The Host Unknown Podcast - Episode 12 - Where Did All The Money Go?
Episode Date: June 26, 2020Where Did All The Money Go?Shit got real in this episode; we covered:Front doorsA house that looks like Hitlerhttps://i.dailymail.co.uk/i/pix/2016/09/08/11/380E25DA00000578-3779485-image-a-86_14733291...02921.jpgMonopoly Billy Big Balls moveshttps://www.npr.org/sections/thetwo-way/2010/06/how_to_win_monopoly_in_21_seco.htmlSmiling for capitalismOut of work accountantsJavvad pulls no bunches Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Troy Hunt, really.
You're listening to the Host Unknown Podcast.
Hello, hello, good afternoon, good evening, good morning, welcome from wherever you are.
This is the Host Unknown Podcast and gentlemen, welcome. Hello, Andy, how are you?
Good morning, Tom Tom I noticed the way
you zoomed through that intro there good morning good afternoon good evening purely because this
is not the first time you've had to say that. No no we did have some technical difficulties
this morning I blame Jav and his lack of carbs and mood swings to be honest with you. Jav how are you?
And his lack of carbs and mood swings, to be honest with you.
Jav, how are you?
Like I already explained to you guys, but now I'll repeat.
I'm not hangry because Ramadan ended ages ago.
But the last week or two, I have been on kind of a bit of a diet.
And the lack of carbs has caused some interesting reactions that come out in weird ways. It's not quite full-blown Tourette's yet,
but don't be surprised if you have a bit of editing to do.
So lack of carbs, you're just cutting carbs out of your diet then?
Well, it's carbs, it's all sugars and all processed food.
It's literally nothing left.
I was going to say, so you're just drinking water all day right and and and sucking on rocks
yeah well you know it's maybe a cheeky handful of gravel every now and then too much too much carbs
yeah i know i know it doesn't register for you andy but you know so well as jav always tells me
once on the lips and forever on the hips.
So, you know, it's, you know, and as a man who's carrying a lot around his hips, Jav does need to be careful.
Well, out of the three of us, I think I'm not, I'm at least in second place.
I don't think.
Yeah, well, I'll just quarantine you right in first. yeah well you definitely talked to right
well yeah this is an infosec podcast not a health and well-being one because if it was
a health and well-being one our audience would be dead by now well look that you say that but
the parallels are are there you know just like and InfoSec, when you have a complex query,
no one can diagnose it.
You go to different consultants, you're going to get different opinions.
And no matter what you do in the end, you're going to die.
That was quite heavy.
I could hear that analogy twanging through the air
as it was being stretched beyond its elastic limit.
Tripping over nothing to bang against the walls
before it finally got out.
That's a poor analogy.
You guys don't really get how analogies work, do you?
Yes, I do. Sharks yes sharks coconuts toothbrushes come on dude what i can do is tell when an analogy doesn't work and i think that was a prime example
of one so andy's the type of manager you would never here we go so i is like a yo mama
I've worked for people like
Andy in the past
never again
because
the type of person that doesn't tell you
what's right or what they want
but as soon as you produce something
they'll say that's not what I want
it just doesn't scan
the lyrics don't scan
right can I help it if i prefer to work with
psychics right okay you guys have got your own people you like working with i like people who
can read minds okay that's my my area so so let's move on so um in in other news uh host unknown is
looking for a new third presenter for the podcast moving forward.
Jav and I will be accepting applications.
Anyway, let's move on.
This has gone down a comedy cul-de-sac rather quickly.
Happens a lot when you're driving, I tell you.
Hey, the sat-na nav tells me where to go the satirical sat nav tells me where to go anyway so what's uh what's been going on this week
what's uh what you've been up to andy uh it's well standard week really it's busy uh life in
Well, standard week, really. It's busy. Life dealing with clients, which is, I guess, a big part of my day job.
So particularly in Australia, we've had challenges with something called CPS 234,
which is a standard that bank financial institutions or particular regulated entities have to follow um and i mean this sounds really boring but you know
we've got a lot of clients attempting to flow down uh you know requirements of uh two three four
and as with any standard when it comes out they uh you know interpret it in different ways
um so let's just say that's been challenging uh you know you never want to tell clients how to
how to interpret something but equally uh you know when it's to tell clients how to how to interpret something but
equally uh you know when it's going to affect you you have to kind of say look guys this
that's not how we're reading this don't you have people to deal with that for you though andy
uh no unfortunately not i am um i'm one of the little people i uh i like to roll my
i like to roll my hands this. I like to roll my hands up. We should get this guy on for the section at the end.
I like to roll my hands up and get involved in work.
I'm not like you guys.
Sorry, you like to roll your hands up?
I like to roll my hands up.
Get involved, you know.
Get involved.
Unlike you guys who are, I think, excellent delegators,
I'm always out on the field with the other soldiers.
Yeah, getting shot.
Yes, that's the risk.
I wouldn't ask anyone to do anything I'm not prepared to do myself.
Oh, same here. Just don't ask me to do it.
Although it was...
So the way you opened the show with uh good afternoon good morning good evening
um bearing in mind we've been in quarantine for you know a fair few months or lockdown for a fair
few months people still working from home uh it was just this week in passing my wife actually uh
commented how humorous it was that i get so confused that uh she hears me sometimes in the
morning opening conversations with uh good afternoon or good evening.
And then in the afternoon, she hears me saying good morning.
And it never dawned to her that I'm actually speaking with people
in different regions.
Oh, it's just my husband going slightly stir crazy.
Exactly.
Oh, that's sweet.
Yeah, she kind of gave me time for us.
