·E443
Tinder’s camera roll and the Buffett deepfake
Episode Transcript
[SPEAKER_03]: If any of you might be thinking, I've never taken a take a pick.
[SPEAKER_03]: That's fine.
[SPEAKER_03]: I believe you're on.
[SPEAKER_03]: But has anyone ever sent you one?
[SPEAKER_02]: smashing security, episode 443, Tinder's camera roll, and the buffered deep fake, with grand, clueless and special guest Ron Eddings.
[SPEAKER_03]: Hello, hello, welcome to smash and security episode 443, my name's Grant Cluelly, and I'm Ron Eddings.
[SPEAKER_03]: Hey, Ron, welcome back to the show, it's been an awfully long time.
[SPEAKER_03]: Yeah, I was just starting to think you were ignoring me.
[SPEAKER_03]: Oh, come, come.
[SPEAKER_03]: Now, of course, anyone who doesn't know you run and shame on them, you are one of the, for the kings of the Haka Valley Empire, aren't you?
[SPEAKER_03]: Yes, Haka Valley Media, that's our company.
[SPEAKER_03]: That's brilliant.
[SPEAKER_03]: Now, why don't you tell everyone who hasn't heard of it?
[SPEAKER_03]: Exactly what Haka Valley Media is all about.
[SPEAKER_01]: Yeah, Hacker Valley media started as a cybersecurity podcast and has grown into being a creative media agency that's focused on up leveling the cybersecurity industry.
[SPEAKER_01]: There's a lot of content out there.
[SPEAKER_01]: We mean you can really content.
[SPEAKER_01]: I feel like you do a great job of making it entertaining.
[SPEAKER_01]: Cooking is one of the most entertaining things to watch on TV yet it's the most boring thing to do at home.
[SPEAKER_01]: I want to make cybersecurity in front of people just like those cooking shows.
[SPEAKER_03]: All right, so we don't touch it souffle.
[SPEAKER_03]: You have to get a little bit soggy on the bottom.
[SPEAKER_03]: That's the challenges people have with their side of security.
[SPEAKER_01]: Exactly.
[SPEAKER_01]: But you know what, it's not only that it gets soggy, it's sometimes that it gets completely ruined.
[SPEAKER_01]: And I think we forget about the perspective of the other person who not isn't tri-ozzing those cybersecurity incidents, but the person that's suffering from the outcome, like not being able to use her credit card or even worse, not being able to use their smart of it.
[SPEAKER_01]: I'm not sure anybody would have that.
[SPEAKER_01]: No, that could affect people.
[SPEAKER_03]: Well, before we kick off, let's thank this week's wonderful sponsors, Vanta, Action 1 and 1, Password.
[SPEAKER_03]: We'll be hearing more about them later on in the podcast.
[SPEAKER_03]: This week on smashing security, we won't be talking about how Android Spyware called Land 4 has been targeting Samsung Galaxy phones through maliciously crafted images.
[SPEAKER_03]: You'll hear no discussion of how UK cyber insurers paid out over twice as much for UK ransomware tax last year.
[SPEAKER_03]: And we won't even mention.
[SPEAKER_03]: How a Fishing scam that claims to have found your lost or stolen iPhone is actually trying to steal your Apple ID credentials.
[SPEAKER_01]: So, Ron, what are you going to be talking about this week?
[SPEAKER_01]: I'm going to be talking about how someone is ultimately going to replace me and Grim with a I-generated avatars and why no one will even know.
[SPEAKER_03]: And I'll be talking about how Tinder wants to get to know you better.
[SPEAKER_03]: All this and much more coming up on this episode of Smashin Security.
[SPEAKER_03]: Right then, we've got time for a quick word now, about one of our sponsors today, Action 1.
[SPEAKER_03]: Now, most security breaches still happen because of unpatched vulnerabilities, and the worst part, many already have fixes available for them, but patching can be a real pain, right?
[SPEAKER_03]: If staying up at night, worrying about the next cyber attack headline sounds for media, it's time to try Action 1, the patch management platform that just works.
[SPEAKER_03]: You can start updating Windows Mac and third party apps in under five minutes, and Linux support is coming very soon.
[SPEAKER_03]: The best part, well, your first 200 end points are free, forever with no functional limits.
[SPEAKER_03]: This isn't a disguised free trial, there's no credit card required, no hidden limits, no tricks, all you have to do is visit smashingsecurity.com slash action one and get started [SPEAKER_03]: So if you're looking to automate patching and save weeks or even months doing it, go to smashinssecurity.com slash action one and sign up for patching that just works.
[SPEAKER_03]: And thanks to action one for supporting the show.
[SPEAKER_03]: Now, shums, shums.
[SPEAKER_03]: It's time we talked about Tinder.
[SPEAKER_01]: Ron, have you ever used Tinder?
[SPEAKER_01]: I would lie, but I'm not going to.
[SPEAKER_01]: I have when I was single, like back in like 2016.
[SPEAKER_01]: I loved Tinder.
[SPEAKER_01]: Yeah.
[SPEAKER_01]: Yeah.
[SPEAKER_01]: It was a successful day.
[SPEAKER_01]: Is that how you eventually found your partner?
[SPEAKER_01]: It's not.
[SPEAKER_01]: So I actually found my partner when my best friends are crap talking to me.
[SPEAKER_01]: I said, hey, what are you doing on Tinder?
[SPEAKER_01]: You need to go to the places where you like to spend time.
[SPEAKER_01]: And in my wife, we met the coffee shop.
[SPEAKER_01]: That's why I love to spend my weekends.
[SPEAKER_03]: Ah, that's the romantic old fashioned way of doing it.
