The Host Unknown Podcast - Episode 125 - Yesterdays Lettuce Tomorrows Leader

Episode Date: October 21, 2022

This week in InfoSecWith content liberated from the “today in infosec” twitter account and further afield18th October 1985: Nintendo releases the Nintendo Entertainment System (NES) in New York an...d limited other North American markets. An immediate hit, Nintendo released the game nationwide in February 1986. Along with the NES, Nintendo released eighteen games that day, including: 10-Yard Fight, Baseball, Clu Clu Land, Donkey Kong Jr. Math, Duck Hunt, Excitebike, Golf, Gyromite, Hogan’s Alley, Ice Climber, Kung Fu, Mach Rider, Pinball, Stack-Up, Tennis, Wild Gunman, Wrecking Crew, and Super Mario Bros.14th October 1977: Atari releases their Video Computer System (known as the VCS and later as the Atari 2600). It took two years for the VCS to gain traction, but by 1979 it was the best selling gift of the Christmas season. Once it was established, the Atari VCS took the market by storm, popularized home video gaming, and helped cement the video game movement into mainstream culture. 18th October 1958: William Higinbotham and Robert Dvorak, Sr. show off a tennis simulator game they called Tennis for Two. Developed on a Donner Model 30 analog computer using an oscilloscope, it is the first known electronic game to use a graphical display. Higinbotham and Dvorak developed the game to show off to visitors to the Brookhaven National Laboratory where they worked. The game was only shown off twice, during the laboratory’s annual visitor’s day. While hundreds of visitors lined up to play the game when it was made available, little was known about the game for decades. While somewhat similar in gameplay to the later hit Pong, there is no known direct relationship between the games.14th October 1957: British Computer Society is Founded.  October 14 is the anniversary of the British Computer Society (BCS), founded in 1957. The BCS is one of the several international societies that have an affiliate membership relationship with the IEEE Computer Society. Since 1984 BCS has operated under a Royal Charter which requires it to: "...promote the study and practice of Computing and to advance knowledge therein for the benefit of the public."Rant of the Week The Black Market for Blue Checks Billy Big Balls of the WeekInside the messy fight between Meta and The WireEarlier this year, a new source reached out to journalists at the nonprofit Indian news site The Wire with a tantalizing offer. The source worked at Meta, they told the publication, and wished to share information about the company’s internal workings with reporters.The Wire met with the source, who sought to verify their identity by providing Sen with documents including their work badge and pay slips. Many conversations followed, reporter Jahnavi Sen told Platformer in an interview, and by the fall The Wire trusted the source enough to turn to them while investigating a potential story: the suspicious removal of seven Instagram posts satirizing an official in India’s right-wing government.Meta issued a strong denial to the resulting story, which claimed that the company had given a high-ranking official in the ruling Bharatiya Janata Party the ability to remove Instagram posts at will. What followed has been one of the strangest tech journalism stories in recent memory: The Wire gradually releasing more information about its sources and methods in reporting the story, and Meta leveling unheard-of accusations — supported with evidence — that the documents underpinning the publication’s stories appear to be fabricated. Industry NewsHackney Council Ransomware Attack Cost £12m+   https://drive.google.com/file/d/1g30UrPyEP5YK6HuUtApXHe2MNyseOcM5/viewSpanish Police Bust Region's "Biggest Narco Bank"Amazon Customers Receive Smishing Warning After Receiving Fake TextsWine Merchant Among Aussie Firms Breached, Exposing MillionsEuropean Police Catch Suspected Car HackersDigital Natives Are Undermining Corporate SecurityMoola Market Reveals $9m Crypto ExploitNSA Cybersecurity Director's Six Takeaways From the War in UkraineMicrosoft Misconfiguration Exposes Customer Data Tweet of the Weekhttps://twitter.com/chetdorn/status/1582457548484931587§ Thom's holiday snapshttps://adobe.ly/3EQoxTs  Come on! Like and bloody well subscribe!

Transcript
Discussion (0)
Starting point is 00:00:00 you fit the description i saw tom trying to uh quickly capture you on uh on mic with that one i saw the countdown going which is why oh really i did oh i kept my mouth shut look i i'm i'm just here for the clicks you're listening to the host unknown podcast Hello, hello, hello, good morning, good afternoon, good evening From wherever you're joining us And welcome to episode 125-ish 130 Of the Host Unknown podcast.
