The Host Unknown Podcast - Episode 103 - One Third Extra Fat
Episode Date: May 13, 2022This Week in InfoSec (07:30)With content liberated from the “today in infosec” twitter account and further afield9th May 2006: Jeanson James Ancheta became the first person to be charged for contr...olling a botnet. He had hijacked around 500,000 computers and was sentenced to 57 months in prison, forfeiture of a 1993 BMW and $58,000 in profit, and restitution of $15,000. Jeanson James Anchetahttps://twitter.com/todayininfosec/status/152371974555564851412th May 1989: The Marijuana Virus crippled the Chisholm Institute of Technology's computer network. It displayed a message on computers' screens, which read "The system is stoned. Legalise marijuana."Virus stops students from using institute computershttps://twitter.com/todayininfosec/status/1524842708967247908 Rant of the Week (15:07)Europe proposes tackling child abuse by killing privacy, strong encryptionA number of options have been put forward for lawmakers to mull that aim to encourage or ensure online service providers and messaging apps tackle the "detection, removal, and reporting of previously-known and new child sexual abuse material and grooming."These options range from voluntary detection and reporting of child sexual abuse material (CSAM) and grooming, to legally mandating that service providers find and report such material using whatever detection technology they wish — essentially scanning all private communications and, if necessary, breaking end-to-end (E2E) encryption for everyone.If rubber-stamped, the rules will apply to online hosting services and interpersonal communication services, such as messaging apps, app stores, and internet access providers. Billy Big Balls of the Week (24:05)China wants its youth to stop giving livestreamers moneyChina's internet regulator, the Cyberspace Administration of China (CAC), has published guidelines that aim to stop minors from giving tips or other forms of payment to livestreamers, watching after 10pm, or live streaming themselves. Industry News (33:59)US Government Offers $15m Reward for Info on Conti ActorsResearchers Find 31,000 FTSE 100 Logins on Dark WebLondon Police Warn of Crypto Muggings – ReportTreasury Sanctions Crypto Firm After North Korea’s $620m HeistnFive Eyes Nations Issue New Supply Chain Security AdvisoryMicrosoft: Ransomware Relies on the Gig EconomyTrustpilot Forced to Delete Millions of Fake Reviews in 2021Government Initiative Promises Rapid Blocking of Scam SitesCosta Rica Declares National Emergency Following Conti Cyber-Attack Airplane: https://www.bbc.co.uk/news/world-middle-east-61395745 Tweet of the Week (44:07)https://twitter.com/__femb0t/status/1524791901110542336 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Have you guys seen our stats are down from last week?
Really?
Yeah, our listenership, we're way down.
What happened?
I don't know, but when I look at the...
Oh, hang on.
Oh, no, episode 102A is way down.
What's 102A?
That was Jabs.
You arseholes, no!
It's also...
You're listening to the Host Unknown Podcast.
Hello, hello, hello, good morning, good afternoon, good evening
from wherever you are joining us
and welcome one and all to episode 103 of the Host Unknown podcast.
104.
Not 104. Don't stop confusing me, we've already had to start this once already.
Gentlemen, how the devil are we? Jav, how are you?
How are you after your little solo career that your daughter called
pathetic? Glad you could join us, Jav. Yeah. Well, you know, I'm glad you could finally like,
you know, dry up your tears from your leaving party at your old job. And, you know, you can
finally arrange your lives around my schedule, which, let's be honest, is the most important
schedule of the three of us right now. So, yeah, it's been...
We took a two-week break around your schedule, man.
Come on.
You know what?
It's funny.
You make that daughter comment, and just to add a bit of commentary,
colour it a bit for the listeners.
Me and my daughter had a bit of a disagreement
over how certain things should be done,
and she was doing it her way, and I said,
oh, that's quite pathetic.
To which she retorted, you know what's really pathetic?
Doing a podcast on your own.
So I've spent the last three days in A&E getting my burns tended to.
We like your daughter.
Oh, dear.
So how have you been, Geoff, since you were off gallivanting last time?
Very good. Very good, thank you.
You know, it's just, it's nice to be gallivanting again, you know.
It's, you just, even last time I got to the airport
and as I cleared security in record time.
As you tied your trousers back on. In record time, yeah, three and a half hours, actually, it just felt like so nice.
It felt like, oh, this is different.
It's like a weight lifted.
It's like not in my home office.
I'm actually going to I'm surrounded by real people.
And it just felt so nice.
It's just the little things.
I just can't really pinpoint exactly what it is,
but it's just so nice to be out and about.
It's nice being around people.
