[SPEAKER_03]: But you know what, Monica.

[SPEAKER_03]: They don't care.

[SPEAKER_01]: I know, and that's the problem, but we have to.

[SPEAKER_03]: There's only one thing that they care about.

[SPEAKER_01]: Profit.

[SPEAKER_03]: And therefore, we should be putting pressure on the companies which advertise on the services and saying, do you really want to be there?

[SPEAKER_02]: smashing security, episode 450, from Instagram panic to Grokgon Wilde, with Graham clearly and special guest Monica Vermer.

[SPEAKER_03]: Hello, hello and welcome to smashing security episode 450, my name is Graham Pluelly, and I'm Monica Vermer.

[SPEAKER_03]: Hi Monica, first time on the show.

[SPEAKER_03]: Thank you so much for joining us today, Monica.

[SPEAKER_03]: If there's anyone listening to a smashing security who hasn't encountered you before, can you quickly sum up who you are and what you do?

[SPEAKER_01]: Yeah, absolutely.

[SPEAKER_01]: I'm a form artist, so I've been in this industry for more than 20 years.

[SPEAKER_01]: I started my journey as a hacker.

[SPEAKER_01]: and then when did the risk management and then became as is so I am still a hacker because it's a mindset more than just absolutely it's I truly believe that [SPEAKER_03]: a good hack.

[SPEAKER_03]: You're not one of those bad do you hack?

[SPEAKER_01]: No absolutely a white hack or a good hacker.

[SPEAKER_01]: Never, never actually hacked criminally because you can't act illegally but that's not what I do.

[SPEAKER_01]: I've been paid legally to hack.

[SPEAKER_03]: That's fair enough.

[SPEAKER_01]: Product and systems and healthcare and trains and whatnot and it's been really really fun and I think I've been hang on.

[SPEAKER_03]: You just said that you packed trains.

[SPEAKER_03]: What's that [SPEAKER_01]: Because I used to work for Stephens and we were allowed to hack all products and then, you know, Stephens has these PLCs and logic boards that run trains and so one of my colleagues and I, we were invited to actually hack trains to really hack the logic so it was really really fun.

[SPEAKER_03]: Well, before we kick off, let's thank this week's wonderful sponsors Mita and Vanta, we'll be hearing more about them later on in the podcast.

[SPEAKER_02]: this week on smashing security.

[SPEAKER_03]: We won't be talking about how pro-trans activists brought down a right-wing group's website and leaked the names of their donors.

[SPEAKER_03]: You'll hear no discussion of how man has been charged after he was allegedly hired, hack the snapchat account of female athletes.

[SPEAKER_03]: Then we won't even mention how a hacker has leaked the database of well-known cybercrime forum, breach forums, exposing the details of hundreds of thousands of people.

[SPEAKER_03]: So Monica, what are you going to be talking about this week?

[SPEAKER_01]: Are we talking about unpredictability in the world of AI?

[SPEAKER_01]: I'll be talking about AI governance, bit about guardrails.

[SPEAKER_03]: And I'll be giving you 17 million reasons why you might.

[SPEAKER_03]: Be playing password, reset, roulette.

[SPEAKER_03]: With your Instagram account, all this to much more coming up on this episode of Smash In Security.

[SPEAKER_03]: Well, let's take a moment now to thank one of this week's sponsors, META.

[SPEAKER_03]: Now, if you've ever worked 19, especially networking, you'll know when the network's working, nobody notices, when it isn't everybody notices.

[SPEAKER_03]: The problem is that most business networks are a mess of different providers, tools, dashboards, contracts, and trust fingers.

[SPEAKER_03]: And somehow, despite all that complexity, they're expected to be fast, secure, reliable, [SPEAKER_03]: and that's where META comes in.

[SPEAKER_03]: META builds networks from the ground up, they deliver a complete full stack network in solution wired wireless and cellular, all as one integrated service.

[SPEAKER_03]: And this is genuinely full stack.

[SPEAKER_03]: META designs the hardware rights, the firmware builds the software manages the deployment and runs the support.

[SPEAKER_03]: They even take care of things like ISP Procurement, Routine, Switch in Farbal's VPNs, DNS security, SD1, and multi-site networking in other words, fewer vendors, fewer dashboards, fewer who aren't this problem, conversations, and far fewer late night panic attacks.

[SPEAKER_03]: Meet us approaches about real control, proper visibility, and networks that behave themselves.

[SPEAKER_03]: And for IT leadership, it means something almost mythical in networking, predictability.

[SPEAKER_03]: If you're responsible for keeping the business online, you really should check out Meta.

[SPEAKER_03]: So go to meta.com slash smashing to book a demo now that's metr.com slash smashing.

