_05]: In this case, this gang got either even more trouble for this, because what can you do that's worse than leaking the kids' pictures? 24:34.996 --> 24:38.218 [SPEAKER_05]: Well, the contact in the kids' parents and guardians and putting the squeeze on there. 24:38.258 --> 24:39.459 [SPEAKER_05]: That's, you know, worse. 24:39.739 --> 24:39.899 [SPEAKER_05]: Yeah. 24:40.259 --> 24:43.381 [SPEAKER_05]: Then we start to see this shift in the gang and what they do. 24:43.901 --> 24:45.842 [SPEAKER_05]: They then blurred the kids photographs. 24:45.962 --> 24:47.663 [SPEAKER_05]: So they said, well, we understand this is bad. 24:47.683 --> 24:48.443 [SPEAKER_05]: We're going to blur them. 24:48.783 --> 24:55.047 [SPEAKER_05]: And now claim to have deleted the kid's data and deleted all of the data on the other 8,000 or so children. 24:55.067 --> 24:56.247 [SPEAKER_05]: They claim they had data on. 24:56.467 --> 24:58.729 [SPEAKER_05]: So effectively the ransomware attack has sort of failed. 24:58.749 --> 25:01.170 [SPEAKER_05]: They've had to backtrack right in the face of this. 25:01.590 --> 25:11.858 [SPEAKER_05]: And it's really interesting, I find this fascinating in terms of, I think we tend to assume these gangs, these rants and my gangs, I sort of have some homogenous, tightly controlled enterprises to have uniform policies on things, you know? 25:12.238 --> 25:14.220 [SPEAKER_05]: And certainly in some cases, yes, that is the case. 25:14.260 --> 25:20.945 [SPEAKER_05]: I mean, Comtey had this whole thing about the fact that they don't hit health care, and that became a big issue with the gang of, do we or don't we, you know, what is health care? 25:20.965 --> 25:21.305 [SPEAKER_05]: Well, isn't it? 25:21.325 --> 25:21.485 [SPEAKER_05]: Yeah. 25:21.745 --> 25:23.747 [SPEAKER_05]: But they least had a sort of fairly solid policy on that. 25:24.287 --> 25:31.871 [SPEAKER_05]: Around the fringe of this gang, though, this is really interesting debate over whether they are cooks or not. 25:31.891 --> 25:33.112 [SPEAKER_05]: I mean, they clearly are, right? 25:33.452 --> 25:38.415 [SPEAKER_05]: But yes, are we the kind of cooks who just don't respond to any laws and guidelines? 25:39.075 --> 25:42.777 [SPEAKER_05]: Or do we actually have our own internal sort of ethics that we obey? 25:43.357 --> 25:45.478 [SPEAKER_05]: So that the healthcare thing was perhaps that you're part of that. 25:45.538 --> 25:48.120 [SPEAKER_05]: Some of the ransomware gang will like, look, we don't attack healthcare. 25:48.140 --> 25:50.481 [SPEAKER_05]: You know, my aunt died of COVID, 25:52.580 --> 25:58.945 [SPEAKER_05]: Other members of the gang explicitly said, I am a cook, you know, I am a hacker, I don't care. 25:58.965 --> 26:02.148 [SPEAKER_05]: I will go after what I will go after, thank you very much. 26:02.569 --> 26:10.075 [SPEAKER_05]: And you start to see this in the sort of targeting again, how much control does a ransomware gang have over how it's ransomware is used? 26:10.655 --> 26:13.658 [SPEAKER_05]: Because, you know, they work through affiliates, they work through effectively. 26:13.678 --> 26:16.901 [SPEAKER_05]: If franchise system, somebody will take the ransomware 26:19.875 --> 26:25.657 [SPEAKER_02]: Yeah, because there's certain technical constraints that Iran's somewhere group can incorporate to enforce the rules. 26:25.677 --> 26:30.298 [SPEAKER_02]: For instance, there's a lot of ransomware, which won't run if you've got a Russian keyboard. 