Starting point is 00:00:47 And as you can hear, Andy joins us with his head in a bucket. Andy, why so odd? I'm in the hotel room that you were in a few weeks back when you recorded. I just wanted to see if I could improve on the sound quality um but alas no i couldn't so yeah it's it's it's a it's a you know it's a moral imperative that you went and did that and i i'm very impressed but it seemed alas it was a wasted trip to say the least yeah i am uh so obviously we are recording earlier than usual and i am out and about uh so i do not have a mobile studio like you do because i don't need to spend three grand and still end up with the same quality that i have talking through i was just on airpods at the time come on that's that's what's prompted me to invest in a mobile studio
Starting point is 00:01:41 yeah so i'm not i don't intend to be away that often as long as we as long as we stick to the same recording days um you know as per usual it should well it would be handy but you know some of us do things on fridays right yeah indeed and talking doing things on friday can i just compliment you for uh skillfully um sidestepping any detailed conversation about the Lloyds of London data incident. So, Geoff, how's your week been? Well, I was speaking to my insurance breaker and talking to him about Lloyds of London. Andy, Andy, tell us more about your week.
Starting point is 00:02:20 So, just going through cyber insurance renewal at the moment and looking at possible scenarios where, you know, they're definitely looking at what events could occur and how you deal with them. So I said, you know, I've got a friend who's a CISO and he's certainly been involved in some sort of incident adjacent exercises recently. So I shall tap him up for some insider knowledge. exercises recently so i shall tap him up for some insider knowledge you're not making this eat this could become a very short episode and a very short uh tenure for me as well when we discover that uh yeah that the client actually has a legal department just listens to podcasts, but listens to vaguely unsuccessful ones. And ours as well.
Starting point is 00:03:16 And ours, yeah, exactly. I mean, on the list of unlikely ones to listen to, it's quite down the bottom there. How was your week anyway, Tom? Good. So the first half, I was in Sidmouth in Devon. I went there almost immediately after we recorded last week. I'm surprised you didn't hear the door slam behind me on the podcast recording, actually. We normally hear the door being opened or delivered well this is true yeah this is true um but um yeah so i had a little little bit of a mini break in an airbnb down in sidmouth in devon did some
Starting point is 00:03:52 um photo editing took a bunch of photos um completely finished the first chapter of my book you know i wrote another 1500 2000 words which doesn't sound like much but you know it's it was like uh pulling teeth um but uh yeah so it's been it's been nice and i had to go into the office yesterday for a few meetings and uh and a photo shoot of all things um so i should be tacking an extra day on the holiday next week um so yeah all feeling quite good i've only been up about 40 minutes. I like the way you call it a photo shoot, whereas most people call them mug shots.
Starting point is 00:04:30 Yeah, that's right. I just wonder why I had to hold my name up. Yeah. Why do I have to hold this thing up with my name up? Why are you doing hand painting? Why are we doing hand painting? That's right. And you know I can do it myself.
Starting point is 00:04:43 I don't need you to hold my hand while you do it you know you say you were down in sidmouth and you took some photos but you shared some of them with us and andy and i were quite concerned about the amount of non-consensual zoom in photos you were taking of strangers well as he would say if you're in public you have no expectation to uh you have no no expectation of privacy absolutely so the two people even if two people i took a photo of up up close i actually spoke to them afterwards and told them where to find the image afterwards and then the others are certainly non-recognizable and miles away to say the least which is probably what makes it even more creepy if uh in my humble opinion yeah yeah maybe i'll put the link in the show notes and let the viewers decide
Starting point is 00:05:34 yeah indeed especially the one of the little boys on the beach yeah oh please god you know what you never let the truth get in the way of a good story hey guys never never and talking talking of never letting the truth get in the way of some good stories let's see what we've got coming up for you today uh this week in infosex asks how old do you think the first computer games really were rant of the Week is a password crackdown for financial reasons. Billy Big Balls is a plot for True Lies 2. Industry News brings the latest great security news stories from around the world. And Tweet of the Week is a novel way to identify the serious cold callers.
Starting point is 00:06:23 to identify the serious cold callers. And so we do move straight on to our favourite part of the show, the part of the show that we like to call... This Week in InfoSec. It is that part of the show where I report live from the closet and take you on a trip down InfoSec memory lane with content liberated from the Today on InfoSec Twitter account and further afield. I thought you came out of the closet weeks ago, Andy.