I was like, that was i was
talking to people in india in the afternoon i was talking with people in california but uh you know
i think spouses are learning a lot about their uh you know their partners home working or working
environments so you're trying to say that unlike most other brits, you don't speak slower
and louder
when you're speaking to foreigners.
Chips and egg twice.
Scan
the port now.
The
Linux don't scan.
We heard that one here.
Oh, dear.
Mind you, he did say we were talking a different language.
Yeah.
That part, okay, I can joke about everything apart from those lyrics.
So, how have you?
I see you've been DIYing it again this week, Mr. Langford.
Yeah, yeah. I took all the door furniture off our front door
and stripped it, sanded it,
and repainted it,
and put all the new door furniture on.
So yeah, that was a fun day and a half.
And was there a driver for that?
No, no, a paintbrush.
Oh, right. Have you got it?
It's just a job that had been waiting to be done for so long.
Since you moved in.
Not far off.
The paint we'd bought for it hadn't been opened
and it had gone off and was solid in the tin so
i had to go out and get some more paint and then decided i really need to do this now so so yeah
just uh waiting for um a dry couple of days because obviously it's the you know the outside
of the door you don't want it being rained on uh and it's come out uh all nice and everything so
uh yeah that was quite an interesting
little project it did look good and i noticed um so you obviously sent us a picture of the finished
article um and you didn't take one before so we had the uh we went to the power of the internet
didn't we we looked up you went up to an image that really was quite old so in fact the door
looked a lot worse than there.
And I know it was so old because my, you know,
dead for five years cat was on the wall.
It kind of puts a timestamp on.
Yeah, it does.
Either that or the ghost of your cat inhibits all the fun stuff.
That's right, yeah.
Which then, as you rightly say, prompted a round of
let's look at each other's front doors.
It was like a game.
It was great.
Except there was, you know, like when there's snitches on TV
or, you know, in police stations where they sort of black out
the face of the informant.
Yeah.
And that's kind of what happened when we tried to look at Jav's house, wasn't it?
Yeah.
He's had it anonymized.
No.
So you can go down his street and there's just a big blob where his house should be.
Yeah.
Yeah.
It's like that when you drive down there as well.
It's like the military bases, isn't it?
You look at the satellite images there's the desert
there's absolutely nothing one road going in a massive black square and then the road ending
going out the other end nothing to see here no i don't even know who done that i i didn't do that
i don't at least remember doing that and it's a sign of age mate my neighbor's house is blotted out so i think that he must have done it
and he might have done my house as well i i don't know unless it was done by a postcode or something
like that it's but well unless you've got a postcode for your own house that's yeah yeah yeah
yeah no you know those pictures that float around the internet about you know things that look like
hitler and there's that house that looks like Hitler with the way the roof goes to one side,
the black roof goes to one side and the front door is black and the rest of it is white
because it looks like his little moustache.
I wonder if that's why your house has been blurred out, Jav, because it looks like Hitler.
No chance of that.
No, especially after all the extensions we've had. It looks
probably more like Frankenstein than anything else. Frank and Hitler.
Oh, dear. Right. Well, I think we need to move on to something other than just stuff that we
find funny. Why don't we look at...
Oh, yes, here we go.
I know what we're going to move on to.
Billy Big Balls of the Week.
This week's Billy Big Balls of the Week,
as far as I'm concerned,
is these two gentlemen that have worked out that you can win
a game of monopoly in nine moves and 21 seconds not possible no no it's at least seven years
exactly it's a to decimate my little sister yeah um well i that was exactly my response when um my son
showed me this story yesterday i said don't be ridiculous you silly little adolescent um this is
you know listen to your old man i have many many, many, many years of experience of playing Monopoly.
21 seconds is how long it takes to even just work out who goes first.
Yeah.
Let alone play the game.
Well, it's like five minutes just to argue
over who's getting the boot, isn't it?
Yeah.
Yeah, exactly.
Well, maybe that's what seven of these seconds were.
I don't know.
But so I argued against it. was you know talking about you know
you physically couldn't move your hands fast enough to change the money did that all that
sort of thing um and i just could not see it i mean as we all know monopoly games were on for
days let's face it so he destroyed families yes exactly he then showed me a video and it was people playing
and they were rolling the dice and making their moves.
And obviously they were pre-planned moves.
This is like a mathematical model more than anything.
And they did allegedly finish it by the time, you know,
within 21 seconds.
And I said, yeah, but ever come on there's so many different
variables here and then he showed me the playlist um you know literally move you go to this place
move you know you roll a double six move here roll a double six move here you pick up this do this
etc uh and it keeps a tally of the money etc and then all i had to cling to was well they're
playing the american version because
it's like you know land on boardwalk do this etc at which point i was um promptly reminded
that monopoly was originally created by um an american and was an american guy really
so how would they know about park lane and uh Mayfair and all those kind of things? It's almost like they sought some things out.
So here's the deal.
So bottom line is he was absolutely right.
You can do this.
You have to move very quickly, obviously.
The odds are very, very, very slim to the point where I can't even say the number.
Right.
It's like three, six, nine. There's 15 digits say the number Right It's like 3, 6, 9
There's 15 digits in the number
And the first 3 digits
Are 253
So it's not like
It's not like 4 move checkmate
This isn't something you can do
At will
You need everything to align
You need the stars to align
So this is Statistically it can be done, you know?
It sounds like many DEF CON or Black Hat talk I've seen over the years.
Do you know we can completely hack you if you are running this version,
you're missing this patches,
and I have physical access to your computer with a FireWire cable?