26:30.538 --> 26:31.998 [SPEAKER_02]: Yes, because it's a Russian keyboard. 26:32.999 --> 26:35.679 [SPEAKER_02]: The ransomware can determine it's running on that kind of computer and things. 26:36.040 --> 26:36.660 [SPEAKER_02]: Yes, we don't know. 26:36.700 --> 26:39.620 [SPEAKER_02]: In fact, any Russian organization, yeah, whatever colors felt. 26:39.821 --> 26:40.021 [SPEAKER_02]: Yes. 26:40.261 --> 26:46.702 [SPEAKER_02]: But much more difficult to prevent your ransomware group of affiliates from attacking our hospital, 26:48.743 --> 26:53.767 [SPEAKER_05]: I think what's fascinating about the ransomware scene is it is really a proper franchise model. 26:54.207 --> 27:08.458 [SPEAKER_05]: Obviously McDonald's and Starbucks are legitimate organizations, but there is a comparison to be made, you know, the reason Starbucks and McDonald's are really successful is because you set up the brand, the logos, the icons, you know, the one McDonald's, you provide the burgers, 27:09.078 --> 27:21.508 [SPEAKER_05]: And then that's it, you know, the rest is down to the franchisee, you know, you set up the restaurant, you pay the rent, you employ the staff, you know, you order all the burgers from us, it's a great scalable business model, it's why it works for people like Metons and Starbucks. 27:21.989 --> 27:25.652 [SPEAKER_05]: The same is true of the Rants were industry, you know, I've written the Rants somewhere once. 27:26.332 --> 27:31.153 [SPEAKER_05]: Now I can just get passive income from it time the time again, as my franchisees use it. 27:31.513 --> 27:42.076 [SPEAKER_05]: The problem is, and again, McDonald's and Starbucks and places like that have had issues with this, where a manager of a restaurant or a coffee shop that's a franchise will be an absolute nightmare. 27:42.657 --> 27:45.977 [SPEAKER_05]: And it appears in the press of like, oh, this, you know, McDonald's was awful. 27:46.197 --> 27:47.598 [SPEAKER_05]: And McDonald's have to respond and say, well, 27:48.338 --> 27:50.099 [SPEAKER_05]: No, it's the franchise E who is awful. 27:50.219 --> 27:50.399 [SPEAKER_05]: Yes. 27:50.459 --> 27:53.841 [SPEAKER_05]: We're in the background giving them the wherewithal to run their franchise. 27:54.181 --> 27:56.162 [SPEAKER_05]: It's a similar thing in the ransomware industry. 27:56.462 --> 27:58.723 [SPEAKER_05]: How much control do you have over your franchise E's? 27:59.323 --> 28:01.704 [SPEAKER_02]: It must be difficult to police their behaviour. 28:02.165 --> 28:07.267 [SPEAKER_02]: And of course, if even if you boot someone out, they could welcome back, could say under a new guys. 28:07.527 --> 28:07.947 [SPEAKER_05]: precisely. 28:07.987 --> 28:27.775 [SPEAKER_05]: So, and the other thing is this sort of interplay of power between the ransomware providers, the virus writers, and the franchisees, the affiliates and so on, because without the virus writers, the affiliates can't do anything, it's like being a, I know, I'm mentioning McDonald's Lawton, and I want to make clear, McDonald's are not so criminal organizations, but it's a bit like, you know, not in the business of producing ransomware. 28:27.815 --> 28:29.176 [SPEAKER_02]: They are not, they are not, they are not. 28:29.196 --> 28:29.956 [SPEAKER_02]: But that's quite clear. 28:30.116 --> 28:35.380 [SPEAKER_05]: But you know, fundamentally without McDonald's providing the burgers and the packaging and stuff, you can't run on McDonald's restaurant. 