Starting point is 00:07:00 Yeah, jump back in. Jump back in. I was travelling through some high-risk countries. Right. Yeah, so let's jump back in jump back in traveling through uh some high-risk countries right yes let's jump back man's got to do what they got to do to get out of trouble right exactly so our first story so october 1985 nintendo released the nintendo entertainment system aka the nez um across new york it was an immediate hit obviously uh with um you know games including donkey kong j Super Mario Bros. and Duck Hunt. So obviously, as we talk about that,
Starting point is 00:07:49 I'm talking about something that was from my year of birth. I shall then take you back 45 years to this same month, on the 14th of October 1977, to Jab's year of birth, when Atari released their video computer system known as the VCS and later as the more commonly known Atari 2600 and believe it or not it actually took two years to actually gain any sort of traction it's not like the NES when that came out it was like you know number one everywhere the Atari 2600 actually took two years uh before it
Starting point is 00:08:26 became the best-selling gift of the christmas season and obviously once it had been established it was um you know the best-selling console of all time at that point of view um and so the third game which came out uh or the third sort of console which came out in October was the 18th of October, 1958, a mere 64 years, which was your year of birth, Tom. When William Higginbottom and Robert Dravak Sr., I think, they showed off a tennis simulator. I mean, you were there, right? You would know. So they showed off a tennis simulator i mean you were there right you'd know um so they showed off this uh tennis simulator i was a ball boy for that game a game they called tennis for two um and it was developed on a very old machine called a donna model 30 analog computer uh using an oscilloscope um and it's the first known electronic game to use a graphical display
Starting point is 00:09:26 so these guys developed this game to show off um you know a place where they work um it was only shown off twice during like the annual visitors day but hundreds of visitors lined up to play it um and what was little was known about this game for decades but it was actually very similar to what was then later became pong um you know we've got two things hitting each other from the classroom this is like that you know the tennis for two um but ultimately it's like an early version of pomp created in 1958 and um there is actually no direct relationship between these games um so what is the uh infoset link you ask um other than infoset people also need downtime and we all grew up with gaming consoles um and this just represents our three generations
Starting point is 00:10:12 perfectly i think i think so well do you know what i find really interesting is the the atari system um this is this is the classic one become popular yeah but but it's the classic one with the with like the wood inlay around it and uh yes um the classic um it was it tank was one of the the original games early game for that but uh in fact lego do a version of this as well which i'm i'm really quite keen to get hold of because it'd be rather cool uh but the fact that it takes as you said two years to gain traction if you you don't gain traction in two months now you're dead you're dead in the water well not even that you have to pre you have to sell out before it's released right you do it all on well yes yes you
Starting point is 00:10:56 know if you don't do that then the game's already a failure yeah it has to be unavailable the day it comes out or else it's not successful. I mean, look at the PS5, right? You could not get that for love nor money for about a year. Yeah. Crazy. Incredible. But, yeah, our second story takes us back a mere 65 years
Starting point is 00:11:19 to the 14th of October, 1957. And, Tom, you'll remember when this was founded. I believe your membership card is uh zero zero two this is when the british computer society was founded um so bcs is one of several international societies that have an affiliate membership relationship with the ieee computer society and obviously since 1984 bS has operated under a royal charter, which requires it to promote the study and practice of computing and to advance knowledge therein for the benefit of the public. And as we know, BCS has done a lot for our industry. And, you know, they maintain a number of certifications, accreditations, and they were
Starting point is 00:12:03 ultimately, I think back in the day, you know, we used to use them. If you ever had a conflict where a competitor wanted to audit you or something, you weren't happy for the competitor to audit you, you'd reach out to the BCS. Oh really? I did not know they did that. Yeah, we would agree that they're a mutual party with no... Huh, escrow yeah almost and so they we know that they would carry out a um an effective audit that uh gives you know the competitor the assurance and also doesn't reveal any trade secrets ah interesting so i'm a i'm a member of the bcs and i'm a chartered
Starting point is 00:12:40 a chartered fellow it professional something like that what does that mean i'm not sure what it means is they take about 300 quid a year yeah one of the shakers i remember when i was at university one of our computing teacher modules whatever the teacher he was like we we have a student program for the bcs you can get out membership and what have you so a whole bunch of us we got membership with the bS for free for a year and the next year we were out at university didn't know no one renewed because no one really understood what what it did what value it was so we weren't going to be paying them any money no sir it does have a little bit of a a broad charter and I think it's like many of these things a bit like isc squared and isac
Starting point is 00:13:25 and all that something unless you actually leverage what they're doing you're right you know what is it gonna what is it gonna bring you um apart from some letters after your name right have you seen the latest drama with isc squared i know no i. I'm thinking of actually not renewing. What's going on? Mainly because also I can't be asked to do the CPEs, but I just can't, you know, I've just got a question about where the hell they're going. What do they do?
