The Host Unknown Podcast - Episode 105 - Curse You Zencastr
Episode Date: May 27, 2022The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” This Week in InfoSec (06:25)With content liberate...d from the “Today in InfoSec” twitter account and further afield26th May 1995: Realising his company had missed the boat in estimating the impact and popularity of the Internet, Microsoft CEO Bill Gates issues a memo titled, “The Internet Tidal Wave,” which signalled the company’s focus on the global network. In the memo, Gates declared that the Internet was the “most important single development” since the IBM personal computer — a development that he was assigning “the highest level of importance.”21st May 2009: Following increasing concern about hackers taking advantage of security vulnerabilities in Adobe’s PDF-reading software, the company has announced that it will be making security updates available on a regular schedule.Adopting a similar initiative to Microsoft (which releases security patches on the second Tuesday of each month), Adobe has declared that it will issue vulnerability fixes on the second Tuesday of every third month.Adobe announces its own Patch Tuesday The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Rant of the Week (12:47)DuckDuckGo browser allows Microsoft trackers due to search agreementhttps://twitter.com/shivan_kaul/status/1528879590772338689“DuckDuckGo has a search deal with Microsoft which prevents them from blocking MS trackers. And they can't talk about it!This is why privacy products that are beholden to giant corporations can never deliver true privacy; the business model just doesn't work.” The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Billy Big Balls of the Week (19:58)New virus forces people to donate to the poor if they want their data recovered Security researchers have identified a new kind of ransomware that forces victims to donate to the poor to recover their data.Unlike typical ransomware, which cyber criminals use to extort money from people, this one – known as GoodWill – gives victims a choice.In order to obtain the decryption key, they must choose to either donate clothes to the homeless, take under-privileged children to one of a number of restaurants for food or provide financial assistance to anyone needing medical attention that can’t afford it.In each case, photos or videos of the action must be recorded and posted to social media as proof. The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Industry News (25:10)US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners' Personal InfoICO Fines Clearview AI £7.5m for Collecting UK Citizens’ DataGoodWill Ransomware Demands People Help the Most VulnerableUK Government Cybersecurity Advisory Board Applications Now OpenOrganizations Urged to Fix 41 Vulnerabilities Added to CISA’s Catalog of Exploited FlawsMessages Sent Through Zoom Can Expose People to Cyber-AttackThree-quarters of Security Pros Believe Current Cybersecurity Strategies Will Shortly Be Obsolete18 Oil and Gas Companies Take Cyber Resilience PledgeIndia's SpiceJet Strands Planes After Being Hit By Ransomware Attack The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Tweet of the Week (32:30)https://twitter.com/fesshole/status/1529000507037171713 The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
uh well i guess we could take jav could take the piss out of us for being
overwhelmed and underwater at work no because i know karma's gonna come back and bite me
that's actually very humble of you exactly it's not like you at all
i know i i'm a changed person i'm more zen more calm more more aligned with uh with the universe
is it because you're spending more time on tiktok because every time I open the app I seem to get
one of your videos now oh I'll tell you what the intro could be um okay ready steady hey guys have
you seen the uh blogger awards are up again and we are nominated once
again. So I think we should use our massive platform here to ask people to vote for us.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us
and welcome to episode 105-ish of the Host Unknown podcast.
109!
And yes, it is the Security Blogger Awards and we are up for, I can't remember now, best podcast?
Non-vendor podcast, yeah, something like that. non-vendor podcast yeah something non-vendor
podcast well that just goes to show how well we did when it came to sponsorship i guess
the book the podcast that no vendor would touch with a barge pole
so i i was genuinely surprised with this because i got a link you know to a story on linkedin i clicked in uh then i saw
um a story it was uh yeah mr clooley uh over at smashing security begging for votes and i actually
did decide to i clicked in to vote and then i saw that we were nominated in the same category
i was like oh dilemma because i was not you have to vote for a smash in, though?
Really?
I mean, come on, Andy.
Well, all I'm saying, I didn't submit my votes
once I saw that the competition was in there, right?
So I was like, actually, do you know what?
That's even worse.
So rather than give one to the competition,
you actually didn't give one to us.
Yeah, what is the matter with you?
It's because of people like you that Brexit
happened.
Yeah, bloody
pink gammon.
Whatever.
And you know what?
Why would you refer to Graham as the competition?