I've been working in London the last few weeks since I started my new job and it just strikes me every now and then how weird it is
to have all these people around.
Particularly at lunchtime when you're like, dude, come on, why are you standing so close?
Why are you leaning over me?
Yes.
Get back.
One meter is not enough.
And Andy, what about you?
How have you been?
Not too bad at all.
Started a new job.
Lots of very clever people
I'm certainly not
the smartest person
in any room
that I've been in
since I've been
and you know how
they all take their tea now
and now I know
how they all take their tea
well I've got it
written down obviously
because I couldn't do it
you know from memory
I'm not that good
not being the smartest
person in the room
exactly
hopefully in six months time
I'll memorise
all seven of them so yeah keep plugging away but no as you say it's been actually really good getting back
into the office uh not that i wasn't traveling into the office before it's just that now i'm in
kind of every day and um yeah it's like the whole routine again it's like it just been switching off
at the end of the day i think is what i really
missed is that you know i pack up my laptop come home and that's it whereas before working from
home it's like the machine's always on you know you're sort of back into the debt to the yes it
was on 24 7 like literally just go downstairs grab some food come back up sit down just keep going
leave stuff open whereas now it's like, shutting down at the end of every day.
And, yeah, very strange.
But how's your week, Mr. Birthday Boy?
Yeah, that's right, that's right.
I'm the big 5'1". God damn me, that is odd.
5'1", what?
5'1", 5? 5'1", 6? What?
Oh, if I was, I'd have so many stories to tell.
Like you don't.
Yeah, yeah.
We've only got 40 minutes or so.
No, it was good.
I didn't celebrate my birthday on the day because I was in the office
and it was working.
And it was the day before I was presenting
to our big important client security panel thing.
So that was a big deal to get right.
But yeah, going out tonight for a ruby with the family.
And then I'm going to go to the cinema.
So taking it nice and easy.
But yeah, it's been good.
It's been a busy week
couple of breakthroughs couple of um i had to cancel a couple of the breakthroughs that i had
the previous week because new information has come to light so yeah like you not feeling particularly
smart in the room at the moment what new information has come to light something called Log4J. Yeah. That's right. But it turns out you may be impacted by hot bleed.
We came across this tool.
I came across this tool and I thought, oh, I can use it for X.
I don't want to give away what I'm, you know, necessarily what I'm doing.
I can use this for X.
And everybody around me said, yes, that's a great place.
We can all do that.
And then I finally found somebody who knew, you know know he was one of the sort of systemos he said you absolutely should not be using it for
that oh for god's two days you know tom if you'd um ever been to a technical course like say a
sands course or something i'd be a poor man develop some skills. You might have understood that from day one, but okay.
I mean, who am I to argue CISOs need to have some level of technical knowledge?
No, no, no.
I was just identifying a tool for someone else to sort out.
I wasn't doing anything with that.
CISO, you know.
Anyway, talking of lack of technical knowledge let's see what we've got
coming up for you today this week in infosec takes a stroll down infosec memory lane as usual
we couldn't find a particularly funny byline to put in there rant of the week is all about won't
somebody think of the children.
Billy Big Balls is a story about sound investment advice from the Chinese government.
Industry News brings us the latest and greatest security news stories
from around the world.
And Tweets of the Week is an insight into the difference
between good coding and bad coding.
And so, without further ado, we go to the favourite part of our show,
the part of our show that we call This Week in InfoSec.
It is that part of the show where we take a stroll down InfoSec memory lane with content
liberated from the Today in InfoSec Twitter account or further afield. So our first story
takes us back a mere 16 years to the 9th of May 2006 when Jensen James Ancheta became the first person to be charged for controlling a botnet.
He had hijacked around 500,000 computers and was sentenced to 57 months in prison,
forfeiture of a 1993 BMW and $58,000 in profit and restitution of $15,000.
the restitution of 15 000 dollars um so this guy he attended high school to like 2001 where he dropped out as all uh good hackers with these kind of stories that get caught do and um around 2004
he started to work with botnets after discovering rx bot um which was just a common computer worm
that could spread through his net of infected computers and
so he hijacked somewhere in the area of half a million computer systems and the US Attorney's
Office in Los Angeles said that you know this not only affected computers like the one in your home
but it allowed him to and others to orchestrate large scale attacks um and so he was actually captured as so many of them in
the old days were uh during this elaborate sting operation when the fbi agents actually lured him
into their local office on the pretext of collecting computer equipment um so it's almost
like you know he kind of walked into this one. And funny enough, that arrest was actually part of something called Operation Bot Roast,
which, you know, it's just brilliant to be taken down by something like that.
