The Host Unknown Podcast - Episode 106 - God Its Early
Episode Date: June 3, 2022This Week in InfoSec (07:52)With content liberated from the “today in infosec” twitter account and further afield31st May 1999, Sega released the video game Zero Wing for the Sega Mega Drive syste...m in Europe. The game was never released in North America, and was relatively unknown until years later when the poorly translated opening scene was popularized on the Internet. The most famous mistranslation is the phrase “All your base are belong to us,” which went on to become a very popular Internet meme.1st June 1999, Shawn Fanning and Sean Parker released the filesharing service Napster. The service provides a simple way for users to copy and distribute MP3 music files. It became an instant hit, especially among college students. Just over 6 months later, on December 7, 1999, the Recording Industry Association of America (RIAA) filed a lawsuit against the service, alleging mass copyright infringement. Eventually this lawsuit forced the shutdown of the company on September 3, 2002, but not before the popularity of downloading digital music was firmly entrenched in a generation of Internet users.A year later, on 2nd June 2000: Napster Inc., makers of controversial MP3 file-sharing software, slapped pop-punk band the Offspring with a legal order Friday (June 2) to stop selling merchandise imprinted with the Napster logo, a source close to the band confirmed. NAPSTER TELLS OFFSPRING TO STOP SELLING BOOTLEG MERCHANDISE The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Rant of The Week (18:19)Vodafone plans carrier-level user tracking for targeted adsVodafone is piloting a new advertising ID system called TrustPid, which will work as a persistent user tracker at the mobile Internet Service Provider (ISP) level.The new system is in test phase in Germany and is intended to be impossible to bypass from within the web browser settings or through cookie blocking or IP address masking.The mobile carrier plans to assign a fixed ID to each customer and associate all user activity with it. The ID will be based on a number of parameters, so that the system will be able to maintain persistence.Then, the mobile ISP creates a personal profile based on that ID and helps advertisers serve targeted ads to each customer without disclosing any identification details. The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Billy Big Balls of the Week (29:08) ExpressVPN moves servers out of India to escape customer data retention lawVirtual private network operator ExpressVPN will pull its servers from India, citing the impossibility of complying with the nation's incoming requirement to record users' identities and activities.ExpressVPN offers software that routes traffic through servers that load their operating systems entirely into RAM and therefore leave no trace of users' activities on persistent media. The outfit suggests that's a point of difference to other VPN providers.ExpressVPN refuses to participate in attempts to limit internet freedom.But that design is a problem given India's recently introduced requirement that VPN providers verify customers' identity, retain their contact details, and store five years worth of data describing their "ownership pattern". The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Industry News (35:21)Third of UK Firms Have Experienced a Security Breach Since 2020US Academic Credentials Displayed in Public and Dark Web ForumsAirline in Turkey Exposes Flight and Crew Info in 6.5TB LeakThree BEC Suspects Arrested in “Killer Bee” StingMagniber Ransomware Now Targets Windows 11 MachinesEuro Cops Bust $47m Money Laundering OperationTwice as Many Healthcare Organizations Now Pay RansomEuropol Confirms Takedown of SMS-based FluBot SpywareConnecticut Becomes Fifth US State to Enact Consumer Privacy Law The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Tweet of the Week (40:46)https://twitter.com/eevee/status/1532207368062132224 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
I'm a bit unclear. Because it's a bank holiday, are we legally allowed to be quote-unquote working?
Not to sound racist, but where do you come from where you actually care about human rights?
I was going to say, doesn't work also imply that we're producing something of value?
Not necessarily. I know plenty of people that work and produce nothing value yeah mr c so
you're listening to the host unknown podcast Hello, hello, hello, good morning, good afternoon, good evening from wherever you are joining us
and welcome to episode, what is it, 106-ish?
110!
110, whatever. It's 10-something of the Host Unknown podcast.
Welcome, welcome one and all.
Gentlemen, welcome to you both as well on this lovely
uh bank holiday i'd say sunny but it's not it's like we're living in a tupperware bowl
unfortunately uh but um yep bank holiday nonetheless jav how are you tupperware bowl
well it's just white clouds all above you so it looks like somebody's put a big white Tupperware bowl over you
Oh
Okay, interesting
Have you not heard that one?