[SPEAKER_03]: Well, the good for you.
[SPEAKER_03]: Your handsome fella, you got magnetism oozing out of you.
[SPEAKER_03]: I can imagine you would have drawn her into your orbit.
[SPEAKER_03]: Like, I'm fine.
[SPEAKER_03]: But the thing is, it may surprise you to hear.
[SPEAKER_03]: Tinder isn't doing so well these days.
[SPEAKER_03]: It's not the 2010s any longer.
[SPEAKER_00]: Mm-hmm.
[SPEAKER_03]: The app.
[SPEAKER_03]: has been hemorrhaging subscribers for nine quarters straight.
[SPEAKER_03]: In fact, in 2024, millennials spent an average of 56 minutes a day on dating apps.
[SPEAKER_03]: That's down from 90 minutes in 2018.
[SPEAKER_03]: So people are not using dating apps quite so much and Tinder is suffering.
[SPEAKER_03]: Now I don't [SPEAKER_03]: Maybe no one's looking for dates anymore.
[SPEAKER_03]: Maybe everyone has seen that Ron, you've been scooped up, you know, you're no longer available.
[SPEAKER_03]: No, just think, well, what's that point?
[SPEAKER_03]: I'm never going to find anyone like him.
[SPEAKER_03]: Maybe everyone's sent to AI, girlfriends and rumbers for their entertainment.
[SPEAKER_03]: Maybe we're all happily bingeing on Netflix series and don't have time for love.
[SPEAKER_03]: I don't know what it is, but for some reason, [SPEAKER_01]: Tinder isn't doing so great.
[SPEAKER_01]: It makes sense.
[SPEAKER_01]: I stopped using it right before you know.
[SPEAKER_01]: You said 2018, I stopped using it in 2016, so rightfully so they started to struggle.
[SPEAKER_03]: I expect people to actually get Tinder fatigue.
[SPEAKER_03]: I expect their little finger swiping away.
[SPEAKER_03]: Probably get a RSI after about the 478th person.
[SPEAKER_03]: If swiped either left or I don't know which way is which, the thing is Tinder isn't very happy.
[SPEAKER_03]: It isn't very happy about its declining popularity.
[SPEAKER_03]: And so, it has had an absolutely brilliant idea.
[SPEAKER_03]: And their idea is to have a good old rummage through your camera roll.
[SPEAKER_03]: Because apparently nothing says finding true love quite like an algorithm judging you based on a blurry photo you took a [SPEAKER_03]: So some absolute genius at Tindra HQ stood up in the boardroom and he said, I got it, I got it, I got it, I got it, I know what's going to fix our dieting app.
[SPEAKER_03]: Let's be more invasive than we've been before.
[SPEAKER_03]: So he said something like these, I said, I've had a dream and I'm going to call it chemistry.
[SPEAKER_03]: Which of course is the missing ingredient from most Tindra conversations?
[SPEAKER_03]: Probably has much chemistry as a Yorkshire pudding.
[SPEAKER_03]: It's now good, we've gone back to cooking again.
[SPEAKER_03]: Now, if all we go any further, let me tell you what Tinder and Meta because yes, Facebook's parent company seems to think this is a good idea as well.
[SPEAKER_03]: Let's hear what they're saying about privacy.
[SPEAKER_03]: They're saying, oh, don't worry.
[SPEAKER_03]: We're taking steps to preserve your privacy.
[SPEAKER_03]: It's all done with permission.
[SPEAKER_03]: The AI processing happens on your device with very, very serious about security.
[SPEAKER_03]: Because, of course, none of us have ever been burnt before by these big tech companies.
[SPEAKER_03]: Right.
[SPEAKER_03]: It's like, come on, guys.
[SPEAKER_03]: Now, I think...
[SPEAKER_03]: It's not hard to understand why I'm feeling a bit skeptical about this because based on past data breaches and privacy incursions, but sure, you know, let's trust them with our entire photo libraries now.
[SPEAKER_03]: What could possibly go wrong?
[SPEAKER_03]: So they're going to be plowing through your camera roll with your permission because they say that will make it easier to find your match to learn more about you.
[SPEAKER_03]: But here's what I'm worried about, because what's actually in people's camera rolls on their phone.
[SPEAKER_03]: Now, I don't know about you, Ron, but I suspect if I were to go through my photo roll.
[SPEAKER_03]: One of the things which I'd find an awful lot of, are photos of the backs of Wi-Fi routers.
[SPEAKER_03]: Because who can remember X-Tainign Hashem, capital B-2$, IWQ exclamation about, right?
[SPEAKER_03]: And it'll be of your parents' router from when you visited them over the holidays.
[SPEAKER_03]: or it's your mates' route over when you did some house sitting, or it's the official Wi-Fi code that Janet from IT specifically said not to share, but you've photographed it anyway.
[SPEAKER_03]: It's all that kind of sensitive impression, or it's screenshots of your group chat where everyone was slacking off the bus.
[SPEAKER_03]: Also, of course, it may not be just your photos.
[SPEAKER_03]: that they'd be having a nose out.
[SPEAKER_03]: What about all the photos of other people you're making dades?
[SPEAKER_03]: Staggedy when he was wearing nothing but a traffic cone on his head.
[SPEAKER_03]: It's everyone you've ever photographed consensually or otherwise.
[SPEAKER_03]: So it's your friends who never agreed to be on Tinder.
[SPEAKER_03]: It's your partners and your ex-partner, it's your kids.
[SPEAKER_03]: And it also includes other photos, Ron.
[SPEAKER_01]: If you're on Tinder, we could be honest.