It's not so good for the credibility.
However, yeah, it was only a chard.
I mean, we hear about, you know, mass scale botnets and DDoS.
And, you know, you think going back as far as Yahoo, eBay and all those ones that were, you know, dosed in the early 2000s.
It's only 2006 the first person was charged, which.
And the thing that surprised me, he got basically five years in prison.
Yeah.
Five years.
And it's interesting to find out, out you know quite how much he made because
58 000 is not a vast amount by any that's like minimum wage for five years he made well it is
right it is and it's it seems five years seems to be an awful lot which i think says a lot about the
the u.s sort of judiciary system in the sense that the levels of sentencing seem to be completely
out of whack. It's like, we watched that documentary, I can't remember what it's called
now, but it's about the rise of anonymous, et cetera. And people there were facing sentences sentences of 99 years and things for basically pressing a button on a on a on the uh loik.exe
and it's like it's so completely screwed up and yet you got people you know
who fixed enron and stuff like that just doing a few years. Home house arrest for 12 months, house arrest, yeah.
That quite literally destroyed lives and resulted in people's, you know,
untimely deaths.
You know, I find computer crime seems to attract
very disproportionate sentencing.
Yeah, indeed.
It does.
I think it works both ways.
I think especially like back in the early days, they were trying to make an example because there was this under underlying mentality.
Like if we if we're hard on them now, that should deter others from walking down this path.
And clearly that worked, isn't it? Yeah.
Well, that's just the US, you know, the approach to tackle-rising gun rates is to arm more people.
Yeah, exactly.
That's right.
Let's arm the teachers as well.
That's right.
And design wonky corridors and wider doors.
Or is it narrower doors?
I can't remember.
Oh, well.
Bulletproof clipboards.
I can't remember.
Oh, well.
Bulletproof clipboards.
And that's our second story.
Takes us back 33 years to the 12th of May, 1989, when the marijuana virus crippled the Chisholm Institute of Technology's
computer network.
So named because it displayed a message on computer screens,
which read, the system is stoned legalized
marijuana and what i so whilst um you know quite a funny event back in 1989 what i love about this
was the fact that it was reported in the paper three weeks after it occurred um because back
then you know people would hear about it and you, by the time they hear about it, they say, well, that sounds like an interesting story to post.
But a quote from Mr. Greg Tucker, a senior lecturer at the law.
Sorry, senior lecturer in law at the Davidson Business School said the Institute have had to buy commercial debugging kits costing $40 for each of its 100 microcomputers which just a sort of date
when this uh when this happened uh but miss tucker said there was stick on a floppy and move it from
one machine to the next and that's 40 well i think that's uh how they got into that problem in the
first place right well yeah yeah but he said there's uh still a great cost to the institute in inconvenience because students could not use the microcomputers.
And so it goes on saying that a virus which struck three weeks ago is under control.
And then obviously, as all good papers go on, it goes to explain what a virus is,
a self-propagating computer program that remains dormant as it infects computer after computer.
Blimey, you sound just like Graham.
I know.
That's exactly what I was thinking.
We love you, Graham.
Let us know if you want to sponsor.
Not now, Muttley.
Alas.
In fact, Graham probably wrote this article back then.
He probably did, actually, in fairness.
I didn't check who did write it, but sources in the show notes.
Ah, very good.
Very good.
Yeah, 12th of May, 1989.
Blimey, that was the age of...
That was five and a quarter inch floppy disks
when they really were floppy.
I wasn't born in that time, I wouldn't know.
Yeah, I'd better.
Shush, little child.
But yeah, wow, fascinating stuff.
Thank you very much, Andy, for this week's.
This week in InfoServe.
You're listening to the host unknown podcast,
Bubblegum for the brain.
All right, let's move swiftly on to the traditionally angry part of the show,
the part of the show that we like to call...
Listen up!
Rant of the week.
It's time for mother rage now this story i have actually read something about oh wow so it's i'm not going into this completely blind um so the headline europe
proposes tackling child abuse by killing privacy and strong encryption.
So you may have heard, you know, probably know from a few months ago, a number of months ago about Apple's attempt to intercept
and identify child sexual abuse material, CSAM.
By going through your photos.
Yeah, exactly, by looking at photos on your device etc and it and it
hits a bit of a roadblock and and um you know whilst uh everybody i'm sure is is absolutely
in support of trying to stop you know c-sam etc um it's the way it was done was not sort of
technically proven uh and would have resulted in a bunch of privacy issues.