Never heard that one before
No
No Tupperware is this
It's this plastic stuff that you use to store food in
I mean I know
I know you're all living on takeaways
And looking deliver
i know what tupperware is i know what tupperware is but you know it's um never heard that phrase
honestly like you come out with the most outdated phrases ever it's a bit like the new tron the
recent tron remake and he goes in and like what's his name the original character he's there and he's still
using like phrases from the 70s and 80s like radical man so i was actually just google when
tupperware first came out it was 1946 so it was probably quite a big big thing for you at the time
yeah so
i could have said i don know, Pyrex or something.
Do me.
Anyway, enough.
God.
Jav, how are you?
Yeah, doing good.
Doing good.
It's been an interesting week because Monday was off for our American cousins because of Memorial Day.
And now we've got Thursday, Friday off over here.
So there's been very little overlap in the Venn diagram.
If you take into consideration time zone differences,
it's only been like four hours where me and the rest of my team
have been actually working at the same time.
So it's been a good week.
And actually having to talk to them as well.
Yeah, yeah.
A bit like you guys, but, you know, just part of the job, isn't it?
So stressful.
We all make sacrifices, especially on Friday mornings, it seems.
So, Andy, what about you?
Have you been having a nice stress-free time,
or are you still working out the sugar to tea
ratio uh i well i would say i'm feeling jubilant today i say on on many levels i hope uh absolutely
yeah like i say it's actually i wouldn't say it's a tupperware bowl. It's just a nice day in the UK, as it was yesterday.
And we have, what, six days of rain after today.
So, you know, enjoy it while we can.
We shall get out there.
It's half term week.
So much like Jav, obviously, US cousins are on leave.
And then a lot of the other countries that I work with also have holidays this week.
You know know certainly the
ex-colony countries and uh uh yeah combined with half term for the kids so a very just quiet all
round really yeah but uh yeah anyway how's your how's your day you still employed or have you uh
no not been fired you decided to pursue a different...
You're going in different directions.
That's right. I'm pursuing new adventures.
No, not been fired yet.
I was in the office Monday, Tuesday.
I took Wednesday off, which was nice.
Ended up walking around Bath and spending a bit of time in Bristol.
And then yesterday was literally just a house cleaning day.
Sorry?
I said Bath and Bristol sounds like a date.
Yeah, it was.
I mean, dating girls from Bath isn't so bad,
but I wouldn't date anyone from Bristol.
Oh, no, Terry.
Really?
Is that where you're from?
No, no, no, not at all.
Not at all.
That's where the girl was from.
He's getting very defensive about it all of a sudden.
What?
I'm sure the Duchess of Ladywell didn't raise no bath, Shagga.
I mean, like, let's...
Bath or Bristol?
Make your mind up.
Bristol. Bath's a nice part of town
Yeah sorry Bristol
Yeah
Can you edit in
Bristol
Into that
Bristol's very nice as well
There's lots of people there
That throw rocks at the moon
And stuff like that
They're a bit too much cider
When they're young
Yeah but I mean
You only have to go to the outskirts of Bath
To find some of them too
I mean this is the You know the west country after all um but uh christ there goes
our listenership from there um but yeah and yesterday was just uh house cleaning basically
because i've been in london all the time so uh yeah i got me got me marigolds on all my garam
molds whichever way you look at it and uh yes, it was quite a dull day, really.
So this was going to be my highlight of the week.
Wow.
Wow.
Jeez.
See what happens when you get old, Jav.
It's just terrible.
It's actually all kind of downhill, isn't it?
Now I sort of feel bad.
This is his highlight.
We should make it nice for him.
Oh, my God. In my twilight years. feel bad that's all this is his highlight we should make it nice for him oh my god in the
in my twilight years well i think we've passed those i don't even know what we're in now yeah
i have no idea it's almost i'm sure it's been it's the new dawn you know this is uncharted territory New Dawn.
Talking of New Dawn,
shall we see what we've got coming up for you today?
Well, let's see.
You can still vote for us at the European Cybersecurity Blogger Awards.
Can you?
Because I told everyone that it was done.
Up until today, I thought, wasn't it?
I don't know. Yeah, I don't know.
This is, yeah, I don't know.
Well, the link's in the show notes.
Click on it.
At least try.
If you haven't voted yet, at least try.
This week in InfoSec, all your base are belong to us.
Rant of the week warns us that every breath you take,
Vodafone will be watching you, not Gordon.
Billy Big Balls is a story of a company based in India calling the regulators bluff.
Industrial News brings us the latest and greatest security news stories from around the world.