[SPEAKER_03]: And thanks to Meta for supporting the show.

[SPEAKER_03]: Now, chums, chums.

[SPEAKER_03]: In recent days, we have witnessed a masterclass in corporate communications and by masterclass what I really mean, of course, is a complete an utter shambles.

[SPEAKER_03]: So, we've seen some shambles before, of course, way back in mid 2024, crowd strike, they pushed out dodgy update, and they, of course, millions of windows computers to blue screen of death.

[SPEAKER_03]: The lights were cancelled, hospitals were not able to look up their records, it cost my him didn't it?

[SPEAKER_01]: It did, it absolutely did, and one of the craziest things that happened in that incident.

[SPEAKER_01]: There was not just an uproar like nothing was working twice for cancelled people were stranded.

[SPEAKER_01]: Yes.

[SPEAKER_01]: But people were debating whether it's an IT incident or should be classified as security incident and should we even talk about it in cyber security industry or not?

[SPEAKER_01]: which to me was very interesting and like what do you mean?

[SPEAKER_01]: Like IT is a part of security, you know, you talk what people tech and processes tech is one third of that.

[SPEAKER_01]: So why would be not talking about it?

[SPEAKER_03]: So that was enough to shambles.

[SPEAKER_03]: I remember another shambles, which happened at Facebook.

[SPEAKER_03]: They accidentally disconnected their data center from the internet in October, 21, causing Mayhem, not only to Facebook, but also to Instagram.

[SPEAKER_03]: And that meant that employees also couldn't get into their buildings to fix it because apparently the door access systems ran on Facebook's own network.

[SPEAKER_03]: And they had to go and grab some angle grinders [SPEAKER_03]: going to sort out their systems.

[SPEAKER_03]: So there are huge shambles, huge cock-ups which happen in this week, but it's not an only shambles of such epic proportions, but still far from ideal.

[SPEAKER_03]: So let me tell you what's been happening in the last few days and it all started.

[SPEAKER_03]: when antivirus out there malware bytes posted on blue sky that cybercriminals had stolen sensitive data related to 17 and a half million Instagram accounts were talking username, addresses, phone numbers, the full caboodle.

[SPEAKER_01]: 17 million.

[SPEAKER_01]: That's crazy.

[SPEAKER_03]: 17 million.

[SPEAKER_03]: That's pretty bad, isn't it?

[SPEAKER_03]: And what they said, malware bytes in their post up on blue skies, this data is available for sale on the dark web and can be abused by cyber criminals.

[SPEAKER_03]: And that was it.

[SPEAKER_03]: That was their whole post.

[SPEAKER_03]: It was alongside an image of an email from Instagram.

[SPEAKER_03]: Okay.

[SPEAKER_03]: Claiming to be a password reset request.

[SPEAKER_03]: Okay.

[SPEAKER_03]: So there were no details about when the breach had happened.

[SPEAKER_03]: Or how it had happened, or where the researchers at malware bytes had found out about this.

[SPEAKER_03]: Just 17 and a half million accounts compromised data for sale.

[SPEAKER_03]: Good luck everybody.

[SPEAKER_03]: And at the same time as this was going on, people were flooding on to reddit, wondering why, they had received a barrage of Instagram password reset emails that they had not requested.

[SPEAKER_01]: You wonder why?

[SPEAKER_03]: Yeah, exactly.

[SPEAKER_03]: It's like, well, dear, maybe there's a reason why there's a connection here.

[SPEAKER_03]: One person said, is someone trying to hack me?

[SPEAKER_03]: Well, Instagram, of course, had to respond to this, and so they hopped on to Twitter, not Instagram, not for...

[SPEAKER_01]: Wait.

[SPEAKER_01]: Is Instagram hopped on to Twitter?

[SPEAKER_03]: Yes.

[SPEAKER_01]: That's interesting.

[SPEAKER_03]: Isn't it?

[SPEAKER_03]: They went to a platform owned by their direct competitor.

[SPEAKER_03]: They didn't post.

[SPEAKER_01]: Unbelievable.

[SPEAKER_03]: Maybe they're thinking if people are locked out of their accounts, they're not going to see this post on Instagram, so we're trying to Twitter instead, but they announced that they had fixed an issue that let Nick sternal party request password reset emails for some people and they gave some advice.

[SPEAKER_03]: Instagram said, you can ignore those emails.

[SPEAKER_03]: Sorry for any confusion.

[SPEAKER_00]: Uh-huh.

[SPEAKER_03]: So nothing's see here.

[SPEAKER_03]: Move along, please.

[SPEAKER_03]: Because that's what you want, isn't it?

[SPEAKER_03]: Someone saying, oh, don't worry about that.

