The Host Unknown Podcast - Episode 123 - Incident Adjacent
Episode Date: October 7, 2022From @HostUnknownTVThis week in Infosec2nd October 1998: BUTTSniffer Beta 0.9 was released by Cult of the Dead Cow. Developed by DilDog.The big question is "When can we expect the long-awaited version... 1.0 release?" 24 years is kind of a long wait. https://twitter.com/todayininfosec/status/1312179619659874305 3rd October 2017: A week after he retired as the result of Equifax's data breach, former CEO Richard F. Smith told members of Congress one person in the IT department was at fault.https://twitter.com/todayininfosec/status/1312589059559170050 Billy Big Ranty Balls Tweet of the WeekFormer Uber CSO convicted for covering up massive 2016 data theftJoe Sullivan, Uber's former chief security officer, has been found guilty of illegally covering up the theft of Uber drivers and customers' personal information.Sullivan, previously a cybercrime prosecutor for the US Department of Justice, was charged two years ago with obstruction of justice and misprision – concealing a felony from law enforcement. He was convicted on both counts today.On November 21, 2017, Uber CEO Dara Khosrowshahi issued a statement acknowledging that in late 2016, miscreants had broken into the app giant's infrastructure and made off with 57 million customer and driver records. Sullivan, along with Craig Clark, legal director of security and law enforcement, were fired as a result.Sullivan, according to court documents, learned of the theft in November 2016, about ten days after he had provided testimony to the US Federal Trade Commission about a 2014 cyberattack on Uber. Concerned that another data security breach would harm the company, Sullivan tried to cover up that 2016 heist by trying to pass off a ransom payment, made to the thieves to recover the data, as a bug bounty award. Industry NewsT: Kardashian Charged by SEC After Crypto PostA: Malicious Tor Browser Installers Spread Via Darknet Video on YouTubeJ: New Initiative Aims to Strengthen UK's Nuclear Cybersecurity PostureT: Landmark US-UK Data Access Agreement BeginsA: Ransomware Group Bypasses "Enormous" Range of EDR ToolsJ: Australia's Data Breaches Continue With Telstra's Third-Party Supplier HackedT: Retailer Easylife Fined £1.5m for Data Protection BreachesA: US Healthcare Giant CommonSpirit Hit by Possible RansomwareJ: Uber's Former Security Chief Convicted of 2016 Data Breach Cover-Up Tweet of the Week:https://twitter.com/HackingDave/status/1578064952400781316 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Every day is a learning day.
It is indeed, it is indeed.
And this every month is a learning month,
and October is Cybersecurity Awareness Month.
Interesting.
So what does that entail?
Well, you're aware that it's Cybersecurity Awareness Month now?
Yes.
Job done.
You're listening to the host unknown podcast
good morning good afternoon good evening from wherever you are and welcome to episode i don't
know 155 yeah something along there. 172.
Something along those lines.
We are another member short this week.
And I think Mr Langford is certainly earning his CISO salary today.
He's doing everything that CISOs do.
He's sort of doing that diplomatic wording.
So what was it he literally
called in like 20 minutes ago before we started recording and said uh i can't make it it's been
handling a security incident all day and it's escalating um and he's saying it's not our
incident but it's incident adjacent or something like that. It's whatever language that CISOs use to sort of, you know,
deflect the actual severity of what's going on.
That is just amazing.
The weasel words he uses every day just continues to amaze me.
And he's got a straight face as well.
That's the best thing about it.
Oh, man. So, Jeff jeff how you doing this week and great i'm great i'm great so you know for the last
couple of years i've been talking about uh the garage that i had built in the back which is next
to my office in the back and how outside they didn't do a good job in like building a drive sort of thing so it's like a
steep bank and then there's a lot of grass nearly i was tempted to do it myself i did start
looking up youtube videos on how to pour concrete and prepare the basin i got tired just watching it
so our neighbors are having their garage rebuilt so they're having all knocked down and built up
okay so the builders wander out that down the garden have a word with the builders over the
fence sort of thing well not even over the fence i went around the the back i said oh yes you're
doing this good yeah i said uh how would you like to make an extra bit of money on the side
for pouring a bit of concrete that spills over onto this side?