Yeah, that's right. And the security guards are on their break and and you have a parallel port yeah and someone wrote the password on a post-it note and stuck it underneath the keyboard
so it's quite fascinating so it's a father and son and they reckon, so they have actually said there have been some proposals for some methods that are shorter.
So we're going to have to check those out to see how they actually fare and if they follow the rules or not.
But we're confident we're in the top handful, even if we're not number one.
So 21 seconds and nine moves and they're still
saying they're probably not the fastest i wish i had that kind of relationship with my kids
that we could sit down and work out complex problems they're both adults and scientists
so let me you know but yeah so it's it's nine moves across four turns, if you see what I mean.
And let's just say there's a lot.
The first two moves are double sixes for a star.
Roll number four is a double two.
Roll number seven is a double two. Do you know what I mean?
So it's got to be absolutely right.
There's an alpha move there.
Yeah.
And the reason why I like this as a Billy Big Balls
is it's just like
Dad, do we have to play Monopoly?
It's just such a long, boring game
at which point Dad goes
Oh yeah
and then they work out
probably over the lifetime of that
son's childhood
how to play it
as quickly as possible Over the lifetime of that child's childhood how to play it as quickly as possible.
Over the lifetime of that child's
childhood.
Then they become an adult.
Fair enough.
I realise what I said.
So, yes, that was my
Billy Big Balls of
the Week.
Very good. I enjoyed that one.
That was interesting. I'm trying to think how we could relate it to InfoSec. of the week. I was thinking, I think I know why my games Monopoly take so long. It's because I only play with one dice.
So I never have the opportunity to roll a double six.
It's a, you know, the highest number I can go to is a six.
Do you know what?
I think that's right.
I think we only play Monopoly over here with one die.
Yeah.
I don't know.
I'm going to have to open up our Monopoly box and find out.
Blow off all the dust first.
Yeah, that's right.
And then I'll be back next week saying,
20 seconds, eight moves.
No, no, no.
We don't want to hear about your sex life, Tom.
Perhaps we should get off this subject
and reach out to our reliable sources
over at the InfoSec PA Newswire.
Industry News
DCMS details online harms bill
as age verification faces potential revival.
Industry News Online harms bill as age verification faces potential revival. Industry news.
Praise for online harms plan. Action needed on fake news.
Industry news.
Medical devices among most risky to security.
Industry news.
NCSE. One million phishing messages reported in two months. Industry News. NCSE, one million phishing messages reported in two months.
Industry News.
And that, my friends, was this week's...
Industry News.
That was a selection, a veritable buffet of topics there. It was, although, you know, forgive me for questioning our industry news stig,
but weren't the first two basically the same story?
They sound similar. I'm actually, I'll be honest.
I mean, we might have to read them to find out.
Yeah, so I'm not close to the online harms plan.
I am Googling that as we speak are you are you for it
in that case uh again i do not know what it is so i uh reserve judgment before uh you know you
this is uh like one of those things you know where they set up a stool in the street
and they list all these chemicals and ask people to uh you know sign a petition to ban it you know
it can cause death in large and basically it, it's all the scientific names for water.
And people are just signing a petition to say,
yeah, ban it.
You know, in large doses, it can kill you
and stuff like that.
In 100% of cases where people have been exposed to it,
they die.
Yes.
Yeah.
Oh, dear.
But no, that was good.
That was good.
I'm hoping that our News Stig keeps on producing
I'm hoping that
said
Industry News Stig's bosses appreciate
one, he, she
has been syndicated
into the Host Unknown podcast
in order to reach
you know, at least
seven more readers
Exactly, yeah reach you know at least seven more readers exactly yeah
you're listening to the host unknown podcast more fun than a security vendor's briefing
and talking of sponsorship well we weren't talking of sponsorship,
but actually I want to talk about sponsorship.
This episode is now sponsor free as we have discharged all of our responsibilities to last week's sponsor.
Thank goodness they were getting a little bit leady, if I'm honest.
Did they drop us or did we just to clarify?
I'm not entirely sure.
I mean, I put the check in and it just it bounced for some reason.
I'm not sure.
So, yeah, we're absolutely categorically not going to mention Smashing Security with Carol Terrio and Graham Cooley this week,
because to do so would be to give them some free uh advertising and
sponsorship so so just to bear that in mind gents no more mention of smashing security carol terrio
or graham cluley that shouldn't be too too difficult to do i mean i never mentioned smashing
security and i can't stand graham cluley carol's okay but we're not mentioning her either no and
why would we want to give free air time to
the second best infosec podcast uh filmed out of the UK yeah I mean which actually second which
one is the second best well Smashing Security isn't it okay yeah I just I just wanted to clarify
yeah I wasn't sure if there was second or third but no I think they are second best I mean if
anyone disagrees I mean you can go check it out on smashing security.com and you can judge for yourself absolutely or um you can check out their twitter feed which is uh
smashing security without the g um because twitter wouldn't let them have the g no apparently not
apparently that's that's harsh that's harsh you know i think i think uh you know twitter should
be supporting their you know their their customers and customers and their podcast heroes
and not letting them have a G
I think is pretty poor.
Is it what, pay by the letter now?
Anyway, so
sponsorship wise
we're looking for sponsors.
So yes, let's
run a jingle that could
be you.
Host Unknown, sponsored by Insert Name Here.
Well, that was beautiful timing, whoever opened that can of worms.
Oh, man. Sorry, I thought i'd hit the mute button before
it's not a can of stellar at this time in the morning it's actually a can of water
like the way i definitely didn't hit the stop recording button yeah
yeah no my bad apologies for that one so. So are there any companies out there that we think we should be targeting for this sponsorship?