[SPEAKER_03]: So imagine you're in a jumbo jet, and the pilot comes over the tanoy.

[SPEAKER_03]: And he cheerleaders, oh, just ignore that wing falling off.

[SPEAKER_03]: Sorry for any confusion.

[SPEAKER_03]: You can ignore that.

[SPEAKER_03]: People obviously are going to panic.

[SPEAKER_03]: They're thinking, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well, well [SPEAKER_03]: What's happened?

[SPEAKER_03]: Right?

[SPEAKER_03]: You would understandably wouldn't you?

[SPEAKER_01]: No, that's the way.

[SPEAKER_03]: Now according to some media reports, someone is trying to log a data set of some 17 million Instagram records that do in it on.

[SPEAKER_03]: Effectively, it's a underground coffee shop.

[SPEAKER_03]: It's a cyber criminal site.

[SPEAKER_03]: We've talked about it many times on this podcast, breach forums, right?

[SPEAKER_03]: Is the marketplace where this data is apparently being sold?

[SPEAKER_03]: That person who selling the data claims the data comes from an API leak back in 2024.

[SPEAKER_03]: Now, some observers reckon that malware bites mentioned this 2024 connection in an email to their paying customers, but it wasn't in their public blue sky post.

[SPEAKER_03]: So we've got red crumbs of information scattered across multiple sources.

[SPEAKER_03]: We've got Reddit.

[SPEAKER_03]: We've got [SPEAKER_03]: private emails from malware buds to their customers.

[SPEAKER_03]: We've got public posts from malware buds.

[SPEAKER_03]: We've got Instagram's Twitter post as well.

[SPEAKER_03]: All of these things, none of which are quite matching up.

[SPEAKER_03]: because Instagram is saying there hasn't been a breach.

[SPEAKER_03]: But if you notice the careful word in the use, they say there was no breach of our systems.

[SPEAKER_03]: They're not saying there has never been a breach of our systems.

[SPEAKER_03]: Or this data isn't legitimate.

[SPEAKER_03]: They're just saying this specific incident with the password reset emails wasn't a breach.

[SPEAKER_03]: And that rather conveniently side steps the question of whether there was a breach, say back in 2024.

[SPEAKER_01]: What's plus interesting about this is Graham, but I'm talking about cybercrime, I give a lot of keynotes, and I'm mentioning that the organized crime in the dark web has become a bigger and bigger corporation, like an underworld corporation that I never before, right?

[SPEAKER_03]: Yes, it's properly organized.

[SPEAKER_01]: It's properly organized.

[SPEAKER_03]: This is an industry, exactly.

[SPEAKER_01]: And I remember saying that they're the entrepreneurs that have gone to the dark side.

[SPEAKER_01]: They are finding always clever ways of not just making the buck.

[SPEAKER_01]: And in all the studies that I've seen over the last 20 years, I may say, almost always financial gain is the number one motivation.

[SPEAKER_01]: followed usually by political reasons.

[SPEAKER_01]: So activism.

[SPEAKER_01]: So I feel like it's important for us to understand not only what data has been leaked, but what has been used for, and we know most of the time it's financial gain.

[SPEAKER_01]: But do you know if Madre bites did any kind of like information on that?

[SPEAKER_01]: Because I know attribution is very difficult, but motivation usually.

[SPEAKER_03]: in their public post on blue sky is just a couple of sentences, it doesn't put it in any context.

[SPEAKER_03]: And this is frustrating, obviously, but I'm also frustrated by Instagram's response as well.

[SPEAKER_01]: Yeah, that's just crazy.

[SPEAKER_03]: they're not explaining how these password reset messages got sent, they're not explaining how an external party gained the ability to spam password reset to random users.

[SPEAKER_03]: They're just saying, well, it wasn't a breach.

[SPEAKER_03]: Well, it's like, well, times like it was some kind of security breach.

[SPEAKER_03]: If someone was able to gain that ability, it may not have been that data.

[SPEAKER_03]: was ex-filtrated as a result of this.

[SPEAKER_03]: We don't know, but all they're saying is, you're accounts are secure now.

[SPEAKER_03]: It's a bit like saying, I'm not burglary in your house, while you're carrying a TV set down the drive, right?

[SPEAKER_03]: It technically accurate.

[SPEAKER_03]: Yes, you're you're not burglary in the house.

[SPEAKER_03]: You're not any more.

[SPEAKER_03]: But it's not exactly reassuring is it, so I would hope for both the initial reporting of an instant to be more thorough, and also for the response from the organisation, which is trying to explain what happened, to properly represent what occurred.

[SPEAKER_01]: The owners definitely lies within Instagram more than it lies with anybody else, right?

[SPEAKER_01]: I mean, Malrobi'd should have given more information and definitely not put it behind the paywall.