28:35.620 --> 28:39.522 [SPEAKER_05]: It's a bit the same in Ransonware without the Ransonware gang providing the encryption code. 28:40.043 --> 28:41.324 [SPEAKER_05]: You can't have can't run. 28:41.984 --> 28:44.266 [SPEAKER_05]: However, it's a symbiotic relationship. 28:44.566 --> 28:48.969 [SPEAKER_05]: The Ransonware gang, if nobody's spreading their Ransonware getting on systems, they're not making any money. 28:49.069 --> 28:50.510 [SPEAKER_05]: So they both need each other. 28:51.070 --> 28:55.713 [SPEAKER_05]: and the pendulum of power shift between those two different communities I think is really interesting. 28:56.053 --> 29:00.095 [SPEAKER_05]: There were times definitely when one ransomware gang is surging, we had this with lock bit. 29:00.835 --> 29:05.558 [SPEAKER_05]: Lock bits gang were really doing well, making lots of effort because the systems were really good. 29:06.238 --> 29:25.707 [SPEAKER_05]: but then lock bits starts to disintegrate and now you see I think the power balance shifting back maybe to the toilets because they're the ones that they look you know I can take my pick of ransomware guys of ransomware virus writers you need me who's got the expert knowledge and how to get your ransomware on to a system the power balance starts to shift back I find that Evan flow really fascinating to be honest yes 29:26.387 --> 29:31.515 [SPEAKER_05]: the kiddo ransomware episode seems to have at the moment ended to a certain extent. 29:31.555 --> 29:37.404 [SPEAKER_05]: The problem of course and again I think Joe's point this out in his articles on the BBC is have they deleted the data? 29:37.585 --> 29:40.249 [SPEAKER_05]: Is this just going to be used for some kind of war for Batman with future? 29:47.012 --> 29:52.495 [SPEAKER_02]: So this episode of the show is sponsored by Drumutter, and I'm going to tell you why you check them out. 29:53.076 --> 30:02.041 [SPEAKER_02]: Look, if you're in security or compliant, you know the drill, you're constantly wearing like 10 different hats, risk management, compliance, budget, it's quite the handful. 30:02.582 --> 30:05.644 [SPEAKER_02]: Here's the thing though, drata actually helps with all of that. 30:06.084 --> 30:12.288 [SPEAKER_02]: Basically, they've made a platform that handles all the tedious, compliant stuff that normally eats up your entire week. 30:12.868 --> 30:18.671 [SPEAKER_02]: What Drata does is automate the evidence collection, the compliance track in the security questionnaires. 30:19.092 --> 30:20.372 [SPEAKER_02]: It just handles it. 30:20.873 --> 30:34.121 [SPEAKER_02]: They've got real-time monitoring, so you're always audit ready, which is nice, because no one enjoys scrambling before an audit, and they've even got AI assistance for questionnaires now, which, honestly, thank the Lord. 30:34.801 --> 30:44.414 [SPEAKER_02]: The point is, instead of spending all your time proven that you are secure and compliant, you can actually focus on being more secure and compliant. 30:44.772 --> 30:45.272 [SPEAKER_02]: That's crazy. 30:45.532 --> 30:45.832 [SPEAKER_02]: I know. 30:46.292 --> 30:52.374 [SPEAKER_02]: Anyway, if that sounds useful to you, check them out at drata.com slash smashing. 30:52.714 --> 30:57.215 [SPEAKER_02]: That's drat.com slash smashing. 30:57.435 --> 31:00.956 [SPEAKER_02]: And if you use that link, they will know that you heard about them on the show. 31:01.296 --> 31:04.477 [SPEAKER_02]: And thanks to drata for supporting smashing security. 