Who could do it? I mean, you know, would it be wrong to ask a community event like B-Sides London to sponsor us?
Yes.
I mean, I was asking for a friend.
Ethically, yes. Are we proud? No.
Yeah. So B-Sidesically, yes. Are we proud? No. Yeah.
So, besides London, what do you like to sponsor?
After last week's episode, everyone should know
we don't come to Andy for ethics advice.
Or we only go to Andy for ethics advice.
Depending on what you want.
Whether you want permission to do something
or someone to say, yeah, yeah, you can do it.
Yeah, it's fine.
So I am aware there are some large companies at the moment
who have pulled advertising from Facebook,
I believe in relation to the way they're handling something.
I didn't pay too much attention to the story um but i did pick up on the name
verizon have pulled advertising uh they are one of the largest advertisers for advertising from
facebook um so maybe they would like to sponsor the host unknown podcast and they could explain
that graph to us as well at the same time yeah i mean yeah most of their graphs we could probably really promote their
you know annual uh verizon data breach report that's it which which many people probably haven't
heard of yeah but you know just much like the smashing security podcast which a lot of people
haven't heard of people haven't heard of the verizon uh data breach report which is an annual
report that they produce it's actually well worth checking out it's not bad it's not we could help them reach those dirty little corners where their marketing
dollars wouldn't normally get them yeah so i've actually found the story now in my history and
there we go so verizon has become the latest major company to pull advertising from facebook
platforms and the company joins ben and
jerry's as a growing list of firms boycotting the social media giant over its handling of
controversial posts hey we could do ben and jerry's well i was gonna say let's forget
let's forget let's get some chunky monkey ice cream over here and uh absolutely our own chunky
monkey yeah we'd actually take payment in ice cream
i picked the wrong week to go on a diet do you know what that actually reminds me tom in uh
one of your former companies you had an ice cream machine yeah um which yeah you just had to smile
at and it would distribute free ice cream that's right it was pretty awesome yeah it was pretty awesome that's why we always
used to meet at your office as well yeah i got rictus in my face after about the first week
i look like the joker
but what a great idea it was i think it was for walls and it was they had like a smile campaign
i don't know i obviously it didn't make it out onto the high street per se it was for
you know like high profile um exhibition spaces or or whatever but um yeah it was very good and
and it would then post that picture of you smiling uh on i think it was facebook at the time actually
but um but yeah it was it was pretty cool and you know, the company I worked for, they sort of,
literally they had people welding the stuff together.
And they did a similar thing with Coca-Cola vending machines as well.
It was quite cool, very cool, in fact.
Okay.
So as long as you're prepared to just smile in the face of capitalism,
you get rewarded.
Is that?
Hey, you know, I'll be paid in ice cream to smile
you know hey i'm not judging i'm just clarifying yeah yeah and we'll we'll actually come on to this
in a second about what people are willing to give up to um to get something for free but i remember
actually come to your office and when i smiled it didn didn't work. And then you had to smile for me, Tom, in order to get my ice cream.
Oh, yes.
Because it can tell the difference between a fake smile, Jav.
No.
The pain that you were hiding in your face, it wasn't genuine.
Hide the Pain Harold was based on Javad.
No, no, no, no, no, no.
You guys are going in the complete wrong direction here.
We know where you're going
we're steering you away from it i didn't now know exactly how that poor gentleman felt in america
who was wrongly arrested this week because facial recognition can't tell black people apart yeah
yeah and looking at all the people in your company who who uh who got ice creams and looking at ones
who didn't i'd say that was a accurate well one thing i would say is that the company i worked for
had a huge presence in india india comprised about 60 percent of of our workforce at the time
much of the work and the engineering work was actually carried out by indians so
workforce at the time much of the work and the engineering work was actually carried out by indians so i think it was probably something to do with the india pakistani thing if i'm honest
i reckon it i it tagged you and um you know because we know how much india and pakistan
love each other they decided you couldn't have an ice cream harsh man harsh but you're right the racial bias within technology exists
there's a video of the the hand dryer that doesn't work when a black person puts their hands
underneath the dryer and then a white person puts their hands underneath then it starts to blow the
air etc so yeah you're absolutely right and absolutely there was that one uh years back with uh google
maps giving directions and uh you know the guy pointed out that he knows that um you know the
engineers that there were no black engineers working on that when they referred to malcolm
x boulevard as malcolm 10 boulevard oh my god oh that that reminds me of something i just saw not Oh, my God.
That reminds me of something I just saw a while ago,
but it was an American book,
and they had translated it from American English to British English,
and wherever there was the word participant,
it had got changed to participate trousers that is some lazy find and replacing going on there
two great nations divided by a common language
oh my goodness right so yes back onto the sponsorship so if there's anybody out there
this could be you host unknown sponsored by insert horizon maybe
oh dear me so actually talking of of sponsors, I did a webinar yesterday.
Of course you did.
I'm not sure.
You're always doing webinars.
Yeah, exactly.
I'm not sure if I can mention the clients because I haven't had clearance from them,
but it was for a government organization.
They don't know if they want to be associated with you yet.
Let's test the waters, get him to record it, and then we'll Google him,
see if anything comes up.
Ask around.
Anyone know about this guy?
Oh, God, there is a funny story about that as well, literally on this webinar.