And Tweet of the Week shows us the difference between hacking on TV versus hacking in real life.
TV versus hacking in real life.
So let's move on, shall we, to our favourite part of the show,
the part of the show that we like to call...
This Week in InfoSec.
It is that part of the show where we head over to our new sources oh no it's not it's that part of the show where we take a stroll down infosec memory lane with content liberated from the
today in infosec twitter account and further afield and this week we have gone much further afield and our first story takes us back a mere 23 years to the 31st of May
1999 when Sega released the video game Zero Wing for the Sega Mega Drive in Europe and although
this game was never actually released in North America it was relatively unknown until years
later when the poorly translated opening scene was popularized on the something awful
Website the most famous mistranslation is the phrase all your base are belong to us
Which went on to become a very popular internet meme?
So I don't know if you recall this one. Someone set us up the bomb.
Do you guys remember that?
No, but I do remember All Your Base Will Belong to Us,
but I don't remember the other part.
Oh, my dear.
You're going to have to find it.
This is, honestly, just one of the funniest things at the time.
Like, all the memes that came back was, yeah.
I don't even know.
If you don't know this you're just gonna have
to click the links in the show now go to the website or your base i'll belong to us.com
um in fact you know what you're probably gonna need flash to view a lot of this stuff so
maybe this is why it didn't survive the tale of time back in what 2000 when was 192 deregulated as a service you know when 118 came out all of that stuff maybe
2003 i think it was maybe around that time um we set up a call center in scotland where all good
call centers are set up and mr rice a friend of the show chris rice he wrote the software that
translated the incoming calls to, you know,
so you had incoming calls, people put in a search,
and then, you know, it would take you to the data that was there.
And Rice, he did a particular little Easter egg in that system
where if you asked for a particular company name in a particular location,
it would return the All Your Base Are Belong To Us sort of logo on the screen and so obviously he put this
into this system it went like this is national call center as well just to you know let people
know the kind of stuff he used to get away with with no uh um you know sort of sassed and sort of
you know qa change control um and then one night we were out drunk and he said hey i've got this
great idea put it on speakerphone
and then called the number 118 119
and asked this particular company in this particular location
and the operator just went silent.
And then they're kind of like, so we're not able to,
the system's just gone down, will we refund this call?
And so we were all laughing and then the next day
we had the error logging in
and someone saying look something really weird happened to the system like this this thing came
up on the screen saying all your base are belong to us i'm looking at it now actually
you know he's got to ring a bell now right yeah what happened mechanic somebody set up us the bomb we get signal what main screen turn on it's
you how are you gentlemen all your base are belong to us you are on the way to destruction
what you say you have no chance to survive make your time i don't know why you guys are laughing
this sounds like a regular whats WhatsApp chat with my extended family.
Do they enjoy All Your Base Belong To Us?
Yeah, they do.
It's just hit out there.
It's big out there at the moment.
Yeah, yeah.
Andy, you have these sort of chats, isn't it?
When, like, you know, back in Mauritius, like... Oh oh don't even get me started disputes over the land all your land belongs to us now
do you know what i mean this is actually going off topic but i um so a couple of what months ago
uh my cousin sort of messaged me said hey you know what size what size t-shirt are you and i
read it i'm like dude what the you know why are you even asking this you know, what size t-shirt are you? And I read it. I'm like, dude, what the, you know, why are you even asking this?
You know, and I didn't answer for a while
because I was trying to think in my head where he's going with this.
Then I got another one.
He said, don't worry.
He said, I've guessed.
And he said, if it doesn't fit, you have to lose weight.
And, yeah, next thing I know, I've got, like, this person's flight details.
And I'm like, what's going on?
Why are these people coming to this airport?
And my cousin's like, oh, you know, got a friend coming over.
She's going to bring you something.
And I'm like, why?
Like, why are you sending gifts?
Like, I do not need gifts.
They're like, something for you, something for your wife,
something for your daughter, something for your sister.
And I'm just like, dude.
And this was like a couple of months ago, right?
Since then, I've been trying to meet up with this woman. She lives in Streatham. for your sisters and I'm just like dude and this was like a couple of months ago right since then
I've been trying to meet up with this woman um she lives in Streatham and literally like I'm like
okay right you know let me know good time to come around preferably you know afternoons on weekend
now busy every weekend like you know can't do weekends absolutely busy everywhere so okay well
I kind of work during the week you know so day? Anyway, like long story short, it was this week.
