The Host Unknown Podcast - Episode 102 - End of an Era
Episode Date: May 7, 2022This Week in Infosec (09:52)With content liberated from the “today in infosec” Twitter account and further afield[None] Rant of the Week (10:59)https://twitter.com/johnjhacking/status/15208777110...94394884?s=21&t=nryrC32Sfqnyb1x0_0K2YAFull story:https://twitter.com/johnjhacking/status/1521629688120156160?s=21&t=nryrC32Sfqnyb1x0_0K2YA Billy Big balls of the Week (19:45)The Indian government has issued new directives requiring organizations to report cybersecurity incidents to CERT-IN within six hours, even if those incidents are port or vulnerability scans of computer systems.This requirement was promoted by India's Computer Emergency Response Team (CERT-In), who states it has identified specific gaps causing difficulties in security incident analysis and response, and to address them, it needs to impose more aggressive measures.https://www.bleepingcomputer.com/news/security/india-to-require-cybersecurity-incident-reporting-within-six-hours/ Industry News (27:49)HHS Information Security Program 'Not Effective'SIM Fraud Solution Sparks Privacy FearsGroundbreaking Cybersecurity Book PublishedGitHub to Enforce Two-Factor AuthenticationHunter Biden Laptop Repairman Sues Over Hacker AllegationsNHS Inboxes Hijacked to Send 1000+ Malicious EmailsMicrosoft, Apple and Google Team Up on Passwordless StandardUkrainians DDoS Russian Vodka Supply ChainsSpecial Police Constable Used Encrypted Chat to Post Child Abuse Content Tweet of the Week (39:24)https://twitter.com/joehelle/status/1521241363785953280?s=21&t=nryrC32Sfqnyb1x0_0K2YAhttps://twitter.com/soychotic/status/1520126831478951936?s=20&t=hpsXh46fM3YmrHtbI3mkuw Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
So what was Jav's excuse for not turning up today?
I mean, yesterday he said it was because he went shopping.
Today it's because he didn't read his messages properly yesterday,
is what he's saying.
Right, and then he was on a flight.
Yeah.
Flight B89832, London, Heathrow, Israel reporting.
Well, that's me.
Brilliant, Jav. Thanks, mate.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening
from wherever you are joining us.
A mere 24 hours later than we should have been joining you,
or you joining us.
Yeah, we kind of screwed up a little bit yesterday, didn't we, really?
I thought it was all planned.
I, you know, I was going to be out of office.
I said, look, guys, I can't do it.
And, you know, you and Jav were going to run the show.
In fairness, it wasn't you this time.
Absolutely.
Jav just failed to turn up.
He went shopping.
Literally sent us a message, sorry, went shopping.
What?
The commitment from that guy is honestly.
I know.
And then we agreed to do it this morning.
We were recording this on Saturday the 14th in the morning.
Cutting into our weekends. This is how much we value you dear listener but we agreed to do it this morning was it 10 to 10
to 11 i said everybody ready and jeff said oh sorry no i'm at the airport i'm flying in half an
hour like what dear me this is how much contempt he holds you all in. Really. You know, everybody loves Jav, but really, underneath.
This is the real Jav.
This is honestly what we put up with.
Yeah, you scratch that thin veneer and he's just,
you're all below him in his eyes.
If there's ever like a Depp versus Hurd equivalent court case
that Jav's involved in, you will see some seriously dirty laundry coming out.
Side with the other guy is what we're saying.
Andy, how are you? It's been a bit of an emotional week, hasn't it?
It has. It's been a bittersweet week for me. It's an end of an era. I left the company I've
been at for just over over 10 years wowzer yeah long long time
a lot of investment in that place yeah and uh i know it's a bit of a it was a tough decision to
move on it was yeah very tough decision uh more so you know it's a cliche but more so because of
the people yeah exactly although i think um when it came down to it, you were very happy to swap the people for the large pile of cash that was on the list.
Oh, you know what? Ultimately, you know, I'm looking down Maslow's hierarchy of needs and it's like, yeah, screw the people.
Yeah, more Haribo.
Yeah, exactly. These people aren't paying my bills.
That's right. That's right. Yeah. When they start sending me checks in the post, then we'll talk.
That's right. Yeah. When they start sending me checks in the post, then we'll talk.