[SPEAKER_01]: That's sad.

[SPEAKER_01]: For something so important, [SPEAKER_03]: I mean, I guess their social media manager got excited.

[SPEAKER_03]: And it's like, oh, here's the thing that we're telling our customers about.

[SPEAKER_03]: We need to put together some quick snappy post, which is going to go viral.

[SPEAKER_03]: We'll add an image to it as well.

[SPEAKER_03]: We're chuck it out there.

[SPEAKER_01]: But the owners really lies with Instagram, right?

[SPEAKER_01]: Like, for them to come out, I think this is where most organizations really fall on their faces.

[SPEAKER_01]: communication is such a crucial part.

[SPEAKER_01]: People talk a lot about setting up the war room, setting up the bridge, all the technical stuff that needs to happen, all the analysis, the forensics, and all of that is true, like sure, all of that has to happen.

[SPEAKER_01]: But any time and incident like this happens, any time there is a breach.

[SPEAKER_01]: And I say that from experience, having been responsible for communication from organizations perspective to our customers when things go wrong, [SPEAKER_01]: Gosh, it is so important when you have such something like that, you gotta give them context.

[SPEAKER_01]: What actually happened?

[SPEAKER_01]: What actually happened?

[SPEAKER_01]: How do we get here?

[SPEAKER_01]: That's the first thing I'll tell them.

[SPEAKER_01]: How do we get here?

[SPEAKER_01]: What does it mean for you?

[SPEAKER_01]: I guess another thing by the way.

[SPEAKER_01]: because there's one thing of like what in means for general public information of whatever happened, whatever hackers are saying doing or whatever, right?

[SPEAKER_01]: But what does it precisely mean for you now?

[SPEAKER_01]: What are the steps that day as a customer need to take now in order to help?

[SPEAKER_01]: And then how are you helping them take those steps, right?

[SPEAKER_01]: So I think this clarity of communication is necessary for something so crucial as a 17 million data breach, I think it's so underplayed.

[SPEAKER_01]: It is so bizarre.

[SPEAKER_03]: And I think it's not just the message which you decide to put out there, because obviously you want to be quite clear as to.

[SPEAKER_03]: If you need to debunk a story about there being a data breach, you need to explain why that is- The whole idea is to help them, right?

[SPEAKER_01]: To help them secure it.

[SPEAKER_01]: This sounds like to me like a ostrich law.

[SPEAKER_01]: Like you are an ostrich and just because you don't want to face that, you just put your head in the sand.

[SPEAKER_01]: That's basically what they're saying the customers should do.

[SPEAKER_03]: and also let's go back to it.

[SPEAKER_03]: Why is Instagram choosing to issue it's nothing to see here statement on Twitter?

[SPEAKER_03]: That's like Burger King announced in a food safety update via press release stapled to a McDonald's drive-through menu.

[SPEAKER_03]: How weird is that?

[SPEAKER_01]: Is that really weird here?

[SPEAKER_03]: And here's what gets me, Instagram is saying, you can ignore password reset emails.

[SPEAKER_03]: That's the actual word in that they used in their eventual Twitter post.

[SPEAKER_03]: So the normal advice is that if you receive an unexpected password reset request, ignore it, it's probably someone either fishing you or you know, try in their luck to break in your account.

[SPEAKER_03]: If you ignore it, you should be all right.

[SPEAKER_03]: but Instagram users then now play in a game of password reset roulette.

[SPEAKER_03]: So they'll be asking themselves, is this email a legitimate reset that they requested?

[SPEAKER_03]: Is it a legitimate reset that Instagram system's accidentally sent because of an issue?

[SPEAKER_03]: Or is it an actual fish and attempt from cybercriminals who bought all your details off the dark web?

[SPEAKER_03]: Three possibilities, identical appearance to you in your inbox.

[SPEAKER_03]: No way to tell them apart, Instagram's official guidance is just will ignore them all.

[SPEAKER_03]: I don't know about you in all your years as a CSO and so forth.

[SPEAKER_03]: Moniker, I don't know if you have an inflatable cricket bat, but I think it's an essential part of the cyber security arsenal.

[SPEAKER_03]: You need an inflatable cricket bat which you can bob people over the back of the head with.

[SPEAKER_03]: So it would give malware bites, a bob on the back of the head for their social media post, because shame on them for dropping a cyber security bombshell with zero context.

[SPEAKER_03]: for issuing a terst denial that technically aren'ts of nothing, and meanwhile we've got 17 million users data allegedly for sale read it threads full of confused people wondering if they've been hacked, if they are being hacked, and everyone's telling slightly different versions of this story.

[SPEAKER_03]: It's a mess.

[SPEAKER_03]: It's a mess.