Starting point is 00:13:55 Well, there's a whole bunch of changes. There's a legal type letter, which all their letters are so poorly written when you get an email from them because they're all in legalese that no one can understand understand but they're making some changes to their bylaws and some of them are like you know before if you wanted to be on the board you had to get like if you weren't selected by the board you could get 500 members to vote for you now they're upping that to one percent of the membership so that's like pretty much 2 000 people
Starting point is 00:14:22 you need to to get to vote for you and then before like the whole board used to go up for election and now it's like i think and now it's like only the available seats so i think someone i think will maybe described it as a coronation as opposed to a democratic process and then they want to make the CEO of IC2 also the president of the non-profit part of it, the safe and secure sort of thing. It all looks very, very dodgy and underhand. And there's an ethics thing as well. So there's an independent ethics body and they want to bring that into the same committee. Not so independent anymore.
Starting point is 00:15:03 So it's not independent. to the same committee. Not so independent anymore. So it's not independent. And the funny thing is, yesterday, a couple of my colleagues were on a call, like they were doing a thing
Starting point is 00:15:12 about the whole thing. And one of the things is they're rebranding. So no longer will they be ISC squared. They will be simply known as ISC2. They're removing the brackets.
Starting point is 00:15:25 Interesting. I could have told them to do that when I set up TL2. Because, you know, it was originally TL squared, and then I just got fed up of explaining it, so it was TL2. It was just so much easier. Although their whole full name is international information systems security yeah iisscc yeah certification whatever like it's like iisscc so it makes sense to call it ic squared and if you do ic2 it doesn't make mathematical sense anymore which um which is uh it's just, yeah, I must admit,
Starting point is 00:16:05 they're going in the wrong direction on this. They're following what I can only call Trumpian values. Interesting. Because it's all about regaining or taking control away from the people you're serving in order to ensure that you retain power and control over everything. Yeah. So, yeah. Wow, that was a depressing end.
Starting point is 00:16:36 Yep. Yeah, same. Same, absolutely. Absolutely. So, you know, Icy Squared, if you'd like to sponsor an episode and give us your side of the story, you're very welcome to. It will cost a lot, but, you know, I'm sure... Free membership.
Starting point is 00:16:53 Free membership for life, yeah, and no need for CPEs. Then we'll talk. Then we'll talk. Right. Excellent. thank you very much Andy for this week's this week in InfoSoul this is the podcast the queen
Starting point is 00:17:16 no it isn't you're listening to the award winning host unknown podcast officially more entertaining than Smashing Security. In your face! I think I might have got away with that one.
Starting point is 00:17:33 Yeah. Right, on to the next part of the show. It is time for... Listen up! Rant of the week. It's time for Listen up! Rant of the week. It's time for Mother F***ing Rage.
Starting point is 00:17:51 So as a friend of the show and fellow competitor to our podcast Graham Cluley he likes to point out an awful lot about the fact that he has a blue check on his Twitter account.
Starting point is 00:18:07 And whilst we all might publicly laugh, I think we're all silently kind of a little bit jealous, right? I don't know. He's got a blue check and you've got blue pills. What's the... I tell you what, I bet mine were harder to get hold of. But anyway, I think a blue check on Twitter, it kind of denotes a certain element of recognition. There's no doubt about that. You can join the ranks of Stephen Fry and the Kardashians,
Starting point is 00:18:46 just to put everything in context at both ends of the spectrum here. So anything to do with either getting hold of a blue tick or maintaining your blue tick, I think is really quite a big deal for many people. And Twitter, and Jack, I'm sure you'd like to sponsor the episode. And all it will cost you is three blue ticks. No, four, actually, because we've got to include the host unknown one, obviously. But nonetheless, maintaining and retaining this is really quite important. There is this trend. There is now a black market for blue checks, which just tells you that, frankly, people will do anything for the clout.
Starting point is 00:19:28 They'll do anything to try and show that they're more important than others. So August 15th this year, a Twitter user, Diana Pearl, logged into her email and saw that someone in Moscow had logged into a verified Twitter account. So it looked like a perfectly normal Twitter email. It resembled previous automated correspondence, blah, blah, blah. So fearing her account safety, she clicked inside the email that would instantly let us secure her account, entered her existing password to update it. Moments later, a message arrived in a Telegram app, and all it contained was a screenshot of Pearl's Twitter profile and a link.
Starting point is 00:20:19 Three hours later, the admin texted, sold. She'd been phished, and not only that, she'd been phished by a hacker who copied the look of the Twitter message and basically had encouraged her to put her details in and she had actually handed over ownership of her verified Twitter account. That's pretty serious stuff, right? Especially given Twitter considers itself to be a bastion of free and controlled speech, as it were. Not controlled, I mean, as, they do filter it to one degree or another, and that's certainly not what we're going to be talking about today. And it's been shown that it can influence elections, it can influence government behaviour. You know, no less, you know, Trump
Starting point is 00:21:18 not being kicked off it, for instance, is a great example of that. Now, the big thing here is, of course, is that when people then take over verified accounts, they're bringing even more sort of influence. And as we know, the Twitter trolls and the Twitter farms, the Twitter bot farms, are being increasingly used to spread misinformation, etc., etc. And the fact that they can use ostensibly verified accounts, which brings with it an extra level of influence, in inverted commas, and credence, just goes to show that actually this is really quite a serious thing. just goes to show that actually this is really quite a serious thing. This technically theft of these validated accounts is really, really quite serious. So I really think Twitter needs to do a little bit more about this.