Well, the EU, and this is one of the few times
where actually I think the EU has got it wrong on privacy.
The EU is taking this forwards.
And the bottom line is what they're suggesting
is that there is a backdoor into encryption systems such that they can then be looking into
all online hosting services, interpersonal communication services, such as messaging apps,
app stores, internet access providers, allowing them to search for child sexual abuse material.
This is a real problem. And this is something the UK government
has been trying to do as well. And it's been, you know, seen a huge amount of pushback. And
frankly, this is not the right way to do it. The best analogy I heard for this is,
it's the equivalent of the government saying to you, we want to search your house for child sexual abuse material
and in order to do so we are we request that you put your key under your doormat now don't tell
anybody that you've put your key under the doormat don't let anybody else get access to that key
that's under your doormat only we will use use that key. And we promise not to tell anybody
else that that key is under that doormat. And that's pretty dangerous. And not all analogies
are effective. But I think the reality is that having some kind of backdoor into your encryption
systems opens up the possibility that anybody can get in and that vast amounts of damage can be done by,
you know, criminals getting access to your systems, basically looking under the doormat
because they know that there's going to be a key there and using it to unlock your sort of digital
life. So knowing that all of your systems have a backdoor actually gives criminals an
opportunity to search for said backdoor and work out how they can access it. This breaks everything.
It breaks trust in the internet. It breaks trust in banking and all other financial systems, etc.
And yet this is being pushed further and further forwards.
And for me, this is more about political vote grabbing
than anything else, or at least it certainly was in the UK.
But to see an organisation like the EU pushing this
is really very, very concerning.
But surely this is one of those situations where if you've got nothing to hide,
you've got nothing to be worried about.
I don't have anything to hide except for the stuff that I, one, I don't want the government to know about or two, that I don't want anybody else knowing about because it's the keys to my bank accounts.
It's my internet search history.
It's my, you know know all that sort of stuff
right if you want access to it come and get it through regular legal means you know and through
you know search warrants or whatever the european equivalent is that takes time
we need to it's too long people could be deleting by the time we get those warrants people could uh
People could be deleting stuff. We want to see this now.
By the time we get those warrants, people could be deleting incriminating evidence.
Also, we don't want to alert them to the fact that we're going to be looking.
We need the element of surprise.
Well, the fact that most of this snooping can be done without even alerting the individual in the first place,
if there is a
legal basis for it is entirely possible i mean come on you know this is just bad news all around
i think we we end up losing trust everywhere this is this the second time you're agreeing with me
on today's show maybe maybe not but what what really annoys me about this is with any of these kind of proposals, they always start with we're doing it to tackle child abuse.
Yeah. And because they know that's a topic that is just impossible.
No one can say no one can say, oh, no. Oh, what? So you agree with child abuse?
What are you hiding? And and we know it doesn't stop there.
It starts with that.
Then it goes into everything else.
It's like, oh, we think you might have a speeding ticket.
Let's look into all of your telemetry data on your phone
and see what speed you were doing according to Google Maps or what have you.
It's just such a slippery slope, and it's terrible.
Well, and it's a big drop as well.
It's not like it's a slow descent into the chaos that you mentioned.
The mere fact that there is a backdoor in there puts your banking systems at risk, right?
The encrypted traffic between you and your bank, if that's going to have a backdoor in it, someone's going to find it.
if that's going to have a backdoor in it, someone's going to find it.
Someone who shouldn't find it, you know, who shouldn't have access to it,
will have access to it because they've been tipped off by the fact that it's published in law and in public that there is a backdoor there.
It's a bit, what was it?
Was it the Patriots chip or something like that that the US tried to put in place?
Yeah, was it the Clipper chip or something? Clipper chip, yeah, that that the u.s tried to put in place was it the clipper chip or something
clipper chip yeah that's right the thing that was going to basically i mean every computer had to
have one and it was going to unencrypt um you know data but only for the government and then it was
immediately broken wasn't it um and and just abandoned the clip this is going back sometime
though isn't it this Yeah, I know.
We should do a This Week in InfoSec.
If only we had a section that spoke about old historical things in InfoSec.
If only we had a host unknown monkey that could go and do that.
Do you know what?
I will put it into the show notes around June 24th, 19...
You know, around June 24th around June 24th
alright so we've only got
five weeks to wait
and we can then talk about
the Clinton administration as well
oh god yeah
so it was the late 80s
wasn't it?