There is no competition. We thoroughly trounced
them last year.
Yeah. Yeah, because refer to Graham as the competition? There is no competition. We thoroughly trounced them last year.
Yeah, because we know that because we saw the voting records, didn't we?
Yeah, this is true.
It was a landslide.
To quote Vin Diesel from Fast and the Furious,
it doesn't matter whether you win by an inch
or a mile, winning is winning.
Ask any racer.
Ask any real racer. So so technically trouncing just means
we just you know we got one vote more than them and that's fine exactly yeah yeah anyway
talking to trounces uh jeff how are we
i'll give you an update from the neighbourhood in which I live in.
It's not flighty. How's the neighbourhood watch going?
Well, this is how it's going.
So a couple of nights ago,
so my neighbour,
next to their house is the service road
that allows you access to the garages at the back.
The one that you wanted repaved at some point.
Yeah, and might be putting bollards in.
Yes, yes.
So those neighbours, they have a little dog.
I don't know what type, but it's a really small, cute dog.
And at 3am, it was barking like mad.
So they woke up, went downstairs,
and obviously the dog barking and them going downstairs
scared off a would-be burglar
who'd actually smashed the lock in the back patio door and had entered their house.
Bloody hell.
Yeah, it was really weird.
It's so bizarre.
So the general assumption is it's probably a druggie or something like that because professionals don't normally do that kind of thing, apparently.
or something like that because professionals don't normally do that kind of thing apparently but uh but yeah so now i'm looking at getting more security cameras which is going to be so much fun
so so what you're saying is you live in an area where even the criminals are a little bit low
market and low rent yes yes and there's more on that later on today's show, but I won't say too much now.
Andy, what about you?
How's your week been?
Busy.
Just, you know, keeping up with the new job.
Nothing too exciting to report back.
Just, you know, I'm soaking up all the information only in week three.
And, yeah, we're meant to talk.
Jeff likes two sugars and it's stirred anti-clockwise.
Yeah, and obviously I've got all the shade to, you know,
who has the milkiest tea, who has the, you know.
Who has the NATO standard, yeah.
Yeah, I'm just, it's a tough job, but I'm getting there.
But how's your week been?
I'm not going to lie, it's been a tough week.
It has been a tough week.
Your new boy is not making the tea quite right yet.
It's been a month.
No, it's right.
I nearly spat it into his face when I tasted it this week.
It's been a tough week, but it's a three-day week next week, which is good.
So that's going to help.
Okay, so what have we
got coming up for you
today? This week in InfoSec
mentions Bill Gates'
internet tidal wave.
I didn't know he's
gone into swimming parks recently.
Rant of the week is less
duck-duck-go than it is
frick-frick-no.
Billy Big Balls is a story of
chaotic good industry news
brings us the latest and greatest security news stories from around
the world and tweet of
the week highlights a
coping mechanism for
imposter syndrome
so let's move
swiftly on to our
favourite part of the show
the part of the show that we like to call
This Week in InfoSec.
It is that part of the show where we take a stroll down InfoSec memory lane with content
liberated from the Today in InfoSec Twitter account and further afield and this week we have gone further afield
as we uh desperately search for stories we haven't covered before uh owing to the today
in infosec twitter account repeating stories or not staying up to date so our first story takes us back 27 years to my birthday, the 26th of May 1995.
Realising his company had missed the boat in estimating the impact and popularity of the internet,
Microsoft CEO Bill Gates issued a memo titled The Internet Tidal Wave,
which signalled the company's focus on the global network.
tidal wave, which signaled the company's focus on the global network. In the memo, Gates declared that the internet was the most important single development since the IBM personal computer,
a development that he was assigning the highest level of importance.
So as you can imagine, you know, working in a company like Microsoft, and all of a sudden the
big cheese, the CEO,
you get this email telling you to divert all your attention
to this thing called the internet.
And you have to have faith as to whether or not it's going to catch on.
Unfortunately, he did.
And Mr. Gates became a visionary and a big supporter of the internet,
no doubt making it the success it is today.
What's interesting is that we hear about these memos that Bill Gates issued about the internet,
or how when he issued the infamous one about security, and how these transformed,
and he's a visionary. We never hear about the hundreds of other memos he sent out that
amounted to nothing. I used to work in a startup environment, the CEO, he was, you know,
he had a couple of big successes, you know, one which was sold.