[SPEAKER_03]: Okay, before we go any further, I need to share a quick word with you about one of our sponsors today, Vanta.

[SPEAKER_03]: You know how everyone's got an AI assistant these days.

[SPEAKER_03]: Well, imagine one that doesn't just write high coos about zero-dane vulnerabilities, but actually does your audit work for you.

[SPEAKER_03]: That is Vanta.

[SPEAKER_03]: It connects to all of your tools, gathers evidence, tracks, compliance, and quietly helps you prove that, yes, you do take [SPEAKER_03]: banter, automates, all of that.

[SPEAKER_03]: It pulls everything together, keeps an eye on your systems and basically make sure you're ready for an audit at any time, which means no last minute panic for screenshots and policies.

[SPEAKER_03]: It also plugs into the tools you're already using and flags up issues before they become a right-old mess.

[SPEAKER_03]: So if that sounds like something that might save you from a few sleepless nights, check out vantar.com slash smash in.

[SPEAKER_03]: And if you use that link, you'll get a thousand dollars off.

[SPEAKER_03]: So don't forget vantar.com slash smash in and thanks to vantar for sponsoring this week's episode.

[SPEAKER_03]: On with the show.

[SPEAKER_03]: Monica, what have you got for us this week?

[SPEAKER_01]: Well, crazyness just continues, I guess.

[SPEAKER_01]: So I have been talking a lot about, and I've been working a lot with DeepFakes.

[SPEAKER_01]: I remember doing a few months ago when the DeepFake of Catherine Connelly came out who ran for the presidential election for Ireland, and that happened just two days before the presidential election, right?

[SPEAKER_01]: I was talking about this study that showed while financial gain is the number of motivation for behind DeepFakes, the second, [SPEAKER_01]: But I think Deepfake goes even further.

[SPEAKER_01]: So over the last weeks, there have been actually investigations from the Australian authorities against Grog, because it seems that Grog has been really great.

[SPEAKER_01]: and sadly so, really great at creating new images and sexualized images of women, just because they were prompted by some users.

[SPEAKER_01]: So this is not contented by those women, but also of kids.

[SPEAKER_01]: Like, I was reading about this, and obviously this is not the only story that has happened since deep fake has come into existence.

[SPEAKER_01]: But the fact that you can just prompt a very powerful AI, so XAI, or Grok, on the platform of X, publicly, to just immediately get sexualized nude images of people, that is just insanity and what's interesting is, [SPEAKER_01]: When this happened, Grog itself, the AI, released a statement, this is not a human being, mind it, it is Grog, it apologizes for creating sexual and new images of the men and kids.

[SPEAKER_01]: Well, and I guess...

[SPEAKER_03]: to do that because if you contact Elon Musk's company, if you try and contact his PR department with a question as a journalist, what you get returned to you is a poop emoji.

[SPEAKER_03]: That's the way they handle the press.

[SPEAKER_03]: Of course, Grog has to be the thing which actually responds to the press.

[SPEAKER_01]: But that's the whole point, Grog came out of apologizing.

[SPEAKER_01]: The important thing that I want to highlight here for the audience and for the people listening to this is that Grog has no apologetic feelings, right?

[SPEAKER_01]: It's not sentient.

[SPEAKER_01]: So it's not really apologizing, right?

[SPEAKER_01]: That's something we have to understand.

[SPEAKER_01]: First, differentiate the intent versus actuality, right?

[SPEAKER_01]: The words versus actually the intention behind it.

[SPEAKER_01]: There is no intention of actually apologizing because it doesn't feel apologetic because the machine, oh, sorry about their fault.

[SPEAKER_03]: No, no, that's the right.

[SPEAKER_03]: Don't worry about that.

[SPEAKER_01]: And then add to that our journalist and our newspaper and media asked actually Elon about his response.

[SPEAKER_01]: And his response is, well, people are just making too much fuss.

[SPEAKER_01]: This is just an excuse for censorship.

[SPEAKER_01]: This is what he comes back with.

[SPEAKER_01]: So I guess, I don't know, a pulpy moji is better or he actually being completely not understanding of the fact that this is a lot of censorship, like how can in the world this would be about censorship, right?

[SPEAKER_03]: And I also read a report that Elon Musk had actually posted.

[SPEAKER_03]: an image of the British Prime Minister Kears Starma in a bikini using the tool.

[SPEAKER_03]: So it feels like Elon Musk is much more amused about it than maybe everybody else's.

[SPEAKER_03]: I mean, some awful things have happened as you say.

[SPEAKER_03]: They're having sexualized images which have been posted or both women and children.

[SPEAKER_01]: The problem really is, the mindset behind all of this, right?