But it was quite like, so obviously last day, yesterday, I was late into the office, like seriously late because, you know, when you gather all your equipment to take back.
And I thought, yeah, I just grabbed this. I grabbed that. I know where that is.
And, you know, you may have may recall, I've changed my office a few times in the last couple of years and uh plug a
few microphones in here and there yeah here and there like yeah let's not dwell on the past
but i had cable tied everything like including all my work equipment so i'd like duplicate copies
of docking stations and you know one in the office one at home yeah all the cables to be nicely
cabled together strapped to the back of the desk and not like simply either
it's like it was there for the long
term and so of course I went to grab
my stuff yesterday and I was like
hang on a second this desk needs
to come apart
yeah
I was thinking maybe I could just buy the
docking station stuff off the company but I've just
got no use for it
well no but somebody on eBay or CEX does.
The last two places I've worked at,
I've always negotiated keeping the kit.
It's so much easier.
I know, Jill, we had that discussion.
I think we have very different risk appetites
with the different companies,
considering I'm not even able to send external
emails while I'm working my notice period
without them being checked by someone else.
Oh no, in my notice period I just
get told to stop working. I mean,
it's so much easier.
You've done enough damage, Langford, you can just
stop now, go out into the
garden.
Oh dear, but no, did get uh some great gifts i haven't shown you guys yet either i've got um like my favorite i'll be honest giant jelly babies um how giant
are we talking like six foot or uh well 800 grams a single jelly baby is 800 grams. Nearly a kilo. That's like four-fifths of a kilo.
Yeah, I've got a gummy worm, which is just over two foot.
Well, they say it's a gummy worm.
Is it the same at both ends?
Well, it did.
I'll be honest.
It did look like a double-ended dildo when it was first sent.
Are there veins on it?
Because if there are, don't eat it.
It's going to be a bit chewy.
And it came with a really rude message as well about me going, yeah.
You didn't know that jellies were advertised by naked men and ladies.
Yeah.
And a giant cola bottle as well, which is probably going to be my favourite.
But as you know, I have no willpower once I start eating these things.
So basically, people, they really knew you they bought
they bought you about three or four kilos of raw processed sugar yeah and it's um
i'm gonna be buzzing when i eat them i tell you
but alas i won't dwell on the past. New adventures await next. Although I did realize yesterday whilst I was at lunch with the boss
and we're talking, I said,
I've just realized that as my last day is officially today,
I do not have death in service benefit.
So for the next 48 hours, if I die,
my missus will be shy a you know a significant amount of money
that i was so now you can confidently walk around the house and up and down the stairs without fear
fear of uh yeah it's lipping and dying if you yeah if anything she's wrapped me in cotton wool and
she's if you can see my air quotes that i'm doing, you know, he slipped down the stairs, Your Honour.
Exactly.
But how was your week anyway?
It was good.
It was good.
Very busy up in London again.
And had a couple of breakthroughs again.
And yesterday had a massive breakthrough all around risks
and risk registers and stuff like that.
Well, breakthroughs are better than breakdowns when you're discussing risk.
They are.
They are, funnily enough.
Having experienced both, they are significantly better.
But like any large, massive organization, right,
there's loads and loads of process, procedure, et cetera,
you've got to follow.
And it's there for good reason or it's there for what was a good reason
but is now you know slightly
esoteric etc but but nonetheless you know i totally get it i've worked for both small and
extremely large companies i know the differences and all that sort of thing but it's frustrating
nonetheless but yes they had this massive breakthroughs me and me and two um two french
guys who uh delivery security uh leads um on the team I'm working on.
And the best part was they said, we spent an hour earlier today
and we think we've fixed it all because we're able to talk in French.
Right.
So what you're saying is that I'm slowing you down.
Thanks, guys.
But no, it was good. So that that was nice and also it was my
daughter's birthday so uh we had a nice day um i've had fun setting up a nintendo switch a new
nice new nintendo switch um we've been uh playing on that which is good um so yeah yeah and we we
spending the weekend uh with them and uh gonna be your mom's're spending the weekend with them
and going to be
your mum's down
for the weekend
yeah so the Duchess
is down
fantastic
she's going to have
words with Jav
well I think she needs to
I mean the commitment
that you're doing here
not only is it
you know your daughter's
birthday weekend
obviously
you've got family
commitments coming on
family down
and as our
meanwhile
our major sponsor
let's face it
our major name sponsor the Duchess of Ladywell,
I think she deserves more value for her money from Jack.