And they looked at it and said, we are going to have to dig it.
We're going to have to.
I said, there's a skip out front.
Just put the dirt in there.
Like, you know, it's just a few extra rounds.
And they're like, OK.
And so for 200 quid, I've had myself a brand new, like, you know,
nice drive. They dug it down. They smoothed it out it is beautiful all cash in hand i'm guessing yes
well you know you can't argue 200 quid bit weaker money for them i'm sure they um
it generally finds if they actually charge your neighbor for that concrete as well. Yeah.
That's a bit of a result.
I know. I'm so happy. I'll send you pictures afterwards.
And you finally got it sorted as well.
It is. It is. How about you? How's your week been?
It's, well, every week's a learning week, right?
This week, it was you that educated me.
What's the language we use um we don't talk about you know we share stuff with our friends we do
what's that again it's weasel words that langford uses isn't it i discussed with my i discussed with
a closed user group of my peers or something like that and i sent you that uh really onerous term which i saw about how you know a particular client
says that we can't uh employ israeli nationals or indian nationals if they you know work in their
pakistan you know working for their pakistan office or something and i was like this is like
one discriminatory to extremely racist
so i've never seen anything like this and then you sent me the uh the extract from the from the
pakistan passports which um doesn't recognize israel as a country wow i had no idea that was
a thing yeah apparently so it is a thing. Yeah, apparently so.
It is a thing.
So, you know, you learn something new every day.
So they do recognise India as a country,
so it doesn't excuse that second world.
That's pure discrimination, that one.
Yeah, there's no dancing around that one.
That one's absolutely pure discrimination.
What have we got coming up today?
So with the last minute change,
we're going to have our usual This Week in InfoSec
taking us on a trip down InfoSec memory lane.
Rant of the Week is going to be a surprise
as we figure it out when I'm talking.
Billy Big Balls will also be a surprise
as I, again, as we figure it out as I'm talking.
Industry News will bring us the latest
and greatest security news stories
from around the world.
And tweet of the week is an unforgiving spam filter.
And do you like how I know what I'm talking about?
I'm just not entirely sure what you guys are going to be talking about.
You guys.
It's me.
It is, yeah, just you.
So next week, I'm not going to be here next week so you know it's going to
be another we're running two men at a time uh for the month of october i know this is a bit like do
you remember demolition the tag team and they yes there was always three of them but yeah act
smash and crush right you never saw three of them them together oh i do so without mr langford we
can't talk more about wrestling we can't oh yeah brother alas let's see what uh what's going to
take us down infosec memory lane this week with this week in InfoSec.
And it is that part of the show where we take a stroll down InfoSec memory lane with content liberated from the Today in InfoSec Twitter account and further afield. And so our first story takes us back a mere 24 years to the 2nd of October 1998,
when Butt Sniffer Beta 0.9 was released by Cult of the Dead Cow and developed by Dildog.
So this was one of the early packet sniffers you could deploy, which had an interactive mode,
I guess, for people like us, Geoff, who are not overly fussed with command line usage. We were told at the time that the
but in But Sniffer 0.9 did stand for something, but it was never disclosed what that something was.
And so I guess the big question about this is when can we expect the long-awaited version 1.0 release?
Because 24 years is kind of a long wait.
It is. It is.
You know, especially when you have companies nowadays,
they're like every six months trying to show a new version.
That's hardware products.
Software is like, it feels like every time I open up a software it's like there's a new update so come and get your finger out of your butt sniffer and give us version one
and so our second story takes us back a mere five years i'm actually doing the sounds manually today because I can't find the button.