31:14.515 --> 31:18.557 [SPEAKER_02]: And welcome back, and you join us at our favourite part of the show at the part of the show that we like to call, Pick of the Week. 31:20.297 --> 31:31.261 [SPEAKER_02]: Pick of the Week is the part of the show where everyone chooses the sound they like, could be a funny story, a book that they've read a TV show, a movie, a record, a podcast, a website, or an app. 31:31.402 --> 31:35.123 [SPEAKER_02]: Whatever they wish, it doesn't have to be security-related necessarily. 31:35.863 --> 31:38.384 [SPEAKER_02]: Well, my Pick of the Week this week is not security-related. 31:38.464 --> 31:39.965 [SPEAKER_02]: Regular listeners will remember that. 31:40.581 --> 31:56.067 [SPEAKER_02]: Back in the annals of time, one of my greatest picks of the week, and one for which I received many plaudits, and words of thanks from grateful listeners was the one where I told people how to properly borrow an egg, with my completely foolproof method. 31:57.067 --> 32:20.682 [SPEAKER_02]: that was so popular I have now moved on because in the last few weeks I have mastered my baked potato recipe which I would like to share with you Jeff are you a fan of the baked potato well now I will say a resounding yes but and I think this will be relevant to the ongoing conversation I just never make them because they they're just a fact to make the 32:25.246 --> 32:29.489 [SPEAKER_02]: Okay, well, I think it's pretty simple and it goes like this. 32:30.189 --> 32:32.551 [SPEAKER_02]: Number one, you're going to need a potato. 32:32.571 --> 32:35.594 [SPEAKER_02]: Okay, I'm writing this down, potato, get potato. 32:35.834 --> 32:38.416 [SPEAKER_02]: A good sized potato for bacon. 32:39.036 --> 32:41.718 [SPEAKER_02]: Do you have a favorite one that you use? 32:42.479 --> 32:45.021 [SPEAKER_02]: Not particularly, just not a new potato. 32:45.181 --> 32:46.983 [SPEAKER_02]: You know, not a salad potato. 32:47.123 --> 32:51.386 [SPEAKER_02]: You know, it's gonna be a proper potato with a bit of a bit of grit on it. 32:51.466 --> 32:52.527 [SPEAKER_05]: A chunky, yes, okay. 32:53.426 --> 32:56.187 [SPEAKER_02]: a big fan of the potato skin. 32:56.307 --> 32:58.848 [SPEAKER_02]: Oh yes, the whole point isn't it. 32:58.868 --> 33:00.809 [SPEAKER_02]: It's the whole point of a baked potato for goodness. 33:00.829 --> 33:02.310 [SPEAKER_02]: Like oh, quite hungry now. 33:02.710 --> 33:03.871 [SPEAKER_02]: So you get your potato. 33:04.331 --> 33:05.551 [SPEAKER_02]: You turn your oven on. 33:06.112 --> 33:06.572 [SPEAKER_02]: To about. 33:07.172 --> 33:08.093 [SPEAKER_02]: I feel like delish myth. 33:08.313 --> 33:10.073 [SPEAKER_02]: To about 200 degrees. 33:10.273 --> 33:10.914 [SPEAKER_02]: Turn the oven on. 33:11.274 --> 33:13.835 [SPEAKER_02]: Do not put the baked potato in the oven. 33:14.555 --> 33:16.596 [SPEAKER_02]: That is the mistake that people make. 33:16.756 --> 33:17.657 [SPEAKER_02]: Don't do that because 33:20.558 --> 33:21.839 [SPEAKER_02]: And it's too much for a fath. 33:22.279 --> 33:25.802 [SPEAKER_02]: What you do is you take your potato over to your microwave. 33:25.922 --> 33:26.642 [SPEAKER_02]: Oh, all right. 33:27.022 --> 33:30.805 [SPEAKER_02]: You get your little fork out and you prick the potato a few times. 33:31.425 --> 33:35.348 [SPEAKER_02]: Shuck it into the microwave now depending on the precise size of the potato. 