She absolutely does.
Yeah.
I think we should sacrifice him.
Yeah, that's right.
Ask the Duchess if she wants his left hand or his right hand.
No, no, just slice his backside off.
She needs somewhere to put her bike.
Right, shall we see what we've got coming up for you today?
Let's try it.
Moving swiftly on.
Let's see what we've got coming up for you today.
This week in InfoSec takes a stroll down InfoSec memory lane.
Rant of the week shows the real value people place in exposure.
Billy Big Balls is a bold strategy from the Indian government.
Let's see if it works out for them.
Industry News brings us the latest and greatest security news stories from around the world.
And Tweet of the Week shows us the real reason behind Musk's purchase of Twitter.
And now let's go to our favourite part of the show,
the part of the show that we like to call...
This Week in InfoSec.
Disclaimer, I don't actually have anything for this week in info set can i suggest that you go back and download episode 54 uh which covers this same time yeah i think that's fair giving us a
blame jav yeah this week in InfoServe.
You know, I used to get a little bit upset when I wasn't on a podcast and I'd hear all the jibes about me and all that sort of thing.
Totally get it now.
It's so easy, isn't it?
So easy.
It's so easy when someone's not here to defend themselves.
Sketchy presenters, weak analysis of content,
and consistently average delivery
but they still won an award like and subscribe now so as is uh tradition foretold many years ago
it is time for me to do this week's listen up rant of the Week. It's time for Mother F***ing Rage.
So this Rant of the Week, it actually comes from a tweet, believe it or not.
But we will forgive that, as we've also got another tweet.
This comes from a user, at John J Hacking.
EC Council asked me to do a video interview about the ceh now as you will recall ec council
have been in the news well i say recently i mean the last 12 months what was it but what did they
say i think it's like four or five years now isn't it didn't they uh they sort of implied women are
better off in the kitchen or something yes that's right yeah and then they tried claiming their
entire marketing team were women.
Basically said some of my best friends are women.
Yeah, exactly.
I've got lots of women friends.
And they were all over the place.
It didn't look good.
So they asked this chap, Mr. Hacking, they wanted to use the video interview,
presumably they did a video interview with him,
as marketing material to convince people to take the CEH.
Obviously, this was their response when asked about compensation.
Dear John, my apologies for the delay in response.
Well, I mean, obviously dinner wasn't ready.
So regarding your query, this initiative and any compensation,
brackets financial stroke, non-financial, are independent of each other. And hence, your participation will not help you get
compensated financially or through credits as it is beneficial from a different standpoint
altogether. To reiterate, and this is underlined, this video will be available to millions around
the globe and will add a great value to
your resume and further career progression. Hope this helps to clarify your concern. Wishing you
a great day ahead. Warm regards. This is the classic exposure, isn't it?
Well, one, when you read through it, it really doesn't make any sense anyway right so this initiative and
compensation are independent of each other okay that i mean right and your participation will not
help you get compensated financially that's a weird way of saying we're not going to you know
compensate for you or through credits i, presumably with the EC Council,
as it is beneficial from a different standpoint altogether.
The language in use here is bizarre, is very bizarre.
And then goes on to say,
this video will be available to millions around the globe
and will add a great value to your resume
and further career progression.
As you said, right that andy this is exposure
yeah this is like really exposure this is this is what we get for this now we don't know the
full story on this we don't know why uh mr at john j hacking did a video interview in the first place
i can actually explain this oh so i i did actually look into
you mean he did some research unlike me uh no i did some research yeah so they actually asked him
to do a video um and then he sort of went back and said well hang on a sec if you want me to do this
video you know what what's in it for me yeah um and there seemed to be some sort of implication
that oh it's just you know many people just love doing videos for us because, you know, they always have really positive experiences with our course.
And so Mr. Hacking has actually included a sticker, a follow up thread that's in there.
He's posted the full story sort of after this. Yeah. Sort of show how it came to get to where he was.
sort of show how it came to get to where he was.
But, I mean, see, you know, the EC Council have been basically – do you remember, like, Instagram influencers used to go
and ask for free stuff like nice?