So our second story takes us back a mere five years to the 3rd of October 2017. And I know
we reference this a lot of the time. We've talked about it before, but I shall always bring it up.
So this was a week after he retired as a result of Equifax's data breach.
Former CEO Richard F. Smith told members of Congress one person in the IT department was at failed to heed security warnings and did not
ensure the implementation of software fixes that would have prevented the breach
i think we can all agree that um you know i remember this wound up tom last year when we
mentioned it and we shall bring it up every year but the ceo blaming that one single intern in it i know i know it was the playbook that
solar winds followed as well once they had their breach he was an intern
unbelievable one person not realizing that what that means is that you you put all your trust
and says it's like a house of cards that you have there. You have the most junior person, underpaid person,
responsible for maintaining it all.
I mean, if that person was paid like, you know,
a million dollars a year, fair enough.
Yeah.
But I'm pretty sure that person wasn't.
Yeah, I'd be very surprised if they were.
Do you think they put that on their CV?
Like when they look for other jobs?
Well, that's a bit right people in equifax actually know who the ceo was talking about right right although it's an unnamed individual there's a lot of people that could be like actually that
that was dave and it you know he's always a bit lazy it's probably off as well it's probably sort
of off that week uh when the breach happened so that's why they pinned it on him. Or maybe he tried to get
the patch installed and there was like change
management, like, oh, no, no, no, we need to test
this, we need to do this. Last time
we installed the patch, yeah, exactly.
So, yeah, there's so many
factors that are at play there.
But it's just amazing.
And, yeah, that was
this week's this week in infosur you're listening to the host
unknown podcast bubble gum for the brain indeed and so it takes us to our next part of the show
and um we're doing a complete change round.
So, Jeff, you're going to have to think on your feet and just come up with this story on the fly.
And I shall play you in and let you run with it.
OK.
Right. OK.
So all I see is this link to a story.
All I see is this link to a story and it's former Uber CSO convicted for covering massive 2016 data theft.
Well, that was a mouthful. Couldn't get that out.
Yes, this has been making the rounds. And, you know, it's really funny because I first started seeing these people tweeting and posting on LinkedIn like.
This is a tragic travesty. This is so unjust.
There is no way people would want a CISO role from now on. This changes the game.
It's so unfair. And I was like, well, what happened?
Did like, you know, you know, forget blaming the intern, the CEO, the CSO and, you know, they got done for it.
But when you actually look at the initial fight or the case against them, and I've dug up the criminal, the official criminal complaint document in California where the FBI submitted it in 2020.
There's nothing to do with the breach actually mentioned in there,
which I found hilarious because people are making out like this is because there was a breach
and now the CSO is being held accountable for the breach.
No, that's not what's happened.
The breach was there.
The CSO knew about the breach and they either hid stuff from the FTC
or, as they call it, they obstructed obstruction of justice.
obstructed obstruction of justice and the second count was misprision of a felony in violation of section 18 paragraph 4 or something like that but basically it's
to summarize they lied to the to the regulators and the investigating officers about the the
nature of the breach and that's what they've gone down for.
But let's gloss over the facts.
That doesn't make a good story.
Don't forget, as a community, we have to play the victim.
Yes, yes, you are right.
You're right.
So as a victim, he was only doing what legal advised him and the CEO or the board told him to do.
So, therefore, if anyone should go down, it should be the CEO and the board and the legal team, not him.
He's being made a scapegoat.
As always, the CISO is being made a scapegoat.
No wonder they don't last more than two years.
That's what the S stands for, though, right?
Chief scapegoat officer.
Yeah.
Yeah. lasts more than two years the s stands for though right chief scapegoat officer yeah yeah yeah it's so i didn't realize that so he's saying that legal he's doing what legal advised him to do well apparently i mean this is i i don't know if that's what he said but i know that's what
a lot of security people are implying on that.
He sought legal advice and this is the strategy they came up with or what have you.