But so, yes, a government agency that's helping their country's companies do business in the UK.
companies do business in the UK. And so I was, you know, I was talking to them about actually moving marketing dollars more, you know, away from sort of traditional marketing into more
sort of social media and podcasting and blogging, especially now as we're consuming more, you know,
consuming more content and at our convenience more than anything else. But to your point there,
Andy, about that, we did a poll. We only asked two questions. One was what was the size of the UK cybersecurity market? And the first question was, who listening here knows who the hell Tom Langford is?
being um very well i consider him a good friend then it was like i think i've heard of him i've never heard of him and tom who and i 50 yeah well there was zero in a let me put it that way
50 of it was never heard of it and then it got worse so do you know the the problem is that you don't
bring us into your webinars you know when these events occur
well i don't have to i don't have to because you kind of push your way in and much as we were
talking about this the other week right and so of so, of course, I get phone calls.
I got a phone call from Jav just as the webinar started,
which, because it's connected to my iPhone,
it came up on my computer,
which is, given that that's the one I'm using on my webinar,
it's a bit of a problem.
So I managed to switch the phone off on that.
The best part, though, was about half an hour before when i had
inadvertently told everybody that my webinar was at three o'clock just because i that's when i
booked the time out we had to do tech tests and all that sort of stuff so three o'clock oh no five
past three and he calls me and i'm like i'm busy i can't take this call and then he calls me again
i said oh i can't take this call and then he calls me again I said oh I can't
take this call and I'm thinking crikey he's just called me twice I best call him back so I call
him back and I got a very surprised Andy going yeah what are you doing what are you calling me
well you call me I'm calling you back what's up so Andy got the time wrong yeah but at the same time and this is the best part at the same time
jav you're trying to call me as well not getting through so you decide to text me
but then pick my my landline number to text me on
hell you guys this is you couldn't organize a thing in a place of things
if you'd given us the right time that would have been a well-executed plan
we would have got both your mobile and your landline at the same time you do know that
now i know exactly what to do no and you know what i actually had another i had a call as well that i was on and i was like
multitasking while on a zoom call with someone yeah hold on excuse me boss i've just got to
make a really important call because i know priorities because i know if we don't
we're like those stabilizers on your bicycle if If we're not there to remind you, turn off this, turn off that,
do this, do that, you're going to cock it up.
Do you know what?
That's funny that you're talking about, you know, turn off this,
turn off that, do the other.
Do you remember when we were at RSA years ago, Jav,
and we sat during, what's his name?
Art someone who was the-
Covielo?
Yeah, sorry, Art Coviela, when he was doing his keynote.
We sat towards the back, literally right next to the massive
like 100-inch LCD screen, which has got his auto cue on.
But the auto cue also included things like, move to the left.
Yeah.
Step forwards. Step back. also included things like move to the left yeah step forward step back and so i i i basically
spent the next five minutes looking at the uh autocue and then doing like a force move on it
on art as he would sort of like you know i'd wave my arms and he would move in the direction of my
arms and all that sort of thing but but yeah, talk about, you know, just doing what you're told.
Wow.
Didn't look natural at all.
See, that's why it's precisely to remain authentic.
We never script anything on this podcast.
We never prepare anything on this podcast
because we believe in the power of being genuine.
Absolutely. Absolutely. And then I screw it up in the post edit right talking of um uh screwing things up in the post edit let's look at this week's
tweet of the week Week So this one's
on me this week
and it comes from
a random guy
called Brummie
Isn't he a little car
that drives around?
No, that's
Broomie
That's Broomie
Yeah, that's
Broom Broom
Broomie?
No, it's not
That's Brum
It is Brum, yeah
What are you talking about?
Are you watching
a different version?
Ah, he's watching the Mauritian version.
It's just the accent, that's all.
This is one which has come via WhatsApp.
So it is a true tweet of the week.
So I use Twitter Curator Pro,
which means that other people send me what to look at on Twitter these days
to save me the pain of scrolling through so many opinions I don't really care about.
I really want to know. I really want to believe that that thing exists.
So I will happily send you all forward on tweets that I receive.
You know, if that is of interest, i'm happy to subscribe you to any of my
no any of my whatsapp from all your other services no so anyway this uh tweet is from a guy called
brammy and it says just been sacked for no no reason for my job as an accountant
i'm gutted i've been there since 2005 what a waste of 18 years
has he come from the future he has come from so I don't know what's I was debating which was funny
about this tweet either the content of that tweet or just the unironic replies of people
you know split between one saying you, since 2005 is 15 years,
not 18 years. And the other half saying you can't be sacked for no reason. That's illegal contact
citizens advice. And everyone's just completely missing the genius of that gag,
which to me just makes it even funnier. Unless, of course, he was including his three years at university.
Well, this is why people were trying to justify what he actually meant as well.
There are some crazy responses to this one.
And it's like sometimes it's just not that deep, you know?
No, it's not.
And I think this is the problem with social media is that, you know,
people twist things to fit their interpretation of what they're seeing.
Yeah.
Yeah, if somebody wants to feel outraged,
they will find something to be outraged at.
Exactly.
But, no, this was absolutely brilliant for me.
I did enjoy that tweet.
I like that one.
A short and sweet tweet of the week.
Tweet of the week.
We're flying through the podcast this week, aren't we?
Yeah.
We've got 20 minutes to spare.
We could slow right down.
We could slow right down.
Maybe you need to add in some Barry White music in the background now.
Light some candles. Oh, hang on.
I've got some of that.
Hang on.
There you go.
I'm glad you actually jumped that one.
Yeah.
The build-up is way too long yeah i'm gonna i'm gonna i think
i'm gonna trim the front of that but i like that one so yes in which case let's we might as well
move straight on and then we can get on to the serious stuff right uh but you're saying i thought
everything was serious on this show yeah so yeah let's move straight on to my favorite jingle and
also the rant of the week.
Okay, so I have this week's rant and I'll start off by a quote by Karl Marx who said famously,
religion is the opium of the people and that's only because he wasn't alive to see social media.