Yeah.
That's exactly what they're doing now.
It's all that crappy behavior that, you know, is about from two years ago.
Well, exactly.
But the thing is, you know, I've done plenty of video interviews and that's normally for people who either I respect as individuals or as companies, you know, can you come and do this for us? Yeah, of course. You know, I love what you do. I love what you know, how you do it and why you do it and all that sort of thing.
paid to do stuff because hey if this is for something that you're going to make money off the back of you know or rather indirectly then you know that needs to be fair compensation
but i i just think you know when when somebody goes into asking for something like this with
the clear or internal expectation that we're not going to pay for anybody. We're just going to fob them off with the, we'll pay you in exposure.
The ignorance and the arrogance of that kind of position really strikes home.
It's terrible.
It's really terrible.
And to say it in such a mangled, ham-fisted way as well.
I mean, this could have been said,
no, there is no financial compensation for this, we're afraid.
We're hoping that you as a friend of EC Council or something
will be able to help support us,
and we can build a stronger relationship in the future.
Whatever. Do you know what I mean?
But to split it out in this kind of weird way,
just smacks of tone deafness and a total lack of understanding
of actually how people might make their money,
how people might live, or even how people value their own,
what they're able to bring.
Because this entirely devalues any contribution
that mr john j hacking uh makes yeah so i think they say obviously um you know send this out to
so many people yeah um you know and then sort of figure out how they how they do their stuff
um but i saw there was a reply i saw in the thread somewhere, and I gutted I can't find it because, you know, people are saying the reason they got they had to get this certain sort of government job stipulate they had to have a CEH.
And even though, you know, these people are just sort of taking the test and just acing it because there's no practical element that, you know, the material is really old is the general consensus.
And, you know, the material is really old is the general consensus.
But, you know, there's one guy who said seven years ago when he took the exam, he got 95 percent in 20 minutes. But he basically did the exam 20 minutes, scored 95 percent.
And he said, you know, a week of intense studying helped him, like immensely helped him.
But he said it's probably the fact he got the actual exam paper on day one that really helped him pass it with that mark.
What?
But this is what, you know, there's been lots of rumours about EC Council like this,
you know, in the past and the way they've been taught,
the methods that have been taught.
For EC Council's lawyers out there, rumours, we merely reflect what we hear.
Objection, hearsay, Your Honour.
Yeah, absolutely.
Net fault beep out
absolutely but yeah it's it this this place is not covering itself in glory whatsoever
and ac council we know you're not going to give us sponsorship so that's why we don't care
yeah if you would and you'd like to come on the show and, you know, present your side for a fee.
You know, we're not just doing this for your exposure.
Absolutely not.
Yeah, then of course, give us some money.
You can come on and redress that balance.
Anyway, yeah, that was this week's.
Rant of the Week.
We are officially the most entertaining content amongst our peers.
When are those awards coming up?
Pretty soon, I think.
Yeah, I know.
Let's play as many.
Otherwise, we would have skipped the show this week,
but we have to get value out of these geniuses.
Exactly.
We need to get that down to a penny per play.
But yeah, that is soon.
In fact, we need to start advertising it next week.
Maybe if we ask Jav to get onto it, he'll have something for it.
No, actually.
Yeah, definitely won't.
But yeah, we've got to get onto that.
We've got to start polling because, you know,
otherwise all those lacklustre alternative podcasts are going to sweep the floor
just because they didn't have the, just because they got more exposure.
Anyway, right, let's move on to this week's.
Big Balls of the Week. Anyway, right, let's move on to this week's... So, over to Jav for this week's... Oh, no, Jav's not here.
Oh, dear.
Oh, no.
The show's going to fall apart without him.
Oh, no.
Yeah, listen to it creaking and groaning.
Oh, no, we're all right.
Yeah, so I'm going to jump in with this one.
So, this is a... Oh, do you know that the more i read it the the less i'm thinking this is a billy bigmore
big pulse move as it is like what is going on so the india government you you may have heard
about this they're requiring cyber security instant reporting within six hours okay so yeah new directives requiring organizations in india to
report uh cyber security incidents to the indian cert uh within six hours but even those incidents
which are portal vulnerability scans of computer systems that's constant exactly yeah i mean yeah i mean just set up a script that sends you know a report to cert.in
every six hours saying we had a we had a port scan every city well so i mean you've worked in
big companies i think you know the last numbers i saw you know in the company i left as a big
multi-national uh company i think you know we're polling about 16 billion a month. Yeah.