I was like, if I don't get them this week,
then I'm just going to write them off, okay?
And so on Monday, I was like, okay, right, you know,
I can head over in the evening.
She's like, okay, cool, off to work.
And I sent a message saying, right, are you good if I head over?
And she's like, actually, I'm tired.
I'm going to bed now.
You know, can we do it another night?
I'm like, what?
And this is just honestly,
it's sort of like just dealing with Mauritiansians there's just no concept of time or like just sticking to you
know committed schedules or anything it's just yeah it's like in in africa time is more of a
suggestion rather than a um you know a measurement of uh any sort of thing. At what point did she say
all your baser belonged to us?
Yeah, that was the end of it.
That's how we got there.
All your gifts belong to us.
I'm very confused about
the relevance of that story now.
It's more about Jav going
on about russians and just
the disorganisation. In fact, just cut all this
part out. It's not relevant. I enjoyed it, actually. about Jav going on about missions and just the the disorganized in fact just cut all this part
out it's not not relevant I enjoyed it I enjoyed it actually anyway Tom did a no sell on that
I thought that was good I would have done the the rock selling the stunner on that honestly Alas, our second story is also from a mere 23 years ago, to the 1st of June 1999 when
Sean Fanning and Sean Parker released the file sharing service Napster.
The service provided a simple way for users to copy and distribute MP3 music files.
Obviously it became an instant hit, especially amongst students. And just over six
months later, on the 7th December 1999, the RIAA, or the Recording Industry Association of America,
filed a lawsuit against the service, alleging mass copyright infringement. And eventually,
that lawsuit forced the company to shut down on 3rd december 2002 but
not before the popularity of downloading digital music was firmly entrenched in a generation of
internet users uh changing the phase of music collection forever uh which i think we can all
agree with it's interesting how uh a technically illegal service actually did change, as you say,
the music culture and the music listening culture of the world?
Although it was actually legal at the time,
and I think this is what people sometimes forget about the good old days with Napster.
They didn't just launch as like, you know, Pirate Bay.
They actually did find the loophole in the whole copyright infringement
thing because they were not actually hosting any files yes um so they were providing links to other
people and this is where you know they were legitimate company um at the time at the time
of launch they were legit um you know they had offices and everything um to the point where you
know they were an incorporated company and it was almost a
year to the day after they launched uh second of june 2000 napster inc um they actually slapped
pop bank the offspring with a legal order to stop selling merchandise imprinted with a napster logo
because that infringed their trademark so you know they were actually set up as a legit company.
And it was the RIAA that actually changed,
you know, the whole industry had to change the definition of copyright
in order to sue them.
And who was the band that went up against Napster?
That was Metallica.
Metallica, yes.
Metallica, that's right.
that was Metallica Metallica, that's right
they like took a personal
court case
against them didn't they or something like that
yeah and that was, I think we covered it
a couple of episodes ago when
Sean Fanning turned up at the
MTV Music Awards wearing a Napster
t-shirt, said that he'd borrowed it from his
friend
that's right.
That's quality.
Genius.
That's quality.
Yeah, Napster, that really does signify the late 90s, doesn't it?
It's a real sort of emblem of the 90s.
Excellent.
Well, thank you, Andy, for this week's.
This week in Info This is the podcast
the Queen listens to
although she
won't admit it
and given us this is Jubilee
week, Your Majesty, if you are
looking to sponsor
an up and coming
potentially award winningwinning global podcast,
look no further.
I think we'd be right up your street.
Shall we move on?
Yes, I think it's time to get a little bit angrier.
Big Balls of the Week.
so this week andy has chosen a doozy for me absolute doozy i only had to read the uh the headline to already get angry vodafone plans carrier level user tracking for targeted ads
i i was i got so upset about this i actually clicked on the link to read the story.
That's how bad it was. I know, I know. I actually did some, in adverted commas, research.
By research, I mean clicking on the link, obviously. So effectively, Vodafone is going
to be piloting a new advertising ID system called TrustPid,
which automatically makes you think it's untrustworthy.
You have to include the word trust in it.
Yeah, exactly.
Anything that includes the word trust or safe or child or something like that
is already picking at your emotions, trying to get you on their side.
But what it does is that it allocates every single user on the Vodafone network a unique ID
as a persistent user tracker at the ISP level. What that means is it doesn't matter what your IP address is, if you're on your
phone using the Vodafone network, even if you fire up a VPN, because it's actually operating at the
ISP level, you're still going to be tracked. They're still going to work out what sites you go to and therefore offer up targeted ads.