That is the true opium of the people.
Likes on social media are like the crack cocaine of this generation.
And like any druggie, they run after that next high.
The blinkers come on and they don't care who they hurt or
compromise along the way it's all about the clout it's all about the clout it's all about the clout
it's all about the light so kids will do anything they'll like shock and disgust their parents
just to get a reaction out of them you know i'm sure in a few years time we will have like these counseling
services boom for parents who like my daughter was 13 and she told me these series of vile jokes
every single day i've got btsd from them or something but people will just give up anything
for that high and the the scary thing is like you can keep telling them hey you know
if you don't see the product you're the product and people would just like you know look at you
with that vacant stare because they just want their next high um if you don't see the product
you're don't you mean if you're not paying for the product you are if you don't pay yes that's right
whatever man come on on accuracy getting away we
never have before okay no no tom cut it out in post here it looks like my rank's not together
it looks like you haven't prepared and everything
so anyway um people have been warning users about TikTok for a long time.
Fake news.
So there's been two levels of the warning.
One is that it's a Chinese company.
It was China.
And they are clearly far worse people to have your data than, say, Facebook.
The other thing is that the users are all weirdos. Creepy old men,
I believe is one of the terms. And therefore, you know, I'm not, I'm not old.
So this one person, a couple of weeks ago, I think he's uh he's a reddit user called bangerol
and uh he says claims to have reverse engineered tiktok says that he's some hot shot reverse
engineer um who's reverse engineered a lot of these social media things like facebook twitter
instagram what have you and he goes t, TikTok by far is the worst.
He says it's a data collection engine masquerading,
thinly masquerading as a social media platform.
So any, if there's an API to get information on your phone,
they're using it.
So whether it's contacts, CPU type,
you know, hardware ID, screen dimensions, any other apps you've installed, even stuff that
you've deleted because it might be in the cache, anything related to your network,
whether it's a jailbroken phone, you know, GPS, everything.
In fact, yesterday I also saw someone had a screenshot,
a little video recording on Twitter.
And again, the validity is yet to be determined,
but they were using Little Snitch or something like that.
And they're using TikTok.
And every 30 seconds or so,
it was copying whatever was written into the text field and pasting it.
That was the iOS 14 new copy-paste notification.
That's the one, yes.
So, yeah, because I'm not an iPhone user, I don't know about these things.
But, yes, they were saying that was notifying them about how TikTok is every few seconds,
they're copying and pasting your data out from your thing.
So it's absolutely, if it's true,
and again, I'll say like,
this is just like one person saying,
making the claims on Reddit,
there's no screenshots, there's no packet captures,
so logs or gtfo but
you know if there is some truth to this it's genuinely a lot of information and at the same
time i know the users like andy they just don't care well i guess i'm going to so uh there's an
app which i voluntarily installed for hours of entertainment because there genuinely is hours of entertainment.
And I think you guys know when you receive videos from me saying, hey, guys, check this out.
And, you know, you scroll straight past them.
So for every 10 you send, you've gone through about 4000.
Yeah, probably.
Because there is some quality content on that network i tell
you there are some funny creators um you know doing it for the clout um okay so i've installed
this app it's on my phone it's uh it's basically transmitting uh all of this data via secure api
as i understand it about what type of phone I'm using, the hardware CPU type, screen dimensions, memory uses, disk space,
and what other apps I have installed.
And so I'm thinking, so what?
Do you know what I mean?
It's okay.
What are you going to do with that information?
Sell it.
To who?
Profile you.
Okay, to advertisers.
So does that mean that adverts I then see are more tailored for my interest see this is this is the problem see this is the
problem this is why i use the druggy example because people get so blinkered i just got notification from my favorite tiktoker
so no is it say is he saying don't listen to what jav says yeah
he lies we know nothing about what's on your phone so i guess where i'm going with it is
yeah so what and um and this is an argument that I, you know, I had for years. So I've got, you know, other friends who are not in the infosec industry.
In fact, one of them is in marketing, you know, and he's always going, you know, trying to figure
out ways to track people. But it's all about delivering content that's relevant to people,
because there's little benefit in them just you know scattergun approach with advertising
because you know that's not going to land it's not going to convert so what they want to do is
target people with adverts that are relevant directly to them so i guess how you know where's
the badness in okay so there's china have got all my data they know everything about my phone and they know what other applications i've got installed again you know what's the problem with that see that is such a short-sighted
view and it's this is where the and i realize we're getting a bit serious now but it's because we're about 45 46 minutes yeah yeah
my lack of carbs are kicking in as well yeah but he's gonna start swearing at you next day no no
no no no so this is where i think the the whole issue of privilege comes in as well that it's
very easy to be living in a first world country being the right skin pigmentation and being the right gender and
being the right age and not have to worry about these things. But, you know, the thing is, if,
and again, if it was purely for marketing reasons that all these companies were collecting data,
then even then it might be, it's a stretch, but okay, there's a legit case there. But it's not just marketing data.
A lot of this is manipulative data.
And it might not be used today, but there'll be some use case tomorrow.
And the second thing is there doesn't need to be like an immediate impact.
It doesn't need to be like, because of this, this is what's...
And that's what made
has allowed companies to flourish because there's no immediate kickback on it people are like well
who cares there's no difference there's no difference but you've got to look at the
long-term ramifications and long-term impact and you know it's you you there's that lack of
transparency and that lack of accountability.
And I think that's the thing that annoys me more than anything.
It's like... But does anyone know there is a lack of transparency?
Has anyone actually sat and read through the terms of use?
Well, no, again, that is a form of lack of transparency.