In fact, two of them had been sold for multi-million pounds, you know,
to bigger companies.
But what you don't see is the amount of shite that we had to churn out to get
to the big ones.
It was honestly, it was like one in 15 projects was a success.
You know,
and the other 14
are pretty demoralizing,
you know,
as you work through them.
But no, you're right,
it happens.
You know,
what's the saying?
Even a broken clock's
right twice a day.
Yeah.
But anyway,
our second story
takes us back a mere 13 years
to the 21st of May 2009. Following increasing concern
about hackers taking advantage of security vulnerabilities in Adobe's PDF reading software,
the company announced that it would be making security updates on a regular schedule.
Adopting a similar initiative to Microsoft, which released security patches on the second Tuesday of each month,
Adobe declared it would issue vulnerability fixes on the second Tuesday of every third month.
That went well for them.
It did.
I mean, yeah, obviously Adobe did get a very bad reputation for a long time.
Rightfully so as well, because, you know, they're very vulnerable software and it's you know highly exploited um but to think that you know now if a if a software
vendor said look you know we know our our software gets breached a lot you know we know it's a vector
into your network we know how much you rely on it we know how useful it is to you and we know that
pretty much every corporate machine will have a copy of this software. Therefore, we commit to fix it, you know, four times a year.
It does go to show that, you know, this being a news story back then versus now,
you know, and it's only, what, 13 years.
13 years has passed and suddenly if you're not're not doing this you're you're an well a
dreadful company basically you're at just out to to to money grab so yeah it's amazing the difference
that time makes no adobe is fantastic now they've they sold all of these while moving everything
into the cloud and then charging you ridiculous fees that you can't get out of. So I think they've really solved this patching issue.
Yeah, so I actually have an Adobe subscription I don't use,
which I got on Black Friday.
Oh, yeah.
I think last year.
Yeah, I got it.
So it's like £29 a month or something for everything.
Okay.
And you don't use it?
Oh, that's a good deal no i i thought
yeah i'm gonna get this i'm gonna use it i'm gonna create all these fancy presentations
um and i think i logged in one shop yes i think i logged in once to use a pdf writer because i
needed to edit a pdf document that i had what this is amazing like you know and then sometimes you say
to me oh jav you're so rich and i wish i was and like 29 pound a month and you're not even logged
onto it i'm sitting here sweating over the one pound netflix increase that i'm subject to
and you're using your neighbor's netflix as well it's not even your own login
and you're using your neighbour's Netflix as well it's not even your own login
you're sweating about it
as you open the door to your money room
and dive in Scrooge McDuck style
into your piles of cash
oh dear
the economy's tough man
you need to plan for the future
what the future when there's a shortage
of swimming pools filled with cash
excellent thank you very much andy for this week's
this week in infoswim you're listening to the host unknown podcast bubble gum for the brain I was rather hoping that was going to be one of our, you know,
voted most popular podcast jingles,
because we've got to get the use out of those for the next few weeks.
Right, so let's move on to this week's, well,
blood vessel bursting section of the show
we like to call...
Listen up!
Rant of the Week.
It's time for Mother F***ing Rage.
So this is one of those stories where you quite literally
only have to read the headline and you're already upset.
But this is, well, frankly, because I bought into this company,
as in emotionally bought into this company, because they were providing what I thought was
safe and anonymous searches of the Internet and ways to, you know, navigate your way around the
treacherous waters of the World Wide Web,
as Bill Gates probably once called it, without fear of being tracked. But with headlines like this, is it any surprise we get angry?
DuckDuckGo browser allows Microsoft trackers due to search agreement.
Microsoft trackers due to search agreement. So DuckDuckGo is all about the privacy of the user.
It's all about actually making sure that the user is protected from being tracked by internet, well, by internet trackers littering every single site you go to.
internet trackers littering every single site you go to. They have a browser as well as a search engine, and you can search in there knowing that you're not going to be tracked.
The problem here is, however, and the results in DuckDuckGo are pretty damn good. The reason
they're pretty damn good is because they use Microsoft, the Microsoft search engine. And as a result of that agreement, they then allow Microsoft trackers to actually track where you go.
So things like, there was a tweet here from Jack Edwards,
who said you can capture data within the DuckDuckGo so-called private browser on a website like Facebook's workplace.com.