It's currently being tested in Germany.
Absolutely impossible to bypass.
And effectively, it's because Vodafone is saying,
well, everybody expects a free internet,
and this is how you get a free internet.
It follows on the heels of apple's apple's um blocking and
privacy uh setup of uh which basically broke facebook's um uh business model so it's follow
on the heels of that it broke it so much that facebook actually couldn't afford all the letters
that made up facebook and had to rebrand themselves.
To put a value on it, I think Apple or Facebook reckon Apple cost them $10 billion a year, don't they?
It wasn't a small amount of money.
That's what your data is worth.
So just to clarify, Tom, if I go into incognito mode on my browser,
will they still be able to track me
yes if you're on the vodafone network and currently in germany um so it's amazing they
chose germany of all places because germany has so strict rules so yeah i'm surprised they get
away with it maybe there was i don't know some little insider
you know backhanders going on or something who knows but uh yeah it's it's been panned all round
and um you know even you know members of the european parliament are against it um you know
uh who's it patrick brayer said these schemes are totally unacceptable and the trial should be
stopped democracy is not for sale.
You know you're in trouble when you've got politicians saying things like that.
But the key thing is here, these profiles, these personality profiles,
he said even cover political opinions, sexual orientation, medical conditions,
and are therefore a risk to privacy and national security.
You know, where officials can be blackmailed uh elections and referendums can be manipulated all that sort of thing of course
vodafone is saying that you know the uh the trust pids are generated through randomness
its subscribers will have options to manage their consent blah blah blah but it's just
will have options to manage their consent, blah, blah, blah.
But it's just, you know, it feels like just as we seem to be getting a little bit of control back, you know, and Apple is part of this.
Google is going to be doing a very similar thing to Apple
by switching off its advertising cookies in Chrome by 2023.
So even Evil Corp itself is, is you know is going along with this um it seems just
as we're getting some control back it's it's rested away from us at the last minute uh by
carriers like vodafone and this is really concerning it has to say i'm on vodafone what's
really weird is that you know the whole argument about keeping the internet free the isps are the
ones that charge money for you to go on the internet anyway like if you're a vodafone user you pay them a monthly
subscription fee or if you're at home don't pay that to advertisers do they that or you know to
basically they're saying if if we're all used to a free internet um and if we don't do this then
everything has to go behind paywalls and
blah blah blah this effectively saying this is the price you pay for a free internet
it's not a free internet though that's that's the point you it's um you know oh well i don't think
it would be a bad thing to put stuff behind paywalls and what have you. There's so much crap on the Internet.
I, you know, I don't see why.
I don't think it's a strong enough argument.
Well, it's it's an interesting one because, you know, you say that.
But services like Facebook and, you know, and I'm as you know, I'm no supporter of. Services like Facebook,
you're actually reducing the access and equality of access
to certain types of information.
And it's a quandary.
It's a dilemma, to say the least, because you want it.
If the pandemic showed us anything, it showed us the internet
and broadband services, et., are a utility like gas and water and electricity in the sense that you need it in order to survive and work and be a member of society and all that sort of thing.
going to start demanding that people or if organizations, Twitter, for instance, if they said, OK, we're now going on a subscription model, the people who would suffer the most
are not the three of us.
It's the people that, you know, can't afford to spend 20 quid a month on Twitter or whatever.
And so they're going to be disconnected from a huge community of like minded people.
So it's really challenging.
I think you're mixing...
It's not a one-dimensional issue is what I'm saying,
but what Vodafone are doing is not the right way.
No, you have a slight, you know, element off a point there,
but, you know, you're looking at it completely wrong.
And I think by using Facebook and Twitter twitter examples you went down completely the wrong route
because those they don't need the isps they have their own ways of gathering the data and uh
and everything i think the fundamentally though the issue is that you need a better business
model for the internet than just monetizing personal information absolutely that's what it could that's what that's
where the crux of the issue is and what this all seems is that you put in regulations or you put
in some controls to stop tracking and then they'll just come up with a different tracking way because
they're too entrenched in their ways to think of a different way to monetize it and it doesn't need
to be uh payment like as in physical payment but there are
other ways you can or could go about it but you know it's just we're so used to uh convenience
there was an episode of black mirror where you had to do physical exercise to to gain social
points maybe we should issue all the poor people with exercise bikes. Or Andy. Give the data to Vodafone.