When you bury things in like 52 pages of legalese,
knowing full well that someone isn't going to read it.
And I know, Mr Ethics, you're going to say, well, it's there.
It's not my fault the auditor didn't pick it up.
I do genuinely believe there's ill intentions there,
and it's not done in good faith.
If it was done in good faith,
then there's a different issue altogether okay so
what are they actually going to do with this data well you could say the same thing about the stuff
that was in the you know the cambridge analytica stuff they gathered huge amounts of data and it's
the the value of the data is in the volume not in the specifics because when you have the volume of data you can start to make uh you know build models
upon the content of that so specifically knowing that you have a certain iphone model with a screen
size of x and such and such apps etc is is not important but when you put that into a far larger
data set that allows you to profile socially profile and potentially even put you into a far larger data set that allows you to profile socially profile and potentially even
put you into a fairly accurate maybe you know age and socioeconomic bracket as a result of that
then you can be targeted with campaigns that are not necessarily for the public good so
misinformation etc telling you that Trump and Boris Johnson
are really rather fine upstanding fellows
and we should vote them in next time
and all that sort of stuff.
So I don't think you guys understand how TikTok works
because it's not like Facebook where, you know,
you scroll down, add, scroll down, add, scroll down, add.
It's literally video after video after video.
Yeah, and based on the ones that you, based not only on your device,
but the ones that you stay longer on,
the ones that you are favoriting or forwarding on,
they're building a profile of you.
Exactly, and it's an absolutely fantastic experience.
I mean, I've said before that the algorithm that those chinese guys use is absolutely fantastic you know you yeah
like the right videos and you will see more and more of that stuff which is exactly what i want
from but that is also yeah absolutely you know on the surface there's nothing wrong with that and
we all do that when every time we look through linkedin or every time we look through twitter or whatever to one degree or another it's it's how that data is used after the fact
in potentially a jurisdiction that doesn't follow international rules and guidelines what i will not
have that um but that data again en masse can be used um to be to allow for targeting for you know nefarious and malicious um
reasons absolutely i mean you just have to look at it it's only a few years ago about two years
ago where you had the absolute massacre in uh in rohingya and social media had a massive role in that.
Social media was the absolute tipping point.
There was so much fake stuff,
and Facebook came under a lot of fire for that because, again, that tied into the Cambridge Analytica data,
but also WhatsApp was being used excessively
to spread that information and Facebook as well.
And as a result, Facebook started...
I'm sorry, WhatsApp started putting some
limitations on how many times you can forward a message or how many people you could forward a
particular message to, you know, and this is what I think you're not getting is that it's very easy
to sit in a position of privilege and security and safety and say, tick not's not hurting anyone i'm just watching videos that make
me laugh and you know entertain me but it's where when it it conditions people to a point where
you don't then realize when that little bit of poison starts dripping in and it might only be
one percent it might be one out of every hundred videos that is one percent by the way um start dripping in sticking with the safe numbers
quick maths yeah so so remove the social media element okay so take this back from tiktok so
all social media works the same right it will deliver stuff that you like um you know it figures
out what you like to see and it will continue to
deliver that and i think you'll probably find that social media platforms that don't do that
will lose a lot of its users because people will be on it saying this isn't the stuff i want to be
seen um you know so so so ethics officer uh agnes please what's your opinion on so would you rather have would you rather have a business that's
very profitable but maybe it could cause some actual harm to people or would you rather have
a business that's maybe not so profitable or not profitable at all but at least it doesn't hurt
anyone but this is one of the most ridiculous would you rathers ever because it's such extreme ends of the scale worse one
it's such extreme end of the scale i mean even looking at you know the the what the research
has done um as you say you know there's no screenshots there's no nothing there um you
know he's he's literally used afraid there's a ton of creepy old men who have direct access to
children uh and i've personally seen some really suspect stuff.
Yeah, that helps nobody.
And so, you know, this goes back to, okay, someone's done some work.
There may be some element and truth in it.
And they've now blown it completely out of proportion by using substantive or subjective claims,
which they've tied together to get people to be outraged
in what is essentially data collection, you know, for an application.
And, you know, I recall, you know, when I first had my iPhone and I was like, damn,
like all these people, like, you know, all the data that's captured in images, you know,
when you take a photo and it tells you the location where it was taken.
Yeah, the EXIF. the yeah the exif information and and um you know i used to always
have that disabled and um it wasn't until i actually went to uganda for the first time
um when you realize you're in places that you know you tend to go to a lot of places
uh when you're trying to you take photos you're trying to piece together when you get back what
was where and there's all work related i mean there's sort of different offices in different areas
and trying to piece together where i was at what time um and that exif data was actually really
useful it was like oh okay so this data center was in this location this office was in that location
um so you know there's data that you can use for good in that and you know you've still got people
on the extreme end of the scale saying oh you know use for good in that and you know you've still got people on the extreme
end of the scale saying oh you know cameras shouldn't take that information phone shouldn't
be storing that information you know it's a violation of privacy um and i've actually started
using it a lot more now you know i will actually type in an address or a town of where i was you
know three years ago to pull up all the photos from that day and it saves me scrolling through
and you know what there's transparency there and up all the photos from that day. And it saves me scrolling through.
And you know what?
There's transparency there and you have control whether you can turn it on or off.
And that's all I'm saying that when you remove that choice from people and when you're not giving the information
and you're not giving them the choice, that's what...
No, it's not because you've got the choice to
not use it do you know what i mean there's literally no one putting a gun to your head
saying download this app it's like it's like your job you tell yourself that at one o'clock in the
morning you don't have to go to work you know i it's it's i've heard that growing up so much if
you don't like it here why don't you go back to your own country no one's forcing you to stay here
and and you know again you've made a giant leap between what I actually said
to suit your own narrative.