[SPEAKER_01]: It's a picture of your naked butt.
[SPEAKER_03]: Yes, that I believe is what the youngsters do these days.
[SPEAKER_03]: This is an unsolicited anatomical portrait.
[SPEAKER_03]: And you may be thinking, I've never taken a dick pick.
[SPEAKER_03]: That's fine.
[SPEAKER_03]: I believe you run.
[SPEAKER_03]: But has anyone ever sent you one?
[SPEAKER_03]: I've had dick picks sent to me.
[SPEAKER_03]: I was doing it.
[SPEAKER_03]: Look, it's just you and me here run.
[SPEAKER_03]: I'll tell you this story.
[SPEAKER_03]: I was doing it.
[SPEAKER_03]: I was doing a talk at the Excel Centering London back in orbit 2015 or something.
[SPEAKER_03]: And I still don't talk in front of thousands and thousands of people a huge place.
[SPEAKER_03]: It was terrifying.
[SPEAKER_03]: I tell you so many people were there.
[SPEAKER_03]: I was doing this talk and you came off and you think, oh, I just checked my socials.
[SPEAKER_03]: See if anyone in the audience had any comments or anything.
[SPEAKER_03]: You know, it's just a little ego boost to make me feel a little bit better.
[SPEAKER_03]: And other than people telling me that, you know, my shoelaces were undone and things like that.
[SPEAKER_03]: There was one guy who sent me a picture of part of his anatomy.
[SPEAKER_03]: Oh, yes!
[SPEAKER_03]: Now, even if I was of that persuasion, I wouldn't be, I wouldn't be interested in that.
[SPEAKER_03]: That's what somebody sent me.
[SPEAKER_03]: So it does happen.
[SPEAKER_03]: And so you might have unwittingly on your phone, photographs, which you don't want live in forever.
[SPEAKER_03]: You don't necessarily want Tinder, examine and think all clearly has an interest in this note.
[SPEAKER_03]: No, not necessarily at all.
[SPEAKER_03]: And all of that is going to be looked at by the likes of Tinder.
[SPEAKER_03]: Oh, but they're crying.
[SPEAKER_03]: Oh, but it's going to be processed securely.
[SPEAKER_03]: The AI is only going to learn about your interests.
[SPEAKER_03]: Because this is cobblers.
[SPEAKER_03]: Because the AI is going to learn everything.
[SPEAKER_03]: The photo of your critic card you took because you were too lazy to get your wallet.
[SPEAKER_03]: your passport, your license.
[SPEAKER_03]: Yes, the screenshot of your bank balance after payday versus the week before it's absolutely bar meat.
[SPEAKER_03]: Now, they are testing this out right now.
[SPEAKER_03]: This privacy nightmare in Australia and New Zealand that those are the guinea pigs for what Tinder's parent company is calling a major pillar of their 2026 strategy.
[SPEAKER_03]: Is it any wonder that young people are turning their backs on dating apps?
[SPEAKER_03]: As though it's not a toxic help it's already, with all of the abuse which is going on there all the bots which you'll speak into all the fake people or the deep fakes or the models or scammers trying to romance scam you know it's no wonder people are choosing some real world experiences instead or just to be lonely.
[SPEAKER_03]: Let's be honest, that's why I've entered the cybersecurity industry.
[SPEAKER_03]: We weren't expecting to ever have relationships with people.
[SPEAKER_03]: It was nature's way of saying, you know, survival of the thing is, you know, Tinder, their response to all of this problem of people getting fed up, is just let's add more creepy surveillance that will bring them back.
[SPEAKER_03]: And according to the company's earnings call, they're expecting [SPEAKER_03]: a $14 million hit, just from testing this nonsense, $14 million to find people don't want corporate algorithms rifling through their private photos like Creepy Young Calendry.
[SPEAKER_03]: And like I said earlier, it's not just Tinder, Meta!
[SPEAKER_03]: is jumping on this bandwagon as well, so they're asking now, apparently, to use AI on photos you haven't even shared yet.
[SPEAKER_03]: They're jumping in, so no, would you like us to edit?
[SPEAKER_03]: I don't use Facebook and things like that, apparently they're beginning to do that.
[SPEAKER_03]: They haven't been shared these photos for a bloody good reason, Zuckerberg.
[SPEAKER_03]: Because they're terrible photos, or they're buried away somewhere on my camera roll, along with recipes, you know, you're never going to cook or accident or photos of the inside of my pocket.
[SPEAKER_03]: It's horrendous.
[SPEAKER_03]: Meta, through Facebook, they're launching this feature, the asks to use AI on photos on your phone, that you haven't yet shared in order to suggest AI at it, so they're going to be looking at them.
[SPEAKER_03]: And even if that does remain on the device, [SPEAKER_03]: don't really like the idea of that.
[SPEAKER_03]: I know people have got a choice as to whether they use Facebook, or whether they use Tinder and whether they give permission to do this, but it just feels risky, doesn't it?
[SPEAKER_01]: It does, but I, to prepare for this episode, I called my brother-in-law who happens to be single and on Tinder and I ask them to let's, what's broken about Tinder?
[SPEAKER_01]: Why don't you use it every day?
[SPEAKER_01]: Why aren't you married?
[SPEAKER_01]: Like, he's around my hideie's five nine.
[SPEAKER_01]: He said, run, listen, right?
[SPEAKER_01]: If you don't list on your profile, that you're six-foot, that you're extremely good looking and they're shows to your pictures, then you're going to get matches, months down the road.
[SPEAKER_01]: So he's like, I've been swiping, get match with girls months later, because they were so overwhelmed with all of the guys, what their, you know, fingers just not stop swiping.