And you'll see that DuckDuckGo does not stop data flows to Microsoft's LinkedIn domains or their Bing advertising domains.
The whole premise of what DuckDuckGo are offering here is basically it's it's it's a web of lies
and this it just confounds me that some a company that founds itself and prides itself on this
is actually hiding a fundamentally opposing piece of technology or configuration in there,
which is exactly the reason people use it in the first place.
So I'm just aghast at this.
Agog I am.
Completely agog.
So DuckDuckGo, you really need to fire up your communications department
to try and address this, to be honest with you.
Wow.
So I am not as surprised as maybe you may be, right?
Because, right, okay, ultimately,
how are they getting their money otherwise, right?
And, you know, we've seen history shows us over time
that even, you know, those that start with the best of intentions.
What's that?
Yeah, so do you remember?
Yeah.
I mean, selling out the new black, right?
Who was that drink?
Innocent drinks.
Do you remember they made fresh drinks, nothing else?
And they're very hippies, great story about where they came from,
their beliefs and how everything's pure and organic and all this. Of course,ca-cola comes in says hey guys you want 30 million pounds and they're
like hell yeah and it's like you know i mean like they soon got rid of those hippie shorts and got
on corporate suits um and i just think duck duck go obviously they they need funding right they
they have to do commercial deals.
They need staff to help build their product.
And it's a slippery slope.
They justify it over time, right?
They say, well, if we just take this deal,
then we can afford this many more people to do more good.
But it would eventually catch up with them
because ultimately these big companies aren't silly.
They want to get their money's worth.
The thing is, it doesn't surprise me that they do it. It surprises me that on their platform of privacy, because ultimately these big companies aren't silly. They want to get their money's worth.
The thing is, it doesn't surprise me that they do it.
It surprises me that on their platform of privacy that they don't state very clearly and openly that they're doing it.
Well, isn't that in the contract?
Isn't that the crux of it in the contract,
is that their agreements with Microsoft prevents them from saying that or something?
that their agreements with Microsoft prevents them from saying that or something.
Well, then they should be, you know, that's just breaking down their business model of openness and trust.
Yeah, but like I say, money talks.
Yeah. What I find funny about this whole segment is old man gets enraged that free service he uses on the internet has to make its money somehow.
I donate to it.
It's like the naivety of it all.
But it's not the search engine.
It's only the browser, apparently.
So it's not that bad.
So you said, but the browser is now combined search engine now,
as I understand it.
Ah, is it?
Okay.
Yeah, that's what i saw in
the on the twitters with people getting angry about this right right right more more fish and
it's that whole yeah to get onto twitter to be angry about this free service you're in no way
obligated to use is um absolutely mining your data absolutely But that's not the issue.
The issue is that they're not open about it
when they advertise on a platform of openness and trust.
Again, I'm more scared about,
if I was the person that took this money at DuckDuckGo,
I'd be more scared about Microsoft lawyers
than I would be of people's opinion of me on social media
for not being open and
transparent completely get it but i'm talking about the big corporate group not some individual
or something like that it's just but you know an organization as an entity that thrives on
privacy and trust and transparency is not transparent and that's what annoys me.
Yeah.
But, you know, this went to some risk committee meeting somewhere when this contract came in.
And they all took a vote and they were like,
do you know what?
Bonuses are going to be good this year.
Bonuses at this non-profit.
Why is it a non-profit?
Because we get bonuses.
Oh, anyway.
Bloody hell,
DuckDuckGo.
Rant of the Week.
It doesn't matter
if the judges were drinking.
Host Unknown
was still awarded
Europe's most
entertaining content
status.
Who do we need to send
that alcohol to this year?
Yeah.
Hopefully no one that's recovering.
Yeah.
Excellent.
So let's go on to you, Jav.
And this week...
Today's Billy Big Balls is the fact that security researchers
have identified a new kind of ransomware.
So they hit you and instead of asking you for money, this ransomware known as Goodwill gives you a choice. So either donate clothes to the homeless, take underprivileged children to restaurants for food or provide financial assistance to anyone needing medical attention that they can't cannot afford.
And once you do this as a victim of ransomware, you must post videos or photos of it on social media and they will then give you the decryption key.