33:35.708 --> 33:40.752 [SPEAKER_02]: You may have to adjust this time, but I would say, run about six minutes, full blast. 33:43.292 --> 33:44.214 [SPEAKER_02]: Open up the microwave. 33:45.417 --> 33:46.360 [SPEAKER_02]: Take the potato out. 33:46.560 --> 33:48.084 [SPEAKER_05]: Glad you explained all these intermediary steps. 33:48.124 --> 33:49.828 [SPEAKER_05]: So otherwise I would have put the microwave in the oven. 33:49.928 --> 33:50.510 [SPEAKER_05]: Okay, got it. 33:51.005 --> 33:56.369 [SPEAKER_02]: or a little bit of olive oil on it, and maybe a little bit a little bit of salt. 33:57.209 --> 33:58.530 [SPEAKER_02]: Already your mouth is watering. 33:58.951 --> 34:01.152 [SPEAKER_02]: Check it in the oven, put it on a baking tray, check it in the oven. 34:01.773 --> 34:03.294 [SPEAKER_02]: Set a timer for 20 minutes. 34:03.314 --> 34:04.895 [SPEAKER_02]: 20 minutes are gone. 34:05.175 --> 34:11.419 [SPEAKER_02]: Turn off the oven, take the baked potato out, and thank me for the best meal you're gonna have. 34:12.240 --> 34:12.720 [SPEAKER_02]: They long. 34:13.401 --> 34:15.642 [SPEAKER_02]: That is gonna be perfect Jeff. 34:15.803 --> 34:16.003 [SPEAKER_02]: Right. 34:16.683 --> 34:24.645 [SPEAKER_02]: Right now, if you want, you can get a elaborate, you can add some tuna, you could cut up some cucumber, cheese, a bit of pep, some pep. 34:24.745 --> 34:28.586 [SPEAKER_02]: Well, cheese, if you want, yeah, I don't tend to have cheese on mine, but that's fine. 34:28.606 --> 34:31.067 [SPEAKER_02]: You could, you could grate cheese, if you want it. 34:31.087 --> 34:32.187 [SPEAKER_02]: I wouldn't have a slab of cheese. 34:32.947 --> 34:34.788 [SPEAKER_05]: No, you want to go, no, you're a greater, yes, yeah. 34:34.848 --> 34:35.608 [SPEAKER_02]: Yeah, you want to grate it. 34:36.168 --> 34:38.329 [SPEAKER_02]: Yeah, I tend to be a bit of a tuna guy. 34:38.549 --> 34:38.809 [SPEAKER_05]: Right. 34:39.389 --> 34:42.290 [SPEAKER_02]: But frankly, the potato is going to be the best bit of it. 34:43.721 --> 34:49.672 [SPEAKER_02]: Every time I have a baked potato, this is how I'm doing it, and they are all magnificent. 34:50.633 --> 34:52.977 [SPEAKER_02]: That is my pick of the week. 34:55.780 --> 34:57.200 [SPEAKER_05]: Congratulations to you, Graham. 34:57.480 --> 34:58.201 [SPEAKER_05]: Thank you very much. 34:58.601 --> 35:08.523 [SPEAKER_05]: Admittedly discovering quite some considerable time after the rest of the population, the microwave and potato and then baking it is a bit of a shortcut to getting a baked potato. 35:08.763 --> 35:10.043 [SPEAKER_05]: I'm just so glad you're there now. 35:10.644 --> 35:15.165 [SPEAKER_05]: If you're sorry for the decades you spent in the potato wilderness, but it's great that you find it cracked. 35:15.785 --> 35:17.005 [SPEAKER_02]: Everybody else knows. 35:17.565 --> 35:21.566 [SPEAKER_02]: Well, you know, I think if I didn't know this, Jeff, there are probably other listeners who didn't 35:24.967 --> 35:25.507 [SPEAKER_02]: Perfectly. 35:25.527 --> 35:26.407 [SPEAKER_05]: No, no fun, I think. 35:26.687 --> 35:27.147 [SPEAKER_05]: Okay. 35:27.828 --> 35:30.408 [SPEAKER_02]: So, do you consider that too much for a FAFORN? 35:30.448 --> 35:33.749 [SPEAKER_02]: Are you hoping for a shorter version of the FAFORN? 35:33.889 --> 35:39.510 [SPEAKER_05]: It's no more or less short than the technique that I myself have been using for quite some cathedral for the time. 35:39.610 --> 35:40.170 [SPEAKER_05]: Oh, perfect. 