But, you know, lying to the regulator, if they had simply said to the regulator, yes, we've been breached and we've been breached several times.
This is how they got in. This is what they took. This is what we know.
He would not be facing time today.
He might have been fired.
Uber might have suffered some, you know, whatever.
Bad publicity.
Yeah, bad publicity.
But come on, how much...
But people still use it, right?
And this is the thing.
I don't think data breaches are changing people's attitude.
Uber's convenient.
Yeah.
And it's popular and there's more drivers on.
Well, certainly in lots of areas, Uber's the biggest ride sharing app that's around.
I know there's Lyft and other challenges, Bolt, but Uber's definitely the biggest.
They've got more drivers.
So I don't think people are going to say,
oh, actually, this company had a data breach.
I don't want to get a taxi with them.
No, no one's done it.
It's just so convenient.
You go to anywhere in the world, most places,
and you just hop off the airport, and that's it.
It's there, and you don't need to worry
about, you know, conversion fees or anything. But there was a post, a tweet by Whitney Merrill,
who is, she's like a DPO and privacy infosec lawyer. So she knows legal.
And she says a lot of people are conflating legal issues
when discussing the Sullivan Uber.
Be careful of the red herrings.
It's not about breach notification.
It's not about bug bounties.
It's about lying to a regulator about information
responsive to an open investigation and subpoena
so and then she goes on to say if he told the ftc about the situation open and honestly he wouldn't
be here the ftc may have used that in info in the investigation or they may have had sympathy for
uber we don't know but he wouldn't be here. And I think this is the big difference between
the Sullivan and the recent Mudge issue with Twitter. Mudge was in a very similar situation.
He felt that the company was lying to or misleading regulators or what have you, and he wanted no part
of it. So he blew the whistle and then he was fired or pushed out or
what have you but then he stuck to his guns and you know what's happened nothing's happened to him
i mean if anything he's got sport and he stuck to his principles i think when giving the choice
between losing your job or getting banged up in jail i know what my choice would be yeah definitely take jail time right
because you're not snitch exactly damn right so yeah so this is ultimately like so they got
he just tried to cover it up they paid the hacker yeah and tried to cover it up as a bug bounty
fee instead right yes yes yeah that's i don't know there just seems to be a lot of steps within that
like you know if they didn't have an official bug bounty program in the first place like there
seems to be a lot of people that could be involved in this yeah yeah there are but uh but but this
does make me think maybe this is the adjacent story that Tom is talking about. The adjacent incident.
Maybe he's, yes, maybe he's, when he says adjacent,
he means, you know, an exact replica just at another company.
Yes.
Have you ever wondered why he never is able to stay at a place for too long?
Yeah.
He's trying to track down the person that hacked them to uh to pay them a bug bounty it's not a ransom payment it's a bounty reward exactly
exactly we just need you to sign this nda it was like an unofficial copy of all their data
that they've been saving oh man brilliant no i guess that's um
oh how do we categorize that story uh i've got one for you but thank you jav for this week's
billy big rancy balls tweet of the week
sums it up feeling overloaded with actionable information.
Yep.
Fed up receiving well-researched, factual security content.
Yes.
Ask your doctor if the Host Unknown podcast is right for you.
Always read the label.
Never double dose on episodes.
Side effects may include nausea, eye rolling,
and involuntary swearing in anger.
True story. And during that um if you notice we've just received a message from tom oh um i don't know i shall play it out loud hopefully and we shall be giving you an exclusive because we
asked him for more details in the instance so we could break it uh as breaking news so let's go to
tom's breaking news right now.
Have you two screwed up my podcast yet?
Okay.
Not the exclusive I was thinking of, but...
I was really, really hoping he was going to say something
about the adjacent incident he's involved in.
Like, guys, I've just been fired i've been so good i mean
oh man without editing i'm told i'm on the rooftop of a hotel looking down
don't try and stop me this time oh dear yeah well let's say you had this time. You know, he's talking to you on that one. Oh, yeah.