So it's absolutely this is
weaponizing chuggers yeah it is 100 it is a weaponization of chuggers i wonder if working
this ransomware gang is a bunch of students who really don't want to be there maybe well students where do they want to
be other than sleeping or watching tv so you know there's nothing new there but this is just like
such a i get it like people want to they see injustice in the world and they want to be a
keyboard warrior but this is not the way you go about it having said that i i think this is like
you're risking going to getting tracked getting some depending on where you are and what your
cyber crime laws are like you know you might end up getting nicked facing like some penalties or
jail time but you are so committed to the cause of you know making sure like a few kids get fed that you're willing to
risk it all and uh get some with ransomware personally i think it's really
i would be offended if i got hit by that ransomware
i would be like you do lots of charity work but you don't like to talk about it mate
yeah exactly charity is not for showing off on social media.
You know, if I get hit by ransomware,
I want one of those hundred million gangs to come after me,
give me $150 million.
And, you know, then you at least feel respected.
It's like instead of sending the Mandalorian after you,
they send Jar Jar Blinks.
I mean, it's just like...
Jar Jar Blinks.
Yeah, Blinks, whatever. Yes, he does. blinks i mean it's just like jar jar blinks yeah binks whatever
yes he does yes but this is the very definition of um chaotic good isn't it
well depends on who you're targeting really i mean well yeah it depends if you have been
targeted as well yeah so if you're hitting a really big company say like there's a company like cambridge
analytica then it's like you know you can see oh a lot of people might get behind i'm not condoning
going after any company with ransomware but say for example you could say oh they're not doing
any good but then you hit a company that like a small medical facility that you're something like
that because you know the ransomware is a
very sophisticated or doesn't really discriminate between who they're attacking it's just normally
a spray and pray technique well yeah but you'd expect in this instance that it would be targeted
given well you'd say that behind it right you give you give them a lot of credit i do but
you know what if it's just a
small manufacturing firm and then you find out they actually manufacture like baby formula milk
or something you know well there has been a shortage in the u.s hasn't there has there has
yeah yeah so but having said that all in all i think it's such a billy big what would be really billy big ball's movies if they get caught and they say we refuse to spend money on lawyers fees or anything anything
that you get donated to charity we're willing to take the jail time that's when yeah that's that's
when they really get my attention i have to say yeah. As good as their intentions are, the approach is not great, is it?
No. You know, forcing people to do it and crippling a business is not great.
Unless, of course, they do go after Cambridge Analytica. Other nasty firms are also available.
But then again, I mean, who do you think actually gets impacted the most?
It's not the execs. It's those security guards or minimum wage or the cleaners or whatever.
Yeah, that's right.
People on zero-hour contracts.
Or the CISO, heaven forbid.
Well, yeah, exactly.
I mean, they're probably lining them up to get fired straight away anyway, right?
Yeah.
Just saying.
Excellent.
Thank you, Jav.
That was a good one.
That was one I could sort of really see the Billy Big Balls behind it
without thinking that they were actually fundamentally dreadful people,
which is one of your normal ones.
Billy Big Balls of the Week.
You know what? We haven't had much time to think this next segment through,
so Andy, what time is it?
It is that time of the show where we head over to our news sources
over at the InfoSec PA Newswire, who have been very busy
bringing us the latest and greatest security news from around the globe.
Industry News
US car giant General Motors hit by cyber attack exposing car owners personal info
Industry News
ICO fined Clearview AI £7.5 million for collecting UK citizens data
Industry News
Goodwill ransomware demands people help the most vulnerable
Industry News Goodwill ransomware demands people help the most vulnerable.
UK Government Cyber Security Advisory Board applications now open.
Organisations urged to fix 41 vulnerabilities added to CISA's catalogue of exploited flaws. Industry news.
Messages sent through Zoom can expose people to cyber attack.
Industry news.
Three quarters of security pros believe current cyber security strategies will shortly be
obsolete.
Industry news.
18 oil and gas companies take cyber resilience pledge. Industry News. 18 oil and gas companies take cyber resilience pledge.
Industry News.
India's SpiceJet strands plane after being hit by a ransomware attack.
Industry News.
And that was this week's...
Industry News.
Huge if true.
Huge if true. Huge. Huge if true.
Huge.
So, Jav, tell us about this goodwill ransomware demands
people help the most vulnerable.
I know, it felt like a bit of deja vu.
I've never actually heard of the SpiceJet airline.