Starting point is 00:22:18 I think also we need, you know, and, you know, being able to wrestle these accounts back from these scammers and make that far easier. But this is something that, wow, the depths people go to. Can you imagine being tweeted at by Graham Cooley to tell you to use, to listen to Host Unknown instead of smashing security. The impact and the kind of influence that brings is really quite serious, right? So, you know, I probably have less sympathy for people that give up their accounts because they were phished at that level. So what do you expect Twitter to do?
Starting point is 00:23:02 Obviously, the recovery aspect, I i agree they can make that easier but in terms of um you know monitoring for content that may not be normal didn't kardashian recently get fined like 1.25 billion or 1.25 million for yeah tweeting about cryptocurrency yes that you know she she recommended people invest in and that was a genuine post that she was paid to do. But that wasn't Twitter who found it, was it? That was Instagram, was it? No, it was the FTC. Yeah, but that's what I mean.
Starting point is 00:23:37 So how are you going to check whether someone's actually tweeting or posting about genuine content or just scam stuff? So I think that's a secondary aspect. I think the first part is, can Twitter do more to secure your account? I think absolutely, yes. I agree with Tom here. I think if you're a Bluecheck account, they should make MFA mandatory. Why just rely on ID and password?
Starting point is 00:24:01 And then there are so many controls out there to do like, well, you're logging on from out there to do like well you're logging on from la and all of a sudden you're logging on from moscow or wherever um you know it's not that difficult to to block it's not so a lot of these these blue check accounts right they are you know high profile celebrities and believe it or not those are not the celebrities that are actually posting stuff right they've got a team of social media people who are probably geolocated elsewhere. How are you getting the MFA to go to one phone so someone can post from your phone?
Starting point is 00:24:30 There are tools that are laid to run social media teams under a single account. All right, so now we're going down a whole different route. We're talking about enforcing MFA, but then we're actually talking... Yeah, you're taking us down an entirely different route. No, I'm taking us down a route how this practically works. How do you implement this practically?
Starting point is 00:24:50 What's the easiest thing to do? Tell people not to click on links that come through their DMs that say, give us all your details, or do you implement all these tools and operational practices to support the dumb people? No, I don't think it's... Well, let's be clear about what I'm ranting at. I'm not ranting at Twitter here.
Starting point is 00:25:11 I'm ranting at the fact that people are... about criminals. This isn't a Billy Big Balls where I'm celebrating the criminals. I'm having a go at the criminals here. You son of a bitch. Go on. This is a rant not a balls okay so who exactly are you ranting against go on
Starting point is 00:25:38 criminals wow i mean that that is so specific isn't it criminals you're out there doing bad stuff stop doing bad stuff or i'm gonna run some more in my defense in my defense we're doing this a day early i got up exactly oh 65 minutes ago got out of bed because i'm on holiday and then was dumped this story on my lap i'm like christ i can't read that i mean it's a proper long-form article. Well, it looks long-form to me. So, Your Honour, might I refer to 8.34 yesterday evening when you said, legendary show notes, Andy. Thank you. I didn't say I'd read them. Well, you know, you're making it sound like you only just woke up an hour and a bit ago
Starting point is 00:26:27 and you only just saw this story for the first time. I did. The information was there. So I think if anyone needs a rant, it's like the so-called CISOs who are terabat time management, terabat processing information, and won't tell us, spill the tea on what happens at the race. You mean the CISOs that are on holiday? Whatever. A CISO's never off duty.
Starting point is 00:26:55 That's what the rant is about. Oh, trust me. I'm off duty. Rant of the Week. It doesn't matter if the judges were drinking. Host Unknown was still awarded Europe's most entertaining content status. All right, so it's time to move on to Jav and Billy Big Balls. And what cyber criminal are you celebrating this week, Jav?
Starting point is 00:27:28 The best site. Billy Big Balls of the Week. So I really did have a long-form article to go through. so there is um the company called meta they formally they own facebook instagram whatsapp and what have you anyway there's been a a story leaked to an indian news site called the wire and uh this is a really long article and there are so many twists and turns. So I recommend everyone read the story in their own time from the show notes. But what The Wire is claiming that they've heard from internally is that the company had given high-ranking officials in the ruling BJP party,
Starting point is 00:28:28 well, BJP, the P stands for party, the ability to remove... I enjoy a good BJ party. Yes. Oh, dear, I just realised. Oh, no. oh dear i just realized oh no so they are high ranking the instant oh dear so meta gave high ranking official in the bj party the ability to remove instagram posts at will. Now, this is quite a serious allegation. So, you know, the BJP is not known for being very centrist or leftist.