I was sitting there going, do it, do it.
Oh, dear.
So, Jav, I've got a question for you.
Yes.
What time is it?
Ah, it is that time of the show where I have to grease the palms of my builders next door.
But it's also the time when we head over to our news sources over at the InfoSecPA News
Lab, who've been very busy bringing us the latest and greatest security news from around
the globe.
Industry News.
Kardashian charged by SEC after crypto post.
Industry news.
Malicious Tor browser install...
Installers spread fire Darknet video on YouTube.
Industry news.
New initiative aims to strengthen UK's nuclear cyber security posture.
Industry news.
Landmark US-UK data access agreement begins. Industry News. Landmark US-UK data access agreement begins.
Industry News. Ransomware group bypasses enormous range of EDR tools.
Industry News. Australia's data breaches continue with Telstra's third-party supplier hacked.
Industry News. Retailer Easy Life fined £1.5 million for data protection breaches.
Industry News.
US healthcare giant Common Spirit hit by possible ransomware.
Industry News.
Uber's former security chief convicted of 2016 data breach cover-up.
Industry News.
And that was this week's...
Industry News.
Huge if true.
Huge if true.
Speaking of huge,
Kim Kardashian has been charged $1.26 million
by the US security regulators
after she failed to disclose a payment
for promoting a cryptocurrency product.
So she failed to disclose.
She got back $250,000 from Ethereum Max
to publish a post on her Instagram about its Emacs tokens.
Can you imagine being paid $250,000,
quarter of a million dollars just for posting something?
I can't, no.
I mean, I can't even think of getting like-
You're cracking up all the time.
Yeah, it's like... I know.
It's like I'll post like three times this year.
That's good enough for me.
So I assume the crypto stuff was rubbish, was it?
Well, is any of it not rubbish?
Oh, that's true. Is it...
I guess it's one of these things that maybe got tanked.
So is it she's supposed to add sponsored or something? Is it something like that?
Yeah, it's a yeah, I think because it's an undisclosed endorsement and also high profile cryptocurrency,
because a lot of there's been a lot of the pump and dump scams going on.
Right. OK. Right, okay.
Oh, damn, she's charged 1.26 million.
Yeah.
Right, okay.
Wow, five times the amount.
Okay, that's good.
That's good.
I'm just scrolling.
Ransomware Group bypasses enormous range of EDR tools.
And is that because they're using edr instead of xdr
is this um you know of course your edrs aren't good anymore that's that's like
so 2021 you need xdr yeah i mean do you think your dr solomons is gonna work
yeah next year will be aidr or something like that. Yeah, yeah. It was really funny.
I read this story headline the other day,
and it was like, next-gen firewalls are obsolete or something.
I said, that's the problem with naming your product next-gen
or advanced or whatever, because inevitably it is going to be old.
But, you know, they say that next-gen firewalls were obsolete.
So I'm pretty sure that the original checkpoint firewalls
from the 80s are still effective.
In terms of port filtering, that stuff hasn't changed.
And they still do some sort of protocol filtering on top of that, right?
So I think there's still a place like how
can that stuff be out of date if the next gen firewalls are out of date that indicates that
the previous firewall routers aren't good enough yet i still see that kit deployed everywhere
yeah it's probably like a a hit piece because like someone's coming out with their next next gen
product and they and and and rather than promote the the benefits of their own product they find because someone's coming out with their next next gen product.
And rather than promote the benefits of their own product,
they find it easier to try and discredit existing products in the market.
And, you know, we see this all the time.
It's just really bad taste. Yeah.
So I'm just looking at the retailer Easy Life finded £1.5 million for data protection breaches.
And because that's...
I don't know.
It depends how big...
I don't know how big Easy Life is.
But £1.5 million is a...
Yeah, it's a decent trip.
So, oh, they've been fined before for making predatory marketing calls.