No, you're either afraid of exercise
or being considered poor.
One or the other.
Well, I know I'm poor.
This is the man who, just before we started recording and andy's going through oh i've got these uh direct debits coming up this month and therefore services
he never has used in his life they're like oh this is a good black friday deal 30 pounds a month and
have i ever used it nope and there's you know we are
recording today because i pay for one of these services that we never use so you know this is
why i have this redundancy going on that's that that 400 quid you've spent over the last 18 months
is worth every penny for today's episode it is today and last week let's let's not forget last week as well that's
true he also had technical challenges last week yeah see and he's the kind of man he's got another
house on the other side of town just in case the house is living in catches fire or something
and it's all kicked out with the exact same thing yeah it is some different part of the grid you
know fault tolerance you know and and you know his his family over, you know, fault tolerance. You know, and his family over there,
you know, they're from completely different backgrounds
just in case he feels he has to disconnect from one
and move to the other.
You know, he's got a dog in this house,
he's got a cat in that house.
Everything's just, you know, squarely mirrored away.
It's very good, it's very clever.
Anyway, Vodafone. It is. everything's just you know squarely mirrored away it's very good it's very clever anyway
stop being a you know stop being assholes and deal with this this is not the right way to go
rant of the week
recording from the uk
you're listening to the host unknown podcast well we're certainly not going to be recording
from germany in the near future are we no no absolutely not not when they can track us like
that yes right god knows what they might find out about us anyway uh, let's move on to this week's...
Well, well, well.
So if you ever watch YouTube,
you know that every influencer will tell you to get a VPN
because, checks notes,
you can then watch Netflix shows
from when you're not in the country that it's not available in. Apparently, that's the only use of
VPNs. But, you know, there are some other other reasons and people use them to evade some snooping
governments or just for their own privacy or bypassing those geo locks
that some of their favourite content streaming providers put on.
But in India, they have been rolling out
their stringent new cybersecurity requirements.
Absolutely stringent.
Oh, these are the 4D printing ones, yeah?
Yes, yes. The ones we covered last week
and um so one of the the requirements is that um vpn providers must verify customers identity
retain their contact details and store five years worth of data describing their ownership pattern.
Jeez.
Can you imagine if this was happening in China, you know,
with people trying to...
Yeah.
Or any sort of countries with openly oppressive governments.
Yeah.
As opposed to just subtly oppressive governments.
Yes.
as opposed to just subtly oppressive government yes um you know and um
as you can tell this is like a hard hard task for anyone to fulfill and a vpn the whole purpose of it is like to maintain you know lack of identity and contact details and not store years and years worth of data um so one company in
particular express vpn states that it's all ram design makes compliance with india's rule
impossible because it doesn't store any log of user activity um so they actually then went and put their money where their mouth is uh they refused to
participate in the this is their statement the expressvpn refuses to participate in the indian
government's attempt to limit internet freedom because we know if you throw in the word freedom
in there everyone gets all riled up um and in a cruel twist of fate i i love the irony i i'm sure in this on this jubilee
weekend the her majesty would love this uh the company's remedy is to offer its indian user
servers located offshore as alternatives uh and those servers will be named India via UK or India via Singapore
so so yes India now looks to the UK as one of its offshore data processing centers
that it was only a matter of time right only a matter of time, Mike. Only a matter of time. Imagine getting through to customer support.
What is your real name?
John.
No, it's the equivalent of, you know,
India's going to be or Indians are going to be calling customer support
and getting put through to some Geordie from Newcastle.
Yeah.
Trying to pretend that they've watched the latest, you know,
Indian TV show the night before.
And the Indians will be saying, I can't understand a word they're saying.
Did you watch a Bollywood last night?
Yeah.
My name's Gupta.
Exactly.
exactly I mean it's
but it's
it is funny how it's
life is just a cycle
at the end of the day
it is
it is
so
the new rules
India's new rules have been widely
criticised as being impractical
and impinging on privacy.
And in response to the criticism,
the Minister for Information Technology, Rajiv Chandrasekhar, said,
if VPN providers don't like the rules, they can leave India.
Wow.
Basically, he said, get off my my lawn he was basically go back to where
you came from that's terrible it's almost more like when a girl dumps you and like
you know girl says oh it's over say well it can't be over because i'm dumping you. Yeah. You can't fire me, I quit. Yeah, exactly.
Yeah.