Have you not?
No.
Have you ever been to India?
Actually, no, I have not.
That's probably why then.
Yeah, well, even still, you know, you tend to hear about other flights.
I mean, I don't know which alliances it's part of or, you know, I don't know.
But I'm just reading that, yeah, a number of flights on Wednesday delayed after reporting being hit by ransomware the previous
day uh so it's slowed down morning flight and departures i mean it's not exactly what you want
to be hearing when you stand in the departure lounge is it and sort of saying hey look you know
your flight flight's a bit delayed don't we've got a bit of a ransomware situation going
going on back at base but it's all good is there anyone on this flight who's a cyber security
professional are there any ci double sps on board and then you can look at your parents and go
see it was worth it i don't need to be a doctor
oh man that that would be like that that is like the day the scenario i daydream about every day
like for three hours it's like yes finally it's like you you know like those survival shows or
like beer grills the island or something and i'm thinking like if i was ever on there there'd be
absolutely nothing of use like i don't like the tide's could add. The tide's coming in.
The tide's coming in, the raft
has broken, this, that. Well, hold on.
I think we need to assess the risk here,
fellas.
First, I'm going to come up with a high-level
statement that's going to be
that's going to state our intent.
Get everyone to buy into it.
They often say you can take one thing with you to this deserted island.
I'd take Ray Mears.
Yeah.
So this other story here, and, you know, maybe Tom, you can,
or Andy, you even, I suppose, three quarters of security.
I might know something about security.
Andy, you might have an
interest in this it's security related well to be honest like Andy I think like and and I'm sure
like our listeners can can agree with this like a well half of them don't know who you are but
secondly no one actually understands what you do for a job anyway including himself at the moment.
OK, three quarters of security pros believe current cybersecurity strategy will shortly be obsolete.
Is that true or not?
Do you actually believe that?
Yes.
OK, yeah.
Well, I mean, obviously, at some point,
I mean, is there a timeline?
Is it like tomorrow they
said shortly so well it's very non-specific right does that mean i have to retrain by lunchtime
uh okay uh the boards must ensure make sure cso's have the budget necessary to get short-term issues
under control and then begin planning long-term business-wide strategy.
Oh, my God.
This is like a quote by some consultant, obviously.
I'm just trying to find it in the article.
Let's see which top four consultancy he's from.
Yeah.
More than three-fifths, 61.4% of participants
mark themselves as fairly confident
in their ability to thwart cyber attacks.
With this in mind, only 44% said they had the means
to protect their organisation against immediate and mid-term risk.
This story does not make any sense whatsoever.
I'm sorry for wasting your time, everybody.
Here we go.
Second to last paragraph sums it up.
Tackling ransomware is a huge area of focus in the world of research.
Come on.
Ovs.
Yeah, but that's been the case for like five years or something.
Exactly.
That's what I'm saying.
This is not new stuff.
No.
But we still haven't fixed it, right?
Yeah.
So whatever strategies we've been working on,
they're not working.
Stop using those strategies.
Are the strategies not working
or the fact that the CISOs leave after 18 months
and then someone comes in and starts a new strategy?
Different vision.
Yeah.
Yeah.
I mean, there's that tweet.
I was just scrolling back through WhatsApp.
I think it was you, Tom, sent it.
And then it was from Anders Fones.
I like to think that InfoSec has a lot of turbulence
for very little current.
Stay away a week and it feels like you completely lost touch.
Stay away a year and it's all the same.
Yeah.
Absolutely.
Absolutely.
I think that sums up really well.
Yeah. Excellent. That's a think that sums up really well. Yeah.
Excellent.
That's a good place to end from this week's...
Industry News.
Sketchy presenters, weak analysis of content
and consistently average delivery,
but they still won an award.
Like and subscribe now. and consistently average delivery. But they still won an award.
Like and subscribe now.
Link is in the show notes, folks.
We've got until the end of the month.
That's only Tuesday for our awards.
Anyway, let's move.
Yeah, I think so.
Well, the closing date for voting is Tuesday, I think.
Let's move on to the last and favourite part of the show, the part of the show we like to call tweet of the week and we always play that one twice tweet of the week and i shall take us home
with this one and this is one from the fesshole twitter account uh which i'm sure we can all
relate to and this week's tweet, I have a folder on my desktop
of reports written by a man
in a rival company
who is awful at his job.