If you want to report on that, we're going to have to get bigger pipes to send
traffic to you. Oh my God, that's appalling. I've not heard
this at all this week. Yeah, so this has been integrated into
Section 70. You've been kind of scaling down your work and I've
been scaling up
yes yes yeah so this is a section 70 of the it or the information technology act of 2000
so it is part of indian law and it comes into force within the next 60 days
but yeah any internet service provider intermediary data center or government organization is mandated to report these rules.
And the same applies to instance reported by third parties who provide services to those entities as well, which is pretty much everyone who does business.
who does business.
The Indian security orgs and the, you know,
the sort of regulatory bodies, on the whole,
I found them to be very sensible and very down to earth.
Do you know what?
I haven't.
I found the other way.
Like particularly the RBI.
Yeah, they're just, if you just Google search RBI and fines,
you know, the things they've sort of issued fines for to companies.
Isn't that specifically the financial industry though? It is yeah but they just you know they will issue you a fine if they don't
think you gave them enough respect when you spoke to them honestly they're sort of really
like up themselves um you know in the way they approach things are very arrogant
yeah because they've got a lot of power they can shut down your business right and so
you know you get some sort of low-paid, you know, let power go to that.
Obviously, I'm, you know, just generalizing based on experiences of specific experience.
Yes, exactly. But yeah, they were very specific about what has to be reported.
Number one on the list is targeted scanning and probing of critical networks and systems.
one on the list is targeted scanning and probing of critical networks and systems um okay well that's which is yeah and well every minute every hour and then yeah i can see other things that
make sense you know compromise of critical systems or information uh unauthorized access to it systems
defacement of websites uh intrusion into websites unauthorized changes malicious code attacks you
know spreading viruses worms trojansjans, bots, ransomware,
attack on servers such as database mail in DNS and network devices
such as routers, identity theft, spoofing, phishing attacks,
DOS and DDoS.
And it just seems to get worse.
It's like someone took out a whole list of, you know,
what risk should we be looking for and just dumped the whole thing
as a requirement for reporting.
Because like a phishing attack, define a phishing attack.
One email, 10 emails, 10 phone calls, 10, do you know what I mean?
Yeah.
What is that definition?
I mean, data breach and data leak appear on the list,
which to me, you know, they both could have been swallowed up under unauthorized access to systems or data um attacks on the internet of things
devices and associated systems which is pretty much everything um you know attacks or incidents
affecting digital payment systems attacks through malicious mobile apps fake mobile apps
unauthorized access to social media accounts,
attacks or malicious suspicious activities
affecting cloud computers,
and then attacks or malicious suspicious activities
affecting system servers, networks, software applications
related to big data, blockchain, virtual assets,
virtual assets exchanges, custodian wallets,
robotics, 3D and 4d printing and uh drones
what's 4d printing is that where it goes back in time and does i think they're future-proofing the
standard to uh they're like you know if we chuck in 4d as well we're not going to have to update
this next year what the fuck is 4d printing the fourth dimension is time isn't it i don't know i mean this what this is
the part you've got an issue with right of this whole issue you're okay up until that point
well all of those are technically sort of viable things that you might want to report on whether
it's sensible to report on them is another thing altogether you want to report on. Whether it's sensible to report on them is another thing altogether.
You want to report on suspicious activities?
Yeah, you want to report
on suspicious 3D
printing that happens
tomorrow. That's not
a giant gummy worm. And you need to report it
today.
What?
Yeah.
And also, all of the logs have to be maintained
in an Indian jurisdiction for a rolling period of 180 days
and provided to the CERT.
What?
Yeah, along with the security instance.
That is expensive.
Yeah.
Huge.
Huge.
I mean, this is, like I say, it's a big move from the government.
And I don't think they've been very well advised
in terms of how they're going to manage this.
My goodness.
Any of our Indian listeners out there,
I'd love to hear what your thoughts are on this
and how your companies are responding.
And I'm going to reach out to some friends of mine because this,
like I said, this is a surprise.
I've not seen this coming at all because apparently I haven't seen all of the
internet yet.