[SPEAKER_01]: We have known this now over months and years that Elon wants anti-wocai that actually doesn't shy away from politically incorrect answers, including things like creating sexualized images of women or kids without their consent, and in the response, he did not just.

[SPEAKER_01]: say that this was just an excuse for censorship, he put the draw that creates images behind paywall, which doesn't solve the problem at all.

[SPEAKER_01]: Like, now you're basically providing it and that premium service basically is what he's doing.

[SPEAKER_03]: So what I think has happened is the time record is still possible to access this functionality without paying.

[SPEAKER_03]: You can't do it via Twitter or X as equals it, but you can go to the GROC website and use the app I believe to still do this even if you aren't paying customer but you're absolutely right.

[SPEAKER_03]: In some ways, this is now being used.

[SPEAKER_03]: really as an encouragement for people to pay for a premium service.

[SPEAKER_03]: Here's one of the features we can offer you is the ability to create illegal images or sexualised images of people without their consent.

[SPEAKER_03]: And so of course all this brew hard in the present quite rightly people have been [SPEAKER_03]: will have fed the demand for this kind of functionality because people who want that kind of thing will now know where to go and they know to pay Elon Musk to access it and I cannot understand how if anyone else were creating illegal content.

[SPEAKER_03]: The police would be going around and arresting them.

[SPEAKER_01]: Absolutely.

[SPEAKER_03]: And saying you can't do this.

[SPEAKER_01]: Absolutely.

[SPEAKER_03]: But when it's an AI owned by a billionaire who has the ear of the American president, it seems everyone is being much, much more cautious.

[SPEAKER_01]: You know that he just read meditation for the poll doesn't the floor.

[SPEAKER_01]: That's right.

[SPEAKER_01]: He just had it over them in moral level, which is very sad.

[SPEAKER_03]: So I hear the latest is the off-compt, which is the regulator here in the UK.

[SPEAKER_03]: They are investigating and they have the power to find Elon Musk's companies to this and potentially a significant amount of money.

[SPEAKER_03]: Some countries, including Malaysia and Indonesia, already blocking access.

[SPEAKER_03]: to the tour, which is great.

[SPEAKER_03]: And maybe we'll see more countries doing that temporarily at least in the future.

[SPEAKER_01]: Off come definitely needs to get into the integrated details of what happened, why is it happening?

[SPEAKER_01]: The find that is appropriate for what the impact has been.

[SPEAKER_01]: but I also feel we need to ask three questions, three questions that we should be asking and holding Elon Musk to them.

[SPEAKER_01]: One is guardrails.

[SPEAKER_01]: This has been constantly a problem with AI problems and AI in general, but especially with Grog.

[SPEAKER_01]: This was an example that I remember talking about [SPEAKER_01]: where he had actually intentionally changed drugs' newest version that allowed it to provide politically incorrect answers.

[SPEAKER_01]: And because of that, drugs started praising Hitler, and called a self-meca Hitler.

[SPEAKER_01]: Yeah.

[SPEAKER_01]: And I think these are not one of incidents, right?

[SPEAKER_01]: My question is, why have we not learned who is ultimately responsible for doing that?

[SPEAKER_01]: The first question is the guardrails that we need.

[SPEAKER_01]: We absolutely need those guardrails.

[SPEAKER_01]: Why biggest problem is when people talk about guardrails, they take ability regulations and I'm like, no, I'm not talking about regulations to stop innovation.

[SPEAKER_01]: What I'm talking about is actual guardrails, to innovate safely in a way that it doesn't harm humanity.

[SPEAKER_01]: We absolutely need guardrails.

[SPEAKER_01]: Second question, we need to be asking them is accountability, because the buck doesn't stop with the robot.

[SPEAKER_01]: I don't care if drug actually apologizes because if the buck stops there, they'll actually nobody's held accountable.

[SPEAKER_01]: Thor is consent.

[SPEAKER_01]: Consent has been such a big question in our community in our society in general, now especially with digital tools like these, how are we making sure of that consent?

[SPEAKER_01]: And all of these questions have to be asked to these big corporations that are now holding the entire power to what AI is doing, how it is being built, what God is on in place.

[SPEAKER_03]: But you know what, Monica, they don't care.

[SPEAKER_01]: I know, and that's the problem, but we have to.

[SPEAKER_03]: There's only one thing that they care about.

[SPEAKER_03]: Profit, which is profit, and therefore we should be putting pressure on the companies which advertise on the services and saying, do you really want your ads appear in a long side sexualized image of women or young children?

[SPEAKER_03]: Do you really want that people who have not consented for this or it's illegal?

[SPEAKER_03]: Do you really want to be there?

[SPEAKER_03]: And we should also be asking of our government what on earth you do in?