35:40.190 --> 35:48.372 [SPEAKER_05]: So, it's not, you know, if you've come out with something that's longer than my method, I would have been disappointed, but at least now I can confirm you haven't cracked a shorter method. 35:48.392 --> 35:49.052 [SPEAKER_05]: That's just great. 35:49.172 --> 35:52.973 [SPEAKER_02]: If you know what, Jeff, I listen to two whole seasons of the Lazarus Highest. 35:53.757 --> 35:58.060 [SPEAKER_02]: And there was nothing about the proper way to bake a potato as far as I remember. 35:58.100 --> 35:59.160 [SPEAKER_02]: No cooking advice. 35:59.200 --> 35:59.901 [SPEAKER_02]: King Johnron? 35:59.961 --> 36:00.201 [SPEAKER_02]: Yes. 36:00.341 --> 36:01.502 [SPEAKER_02]: Didn't give any advice. 36:02.042 --> 36:03.563 [SPEAKER_02]: How is loyal subject? 36:04.003 --> 36:06.865 [SPEAKER_02]: Should they be lucky enough to actually own a potato and a microwave? 36:06.905 --> 36:07.686 [SPEAKER_05]: Yes, yes. 36:07.906 --> 36:08.186 [SPEAKER_05]: Oh, God. 36:08.226 --> 36:08.446 [SPEAKER_05]: OK. 36:08.466 --> 36:08.726 [SPEAKER_05]: Well, yes. 36:08.886 --> 36:11.828 [SPEAKER_05]: So you have absolutely ticked a box in this podcast that... Thank you. 36:11.848 --> 36:16.811 [SPEAKER_05]: Despite our considerable efforts and funding from BBC, we didn't even get news to doing laser size to you, right? 36:17.932 --> 36:18.933 [SPEAKER_05]: I can only apologise. 36:21.074 --> 36:22.575 [SPEAKER_02]: Jeff, watch your pick of the week. 36:24.314 --> 36:25.675 [SPEAKER_05]: I'm gonna pick a book that I read. 36:25.695 --> 36:27.996 [SPEAKER_05]: It's not the last book I read, but it's quite a recent book I read. 36:28.016 --> 36:31.978 [SPEAKER_05]: All right, which was from Markets, recommend to them a good friend of mine has got great taste in books. 36:31.998 --> 36:36.580 [SPEAKER_05]: Or we cultivate people I've good taste in books, particularly non-fiction books, which I really like. 36:36.660 --> 36:41.603 [SPEAKER_05]: It's called the title, Loan Sells It, at the Tomb of the Inflatable Pig. 36:42.783 --> 36:46.685 [SPEAKER_05]: This is by a guy called John Gimmlet, and it is about powerquai. 36:47.025 --> 36:50.067 [SPEAKER_05]: It's travels through your powerquai in South America. 36:51.247 --> 36:58.791 [SPEAKER_05]: Which is a country that's of dimly aware of, but how absolutely no idea power-guide is the most bad it in saying place. 36:58.991 --> 37:13.278 [SPEAKER_05]: For start it's impenetrable, like there's no sort of, it's surrounded by other countries, but it's sealed off of them by vast deserts, mountain ranges, incredible forests, like it's almost like God has sort of put a little wing around power-guide and said, no, nobody shall come here. 37:13.718 --> 37:21.082 [SPEAKER_05]: So you can fly in, there's an airport there, or you can go up the river, which is how a lot of the sort of colonial and pre-colonial explorers kind of got there. 37:21.822 --> 37:29.786 [SPEAKER_05]: But it just sort of lends itself to this complete absolute crazy country that's been a settling place for obviously. 37:29.926 --> 37:38.250 [SPEAKER_05]: Not these are accused of ending up in Paraguay, but also it became a sort of battleground state in terms of its support for sort of, well, we're two of the Germans and so on. 37:38.670 --> 37:43.333 [SPEAKER_05]: that there was a whole men and night community that turned up religious Christian men and night community turned up in Paraguay. 