So I think Rajiv Chandrasekhar,
I wouldn't be surprised if he's, you know,
touted as the Jacob Reek Moose of India or something like that.
The Jacob Moog Rees.
Yeah, whatever.
I always forget his name.
I would not do him the courtesy of actually learning what his proper name is.
Honestly, that's fair enough.
That is fair enough.
Dear me.
Michael, well, you know, in a rare moment, I'm going to agree with this.
Billy Big Balls.
It's good.
It absolutely is the right thing to do.
Hopefully it doesn't deny Indians the benefits of the ExpressVPN service as such.
But yeah, absolutely, right on.
Billy Big Balls of the Week.
The Host Unknown Podcast.
Orally delivering the warm and fuzzy feeling you get when you pee yourself.
We haven't got any more Queen or Jubilee jingles or fanfare music or anything like that because we ran out of time.
And talking of time, Andy, what time is it?
It is that time of the show where we head over to our news sources over at the infosec pa news
wire who have been very busy bringing us the latest and greatest security news from around the globe
industry news
third of uk firms have experienced a security breach since 2020 industry news
u.s academic credentials displayed in public and dark web forums.
Industry news. Airline in Turkey exposes flight and crew info in 6.5 terabyte leak.
Industry news. Three BEC suspects arrested in killer bee sting. See what they did there.
Industry news.
MagnaBur ransomware now targets Windows 11 machines.
Industry news.
Eurocops bust $47 million money laundering operation.
Industry news.
Twice as many healthcare organisations now pay ransom
Industry News
Europol confirms takedown of SMS-based FluBot spyware
Industry News
Connecticut becomes fifth US state to enact customer privacy law
Consumer
Industry News And that was this week's Enact customer privacy law. Consumer. Industry news.
And that was this week's...
Industry news.
Huge, if true.
Huge.
Huge.
I'm actually trying to figure out who the other three...
I know of the California Consumer Privacy Act.
I'm trying to think of the other states in the US.
What? Copper? CCPA. consumer privacy act i'm trying to think of the other states in the u.s uh what copper ccpa it's the the california one oh okay because there's two coppers there's copa and coppa
one is a um a children's privacy act and there's another one i know i can't remember
um but no there's a whole bunch of. Something like two-thirds of states have enacted similar privacy laws.
Well, I wouldn't say it's two-thirds if Connecticut becomes a fifth.
Yeah.
Oh, yeah.
I thought, no, maybe it's something else I was thinking of.
You're thinking about gun laws.
Well, yeah, probably.
We're allowed to carry automatic...
I've been thinking about that a lot recently.
Yeah, that would be two-thirds of states.
Yeah, that's right.
No, there was another act.
Maybe it was...
It doesn't matter.
It doesn't matter.
California, Virginia, Colorado.
I see.
All the hippie states, basically.
Yeah.
Is there a correlation between legalized marijuana and
privacy of yeah that's right if i smoke this i don't want anybody to know about it well let's
let's go and do a spurious correlation yeah oh man i did like the um killer bee sting headline
i haven't clicked on it yet but you like what they did with the headline.
I like what they did there.
I like what they did there.
Ransomware targeting Windows 11 machines.
Windows 11's been out for months.
What have they been doing up till now?
They're still getting so much success with Windows 10 and below.
Yeah.
And Vista.
And XP.
My takeaway from this week was
if you are targeting ransomware,
then go for healthcare companies.
Yeah.
Because they seem to be paying,
well, paying twice as many as anyone.
I reckon they found that it's cheaper to pay the ransom
than it is to recover data.
Yeah. Because the amount of than it is to recover data.
Yeah.
Because the amount of time it takes to recover and all that sort of stuff,
you know, with reinstalling everything and all that sort of thing,
that takes time and effort, which costs money.
So I reckon they've done a cost-benefit analysis and worked out it's cheaper to pay.
Yeah.
Probably, yeah.
And it doesn't come out of the CISO's budget as well
yeah it does
surely it does
no afterwards
when they have to
actually install
you know actually
then create new processes
and
ways to protect
in the future
but for now
yeah
well whose budget
would it come out of
like legal
corporate slush fund yeah yeah CFO Yeah. Well, whose budget would it come out of? Legal?
Corporate slush fund.
Yeah.
CFO.
It's their headache.
Well, it's the workers' bonus fund.
Or Christmas party fund.
What bonus fund?
Andy asks.
Yeah, this is the US.