[SPEAKER_01]: Exactly.

[SPEAKER_03]: Maintaining their presence on these services when there are other options which are police much better than that.

[SPEAKER_03]: Complete sh**t show which is Twitter.

[SPEAKER_03]: In the hundred percent.

[SPEAKER_03]: And welcome back, and you join our favorite part of the show, the part of the show that we like to call.

[SPEAKER_03]: Pick of the week.

[SPEAKER_01]: Pick of the week.

[SPEAKER_03]: Pick of the week is the part of the show everyone chooses something they like could be a funny story a book that they've read a TV show, a movie or record a podcast or website or an app.

[SPEAKER_03]: Whatever they wish, it doesn't have to be security-related necessarily.

[SPEAKER_03]: Well I pick the week this week is not security-related.

[SPEAKER_03]: My pick of the week.

[SPEAKER_03]: is a, well I suppose it's a podcast, it's a radio show, it recently celebrated its 25th birthday, I couldn't believe that it has been going for so long, it's been produced by the BBC since the year 2000 and it is called Soul Music.

[SPEAKER_03]: And I rather love this show.

[SPEAKER_03]: So each episode which is round about half an hour long, they will choose a particular piece of music and they will tell the story of that piece of music with the voices of individuals, members of the public, sometimes musicians, as well, talking about their emotional connections, that piece of music.

[SPEAKER_03]: So there's no presenter on the show, it is just a sort of sound collage, [SPEAKER_03]: of different people with their stories coming through and many of these stories have a real powerful emotional impact.

[SPEAKER_03]: For instance, you'll be hearing stories of people whose lives have been changed or that meaning that exists in their heart when they listen to Joan Bias singing diamonds and rust or killing me softly or Leonard Cohen's Marianne.

[SPEAKER_03]: And I'm a bit of an old [SPEAKER_03]: I love music and I love hearing about people's really heart-touching connection with different piece of music, even if the piece of music doesn't mean very much to me.

[SPEAKER_03]: Their most recent episode was about the Cold Play song, Yellow, for instance, and it's...

Oh, that's a beautiful song.

[SPEAKER_03]: Right, okay, so it's not my favourite song in the world, but I can appreciate the song, but hearing people's story and their connection with it was absolutely astonishing.

[SPEAKER_03]: And one of the stories which I heard in that recent episode was about a guy who was close to death.

[SPEAKER_03]: And so he was having CPR and he ended up in a coma, and it was only because his partner played him cold play, that he eventually began to show signs of recovery.

[SPEAKER_01]: Oh, that's crazy.

[SPEAKER_01]: That's beautiful.

[SPEAKER_03]: Yeah, to learn how to walk again and obviously serious medical problems, but you ended up going to a cold play concert holding up a banner saying your music got me out of a coma and Chris Martin got him up on stage.

[SPEAKER_03]: And you hear all of this happen during the course of the documentary.

[SPEAKER_03]: So it's really touching stuff.

[SPEAKER_03]: Uh, they talk about Leonard Cohen's Marianne, you get to hear some of the people behind these songs and it's just like, this is wonderful.

[SPEAKER_01]: Yeah, killing me softly always gets it.

[SPEAKER_01]: No matter what, it always does.

[SPEAKER_01]: It's amazing.

[SPEAKER_03]: Love that song.

[SPEAKER_01]: Yeah, well, that's beautiful.

[SPEAKER_03]: Not the food cheese version.

[SPEAKER_03]: No, no, no.

[SPEAKER_03]: It's gotta be, no.

[SPEAKER_03]: Not for me anyway.

[SPEAKER_03]: So my recommendation, my pick of the week is soul music.

[SPEAKER_03]: You can find it on BBC Sound or wherever you find your podcasts.

[SPEAKER_03]: So Monica, what's your pick as a week?

[SPEAKER_01]: You know, what's interesting is that I'm also a very softy despite a lot of ambitions and dreams and all the things that I get to do when I get the opportunity to do, my pick of the week is family and I'll tell you why.

[SPEAKER_01]: Over the last months, literally, I've been back to back traveling, helping organizations all over the world.

[SPEAKER_01]: I think I traveled four continents, actually five, over the last four months from September, October, November, December, doing maybe at almost seven, ten gigs, all on different topics of AI, cyber, whatever, you name it.

[SPEAKER_01]: And if we privilege an honor that I get to do that, [SPEAKER_01]: And every now and then, I'm not a person who has to wait for a holiday to happen, but every now and then I'd love to just take a break from a lot of these things, and then just spend a college time with family.

[SPEAKER_01]: That, to me, is literally the pick of the video because I've been literally reminiscing that quite a lot.