OK, so this is for calling people between August 2019 and August 2020
with 1.3 million unwanted marketing calls.
So that's, it's good.
I mean, it's slow progress, but I am glad that the DPO is finding people that do this.
Yeah, they turn a blind eye to anything the Tories have done or Daily Mail phone.
Oh, yeah. But but, you know, someone's made a phone call and someone didn't like the phone call.
OK, we'll send our best men on the job. People release the hounds.
We'll send our best men on the job.
People.
Release the hounds.
Yeah, exactly.
I can just imagine them coming, sitting in someone's home office,
leafing through all of their phone records and everything.
Aha!
Did you have consent from this one?
Yes, no, maybe.
Oh, dear.
They should have just blamed the intern.
Yeah. The intern put together the marketing. Yeah, dear. They should have just blamed the intern. Yeah. The intern put together the marketing.
Yeah, exactly.
I see you do not have a cookie consent form on your website.
Going to have to take your knitting club website down, Grandma.
Oh, dear. Classic.
I see your mouse cursor on the new initiative aims to strengthen the UK's nuclear cyber security posture.
Oh yeah, I opened it and then it didn't look very interesting
so I closed it again.
So I don't know what a nuclear cyber security posture is.
I thought nuclear was very much a physical type of thing.
Can we drop cyber atomic bombs but i didn't realize we were
there yet yeah it's um yeah that's a very wordy article it is i have no idea links in the show
notes if you're interested in that one people oh cool i think we've exhausted the stories on that one.
Yes, we have.
But, yeah, that was this week's...
Industry News.
You're listening to the Host Unknown podcast
with your award-winning hosts, Javad and Andy,
and insert name here.
Indeed.
Wow, that jingle was really loud
actually in my ears.
Apologies listeners.
I've pulled together
so I wasn't expecting to be
managing the soundboard today
so I've been pulling together
any of the old jingles because Tom's
got this fancy whole set up
like all these buttons on his you wouldn't believe it with the amount of I've been putting together any of the old jingles because Tom's got this fancy whole setup,
like all these buttons on his... You wouldn't believe it with the amount of issues he has.
But he's got this hardboard, isn't he,
where I use a virtual one.
And yeah, I forget what some of these things are
because I don't often take care of this side of things.
Honestly, Tom's setup looks like he's a one-man sock.
But literally, it's like powerpoint on one excel spreadsheet on the other like he's got two massive screens
and then he's got his stream deck and everything ready for the podcast and that's literally all he
does oh dear so i guess uh yeah we're just um Do you want to take us home with this last one?
Oh, why not?
Let me play you in.
Tweet of the week.
Can we always play that twice?
Tweet of the week.
OK, so the tweet of the week comes from Dave Kennedy,
Hacking Dave.
And if you don't follow Dave Kennedy,
a few years ago he was, let let's call it American size, Dave.
About as wide as he was tall.
And now if you look at him, he is He-Man personified.
He's literally like that, the cartoon character He-Man.
He went and now and he was really motivational.
He got gains. He got gains. And in the beginning, it was so motivational and he was really motivational. He got gains.
And in the beginning, it was so motivational and so good and inspiring.
And now I just hate him.
So, no, because that just makes me feel really bad.
But no, I love you, Dave.
Anyway, his tweet is unsolicited email.
If you want to be removed from this list please reply back with unsubscribe
or me blocks entire domain company wider email gateway
and yeah i can relate to that so many many moons ago um i used to do that a lot he said hate it when i received cvs you know
unsolicited cvs from um yeah recruiter saying hey we've got this candidate available no name
but these are the skills yada yada you know let me know if this is if this is of no interest let
us know um and so i used to do the exact same thing just block the entire domain of whichever
recruiter did that because that you know
never dealt with them and i remember one time the hr manager came in with a recruiter and she was
like you know the recruiter saying they're sending us emails but they're getting bounce backs
i was like okay you know i'll look into this like you know let me know when's the last time you sent
an email and um yeah so it actually turned out on this block list and i was like that you know
someone from your company i'm not saying it's you but it's probably you has been sending unsolicited
emails to many people in this organization so yeah just block them at the gateway yeah yeah
one of the most effective ways of doing it it is it is and you know it used to be so simple back
in the day you didn't really need to ask anyone or raise a ticket.