Starting point is 00:29:20 And it's not known for being very friendly with anyone that's critical of the government, like journalists and what have you. Is the BJP the one that's in power at the moment? Yes. Yes. Right. Exactly. And they also ended up with a lot of the Pegasus stuff. So when that was all leaked, apparently the Indian government is a happy customer. And they apparently used it against some journalists who were critical of the government and all that kind of stuff. Anyhow, this adds an extra layer to it that they have someone within the government who Meta gave access to say, like, if someone posts something on Instagram
Starting point is 00:30:05 that we don't agree with, then you can just hit the nuke button and it gets erased from existence. And what's followed is this massive mudslinging competition between Meta, the wire, and the bjp around what the truth is and what's not and and what have you so it's it's a real cluster it's it's not really clear uh as to what's happened and what's not happened even like they they even interviewed in this article where they got a quote from uh former um failed cso of facebook and other companies alex damos that uh friend of the show yes um that you know that the evidence that's been shown doesn't definitively prove anything it could be trivial to fake this uh but then you know it's you know it's a bit here or there i think everyone's a bit scared to to poke the bear outright but however i still think it's uh it's incredible if it is true by the indian government
Starting point is 00:31:19 it's a huge billy big's move. There it is. There it is. The wire that broke the story is the real Billy Big Ball here in the story. Good recovery. Good recovery. Whether they're telling the truth or not, either way, it's a good recovery. It could be that they've been, they could be being misled by someone with an ulterior motive to, you know, tarnish the reputation of the BJ party.
Starting point is 00:31:53 Wait, what? Disinformation in this day and age? I will not have it. I know, I know. In the same sentence as meta. Yes, yes. Meta. Yes. Yes. So, you know, there's inconsistencies, there's missing things, but it's one of those things with today's day and age and with Meta. It's so crazy that part of me wants it all to be true. I just, it's just, it's got all the elements there. I'm going to say it. I think it is true. I think it is true. Met it is true meta have and facebook have constantly constantly done really dodgy stuff paid the fines moved on and carried on doing it and every time you think
Starting point is 00:32:32 they can't do anything more dodgy they go on and do something so this uh you know i i would put money on this being actually true uh yeah and especially since like there was the in when dot much like testified against twitter and he said that well twitter found an ex-employee who was um actually he was found guilty of spying on saudi dissidents and i think that in in some of the things much brought up, that there could have been someone from the Indian government there and someone on the board said, or some exec said to him, well, we've already got one, why not have another?
Starting point is 00:33:13 In terms of people who are spying for governments or what have you. So it's not beyond any stretch of the imagination. And this is where I think social media companies have a lot more work to do. And specifically Facebook and Meta. Yeah. Boo. Boo. I agree with you, Jav.
Starting point is 00:33:40 And a good recovery on the fact as well. Very good. Thank you very much.y big balls of the week if you work hard research stories with diligence and deliver well-edited award-winning studio quality content for high-paying sponsors then you too can be usurped by three idiots who know how to think on their feet you're listening to the award-winning Host Unknown podcast. As we know, we are recording this a day early. It's like the Graham Norton show, isn't it?
Starting point is 00:34:14 They record that on a Thursday and pretend it's like Friday. So that puts us, really, it puts us almost like we're talking to you in the future. And talking of the future and talking of time, Andy, what time is it? It is that time of the show where we head over to our news sources over at the InfoSec PA Newswire, who have been very busy bringing us the latest and greatest security news from around the globe. Industry News. industry news hackney council ransomware attack cost 12 million pounds plus industry news spanish police bust region's biggest narco bank. Industry news. Amazon customers receive smishing warning after receiving fake texts.
Starting point is 00:35:12 Industry news. Wine merchant among Aussie firms breached, exposing millions. Industry news. European police catch suspected car hackers. Industry News. Digital natives are undermining corporate security. Industry News. Moolah market reveals nine million dollar crypto exploit. Industry News. NSA cyber security director six takeaways from the war in Ukraine. Industry News. Microsoft misconfiguration exposes customer data. Industry News. And that was this week's Industry News. Huge if true. Huge if true. I'm'm gonna jump straight on without even reading the the article i think
Starting point is 00:36:09 the headline alone is enough digital natives are undermining corporate security i think that really what that's really saying is corporate security is unable to keep up with digital natives yep i think you're right and i don't i'm not going to even click on the story to prove us otherwise so they are yeah they're talking about millennials and gen z um who bypass cyber security controls um they take they take cyber security protection on their personal devices more seriously than their work devices. Funny that. They've got more to lose, right? More stuff they care about.