I mean, I've seen you pushing the stories about 5G and coronavirus.
I think the stuff about EXIF is a very good point
because it's very useful, but it can be used for um for malicious purposes which is
why let me let me finish let me finish this this train of thought which is why when people go on
safari they're told please switch off your exif information because if people find these photos
they'll find out where these you know where these animals are etc and you'll attract poachers that's fine in the case of exif data you know what's going on you know what's happening with
your data and why you need to switch it off etc the challenge is is when the quid pro quo goes
far more in one direction than the other and it's the the data that's being gathered is being done
so in a way that you are not fully aware of and how it's being used, not only in the, you know, in the first case, but, you know, in the subsequent and you know enjoyment of uh using an app there's
nothing wrong with that as long as you know where that data is being used and how and that or that
you have a level of confidence that that data is going to be used responsibly but that's one of the
reasons why the nhs track and trace app failed so miserably is because the data was not
the data was not going to be used responsibly and was not going to be managed sensibly yes but
you're one of the you know i think you know with particularly the infosec industry and
data privacy industries um a very small percentage of people that actually care about that stuff
you know i mean we talked about this before you know you've got uh you know sort of the younger a very small percentage of people that actually care about that stuff.
You know, I mean, we talked about this before, you know,
you've got, you know, sort of the younger generation using Instagram,
you know, posting photos themselves, which is completely open to the whole world or, you know,
Facebook profiles, which are open.
As Jav has mentioned, you know, it's all for the clout.
You know, they would literally do anything for likes.
They genuinely just do not care about
this stuff you're you're right so yeah yeah so why is it up to up to us to say oh this is bad
don't use it well i think it is i think it is i think it is you know what it that's the thing
people don't care and that's fine but it doesn't mean that we should still not try to do the right
thing which is like the right thing
for who what gives you the right to say this is right or this is wrong because like people aren't
being given an informed choice that and it's a responsible generation yeah so why don't you make
a tiktok and tell everyone how bad it is no it's yeah i tried but nobody would join my channel
see how many oh this this is interesting stuff um yeah i don't know it's i know it's it's something
that i feel you know maybe i should be outraged about but then when i actually look into it and
think you know what are the consequences of this?
It's like, this is what I want from a social media app.
I want them to keep sending me the content I'm looking for.
I'm not saying be outraged.
I'm saying it's, you know,
tech companies have a greater and greater responsibility every day
to offer transparency and allow the users to make informed
choices. Like the Xfield data on the photos. It's great. Me and you can turn it on and off
as we will. If you're trying to escape an abusive ex who's trying to track you down,
you don't want that data in there. You don't them to to hunt you down you don't want to leave any cues i think it's very difficult unless you're in that position
and to to um to to protect yourself and and that's why as tom said at the top of the show
um tom and i are looking for a third presenter so please send in your
so i will be taking the uh i'm actually looking for two co-presenters
the host unknown splinter podcast i've outgrown these other two clowns
we also refer to that other podcast as the scabs
um i'm gonna i'm gonna round this off because i'm looking at the clock i'm gonna finish this
off and say i think fascinating once again we get'm going to finish this off and say, fascinating.
Once again, we get very serious to the point where I think we're going to have to put off our little people until next week.
We'll put it off, yes.
Yeah, there's no way we can fit that in.
One thing I will say, though, Andy, is... Keep sending those videos, right?
That's exactly what I was going to say.
Keep sending us the cream videos
you know the creme de la creme of the videos because jav and i don't want to you know
scroll through all those videos and to set you know get hand over our data for it
you know we'd much rather hand over your data sacrifice the little piece of yeah yeah that's
right you know which is a nice nice little segueifice the little person. Yeah. Yeah, that's right.
You know, which is a nice, nice little segue into the little people,
which we're not going to run.
So blimey.
When we said we got serious towards the end of every show.
We really did get serious, didn't we?
I know.
God.
Well, that's incredible.
Anyway, another long show.
Thank you all for your patience in listening.
I hope you did make it to the end.
Thank you all. And hello to all of our new listeners. I hope you did make it to the end. Thank you all.
And hello to all of our new listeners.
I should have said,
said at the beginning,
we,
we've managed to get a large tranche of new visitors because of those people
that we said we weren't going to mention because they didn't pay us to mention
them.
That's a Carol Terrio,
Graham Cooley and smashing security podcast.
So,
Jav, thank you very much.
Try and have some carbs next week,
because otherwise this might get very serious.
Yeah, you tend to get a bit cranky.
Yeah, absolutely.
I'll give you a spare warning.
You agree to the terms and conditions.
You can't come back now.
I feel you've buried those in some general chit-chat,
which I wasn't paying attention to.
I don't think you've been transparent about that.
About something on the lips and then on the hips or something like that.
I can't remember.
So, Jeff, thank you very much, sir.
No, thank you.
Thank you.
Always a pleasure, gents.
Indeed.
And Andy, thank you.
Thank you.
Always a pleasure.
And stay secure, my friends. Stay secure, my you. Thank you. Always a pleasure. And stay secure, my friends.
Stay secure, my friends.
Go to hell.
Host Unknown, the podcast, was written, performed and produced by Andrew Agnes, Juvad Malik and Tom Langford.
Copyright 2015. Or
something like that. Insert
legal agreement here as applicable
and binding in your country
of residence. We thank you.
Woo!
Andy, you know Andy you made some good comments but you're wrong now but can you send me that TikTok video again because it was awesome