[SPEAKER_01]: So he's actually got a swiping fatigue because he's not getting enough love, [SPEAKER_01]: That's a bit sad, isn't it?
[SPEAKER_01]: I'm sure if Tender called him and said, hey, can we get access to your photos?
[SPEAKER_01]: So we can give you more dates.
[SPEAKER_01]: I think he'd say yes.
[SPEAKER_01]: And that's the shocking part about all this.
[SPEAKER_03]: Yeah, yeah, he probably would, right?
[SPEAKER_03]: But I thought 90's and bad.
[SPEAKER_03]: Uh, apologies, 20.
[SPEAKER_03]: Listen us over six foot nine, too.
[SPEAKER_03]: Be done necessarily want to be six foot nine, do you?
[SPEAKER_01]: On Tinder, you do because that's what stands out.
[SPEAKER_01]: Five, nine's average.
[SPEAKER_01]: You didn't go on Tinder to meet the average.
[SPEAKER_01]: You went on Tinder and put your picture on blast to meet someone sexy.
[SPEAKER_01]: boy, I boy.
[SPEAKER_01]: So he would be prepared to take the risk.
[SPEAKER_01]: He would 100 and he works in cyber security by the way.
[SPEAKER_01]: He would want to represent take the risk.
[SPEAKER_01]: Because you know why the risk of falling in love is actually more risky than just getting your photos leaked.
[SPEAKER_01]: I mean, you might lose a lot more than that.
[SPEAKER_01]: Yeah, so I think that the risk, you know, there's a nastiness about tender going through your photos, but if you're risking love, then you're putting it all on the line.
[SPEAKER_03]: Yeah.
[SPEAKER_03]: I'm wondering what they're going to do for this information if they find photos of past words and photos of them but are they going to match you up with someone who's equally careless when it comes to their root to security or has terrible taste in selfies?
[SPEAKER_01]: Hopefully they'll use blur of that stuff out.
[SPEAKER_01]: You know, of course they won't.
[SPEAKER_01]: of without at least taking it back for themselves, but you know, I think that would be a really cool use case by these companies is like, hey, we're going to use these pictures to help you find your partner, but we're going to make sure that the AI is sanitizing up for you because not even AI should see some of this stuff.
[SPEAKER_01]: That's an interesting idea.
[SPEAKER_03]: Yes, so what they could do is they could have a little option saying that while we're rummaging through all your private photos, would you like us to pixelate them?
[SPEAKER_03]: Would you like us to blur them and redact them?
[SPEAKER_03]: Because one day, if you do get into a relationship, there's going to be a point where your partner is going to grab your phone and go rifling through your old photos.
[SPEAKER_01]: Then maybe things you don't want it to see.
[SPEAKER_01]: Yes, what what Tinder and Meta should have done is gone through those old messages and delete them because that's the real damaging part about you know this whole thing is like what happens if your future partner sees all those messages that you use to send on Tinder well [SPEAKER_03]: Here's my idea.
[SPEAKER_03]: I think we need to stop desperately throwing AI at every problem.
[SPEAKER_03]: I think Tinder has just thought, what can we do with AI?
[SPEAKER_03]: What can we do with AI to make ourselves sound cool?
[SPEAKER_03]: I'll be getting more investment.
[SPEAKER_03]: Everyone treats it like some sort of technological fairy dust.
[SPEAKER_03]: So, stop asking to see all of our photos.
[SPEAKER_03]: Just get better at matching us with people, Lube.
[SPEAKER_03]: Like, Pina Collard isn't getting caught in the rain, that's dated me though, hasn't it?
[SPEAKER_03]: That's take me back to about 978.
[SPEAKER_03]: The world will be so much better if it was like that.
[SPEAKER_03]: Ah, wouldn't it just.
[SPEAKER_03]: Okay, before we go any further, I need to share a quick word with you about one of our sponsors today, Vanta.
[SPEAKER_03]: You know how everyone's gone AI assistant these days.
[SPEAKER_03]: Well, imagine one that doesn't just write kikus about zero-dane vulnerabilities, but actually does your audit work for you.
[SPEAKER_03]: That is Vanta.
[SPEAKER_03]: It connects to all of your tools, gathers evidence, tracks compliance, and quietly helps you prove that, yes, you do take [SPEAKER_03]: It pulls everything together, keeps an eye on your systems and basically make sure you're ready for an audit at any time, which means no last minute panic for screenshots and policies.
[SPEAKER_03]: It also plugs into the tools you're already using and flags up issues before they become a right-old mess.
[SPEAKER_03]: So, if that sounds like something that might save you from a few sleepless nights, check out vanta.com slash smashing.
[SPEAKER_03]: And if you use that link, you'll get a thousand dollars off.
[SPEAKER_03]: So don't forget, vanta.com slash smashing, and thanks to vanta for sponsoring this week's episode.
[SPEAKER_03]: On with the show.
[SPEAKER_01]: Run, what's your story for us this week?
[SPEAKER_01]: My story is Berkshire warns of AID things impersonating Warren Buffett.
[SPEAKER_01]: Ah, Warren Buffett, you still go in, isn't he?
[SPEAKER_01]: He's getting on a bit.
[SPEAKER_01]: 95, I think it is, and still got your name.
[SPEAKER_03]: 95.
[SPEAKER_01]: Wow, old head and you know what like this article came from Reuters.
[SPEAKER_01]: I thought it was amazing especially because I was coming on this show and to impersonate us online, people already have everything they need.
[SPEAKER_01]: They have our website, they got our pictures, they got videos, a lot of videos, and me some of you because I seen some of your keynotes and they have our voices.