Starting point is 00:36:53 Yeah, exactly. So I think corporate security is quite literally at fault here. And we need to be, I mean, let's face it, most people in this industry still think the best way to secure something is to unplug it and drop it into the bottom of the ocean encased in concrete, right? Faraday cage would also work. Yeah, yeah, true. Very true. And it'll look pretty as well with the copper around the concrete. Yeah, yes, yes, yes. So I really like the first story, the Hackney or Acne Council ransomware attack.
Starting point is 00:37:28 Acne, innit? Acne, innit. And actually, if you go to hackney.gov.uk forward slash accounts, they have all of their statements of accounts there and clicking on the one for that year 2020 to 21, there's a whole section on the cyber attack, which is, I would say recommended reading for anyone uh wanting to interested in uh understanding more about it is it done well
Starting point is 00:37:53 as in is the reporting on it done well well it's not a it's not like a post incident report but from a financial perspective it gives a lot so the costs are estimated okay so the estimated cost within the range of 4.9 million to 11.7 million so midpoint 8.3 million uh but then it breaks it down like there's about two and a half million service costs uh there was some backlog costs there was costs of recovering and then they actually have like losses on collection of council tax and other things because of the system being down um so you know and there was like other income sources that went down that was about 800k so it's quite interesting when you start reading it about how all the all how there's a far-reaching impact on stuff that you know probably a lot of people didn't consider yeah and it's interesting as well that you don't always see that level of detail
Starting point is 00:38:54 from many other companies right no no i suppose this is government and what have you but yeah it's all there you know have you seen that film um oh about the the the crash uh it's got like um oh christian bailey big short the big short yes yes and those people they they figure it out they figure out that the market's going to collapse and they're like well how do you know and he goes it's all in the accounts you just have to read the account yes yeah and the fact is everyone's lazy they don't they just hear rely on hearsay or or their own feelings they don't go through and i think in security it's the same sometimes the stuff is there it's in the accounts it's in the risk register it's in whatever but you know we
Starting point is 00:39:38 we want an easy way out and i don't think there is an easy way in in many cases you just have to but but with the markets it's about confidence as well isn't it so yeah it's all in the accounts but you could you could still read that and go yes but and that and that was the problem because there was there was the guy the christian bell character he bet his in you know his company's entire fortune effectively in fact he bet his company or the company he worked for on the whole thing crashing. And it just didn't. It kept on growing and growing and growing because there was confidence in the face of very clear financial data. A story that isn't here, but I read it the other day and I thought it would be on here, but it's not,
Starting point is 00:40:26 is you know about romance scams, isn't it? Where you meet someone online and they claim to be the love of your life and you're the love of their life. And they desperately want to meet you, but, oh, my dog needs an operation. Can you send me some money? And then they send them some money. And then it's like, oh, hospital bills, all of that kind of stuff. And then it all goes up. I saw your TikTok, Jeff.
Starting point is 00:40:45 I saw your TikTok. You saw my TikTok, so you are well informed. So for those of you who are not following TikTok.com slash at J4VV4D, there's a 65-year-old Japanese lady who paid the equivalent of $30,000 because the con artist tricked the woman into believing he was a Russian astronaut on the ISS
Starting point is 00:41:09 who couldn't afford their ticket back to Earth. There was one about a Nigerian astronaut doing exactly the same thing a few years ago. Brilliant, absolutely brilliant. I did see on. That's a few years ago. Brilliant. Absolutely brilliant. I did see on Twitter there's a woman who's got an account, and I think she's either a comedian or a journalist or something, but she gets deliberately romance scammed, as it were, and gets involved in them.
Starting point is 00:41:41 and gets involved in them. And then she basically does a photojournalist approach to going to meet them. So this one guy said he was stuck on an oil rig somewhere and he couldn't get to see it, you know, and he needed 10 grand to get the helicopter off. So she said, no, don't worry, I'm coming to get you. And there's a picture of her in a helicopter taking off. And then she says, no, don't, you haven't got permission to land and and then she's sort of flying over you know the sea
Starting point is 00:42:09 and say it's all right we're here and then the next one is oh my god we've crashed and i'm in a life raft what are we gonna do and he said oh darling i'm so sorry and then she washes up on some like ice thing and then there's a polar bear in the background. She says, help, I'm being chased by this polar bear. It's just... And this guy goes, oh, my dear love, I'm so sorry. You shouldn't have come to me. Very, very funny. I'll have to see if I can find her and put her in the show notes.