To a point you made earlier off recording off mic, Andrew.
But yeah, this is incredible.
I am, I'm aghast at this.
Six hours,
people.
Six
hours.
Okay, I think we need
to rebrand this as something else.
Billy
Big
Rancy Balls
Tweet of the Week.
It wasn't a tweet, but it you know, it probably will be somewhere.
Bloody hell.
Wow.
I'm really...
Well, all I can say is this.
Are you outraged that Host Unknown was voted the most entertaining content coming out of Europe?
We read all complaints sent to our Reddit channel on r slash smashing security.
True story.
True story.
Do you know what's funny?
I don't know which,
because I think I've said this for all the jingles.
I've just got here a numbered one to 12.
Yeah.
It's random as to what comes out.
It is random.
All three have been about our awards.
Very good.
I'm nervous about which one to press next, you know.
Oh, dear.
Well, I guess we shall find out in the fullness of time.
But, yeah, talking of time and talking of 4D printing
and reporting in six hours,
if we had to report an incident to do with 4d printing what time would we do it um the best
time for that would be that time of the show where we head over to our news sources over at the
infosec pa newswire who have been very busy bringing us the latest and greatest security
news from around the globe that was difficult difficult, but well done. That was really well done.
Industry News.
HHS information security programme not effective.
Industry News.
Sim fraud solution sparks privacy fears.
Industry News.
Groundbreaking cyber security book published.
Industry News.
GitHub to enforce two-factor authentication.
Industry News.
Hunter Biden laptop repairman sues over hacker allegations.
Industry News.
NHS inboxes hijacked to send a thousand plus malicious emails.
Industry news.
Microsoft, Apple and Google team up on passwordless statement.
No standard.
Industry news.
Ukrainians DDoS Russian vodka supply chains.
Industry news.
Special police constable used encrypted chat to post child abuse content.
Industry news.
And that was this week's...
Industry news.
Huge if true.
I'm going to fall for this one uh oh no it's not to do with jav
i did wonder why why it was a groundbreaking book and why we report on it it doesn't
it doesn't oh right i was quite surprised because actually i just took delivery of a book that was
written by a couple of people who work for the same company as Jav.
For Kai and Perry, yeah.
Do you know what the funny thing was?
You paid for it?
I did pay for it, which was shocking.
But the funny thing was about that, it's the security culture playbook.
And I've had a quick flick.
It looks great.
And on the back cover and on some of the insides, you have, you know, sort of statements by people.
You know, whenever I think of Kai,
I think of him as a very bald Norwegian man who does X, Y, Z,
you know, all that sort of stuff.
And Kai asked me to do one, you know, for this book.
And so when I got it, it was like, ooh, ooh, where is it?
Where is it?
It's not there.
He didn't use it.
No, so he didn't ask you to do it.
He told you to do one. There's difference you know do one song like that's you know it's a different sort of
context that does make more sense because because what i was going for was you know maybe the phrase
fucking prick was a little offensive i don't know but you know yeah publishers weren't onto that one they uh they kept it in drafts he said be honest i mean
just what the industry needs another bald white middle-aged man
given his opinion
given you've got the manuscript of the first chapter of my book i'm worried now but uh
that's no it's good it's good you're getting the opinions of uh first chapter of my book i'm worried now but uh that's no it's good it's
good you're getting the opinions of uh another board um well younger uh you know yeah but you
but you're um you're african though as well aren't you i am indeed yeah i'm african but you know
speaking of african i just looked at this story the sim fraud solution sparks privacy fears um
i have not read this one but just the first line of it.
Privacy and data security concerns have been raised over a plan
to link South African phone users' biometric data to their SIM cards.
What?
This is a proposal by the Independent Communications Authority of South Africa.
And it's in the draft regulation published by the watchdog for
commentary uh which if approved will give all cell phone networks access to their customers
fingerprints facial recognition data retina scans and biometric and behavioral data holy moly that's not good yeah anyway i think they did all that
with the with the um vaccinations uh yeah apparently not everyone took the vaccine so
they're trying to do it otherwise yeah they realize everyone has a phone so yeah yeah
that's outrageous that is outrageous uh we i see we had to squeeze a story in about ukraine
uh we did i'm for just because i mean you know there's i'm sure this is a violation of the
geneva convention um oh you know they are for all the bad you know for all the bad, you know, for all the bad things that have happened in Russia.