[SPEAKER_01]: and that's exactly what happened to Warren Buffett.
[SPEAKER_01]: People online were creating these AI-generated images and voices of them to make it appear as though he was giving investment advice and he would be concerned typically like, oh my gosh, is he giving investment advice to the youth?
[SPEAKER_01]: No, even worse, they're giving fake investment advice to people over 50.
[SPEAKER_03]: Oh, no.
[SPEAKER_01]: People who've actually got money, rather than that.
[SPEAKER_01]: Yes.
[SPEAKER_01]: Goalable people.
[SPEAKER_01]: People that don't know how good the technology is yet as well.
[SPEAKER_01]: So, yeah, one of the videos that came out was Warren Buffett.
[SPEAKER_01]: The number one investment tip for everyone over 50.
[SPEAKER_01]: Huh.
[SPEAKER_01]: It's real clickbait, isn't it?
[SPEAKER_03]: So, I'd probably be tempted to watch that.
[SPEAKER_03]: If I was told, he was just going to give me one tip.
[SPEAKER_03]: Because frankly, at this age, I can't remember more than one tip.
[SPEAKER_03]: I'd like that.
[SPEAKER_03]: I would be tempted to watch it and so when you watch it, it's his voice, right?
[SPEAKER_01]: It's his voice.
[SPEAKER_01]: Now if you listen to a lot of Warren Buffet content, you would probably slightly tell the difference.
[SPEAKER_01]: Because it sounds like I've listened so many AI voices.
[SPEAKER_01]: This sounds a little AI-esque, right?
[SPEAKER_01]: But it's on Instagram, so like it's real and it's kind of like, you know, there's other elements that are distracting the mind.
[SPEAKER_01]: Yes.
[SPEAKER_01]: So if you don't know Warren Buffet, [SPEAKER_01]: Yeah.
[SPEAKER_03]: So, what is the scammer's idea here?
[SPEAKER_03]: Is it to put your money into some to crypto currency website?
[SPEAKER_03]: Are they taking you to a dodgy website?
[SPEAKER_03]: Or are they actually getting you to invest in some organisation which is going to be pumped and dumped later on?
[SPEAKER_01]: all the above.
[SPEAKER_01]: It's it's for getting people to take, you know, missteps in their financial journeys.
[SPEAKER_01]: It's it's being used to get people to think differently about political campaigns and representatives, a part of those political campaigns.
[SPEAKER_01]: And it's also been used to endorse Obama and Clinton in the past.
[SPEAKER_01]: Let these fake AI voices, but also, you know, so has Warren Buffett.
[SPEAKER_01]: So it's it's conflicting.
[SPEAKER_01]: It's like, all right, is this actually, [SPEAKER_01]: This person because the AI that was generated seems to have similar beliefs, right?
[SPEAKER_03]: So is there any way in which people can protect themselves against this?
[SPEAKER_03]: Is there some trick?
[SPEAKER_03]: Okay, so the fake Warren Buffett is offering his number one investment tip.
[SPEAKER_03]: What is the Ron Edin's number one tip for avoiding a deep fake scam?
[SPEAKER_01]: Is there anything that people can do?
[SPEAKER_01]: There's one thing, and it's going to sound completely absurd, but I actually just started going back to it recently because I am also wondering what am I actually looking at online.
[SPEAKER_01]: Okay.
[SPEAKER_01]: Well, I have two tips.
[SPEAKER_01]: The number one tip is by getting the information from the source.
[SPEAKER_01]: If you want Warren Buffett.
[SPEAKER_01]: tips and tricks, what makes you think that Warren Buffett isn't going to post that from either his firms, LinkedIn, or Instagram, or his own personal one, going to the source, and then number two is read some damn books up.
[SPEAKER_01]: We've given up on books.
[SPEAKER_03]: What is this book thing you're referring to, Ron?
[SPEAKER_01]: explain that.
[SPEAKER_01]: A lot of the techniques that we deploy today are quickly dated, but the fundamentals and the dreams and the goals and the outcomes are well documented in the books.
[SPEAKER_01]: Those things don't change.
[SPEAKER_01]: We all want to live a fool and healthy, happy, wealthy life.
[SPEAKER_01]: Those books that learn Buffet wrote and other great investors wrote are still relevant today, but the tactics and techniques we use are going to be a little different.
[SPEAKER_01]: Following strategies from books is way more sound than going and watching a one-minute Instagram reel.
[SPEAKER_03]: Yeah.
[SPEAKER_03]: Do you think the likes of Instagram should be too more to block this or is it just too hard for them?
[SPEAKER_01]: I don't think so.
[SPEAKER_01]: I think it's entertainment.
[SPEAKER_01]: Like even if it's not real, it's, you know, we love to watch fiction movies and just because the movie's fiction doesn't mean I don't want to see.
[SPEAKER_01]: I would love to see a re-enactment of Warren Buffett even if some of the parts were dramatized.
[SPEAKER_03]: Maybe have Warren Buffett in, uh, Indiana Jones and the Temple of Doom or something.
[SPEAKER_03]: You know, [SPEAKER_01]: The war for Wall Street even.
[SPEAKER_01]: I would love to see Warren Buffett and Wall for Wall Street.
[SPEAKER_03]: Yes, that would be good, but it is a serious problem.
[SPEAKER_03]: And the fact is that AI is getting so extraordinary.
[SPEAKER_03]: I mean, I've, you know, I've, I've messed around with deep-faking my own voice because obviously I've got.
[SPEAKER_03]: We've got access to it.
[SPEAKER_03]: And my wife can't tell the difference.