90s yeah 1998
yeah wow
and then we can talk about illegal immigrants being tattooed with
encryption keys so they can't be deported and stuff like that
uh anyway so yeah this this is just another and so many of our profession are against this and
you know many many of our friends of the show are absolutely
against this um and and we're just very often made out to be the sort of you know the the the
screaming masses rather than the sensible daily mail reading um you know citizens of of of our
world when frankly this is just such a bad thing to to do and it's uh
yeah i think it really does qualify it you can tell how much it annoys me because i'm actually
not getting i don't sound that annoyed it's that kind of seething yeah Resign to just the stupidity and the hubris of people wanting to do things like this.
It's killing me. It's killing me, man.
Rant of the Week.
This is the Host Unknown Podcast.
The couch potato of InfoSec Broadcasting.
Wow, so we've had the bubblegum and the couch potato.
I wonder what food group we'll have at the next one.
Haribo's.
Quick Andy, create a jingle with Haribo's in it.
Consider it done.
Kids and grown-ups love it so.
It's now time for Billy Big Balls.
Billy Big Balls. This one kind of trails the rant in a way.
Whilst the EU is saying, think of the kids,
China is actually doing something for its kids.
It wants its youth to stop giving live streamers money.
So China has an internet regulator, the Cyberspace Administration of China.
They must be kind of redundant, right, after what the government does.
Yeah, that's right.
Easiest job ever. No.
It's called the Cyberspace Administration of China, or CAC,
as the acronym goes.
But they have published guidelines to stop miners from giving tips
or other forms of payments to live streamers.
Well, they should be underground digging out the coal and stuff, right?
Exactly.
Going on live stream.
Those iPhones ain't going to make themselves, kids.
No.
They don't want them watching after 10 p.m.
and they don't want them live streaming themselves.
And actually, I think this is quite sensible advice.
I mean, why would you want...
God, you're such a communist, Gerard.
It's our internet.
Yeah, you say as if it was a slur.
I take it as a compliment.
Thank you, Tosh.
Yeah, you say as if it was a slur.
I take it as a compliment.
Thank you, Tosh.
So they're asking website platforms must not develop apps that attract minors to tip or induce minors to give gifts.
And, you know, this is quite interesting.
So that's quite like a broad statement statement but you think about how a lot of
these platforms are actually designed i mean just look at tiktok's algorithm something that andy is
uh very familiar with i am familiar with the application you refer to as tiktok
and i and i believe my learning colleague mr malik is in a uh in a greenhouse throwing stones yes
i get more you get more hits on your
tiktok channel videos than you do on your youtube videos these days it's surprising
you even comment on my tiktok videos you've never commented on my youtube videos andy
it's because he's never seen your youtube videos it's all about the circles i hang in man
yeah but you know it's like all these platforms are there to to like induce
people to stay there for longer and the algorithm works out what your interests are and you know a
couple of days of training and it's like booyah it knows you better than you know yourself
so you know adapting that so it doesn't target minors is sort of counterintuitive
for a lot of these developers.
But, you know, it is what it is.
And I think there is a lot to be said about protecting the mental health
of, I suppose, everyone, but especially of minors
whose minds are still forming and developing.
And if they get addicted to certain platforms,
and then if they, from a young age like Andy,
get addicted to giving tips for services or things that they enjoy.
I'm a good tipper, what can I say?
That can...
But just the tip.
People tell me you shouldn't tip people in McDonald's,
but what the hell, they're bringing food, right?
Yeah.
Sounds good.
Yeah, yeah.
So I think it's a good move.
It is a Billy Big Balls move because you are literally going against
what all these platforms are designed for,
what these live streamers stream for.
But, you know, there needs to be some protection put in place
for these minors.
And, like, you know, obviously it's not their money.
They're probably stealing money from their parents
or getting them to top up their credit card or something like that. I think this is a good example of how you protect kids. You don't do
it by saying, you know what, we want all these live streaming platforms to give us a backdoor
into their system so that we can see which kids are using or abusing the system.
I've seen Andy's OnlyFans and there's plenty of backdoors in that.
Thank you, Tom.
You're still my biggest supporter.
Those are just the folds on his back.
Oh, we went there.
I don't know.
I find this interesting that in China they've published guidelines.
They've not actually just locked things down, which is, you know,
if you were to go back, you know, 20 years, the administration there,
it would just have been stopped, right?
I mean, the Great Firewall of China is a thing, but, you know,
the fact that they have a, you know, the cyberspace administration of China,
and we joked about it, right, But it does show that there has to be some kind of loosening of things going on
in order for them to publish this guidance and make it only guidance.
Yeah, but to be fair in China, people are going to obey it.
Yeah.