Starting point is 00:42:36 I remember seeing that. That was hilarious. It was absolutely brilliant. But it was very good. Oh, dear. Right, let's move on shall we uh that was this week's industry news this is the host unknown podcast okay it's now time for the last part of the show.
Starting point is 00:43:06 It's time for... Tweet of the Week. And we always play that one twice. Tweet of the Week. And I shall take us home with this one, although it is getting much harder to find humorous tweets living in the UK with politics as we are on our next Prime Minister after the resignation of Liz Truss.
Starting point is 00:43:26 We've got 24 hours and a good chance that that's actually going to come true. Oh, no, it's happening. It is actually happening right now. So anyway, whoever the Prime Minister is at the time you're listening to this show, I'm going to try and get this tweet out before they're gone as well. So this is from Chet Dawn, Global CISO on Twitter. And he says, When a cybersecurity vendor asks for some time with me,
Starting point is 00:43:54 I don't send them my calendar. Instead, I send them an open table link to make a reservation at my favorite steakhouse. Really narrows down who's serious. And this is a genius way to deal with vendors. This is brilliant. Absolutely love it. He did one as well.
Starting point is 00:44:15 He said, if when I'm trying to book a meeting with you, you send me your calendly, I will not take you seriously. If you send me the name of your ea i will take you seriously yeah didn't you um i'll tell you what tom i'll always remember when you brought your ea to dublin one time for uh oh yeah iris con and uh you didn't even know it was her birthday that week shush you that's how you know you're important that's how you know you're important when she probably bought herself a card on your behalf look that was that was drunk tom yeah but but tom you do realize, uh, this, uh, Chet Dawn global CISO is a parody account.
Starting point is 00:45:07 It does not constitute actual CISO advice. So, so please like, Oh, so, okay. All right. So that script I wrote,
Starting point is 00:45:17 and you know, I'm joking. Cause I'm already saying I wrote a script about the open table link. Oh yeah. Well, okay. Yeah. Okay. When you talk about that kind of script, yeah. Everyone knows you couldn't, I wrote a script about the open table link. I should probably scrap it. Well, okay, yeah. When you talk about that kind of script, yeah, everyone knows you couldn't even get a V lookup in Excel going,
Starting point is 00:45:32 let alone anything else. No, I just shout to the EA, Oi, sort this out. Excellent. That was this week's... Tweet of the Week. Wow, we've come barrelling into the end of the episode, just as Andy sends us a picture of Liz Truss giving a statement.
Starting point is 00:45:55 A statement of what, though? What the hell's going on? I kid you not. She is resigning right now. Seriously? This is not a joke. Yes, this is not a joke. The Prime Minister is resigning.
Starting point is 00:46:00 seriously this is not a joke yes this is not a joke the Prime Minister is resigning well you know hopefully well actually I must say
Starting point is 00:46:12 I did think that maybe we'd get a little bit of stability until after the show was released right but apparently not
Starting point is 00:46:18 apparently not okay well well on that note dear listeners, Jav, thank you very much for your contributions and time today. Well, you're welcome.
Starting point is 00:46:32 And Andy, thank you. Stay secure, my friends. Stay secure. You've been listening to The Host Unknown Podcast. If you enjoyed what you heard, comment and subscribe. If you hated it, please leave your best insults on our Reddit channel.
Starting point is 00:46:49 Worst episode ever. R slash Smashing Security. Either of you guys thinking of running? Well, I mean, I don't think anyone could do any worse, could they? You just make stuff up, do a couple of U-turns.
Starting point is 00:47:05 Do you know what? It's literally, I reckon? You just make stuff up, do a couple of U-turns. Do you know what? It's literally, I reckon it's just like this podcast, right? You just show up and insult the people across the room from you. And every now and then
Starting point is 00:47:14 someone else, like, you know, comes up with suggestions. But it doesn't matter if you get it right or not because you're only tanking the economy. No.
Starting point is 00:47:20 In fact, do you know what? I think the three of us together as Host Unknown should make a bid for Prime Minister. I'm heading to Westminster now. You know, I'll take Mondays and Wednesdays. Andy, you take Tuesdays and Fridays.
Starting point is 00:47:36 Jav, you take Thursdays and Saturdays. I record a podcast. Fridays don't work for me. I record a podcast. I was going to say, and we'll take every third Sunday. I mean, what the hell? Sounds mean what the hell sounds like a plan sounds like a plan we could we need to think of the people we'd hire in the cabinet to be our four people for the inevitable screw-ups oh well clulee and carol definitely yeah yeah yeah

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.