You just walk over to your mate Dave in the mail to him and say, Dave, can you just block that?
Yeah, sure. There you go. Have a cookie.
Do you know, so I, and this is again like lessons of what not to do.
Back in the day, obviously, we were like, you know, the whole team would all be like domain admins, would be like logged in as domain admins.
Everything we did, you know, the whole team would all be like domain admins, would be like logged in as domain admins. Everything we did, you know, like domain admins.
And we set up, it wasn't something similar to Mimecast, Black Spider or whatever, whoever they got acquired by.
You know, these companies, maybe it was Mimecast, sort of like 10-year archiving and stuff like that.
And so I used my credentials for that because obviously as domain admin,
I wasn't forced to change my password back in the day like everyone else was.
And this is before MFA and all that kind of stuff.
It was all good.
You know, nothing wrong here, nothing to see here.
And it came to a time when I then changed my password
and all the mails stopped coming into the company.
And it took us forever to figure out what it was.
And it was because I used my own credentials for the entire mail system.
No service accounts. None of that.
No, no, no.
Good times.
Oh, no. Do you remember even changing your password was a real pain because if you were logged onto a resource
and you change your password it would then you'd get stuck in this loop of forever getting locked
out yeah oh man good times. Yeah, such good times.
You know what?
At one place when I worked, they had service account to mitigate against these things.
The problem is no one knew exactly what all the services were that ran under this service account.
So they never changed the password.
Everyone knew what the password was.
If anyone just
wanted to do something just log on with that service account
oh man the way things used to work in the old days are fantastic
you could write a whole book of it and when i mean old days i do generally mean the old days i don't
mean like you know like i mean like early noughties.
Yeah, yeah.
Which is why, I mean, you see like companies that are around today that were set up then, like Twitter or whatever,
you can see that, you know,
they couldn't really completely shed that old skin.
It's still how it works behind the scenes.
Oh, dear.
Yeah, well, and I think that's Mudge's point, right?
Yep.
Yep.
But, so, thank you, Jav, for this week's...
Tweet of the Week.
And so, we come to the...
Do we normally play another sweeper, though,
or do we just go straight out?
So, you wrap up now, then you play the sweeper though or do we just go straight out uh so so you you wrap up now then you
play the sweeper and then we do some post credit like you know for the for the marvel fans they
they like their post credit oh yeah what you stick around for yeah yeah um okay so yeah i'm trying to
think what uh we've covered today it's kind of thrown together uh i actually see in the show notes uh 36 minutes
ago um so however it came out you're gonna love it like it subscribe you never know what you're
gonna get it's just gonna come straight out raw from the heart but uh i shall thank you jeff for
your contributions this week you're welcome and um thank you normally tom sets me up so i can stay all right no
and thank you andy for for hosting and doing the soundboard at the same time
stay secure my friends stay secure
you've been listening to the host unknown podcast if you enjoyed what you heard comment and subscribe
if you hated it please leave your best insults on our reddit channel
worst episode ever r slash smashing security
indeed and we're out and do you notice that um tom can't make this show but he's got no issue with uh
actually joining the smashing security podcast i know he he is just the the the whore of podcast
world he just goes anywhere and everywhere he'll come on air and like try to try to like you know
be like oh yeah we don't like smashing security and have a go at Graham but then like on the weekends he's like bugging up with him having sunday roast and and and going on
their podcast it's like I tweeted about he tweeted that oh I've been on the host on the smashing
security and I was like you are like the the background noise for any podcast for hire you are
white noise