But this thing about not watching after 10 p.m.
that reminds me of the reason why we had licensing laws and pubs closed at 11 and things like that.
It was because that was the result of, was it the First World War, I think it was?
And they didn't want the workers who were building and making munitions getting pissed up at night and being late for work.
So because there weren't any laws for when pubs should close.
So that's why they created licensing laws so that the working class would go out
and make more shell casings for the war effort.
That's brilliant.
And all that did was create a culture in the UK of binge drinking.
Of lining them up when the bell went.
Yeah, exactly.
He'll have six pints and he'll have six double vodkas.
I remember going to Europe in sort of, you know, sort of late 90s, early 2000s.
They were just stunned that, you know, British people would just get their order as many drinks as they could early in the evening and just keep plowing through, expecting everything to shut at 11.
Yeah. Yeah. Well, I remember being in Argentina in the, when was it, the very early 90s.
Auckland Walls?
Yeah, I was going to say.
No, no, not that far. It was only eight or eight or nine years afterwards in fact it was eight years afterwards but um um and i was staying with my there's some of my
family over there and um some of the the younger or you know people my age late teenagers said uh
we're gonna go out to a nightclub tonight oh great okay cool and then the family i was with said
we're gonna have dinner tonight um you know and they ate dinner late there at sort of like you know nine plus
ten o'clock and i said oh no but we're going out afterward you know we're going out tonight so i
don't know they'll be around afterwards um so we had dinner started at nine o'clock finished at
midnight those guys came over we we hit the nightclub at two o'clock in the morning yeah
you know and it was just getting started
it was bizarre
utterly bizarre
I couldn't work it out
anyway
thank you Jav
for this week's
Billy Big Balls
of the Week
Are you outraged
that Host Unknown
was voted the most entertaining content coming out of Europe?
We read all complaints sent to our Reddit channel on r slash Smashing Security.
You thank me, Tom, but I go through my section and we end up,
instead of talking about Billy Big Balls, we end up talking about your teenage nightclubbing habits so we can talk about yours if you want no it's
perfectly fine actually why does your mother listen as well oh dear me i got an email from your mother the other day tom oh really was it a sponsorship i
hope so it wasn't a sponsorship but this is how loving she is she sent me an email and said like
don't forget to wish tom a happy birthday today oh it's a very kind thing to do it is i mean like
maybe she sent it to all four of your friends,
but I don't know.
But it's...
I did get one as well.
Don't worry.
Oh, I was going to say,
well, why did you get one, Andy?
I got it after I'd already
wished you a happy birthday, Tom.
Yeah.
Yes.
It was just after,
after you reminded us.
Just after your
oh shit moment.
Yes.
As I was looking at the date
on my calendar.
Oh, that's very nice.
Well, she published on Facebook a picture of me.
Yes.
She screenshot that picture and sent that to me as well.
Oh, did she?
Yes, yes.
It was on the email.
I'll tell you what.
I'll tell you what.
I'll add it into when we publish the blog post.
I'll put it into the tweet
how's that beautiful blonde locks i am gorgeous i am utterly gorgeous you are you are and back
then i was even more gorgeous let's face it you had this baby yeah Not bad for a Victorian baby. I know.
Oh, man.
That was a very, very long time ago.
And talking of time, see what I did there?
What time is it, Andy? It is that time of the show where we head over to our news sources over the InfoSec PA Newswire,
who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News.
I think next time you need to take a bigger breath.
Yeah.
US government offers $15 million reward for info on Conti actors.
Industry news.
Researchers find 31,000 FTSE 100 logins on dark web.
Industry news.
London police warn of crypto muggings.
Report.
Industry news.
Treasury sanctions crypto firm after North Korea's $620 million heist.
Industry News.
Five Eyes nations issue new supply chain security advisory.
Industry News.
Microsoft. Ransomware relies on the gig economy.
Industry News. Microsoft. Ransomware relies on the gig economy. Trust pilot forced to delete millions of fake reviews in 2021.
Government initiative promises rapid blocking of scam sites.
Costa Rica declares national emergency following Conti cyber attack.
Industry News. And that was this week's...
Industry News.
Huge if true. Huge if true.
Huge. Although it did take us a bit of effort to get those out, I have to say.
It did.
We were struggling there today.
Do you know what?
Something was off with the timing.
It wasn't getting us into a rhythm there.
Yeah.
Because Tom ruined it from the get-go.
He was slow on the button, wasn't he?
Yeah, he was like, I'll take a bigger breath, Andy, and then... Don't say slow on the button.
I edit out some of those gaps, you know.