[SPEAKER_01]: um, before I even like the newer started, I've been working on revamping my whole newsletter, it's, it was softly, quietly, relaunched the updated free-branded version, which I would call as the productivity factor.

[SPEAKER_01]: And I'm going to be announcing it to the world very soon, but I feel are listening to this, go check it out, the productivity factor.

[SPEAKER_01]: It's about building resilience and becoming resilient in the unpredictable world of AI.

[SPEAKER_01]: but I love to take these times when I'm just offline where I am off the grid and I'm just spending college time with family and it's just so soothing for the soul because ultimately at the end of the day, even in the world of AI that we're living in, I truly truly believe human connection and human relationships.

[SPEAKER_03]: Yep.

[SPEAKER_01]: or it, they are it.

[SPEAKER_01]: Nothing, no AI companion will ever come close to that.

[SPEAKER_01]: Go really spend time with the people that you love.

[SPEAKER_01]: They may be too, they may be five, they don't have to be hundred, but it will literally continue upgrading your life forever.

[SPEAKER_03]: I love what you say them, Monica, and I think it's very important what you said there which is that go and spend it with the people who you like and love.

[SPEAKER_03]: Because sometimes with some people of course they don't have great relationships with their family or they may not have family members, but you can create your own family.

[SPEAKER_01]: Absolutely.

[SPEAKER_01]: You decide who your family is.

[SPEAKER_01]: Yeah, and it could also be the people that you are not having a relationship with, but you want to give it a try, you want to mend things.

[SPEAKER_01]: Because it's worth it, you get to decide ultimately you get to choose to do that.

[SPEAKER_03]: Well, who would have guessed we would have ended the podcast this week in such a soppy, sentimental but very important fashion.

[SPEAKER_03]: Thank you so much Monica for joining us this week.

[SPEAKER_01]: It was a pleasure.

[SPEAKER_03]: I'm sure lots of our listeners would love to find out what you're up to and follow you online.

[SPEAKER_03]: What's the best way for them to do that?

[SPEAKER_01]: Well, literally as I said, the best way is right now is to subscribe to my newsletter the productivity factor.

[SPEAKER_01]: I've remaped it.

[SPEAKER_01]: I've soft launched it.

[SPEAKER_01]: I'm going to be bringing so many amazing things there for everyone.

[SPEAKER_01]: How to become resilient in this unpredictable world of AI.

[SPEAKER_01]: Otherwise, reaching me at MonicaTalkSciber.com.

[SPEAKER_01]: That's one place where I put everything together.

[SPEAKER_01]: So yeah, check it out.

[SPEAKER_03]: and smashing security us on social media as well, you can find me, ground clearly on LinkedIn or follow smashing security on blue sky and don't forget to ensure you never miss an other episode follow smashing security in your favourite podcast app such as Apple Podcasts, Spotify and Pocketcasts for episode show notes, sponsored by guest lists and the entire back catalogue of roundabout 450 episodes check out smashingsecurity.com.

[SPEAKER_03]: Until next time, Cheerio, bye bye!

[SPEAKER_01]: Thank you!

[SPEAKER_03]: You've been listening to Smashin' Security of Me, Graham clearly, and thanks so much to Monica Vermeffa joining us this week, and to this episode's Sponsors, Meeter, and Vanta, and to the Chums who signed up for Smashin' Security Plus over on Patreon, they include Sri Kumar, Karen Reynolds, Darrell Green.

[SPEAKER_03]: Sounds like he should be narrating golf highlights, Vladimir Girisek, who must be absolutely ace a game of scrabble Bashora, who's definitely not here to cause trouble on his shun, puttick, panda bear, still refusing to confirm their species, Matt H, with his economy class spelling, Jeff A, because one letter is all you really need, Alan Lysker, Bobby Hendrix, who absolutely has opinions about guitar solos, and Billy, just Billy.

[SPEAKER_03]: Would you like to hear your name read out from time to time at the end of the show?

[SPEAKER_03]: Well, all you have to do is sign up for smashing security plus.

[SPEAKER_03]: For as little as $5 a month you can become part of our merry little band and get early access to episodes without the annoying ads, just head over to smashingscurity.com slash plus for all of the details.

[SPEAKER_03]: Now, I know not everyone can afford that, and that's absolutely fine.

[SPEAKER_03]: There's no pressure to become a patron.

[SPEAKER_03]: You can do other things if you want to help support the show, which don't cost you anything.

[SPEAKER_03]: For instance, you can leave us a lovely review, or you can tell your friends and powers about the show, simply sprinting the word, really does help.

[SPEAKER_03]: And I really appreciate it.

[SPEAKER_03]: So thank you once again for tuning in, and I hope you'll be tuning in again next week for the next episode of Smash In Security.

[SPEAKER_03]: Until then,