Be careful.
We've already had a complaint.
You can't tar the entire country with the, you know, with the same brush of a crazy, you know, dictator.
But to disrupt that supply chain for vodka.
Come on.
I mean, you know, there's a russian vodka is is of a high standard
that's equivalent of doing the same to the tea supply chain for the uk
god that's disgraceful yeah that's the thought of that is disgusting
yeah i've read um in the past i've read a few books on you know uh just generally yeah just
generally books i haven't had to pay for, obviously, but armed conflicts.
You know, and so one of them was about the Falklands.
And it's when I can't remember if it was the Marines or the or the paras, but they were trying to take one of the one of the towns.
And they were basically they had to sort of dig in and settle down in the middle of this firefight.
At which point somebody literally got out their little burner and started
making a brew.
Bullets flying overhead.
It's like time for a brew lads.
Nothing can't be solved after you've had a good cup of tea.
That's right.
That's right.
Exactly.
Whether that,
how true that is,
I don't know,
but I really like it.
It's plausible. It is very plausible. Yeah. I really like to think it was it is plausible
it is very plausible
we're going to be here for a while lads
so we might as well get comfy
it reminds me of
I've got a friend he did a few tours
and he was saying he had a commanding officer
one time that every
morning people would come out
they were in Afghan at the time
every morning they'd come out
their CO would say,
oh, glad you could turn up today.
Thanks for coming in today, is what he said every day.
Thanks for coming in today.
I remember when I was at school, you know, military school,
and I was doing, it was a familiarisation course
because the regiment I was aiming to join was the Brigade of Gurkhas. And so I went to a place in, I can't remember where it was a familiarization course because the regiment I was aiming to join was the brigade of Gurkhas. And so I went to the place and I can't remember where it
was, but there was this lieutenant and he was a, he was a Gurkha.
He'd obviously risen through the ranks and it completely lost his accent.
He had the fine, you know, okay, chaps, let's, let's go on.
All right, off now, shit shit shower and shave and ready for breakfast
and he'd crack out a cigarette and he says anybody wants cigarettes they're silk cut i'm afraid i
mean they're like tampons you know it was just really bizarre seeing this you know gherka officer
who literally had walked from his village 20 years ago for three days to get to the army you know, Gurkha officer who literally had walked from his village 20 years ago for three days to get to the army, you know,
to get to the army selection in the Nepalese hills.
And now he's like, you know.
Fully anglicised.
Yeah, yeah, exactly.
It was great.
He was a lovely chap as well.
We accept him, one of us.
Yeah, exactly.
In fact, they used to tell stories that the Gurkha recruits,
they would never turn taps off because at the time,
and this is obviously going back many decades,
it's probably different now and such, but many decades,
because you don't turn off waterfalls or streams, do you?
And so when water's running, that's its natural state.
Brilliant. They had to be taught things like that you know and here when they heard voices over the you know radios it's like you know what's this oh it's a chap on you know on the other side of the hills
no don't be stupid how can that happen you know it's fascinating, absolutely fascinating. Anyway, we digress. Yeah. We digress.
One last one because I think hopefully this might actually happen.
Microsoft, Apple, and Google team up on passwordless standards.
How amazing would that be?
It would be good, but I still, I don't know.
I don't know if the technology is there yet.
Well, but this is the thing.
The technology is driven by demand, et cetera.
The fact is I don't think it's ever worked in the past
because there's always been like, oh, it's just this one small company
doing something.
There was a thing about a ring you wore that would monitor your heartbeat
and that heartbeat was your password because that's unique to you
and stuff like that.
Never really took off. But when we've got microsoft apple and google that pretty much covers 99 percent of
every computer that you know 99 of the people would use right yeah so you're gonna have people
like when they buy um like android phones for example they've always bought android phones right
and then they decide to buy an apple
phone they're in the store their heart rate shoots up when they're about to you know buy something
the price yeah exactly and they're gonna be oh this isn't the right person his heart right his
heart rate's totally totally out of the north yeah it's uh i don't know it'll be good i just
don't this is one of those things i don't think I'm going to see in my lifetime. And I'm deliberately, not pessimistic, cynical about it.
Given how much you've just been given by your colleagues, that may be Tuesday.