You know, there is a story I read this week And it's not on here
But I thought it was just worth mentioning
There was a flight
That was about to leave Israel to go to Turkey
And a whole bunch of passengers
Got airdropped
Photos of plane crashes.
Bloody hell.
What?
I didn't read that.
No, I read about some guy had to land a plane after the pilot passed out or something.
No, not that one.
Was it a co-pilot?
No, this is a different story.
No, it wasn't a co-pilot.
Some young guy. A big inflatable autopilot that
yeah that's right no so no this is real so a bunch of passengers on the plane all iphone users of
course um they um they received um airdropped pictures of like um you know plane crashes and everything and what have you there's like several
pictures sent so panic ensued and um the pilot actually pulled the plane back and it's the right
thing to do yeah yeah exactly oh come on it's just a bit of bant you know there's some guy at the
front who's does that go in the official report yeah it's just a bit of bants with a zed come on
some passenger drops airdrops plane crash pictures to everyone else on board who is accepting
you know the photos from unverified sources yeah yeah yeah they want to uh turn a plane around come
on there's no need for that i mean how how different is it from someone just saying to the air hostess,
we're going to crash today?
Yeah.
Or the pilot.
Yeah, or I've got a bomb.
What are they going to do?
They're going to turn around.
They're going to land.
It's the same.
You've got to take every threat or perceived threat seriously.
It's not the same at all.
I know.
What do you mean it's not? Of at all i know you know what do you
mean it's not there's of course it's it's a it's a strongly inferred threat yeah geez so apparently
they did hold two young israeli men for questioning it had to be young men didn't it it was like
well we're lucky they weren't sending pictures of their dicks, let's face it. Yeah, yeah. But yeah, no, I thought it was really funny.
It's like, is this classified as a cyber attack, in quotes,
or is it just someone abusing some functionality?
Well, I think the functionality is such a commodity now,
because I'm sure Android has its own equivalent and all that sort of things it's less a cyber attack and more a more a um you know a fake terrorist attack
at the end of the day yeah i think people because it's like you as mike tyson said people have got
an all too comfortable talking shit from behind a keyboard without getting punched in the face for it or behind
his first class seat yes yes but then he got actually got punched in the face yeah exactly
i think there's this like disconnect in people's minds between what they do
on a digital device and what actually happens in real life yeah and and hopefully um you know getting banged up
in in a cell for a few hours can sober some people up well it's interesting they went after the uh
israeli guys because um apple doesn't store any logs of who sent you um who airdropped you photos
there's no way of tracking who did that they they probably um
they probably just profiled the people on the flight who uh this was who's who has sent the
the file it might not store it but you see file sent from yeah except except file from israeli
guys sitting in seat four set you know for. But the plane was leaving from Israel,
so the chances are there were going to be
a whole bunch of Israelis on the flight as it is.
Oh, dear.
I don't know.
Or maybe the captain said,
look, we are not going to land
unless one of you steps forward
and takes the blame for this.
Otherwise, you're all not going to land.
I've got nowhere to be, so I can stay in the air all day.
I can stay here all day.
Oh, dear.
Well, it's interesting we spent most of our time talking about a story
that's not in the industry news.
Yes.
Well, the other one, I guess it was kind of a Billy Big Balls move,
but it was an untrained
passenger lands a florida plane after the pilot falls ill um where was the co-pilot uh i i don't
think there was a co-pilot oh it's a cessna so yeah so he's flying from florida to the bahamas
um when the when the captain said he wasn't feeling to the pilot said he wasn't feeling too well, or the pilot said he wasn't feeling too well,
according to the FAA logs.
And then he fell against the controls,
putting the small aircraft into a nosedive.
Wow.
And then, yeah, there's a recording of the onboard conversation
between the passenger, Mr. Harrison, and the air traffic control.
Does he start with, fuck?
I don't know if they start,
he says,
I've got a serious situation here.
My pilot has gone incoherent
and I have no idea
how to fly the plane.
Oh, brilliant.
He says,
333, Luma Delta,
Roger, what's your position?
So I've no fucking idea.
I can see the coast of Florida.
I'm in the air.
Yeah.
But then they talked him down.
And yeah, he landed successfully.
So it just goes to show pilots are just overrated.
It can't be that hard.
Just a lazy pilot falling asleep halfway through his flight.
Although I have seen that i don't
know if you think there's some prank videos where like on these small planes the pilot pretends to
pass out they normally mates with the guy like it's like and then you see the guy panic as like
as his soul exits their body i find those very unfunny they They are. Very unfunny.