Well, you know, know More people have had bonuses
If they didn't get hit
By ransomware
This is
This is like a slow news week
Isn't it
It is actually
Not very interesting at all
Well that was
This week's
Industry News
It doesn't matter
If the judges were drinking
Host Unknown Was still awarded Europe's most entertaining content status.
Three more weeks we have.
Three more weeks.
We shall milk it.
We shall milk it.
We're going to be listening to just those for the next few weeks.
Right, let's round us off now.
We're into the last few minutes
with this week's
Tweet of the Week.
We always play that one twice.
Tweet of the Week.
And I shall take us home
with this week's
Tweet of the Week
from Evie.
And they explain the difference
between TV hacking
and real hacking.
So on TV hacking,
I just need to get past their firewalls.
Damn, they're using a rotating IP address.
I can't decrypt it fast enough.
Versus real hacking.
Hey, Sharon, this is Jim from IT.
We're seeing some weird stuff with your account.
Can I get your password to confirm it's you?
Quality.
So true.
So true.
Quality.
It's all so glamorous on TV.
The two keyboards.
Yeah, the two keyboards.
Even just the small things, like you go into their data centres
and everything's so pristine and no loose cables anywhere
and there's no fumbling around.
Something like that?
Yeah.
No, mine definitely didn't
and like you know oh i've got the wrong key for the wrong server cabinet then
trod trod trod like half a mile back to the front oh as if you actually lock the gates
yeah exactly just rest it on the side don't let anyone know it's not really locked
because it's too much hassle to remember the combinations
oh dear that's like there's a there's a time i had to go do like one of these hsm key
ceremony things like you know renew like the keys on it i'm being vague because i still don't
understand how it actually works but did you actually have to take the keys to a bank vault because i remember having to do that in
2002 so basically they had this segregation of duties principle in place to keep the key super
secure so i had half of the key in a sealed envelope and this other guy had uh the other
half of the key so we we get to the data center and we sat there all day like in the cold
like and he was super prepared he bought a blanket he had snacks he had tea no no and i was there like
shivering away like was he just stuffing his face and drinking a thermos of tea in his blanket
while looking in the eye while you were just stood there in your in your t-shirt
pretty much pretty much and then we get the call about three hours later from the project say okay
you can you can do the keys and what have you so he had the first half so he went up to the keyboard
and you know it's all unlocked and ready and he types it in and then it goes your turn and i look
at my piece of paper i look at the
documentation i just hand in my part of the password you do it my fingers are too cold yeah
like yeah that's how we normally do it when you said ceremony i really expected there to be robes
and you know like you know fires burning in the corner and stuff like that.
That's how it should be done.
It should be with a lot of fanfare.
Yeah, absolutely.
Excellent.
Thank you very much, Andy, as always, for this week's.
And that brings us to the end of this special
Jubilee edition of the Host of the
Known podcast. Jav,
thank you very much.
You're welcome, as always.
You sound so
thrilled to be here every
week.
I just know what's coming up next
is my line's being stolen.
That's what's happening.
Well, steal it back.
Or start eating Haribo.
You know, do something that Andy's shtick, you know?
Steal it back.
That's like how the Brits responded when India asked for their crown jewels back or something. Like, no, this is ours now.
We stole it legally.
You do know you've got a British passport, right?
That's you in there.
That's your heritage in there as well.
That's one thing I'm stealing back, isn't it?
Andy, thank you very much.
Stay secure, my friend.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
Worst episode ever.
R slash smashing security.
So, Jazz just pissed off.
Andy doesn't want to be described as poor.
Oh no, I don't mind being described as poor.
It's the exercise.
It's the exercise part.
Mandatory exercise, man. That's another level.
I don't need this kind of oppression. I'm moving to India.
You know what you need to do, Andy?
You need to go and just like rock up at the doorstep of that,
the relative or the friends of the relative who's got your stuff
and just knock on the door and say, I'm here to pick up my stuff.
That's how you handle more issues.
So I've already got it now.
I did.
I rocked up.
Yeah, they weren't there.
And I was like, look, I'm here.
And she's like, OK, I'll be back in 20 minutes.
So what was on the T-shirt?
Oh, nothing.
Just plain T-shirts.
Bright African colours.
Nice plain T-shirts.
Primark logo on the inside.
Well, that's the irony, right? You get stuff over here in Primark and it says, well that's the irony right
you get stuff over here in Primark
and it says like Made in Mauritius
yeah