[SPEAKER_03]: And it is extraordinarily convincing.
[SPEAKER_03]: You know, frankly, if I'd lost my voice this week, maybe I could have got an AI to do it for me.
[SPEAKER_01]: There's been one podcast episode that we did for a client.
[SPEAKER_01]: And right, the client didn't have their camera and focus.
[SPEAKER_01]: So they asked me to do something absolutely absurd.
[SPEAKER_01]: And I was like, are you 100% sure?
[SPEAKER_01]: They wanted me to use a tool called Hagen, right, to completely redo that one camera that was blurry.
[SPEAKER_01]: And we did it, and it was really, really good.
[SPEAKER_01]: There was a little uncanny element like with how the person was moving and, you know, some parts with an audio and video were slightly off, but it didn't take away from the viewers experience, at least from my perspective.
[SPEAKER_01]: Wow, that's amazing, isn't it?
[SPEAKER_03]: Alright then, quick shout out to one of our sponsors this week, one password, and most specifically something that they've got called Treleka.
[SPEAKER_03]: Now be honest, do you actually know how many SATS apps your companies using right now?
[SPEAKER_03]: Probably dozens.
[SPEAKER_03]: Maybe hundreds?
[SPEAKER_03]: Half of them signed up for by some guy in marketing with the company credit card.
[SPEAKER_03]: That's what Trellaker's for, it binds all of those apps, even the sneaky ones nobody admits to using and gives you a proper overview of who's got access to what.
[SPEAKER_03]: So, no more abandoned accounts sitting around waiting to be hacked, no more paying for licenses that no one's touched for years, it also makes it dead simple to them.
[SPEAKER_03]: Bring new people on board, remove folks when they leave, keep track of who's got access to what, and stop your IT from turning into a tangled mess of old forgotten accounts.
[SPEAKER_03]: I've used one password for years, they've always been great at taking the hassle out of security, and now with Trellaka, they're going after the whole SaaS sprawl problem.
[SPEAKER_03]: If you want to tidy up your company's app chaos, take a look at 1Password.com slash smashing that to 1Password.com slash smashing, and thanks to 1Password for supporting the show.
[SPEAKER_03]: And welcome back, and you join us at our favorite part of the show, the puzzle show that we like to cool, pick of the week.
[SPEAKER_03]: Pick up the week!
[SPEAKER_03]: Look at the week is the part of the show where everyone chooses something like could be a funny story a book that they've read a TV show, a movie a record of podcast or website, or an app, whatever they wish.
[SPEAKER_03]: It doesn't have to be security-related necessarily.
[SPEAKER_03]: Well, my pick the week this week is musical related, not the kind of jazz hands kind of musical.
[SPEAKER_03]: It is an album which has come out and you know me.
[SPEAKER_03]: I like the old singer song writers.
[SPEAKER_03]: I like the journey Mitchell.
[SPEAKER_03]: I like the Bob Dylan's, I like the John Lennon's, I love all that old stuff.
[SPEAKER_03]: This is an album which has only recently come out in the last couple of weeks called West End Girl by Lily Allen.
[SPEAKER_03]: Are you familiar with Lily Allen?
[SPEAKER_03]: I am not familiar with Lily Allen.
[SPEAKER_03]: Okay.
[SPEAKER_03]: Well, she is an English singer slash actress.
[SPEAKER_03]: She was famous probably about all I don't know about 20 years ago or so I think.
[SPEAKER_03]: And she's come back.
[SPEAKER_03]: I've really enjoyed it.
[SPEAKER_03]: I think it's got some interesting music, but most interesting about it is the lyrical content and the story which it is telling because she has recently broken up with her chap who was one of the stars of Stranger Things actor David Harbour.
[SPEAKER_03]: Yeah, so she broke up with him.
[SPEAKER_03]: It's all been a bit messy, unfortunately.
[SPEAKER_03]: Well, it's because she didn't wait till the last season from here.
[SPEAKER_03]: Well, Mike, it feels like she waited until just before.
[SPEAKER_03]: You see, she came out, released the album and has caused all kinds of PR problems for David Harbour.
[SPEAKER_03]: Because everyone wants to talk about this instead.
[SPEAKER_03]: Anyway, they broke up.
[SPEAKER_03]: in a very, very messy way indeed, and she's made various allegations, regarding his fidelity and the way in which she handled the situation and all kinds of unpleasantness.
[SPEAKER_03]: She tells this story on the LP of what happened in their relationship, in not a sort of morose woe is me kind of way, but in a way which I think is really [SPEAKER_03]: how can I put it?
[SPEAKER_03]: It's really teasing control of the situation and being unashamedly honest and sometimes sort of brutally open about what happened and she's always been a singer who hasn't been afraid of sharing her emotions and being a bit raw.
[SPEAKER_03]: but she's doing this with velody which is really quite cool and so I've really enjoyed it.
[SPEAKER_03]: I think it's a fantastic album and I would recommend it to others as well if they want to hear something a little bit interesting.
[SPEAKER_03]: Go and check out West End Girl, the new LP by Lily Allen and that is my pick of the week.
[SPEAKER_03]: Hey, run, watch your pick of the week.
[SPEAKER_01]: My pick of the week is my second love.
[SPEAKER_01]: My first love is my wife.
[SPEAKER_01]: I already mentioned that my second love is clock code.
[SPEAKER_01]: Clock code has changed my life.
[SPEAKER_01]: Has it?
[SPEAKER_01]: Yeah, and I want to talk about clock code because it's been the first time where, you know, you hear all this about agents and agentic systems and agentic workflows, but it's been the first time where I said, [SPEAKER_01]: Okay, I could see calling this thing in agent because it listened to me, it took in my prompt it opened up a few files on my computer, did a few things and then gave me back a report on what it did and how everything went.