Whenever I get imposter syndrome
and panic that I don't know
what I'm doing,
I open them and read through
and feel better about myself.
The question I want to know is,
how did they get hold of my reports?
Yeah.
And did you actually market Graham
Cluley? For the attention of. I like this. I like this one a lot. It's it's we all need a little
ego folder. And if that if that's punching up or punching down, it doesn't matter is whatever
makes you feel better about
yourself so you know i i found that the the quick hack around it is just to open up twitter
scroll through it for about five minutes i feel immediately feel better about myself and close it
and like get back to work or just angry that's the that's the flip side yeah you just need to
follow the right people or the wrong people i'm not sure you need to you need to follow the right people. Or the wrong people. I'm not sure.
You need to follow the train wrecks.
Yeah.
Well, we know you've got a history of following jamms.
We know Jam's addicted to that type of behaviour.
To a certain type of Twitter person.
No, no.
Okay, let me just say that.
They are already wrecks when I reach there, I do not cause the wrecks.
OK, so let's just clarify that.
No, no, I'm sure you barely register on their radar of interest, Jack.
But the fact is, you do like following them.
Well, you know, like this person on Festival,
I like to feel better about myself.
Why do you think I hang out with you two losers To make myself feel better about myself
Oh there we go
There we go
Slightly odd one this week
We were stymied once again by the technology
Would you believe
It's like the internet
Is not as
Redundant and self healing as we thought it was.
But we struggled through and we got this made for you, our dear listener,
who, if we haven't told you before, we do love so much,
so much that we've put a special link in the show notes for you to click on there
and find our name in a list of non-commercial podcasts
and to select us as your
favorite that's how much we love you because no other show gives you sound effects like that
mose bike that just went past my window i know i was just asking are you an indian sound like one
of those rickshaws going past it but you know what the last three or four weeks since the weather's
got better that your track when i'm editing is bloody awful for noise i know do you
know what it's because i leave my window wide open yeah i know i can hear you do really wow
thanks if it was a different show i might actually shut the window and put the fan on but uh
as we're amongst friends i figure look yeah we can't be going corporate with this stuff right
people like the authenticity exactly we can't sell out not with this stuff, right? People like the authenticity. Exactly. We can't sell out.
Not like DuckDuckGo.
No.
No, we will stick to our moral high ground
of actually not attracting any kind of sponsorship.
So, excellent.
Jav, thank you so much for this week.
You're welcome.
Stay secure, my friend.
Indeed.
You son of a bitch.
Andy, thank you for your contributions. Stay secure, my friend. Indeed. And Andy. You son of a bitch. Andy, thank you for your contributions.
Stay secure, my friend.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
Worst episode ever ever r slash smashing security
so i am uh looking through just trying to find a link for these uh awards i saw it on linkedin
these awards have been open the nomination has been open since April, by the looks of it.
5th of April.
I think that was for the shortlist.
Right, OK.
Yeah.
So the actual voting for who should win
has only been open about a week or so?
No, since...
I don't know.
Yeah, I don't... We're going to have to find this
we're a little bit behind the curve
on it I'll give you that
sums us up really
a little bit
we'll find a link and stick it in the show notes
so people can vote
how much are we offering per vote
we're not above paying
we'll read out your names
and provided we win we'll read out your names.
And provided we win, we'll also send you,
what should we say, a pound a vote?
Two pounds a vote.
No, fuck off.
50 pence.
If you can prove you voted, 50 pence.
Pound a vote for the first 500 votes only.
Fuck me.
No, you know what? You need to take the moral high ground here like you know people feel cheap when you say money for folks
but if you say like this will make podcasting great again or you know it's you know it's a
catchy slogan like you know we're not going to give in to those, you know, or a highly collectible metal disc that's often used for exchanging goods for services or blah, blah, blah.
Will be your challenge coin that you can use in shops.
Yeah. Shaped like a 50 pence piece.
No. Oh, a Jubilee, a special Jubilee challenge coin.
No, I know exactly what it is.
We mint our host unknown NFT.
Yes.
And they get that.
All right, Jav, you're on it.
What?
Sorry, bad connection.
I've got to go.
Got another meeting.
See you guys later.
See you.
Got another meeting.
See you guys later. See you.
I've got a lovely bunch of coconuts. you you you you you you you you you you you