37:43.954 --> 37:46.376 [SPEAKER_05]: It's just completely, completely crazy. 37:46.696 --> 37:53.421 [SPEAKER_05]: Coupled with a political scene that makes the sort of rockians in British political life seem very, very quaint and dainty. 37:53.441 --> 37:56.423 [SPEAKER_05]: They've had so many different kind of dictates of different types. 37:57.383 --> 37:58.684 [SPEAKER_05]: It really is a remarkable book. 37:58.804 --> 38:01.506 [SPEAKER_05]: It's just a really fun and interesting book. 38:01.846 --> 38:03.126 [SPEAKER_05]: It's the best of those travel books. 38:03.187 --> 38:05.448 [SPEAKER_05]: It really takes you to a place and gets under the skin of it. 38:05.808 --> 38:09.330 [SPEAKER_05]: So you almost feel like you've been there even though you haven't highly recommend. 38:09.450 --> 38:11.151 [SPEAKER_05]: At the Tomb of the Inflatable Pig, John Gimmelett. 38:12.104 --> 38:14.165 [SPEAKER_02]: can you explain the title at all? 38:14.605 --> 38:16.546 [SPEAKER_05]: I can and that's a bit of a disappointment. 38:16.846 --> 38:24.430 [SPEAKER_05]: There's a reference in the book to a craze that takes over and power a grite of these kind of inflatable pig balloons that are on the streets when they're also is there. 38:26.351 --> 38:30.453 [SPEAKER_05]: And there's the tomb of the old dictator and they kind of sell these, I think they sell them outside. 38:30.473 --> 38:33.435 [SPEAKER_05]: The title is barely connected to what's in the book. 38:33.475 --> 38:36.697 [SPEAKER_05]: It's a directory of title writers over a content of book. 38:37.718 --> 38:43.690 [SPEAKER_05]: Um, but it's just an eye catching title and as I say, or a catching depending which way you're consuming it. 38:44.555 --> 38:45.315 [SPEAKER_02]: Fantastic. 38:45.515 --> 38:47.776 [SPEAKER_02]: Well, I think we've covered it all today, haven't we? 38:48.136 --> 38:51.136 [SPEAKER_02]: I'd say I'd had the more cultural pick of the week than you. 38:51.316 --> 38:58.378 [SPEAKER_02]: Yes, so we might take a bit more high-brow than you were, but overall, I think we've done jolly jolly well. 38:58.558 --> 39:00.198 [SPEAKER_05]: Why is it hanging on mine was a book? 39:00.218 --> 39:00.298 [SPEAKER_05]: What? 39:00.318 --> 39:01.398 [SPEAKER_05]: You also is a potato. 39:01.478 --> 39:08.479 [SPEAKER_05]: If we did like reducing it to the basics, I don't think you could argue that if a potato is more high brother than a book, I would push back on that Graham. 39:08.779 --> 39:11.420 [SPEAKER_05]: But I also want to be invited back, so I'll just, I'll park it for a moment. 39:11.960 --> 39:12.580 [SPEAKER_05]: I'll put a pin in it. 39:12.620 --> 39:16.241 [SPEAKER_02]: Well, that just about wraps up the show for this week. 39:16.481 --> 39:18.102 [SPEAKER_02]: Thank you so much, Jeff. 39:18.382 --> 39:19.102 [SPEAKER_02]: I'm sure it was fun to listen. 39:19.122 --> 39:21.323 [SPEAKER_02]: I just would love to find out what you're up to and follow you online. 39:21.843 --> 39:23.804 [SPEAKER_02]: What is the best way for them to do that right now? 39:24.164 --> 39:25.184 [SPEAKER_05]: Look me up on LinkedIn. 39:25.304 --> 39:27.965 [SPEAKER_05]: I am all across LinkedIn as my main platform of choice. 39:28.065 --> 39:29.506 [SPEAKER_05]: I have for obvious reasons. 39:30.026 --> 39:31.226 [SPEAKER_05]: I think now deserted Twitter. 