It's like, so when I first started doing networking, like back in the mid to late 90s,
I remember being told that we were running out of ipv4 ip addresses
yeah and we would have you know we would have exhausted them all by year 2000 and it's going
to be a problem and ipv6 is going to fix everything yeah and this is why your ccna is worth the money
you're paying for it yeah yeah what do we have now still primary method of communication at least
amongst you know, regular people?
IPv4, right?
Exactly.
I'm not falling for that one again.
So, yeah.
Oh, anyway, excellent.
If any or all of those stories are true, it would be huge.
Industry News.
The Host Unknown Podcast. industry news the host unknown podcast orally delivering the warm and fuzzy feeling you get when you pee yourself three out of four isn't bad yeah
all right let's uh move on shall we to the final part of the show, the part of the show that we like to call...
Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
And twice you play it, who tweets you shall receive?
So I'm going to take the first one,
and I'm going to drop a little tweet in for you there, Tom,
to take the second one.
Oh, thank you.
So this one, there seems to be a theme treat in for you there, Tom, to take the second one. Oh, thank you.
So this one, there seems to be a theme going on Twitter at the moment where people are reposting things that Elon Musk says.
Some of them are true, some of them are not.
So you have to choose carefully as to which ones are.
This one I choose to believe is true, and it was a tweet from elon musk and he says planning
on buying sands and making the certs affordable which uh i think you know i know our american
listeners are like you know they don't see the issue with it because sands is you know that's
normal price um but i think those outside of the us you'll find that sands is consistently
well certainly in the uk sort of two to three times more expensive
than any other type of training.
And when you head over to the APAC regions and the Africa's,
you tend to find out it's about 15 times more expensive
than any other sort of local courses.
Well, the problem is now, of course, that Elon spent all his money on Twitter.
He hasn't got any money to even take a course at Sands?
Well, to be fair, he's spending other people's money.
He's a true, you know, he doesn't have liquid cash.
He may be 240 billion worth, you know,
a significant amount of money,
but he borrows money from others to invest elsewhere.
In case he goes wrong.
Well, that's how you stay rich, right?
Exactly.
It works for Jav.
Oh, I haven't got my wallet, lads.
Yeah, that classic.
Can I borrow some money for you to pay for these beers?
Do you remember that night?
We went out for dinner, it was like a few years, but we actually
went out for dinner and he did turn up
without his wallet.
He literally drove into town
without his wallet
and knew he didn't
have his wallet walking into the restaurant
yeah yeah oh no i haven't set up contactless payment on my phone
that's why he's so rich it is it is yeah yeah excellent well mine is from uh annie uh at from Annie at Soycotic. Soycotic, I like that. Every time I have a programming question and I
really need help, I post it on Reddit and then log into another account and reply to it with
an obscenely incorrect answer. People don't care about helping others, but they love correcting others. Works 100% of the time.
Do you know what?
I hate to think that this is true, but I think it is.
You can see how it is true.
I can absolutely see how this is exactly what happens.
I mean, well, Annie's got this wrapped up without a shadow of a doubt,
but blimeyy that's so depressing
and those were this week's tweets of the week
well that was remarkably drama free this week wasn't it yeah andy waiting to the only complaints
we'll get will be from jav and his puppet accounts. Yeah, yeah, that's right. That's right.
Not Jav, not Malik, all those accounts.
Yeah, exactly.
Yeah, excellent.
Well, thank you.
Thank you very much, Andy.
You're much obliged for your many contributions
and more than anything, your show notes, let's face it.
It's why we keep you around.
So, yeah, thank you very much, Andy.
Stay secure, my friend.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
The worst episode ever.
r slash smashing security
i think he should have landed about now yeah he's gonna send a
message any minute now saying right i'm ready to record yeah
just send him a link see how long you actually because it will take him 20 minutes he'll join
20 minutes late yeah we'll say we'll do it this evening just send him the link, see how long he actually... because it will take him 20 minutes. He'll join 20 minutes late. We'll say we'll do it this evening.
Just send him the link.
Yeah, should we just tell him that we'll
do it at 7 o'clock tonight? Yeah.
And then at half 7
when he joins, we're not there, he'll say, sorry guys,
I'm here now. And then we'll get
back to him at like 8 o'clock and say, yeah,
we're done.
And...