[SPEAKER_01]: Yeah, so I fell in love.
[SPEAKER_01]: Ah, interesting, so you are properly embraced AI into your workflow, exactly.
[SPEAKER_01]: And I know there are a lot of people that have.
[SPEAKER_01]: I'm sure you and the smashing security family is using AI to help out with various things.
[SPEAKER_01]: There's people that lie about their AI usage.
[SPEAKER_01]: Some people say they're not using AI.
[SPEAKER_01]: And if you're not using AI, I'm worried for you.
[SPEAKER_01]: I'm worried for you because it's like not having a mobile phone.
[SPEAKER_01]: And that's what it's going to be more and more like.
[SPEAKER_01]: You know, my dad was one of those people who refused to get a mobile phone, right?
[SPEAKER_01]: A smartphone, I should say.
[SPEAKER_01]: Yes.
[SPEAKER_01]: And when he got one, he was part of the club.
[SPEAKER_01]: He was going to be a part of the club anyways.
[SPEAKER_01]: He just drugged his feet and because of that, he struggled with knowing how to use the technology.
[SPEAKER_01]: Now, for everyone else that got their smartphones, they were able to, you know, reap the benefits of 2010 and beyond.
[SPEAKER_01]: It's the same with AI agents and AI in general.
[SPEAKER_01]: Some people say they're not using it and that's because they don't want to get in trouble with [SPEAKER_03]: because once that boss climbs out, oh, an AI agent helped you do this.
[SPEAKER_03]: Did it all interesting?
[SPEAKER_03]: I wonder if we could use the AI agent all of the time rather than you.
[SPEAKER_03]: Are you a bit scared, though, wrong about how AI agents could be taking away people's jobs?
[SPEAKER_01]: No, I'm more concerned about the people that aren't using AI to help augment part of their job because, you know, your boss might be a little sad to hear that, oh, you put in our customer data into ChatGPT.
[SPEAKER_01]: Yes, just a little bit scared about that.
[SPEAKER_01]: If you provide enough value to your boss through that workflow, he's going to say, okay, how about this?
[SPEAKER_01]: Instead of using Chad GBT, let's use Microsoft Azure to put that information in.
[SPEAKER_01]: They're going to put everything in front of you to make sure that you can use the AI for part of your job.
[SPEAKER_01]: You know, if I found out that one of my team members was taking handwritten meeting notes and then writing them up in Google Docs and then sending them with a long email saying what happened in the meeting, I would say you're wasting everybody's time including your own.
[SPEAKER_01]: I look at AI like that.
[SPEAKER_03]: But, Ron, AI can be prone to making a few mistakes, can't it?
[SPEAKER_03]: Just like all of us.
[SPEAKER_03]: What if...
Well, yeah, but there are mistakes, and there are mistakes, Ron, right?
[SPEAKER_03]: If you use copilot in Microsoft Excel, if you read the legalese, they say, look, we don't actually promise that this thing knows how to count.
[SPEAKER_03]: But we don't necessarily promise that if you add two to the number eight, you're going to end up with ten.
[SPEAKER_03]: You could easily end up with thirteen thousand.
[SPEAKER_03]: It's a worry.
[SPEAKER_01]: You know why that is okay.
[SPEAKER_01]: What?
[SPEAKER_01]: This okay because people don't give you that disclaimer.
[SPEAKER_01]: No one says, hey, Graham, Mr.
Boss, before you look at this Excel, just know that everything might not be correct.
[SPEAKER_01]: If we took that approach, everyone will look at us like we're crazy, but I think it's great that AI is able to let us know those things that we remember them because that's always been the case no matter who's generating that report or that Excel dot.
[SPEAKER_01]: It is always prone to errors because there's humans evolved.
[SPEAKER_01]: I know I'm sounding like the Devil's Advocate here, and I'm sort of poopo in it.
[SPEAKER_03]: The truth is I have used Claude to do some coding for me, and it is impressive.
[SPEAKER_03]: And sometimes when I have a program in problem, I am really impressed by what it comes out with.
[SPEAKER_03]: When I've got a tricky little problem on my website or something like that, I think I just need a bit of PHP script to do this.
[SPEAKER_03]: No, I could spend an entire day trying to debug it and find out where I left out a semicolon, but it will just go in there and write the code.
[SPEAKER_03]: And generally, it's pretty good.
[SPEAKER_03]: But I'm just worried about some of the skills which we might lose by not exercising our brains, but do I just sound like an old man?
[SPEAKER_03]: Oh, it's so difficult to decide, Ron!
[SPEAKER_01]: You know, I just gave a presentation on this exact topic.
[SPEAKER_01]: It was because many of the founders that I've been speaking to on my podcast have been saying, if I were to start all over again, I would create an EDR and end point detection response agent, yes, for AI agents.
[SPEAKER_01]: And I was like, that's brilliant because when you look at tools like claw code or even, uh, open AI's codex.
[SPEAKER_01]: When you look at these tools, they have almost the same level of access as a human user.
[SPEAKER_01]: They have access to our file system.
[SPEAKER_01]: They have access to our terminal.
[SPEAKER_01]: And now we're giving them access to our browsers.
[SPEAKER_01]: Only thing that they don't have access to at this point is our entire screen.
[SPEAKER_01]: And it's just a matter of time until we allow that.
[SPEAKER_01]: That's why I did this talk.