39:31.326 --> 39:32.327 [SPEAKER_05]: I don't do Twitter anymore. 39:32.587 --> 39:36.088 [SPEAKER_05]: See, a Jeff White, Jeff with a G and white like the color I'm on, LinkedIn, connect with me there. 39:36.938 --> 39:53.508 [SPEAKER_02]: Also, and of course we're on social media too, you can find me ground clearly on LinkedIn or follow smashing security on BlueSky, and I've get to ensure you never miss an other episode follow smashing security in your favourite podcast app, such as Apple Podcasts, Spotify and Pocketcasts website, show notes, sponsorship details, guest lists, and the entire 39:57.130 --> 40:00.717 [SPEAKER_02]: Episodes, some of which include recipes for boiling and egg. 40:01.178 --> 40:05.667 [SPEAKER_02]: Check out Shinsacurity.com Until next time, Cheerio! 40:05.727 --> 40:06.208 [SPEAKER_02]: Bye bye! 40:06.509 --> 40:06.810 [SPEAKER_02]: Bye! 40:17.930 --> 40:21.116 [SPEAKER_02]: you have been listening to smashing security with me grant clearly. 40:21.757 --> 40:25.403 [SPEAKER_02]: Thanks very much to Jeff for joining me this week and of course big thanks. 40:25.884 --> 40:28.809 [SPEAKER_02]: This episode sponsors Venter one password and draught her. 40:29.473 --> 40:34.095 [SPEAKER_02]: and to all the chums who've signed up for smashing security plus over on Patreon. 40:34.476 --> 40:48.683 [SPEAKER_02]: They include Sabahatim Guchiluglu, 636B Daniel Krumek, Dr. Herbalist asked Leo Sunky Van Repel, Ragnar Carlson, David Pam, John Ware, Adina Bogato Brian. 40:49.323 --> 40:54.484 [SPEAKER_02]: Matt H. Maya, Dave Barker, Darren Kenny, and Matt Cotton. 40:55.064 --> 40:58.885 [SPEAKER_02]: Now, wouldn't you love to have your name read out the end of the show every now and then? 40:59.265 --> 41:03.846 [SPEAKER_02]: Well, if so, you should sign up for smashing security plus for a little as $5 a month. 41:04.327 --> 41:13.589 [SPEAKER_02]: You're going to become a member of our happy little camp in tribe, and you will gain early access to episodes with none of the pesky adverts how lovely with that big. 41:19.410 --> 41:26.857 [SPEAKER_02]: Now, of course, you might know a bit of Ford such a luxury sign up for smashing security plus, so don't feel any pressure to become a patron. 41:27.257 --> 41:38.667 [SPEAKER_02]: There's all kinds of other ways in which you can support the show beyond a monthly financial commitment you could go and check out the smashing security merchandise store, which has got some new t-shirt designs and fancy mugs on the like. 41:39.247 --> 41:51.615 [SPEAKER_02]: Truth is, you can support the podcast in other ways, which don't involve splash in the cash, for instance, you can give it a five-star review on someone like Apple Podcasts, and you can tell your friends to give it a listen. 41:51.635 --> 41:58.999 [SPEAKER_02]: There's nothing quite like the endorsement of someone saying to you, hey, I've heard this podcast, maybe you should listen to it as well, so why not spread the word that way? 41:59.339 --> 42:00.060 [SPEAKER_02]: Really, really would. 42:00.380 --> 42:09.908 [SPEAKER_02]: appreciate that and I do appreciate each and every one of you who tunes in every week to hear this little podcast after 438 episodes. 42:09.988 --> 42:11.229 [SPEAKER_02]: Wow, you're still tuned in. 42:11.589 --> 42:12.690 [SPEAKER_02]: So thanks very much. 42:13.130 --> 42:16.313 [SPEAKER_02]: And I hope to speak again this time next week. 42:16.613 --> 42:17.274 [SPEAKER_02]: Till we, bye-bye.