So you're the type of guy that wouldn't laugh at being airdropped a picture of a bomb,
of planes being blown up as we're about to take off. It's a threat.
I remember one time I was driving.
I was a passenger in a friend's car and I fell asleep.
And I woke up to him suddenly breaking and screaming.
That's always a classic.
What a twat!
It's even funnier if you're driving up behind a car that's been towed
that's facing you.
I don't know why I laugh, because what a twat.
Oh, dear.
The actual story that is on here that I think is interesting,
is this the first case of a cyber attack crippling a country, Costa Rica?
I believe so.
Well, certainly having a big impact on it, yeah.
A national emergency is, you know, that's considered a big deal, right?
Yeah, and even the US are putting money up to find the people who are responsible.
Yeah, well, they outsource a lot to Costa Rica, don't they?
Certainly do, yeah.
It's like losing your call centre in India.
It's a big deal.
Yeah, I think – well, shocking, shocking.
Anyway, thank you, folks.
That was this week's industry news
this is the host unknown podcast home of billy big ball energy well we are coming up against it. And so therefore we're going to close the show with this week's...
Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
And I shall take this one home.
It is a tweet from Fembot on Twitter,
who has posted a picture of a...
I think it's a slide that was was taken obviously at some sort of presentation.
Yeah, it looks like a slide.
Yeah, and it's about the CS4620 intelligence systems.
And there's a big quote on there which says,
changing random stuff until your program works is hacky and bad coding practice.
But if you do it fast enough, it is machine learning
and pays four times your current salary.
That is brilliant.
That is so true.
Machine learning is just getting it wrong 99 times out of 100.
You know, Chihuahua or Croissant.
Right, that's what it is.
Oh, dear.
I was like, the other one, was it Jam or Terrorist?
That's the other one. Jam or Terrorist? Have you not seen that one? What's that? Oh, I haven That's what I was like. The other one was a jam or terrorist. That's the other one.
Jam or terrorist?
You've not seen that one?
What's that?
It's like the, you know, it looks like a picnic table.
You know, what's the checkered?
Oh, gingham.
Gingham, that's it.
Yeah.
And so it's like, yeah, either gingham lids or people wearing sort of you know headscarves gingham headscarves
get the machine to tell the difference oh wow not not that there's any bias in ai machine learning
none whatsoever none whatsoever yeah just just next time you go to the airport jav don't buy
any jam in the harrods shop harrods i'll be like i'm waiting for there to be an audi in jam in the Harrods shop. Harrods.
I'm waiting for there to be an Audi in the airport so I can actually finally buy some stuff.
But, you know, it's like a few years ago,
Davy Ottenheimer done a keynote at B-Sides Vegas,
and it was all about bias in AI.
And it was a really good talk.
I'll find the link to the talk and we can put it in the show notes
because that is, I think, recommended listening
for anyone interested in the topic.
That was this week's...
Tweet of the Week.
And so we come to within minutes of Andy's next meeting at his new job.
We've just brought the show in in time.
Gentlemen, Jav, thank you very much for this week.
Oh, you're welcome.
Thank you for scheduling it around my schedule.
We scheduled it around your availability last week.
You just didn't turn up.
Well, you know what?
It's like Bruce know you'd like
like bruce lisa is like the you pour the water into the cup it becomes the cup you put you know
you'd be like water my friend things change fires need to be put out you know things take priority
yes exactly it's andy i think he's had a stroke. I think he's like just saying random words. Medical help is on its way, Jeff. Don't worry. It is.
Andy, thank you very much, sir.
Stay secure, my friends.
Stay secure.
Stealing my lines.
You've been listening to the Host Unknown podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
Worst episode ever.
R slash Smashing Security.
This is definitely the episode where Jav crashes the most.
He does.
That's the thing, right?
He's a part-timer.
He shows up every now and then.
He's basically worse than a contractor.
When you hear 102A, that was such a beautiful episode.
No crashing of jingles.
No one talking over me.
Because you're the only one on it.
No, you got the wrong jingles, though, as I recall.
I didn't even listen to it.
One of them was wrong.
I couldn't find the Today in InfoSec jingle,
so I just played one of the other ones that I did.
But other than that, they were all perfect.
All you did was read out the show notes that Andy wrote.
And how was that different from what
we've just done today you didn't even do something different you just basically did the same show but
with you agreeing with yourself i added a today in infosec which you guys didn't do so it's a far
more quality show right i'm out of. I'll speak to you later.
Right.
Yeah, yeah, go,
knock them dead, Andy.
Make sure that cup of tea is perfect.