[SPEAKER_01]: And I think that if you hook into the AI agents and you tell them, [SPEAKER_01]: Don't open up that Tinder profile, that's going to be a good look for these AI agents because why do they need to open that app up to write me a better PHP script?
[SPEAKER_03]: So yeah, okay, so with proper guardrails and with things like an EDR, some sort of security system making sure that they stay within the right parameters, then maybe things are okay because right now AI can be fished, AI can be tricked into coughing up secrets.
[SPEAKER_03]: and sharing too much information or doing something potentially risky.
[SPEAKER_03]: And I do know, I'm just a bit more cautious than you're out there aren't you on the sunlit uplands.
[SPEAKER_03]: You're seeing this rosy future run.
[SPEAKER_03]: But is this just because I'm British?
[SPEAKER_03]: I'm just a bit more negative and more backwards about this.
[SPEAKER_01]: I'm living in the year 2060 right now.
[SPEAKER_01]: I am using AI for everything.
[SPEAKER_01]: I was tempted to buy that AI robot.
[SPEAKER_01]: I'm not sure if you saw that.
[SPEAKER_01]: I want to cost $20,000.
[SPEAKER_01]: Oh, I saw it.
[SPEAKER_01]: Oh, right.
[SPEAKER_03]: I saw it.
[SPEAKER_03]: Did you say trying to stuck a dishwasher?
[SPEAKER_03]: It might be complete.
[SPEAKER_03]: I have to have it.
[SPEAKER_03]: And then it was fooling around because there was a bit of sloppy egg on the floor and couldn't stand up and it was like it was like ice skating.
[SPEAKER_01]: I know that I'm opening Pandora's box by investing in AI this degree, but I'm not the one that built the technology.
[SPEAKER_01]: I'm just an innocent user.
[SPEAKER_01]: Yeah.
[SPEAKER_03]: Well, that's fine.
[SPEAKER_03]: That's fine then.
[SPEAKER_03]: Well, well done, Pandora.
[SPEAKER_03]: Nothing wrong happened when she opened a box.
[SPEAKER_03]: Did it?
[SPEAKER_03]: Nothing wrong.
[SPEAKER_03]: That's the case.
[SPEAKER_03]: Never.
[SPEAKER_03]: Anyway, thank you so much, Ron, for that pick of the week.
[SPEAKER_03]: And for everything else, which you've contributed to during the show today.
[SPEAKER_03]: We've just about wrapped up the show for this week.
[SPEAKER_03]: I'm sure lots of listeners would love to find out what you're up to and follow you online.
[SPEAKER_03]: What's the best way for them to do that?
[SPEAKER_01]: Yes, the best way is follow me at Ronald Eddings across all the platforms.
[SPEAKER_01]: Also follow Hacker Valley Media, building the world to us if you liked and subscribe to our LinkedIn, our YouTube or Instagram.
[SPEAKER_01]: We want to keep you up to date and Graham is going to be on our show.
[SPEAKER_01]: The team's going to be reaching out right after this Graham.
[SPEAKER_01]: So maybe you've also catch Graham there as well.
[SPEAKER_03]: Fantastic, and of course, smashing security is on social media too, you can find me ground clearly on LinkedIn or follow smashing security on blue sky.
[SPEAKER_03]: And don't forget to ensure you never miss an episode, follow smashing security in your favourite podcast app, such as Apple Podcasts, Spotify, and Pocketcasts.
[SPEAKER_03]: But episode show notes, once you've been without guest lists and the entire back catalogue of over 440 episodes, check out smashingsecurity.com.
[SPEAKER_03]: Until next time, Cheerio, bye-bye, bye-bye.
[SPEAKER_03]: You've been listened to Smashin' Security with me, Graham clearly.
[SPEAKER_03]: Big thanks to Ron Edins for joining us this week, and thank you as well to this episode Sponsors' Banta Action 101 Password, and of course to all the channels you've signed up for Smashin' Security Plus, over on Patreon.
[SPEAKER_03]: They include May a McDonald's, Scotia, Stein, David Smyve, Bobby Hendrix, Ryan Hool, Christo V, Matt Dawson Jones, MJ Lee, Kajitan, Kajimimash, [SPEAKER_03]: Florian Schwal, sorry, Cajotan, just a difficult name.
[SPEAKER_03]: Ted Wilkinson, Doctor Herblist, Jonathan Haddock, Daniel, and Bravo Whiskey.
[SPEAKER_03]: Now then, do you fancy having your name read out the end of the show from time to time if so consider joining them?
[SPEAKER_03]: Become a member of Smash In Security Plus for as little as $5 a month.
[SPEAKER_03]: You will become part of our merry little troupe and get early access to episodes without the annoying ads.
[SPEAKER_03]: Woohoo!
[SPEAKER_03]: Just head over to SmashInSkirtie.com slash plus for all the details and thanks to everyone who has done that it really is terrific and helps support the show.
[SPEAKER_03]: If you can't do that, don't worry.
[SPEAKER_03]: You can support the show in other ways as well, for instance, you can like, subscribe, leave a five star review wherever you listen.
[SPEAKER_03]: Some elect us a rather bad review the other day, so maybe you could.
[SPEAKER_03]: That's a good one.
[SPEAKER_03]: Please, it'd be so nice if you did.
[SPEAKER_03]: Tell your friends about the show, simply spread the word, the more people who get to hear about some action security, they're better for everybody, because, hey, maybe we're spreading the word of how to keep your computers.
[SPEAKER_03]: safer and your behaviours online more secure as well and that's going to be a good thing.
[SPEAKER_03]: Okidoki, well that just about rounds it up for this week and so are our say Cheerio and hope to speak to you again next week.
[SPEAKER_03]: Bye bye!