The Host Unknown Podcast - Episode 132 - The Dan Cuthbert Keynote Episode
Episode Date: December 9, 2022This week in InfoSec (11:40)With content liberated from the “today in infosec” twitter account and further afield7th December 1999: RIAA Sues NapsterThe Recording Industry Association of America s...ues the peer-to-peer file sharing service Napster alleging copyright infringement for allowing users to download copyrighted music for free. The RIAA would eventually win injunctions against Napster forcing the service to suspend operations and eventually file bankruptcy. In the end the RIAA and its members would settle with Napster’s financial backers for hundreds of millions of dollars.While the case was ostensibly about copyright violations, the bigger picture for the RIAA was also about control. The recording industry in general was caught with its pants down when it came to digital music and the Internet. They were not prepared for the sudden popularity of digital music downloads that Napster introduced and were not ready with a model to monetise downloaded music. This lawsuit, along with future lawsuits targeting individuals, was intended to squash the practice of downloading music as much as it was to recover compensation. However, the practice of downloading music could not be stopped as other non-centralised peer-to-peer file sharing services popped up in place of Napster. 4th December 2001: Goner Worm Hits the InternetDisguised as a screen saver and spread through an infected user’s Microsoft Outlook e-mail software, the Goner worm spreads through the Internet at a pace second only to the Love Bug virus the previous year. Goner was estimated to cause about $80 million dollars in damage. Rant of the Week (20:41)Egad, did Apple do something right? End-to-end encryption for (most) iCloud servicesApple says it will provide end-to-end encryption for most iCloud services, having abandoned its previously announced – and then quietly shelved – plan to check the legality of on-device photos prior to cloud synchronisation.Cupertino announced three security enhancements on Wednesday, one of which it calls Advanced Data Protection. "Advanced Data Protection is Apple's highest level of cloud data security, giving users the choice to protect the vast majority of their most sensitive iCloud data with end-to-end encryption so that it can only be decrypted on their trusted devices," explained Ivan Krstić, Apple’s head of security engineering and architecture, in a canned statement.Apple already offers end-to-end (E2E) encryption by default for 14 iCloud services, including passwords in iCloud Keychain and Health data. But the iBiz has not made E2E encryption broadly available for iCloud, preferring instead to retain access to a significant amount of the customer data on company servers. That has suited law enforcement authorities, who continue to worry aloud about being left in the dark by encryption. Billy Big balls of the Week (31:57)Brief update on last week's story: San Francisco terminates explosive killer cop botsSan Francisco legislators this week changed course on their killer robot policy, banning the police from using remote-control bots fitted with explosives. For now.On Tuesday, the city's Board of Supervisors voted unanimously to explicitly prohibit lethal force by police robots following a public backlash and worldwide media attention. Under a previously approved policy, SF police robots under human control could have used explosives to kill suspects. The droids were not allowed to use guns.States label TikTok 'a malicious and menacing threat'Two more US states have launched aggressive action against made-in-China social media app TikTok.Texas on Wednesday banned the app from government devices, with governor Greg Abbott ordering [PDF] the ban "to protect sensitive information and critical infrastructure from TikTok.""TikTok harvests vast amounts of data from its users' devices – including when, where, and how they conduct internet activity – and offers this trove of potentially sensitive information to the Chinese government," Abbott wrote.Which is tame compared to the actions and language used by Indiana's attorney-general, who has decided to sue the Chinese social media platform – twice!TikTok's Chinese analog, Douyin, contains many more safeguards – including required youth modes, real name authentications, bans on minors viewing live broadcasts, prevention of salacious material and restrictions on how long and when minors can access the app. Chinese users under the age of 14 are limited to 40 minutes of daily use, between 0600 and 2200. Users in the US have no limit and spend an average of 99 minutes per day on TikTok, according to the office of the AG."In short, TikTok poses known risks to young teens that TikTok's parent company itself finds inappropriate for Chinese users who are the same age," argues the complaint. Industry News (38:41) Gen Z Internet Users "Normalize" Cybercrime - ReportSwiss Government Wants to Implement Mandatory Duty to Report Cyber-AttacksSupply Chain Web Skimming Attacks Hit Dozens of SitesRussia's VTB Bank Suffers its Biggest Ever DDoSICO Fines Rogue Nuisance Callers £500,000UK Government Department Using Unsupported Applications, Reveals WatchdogNZ Privacy Commissioner Investigates Mercury IT Ransomware AttackPet Dog Unmasks Drug Trafficker on Encrypted ChatApple Introduces New Data Protections to Increase Cloud Security Tweet of the Week (46:07) https://twitter.com/_noid_/status/1600135215225053184https://twitter.com/jomc/status/1600637738352627713 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
tweet of the week
tweet of the week
isn't Twitter supposed to be dead by now
well
it's running perfectly fine
as far as I can see
VAU
yeah it's certainly not some kind of Nazi zombie
or something like that is it
like I said perfectly normal as far as I can see
you're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us.
And welcome to the Host Unknown Podcast.
Episodes... Oh God, I've lost count. lost count 132 i think it is isn't it 136 yes the episode number i noticed you didn't uh push that one last week
and i also noticed how badly you messed up the show last week talking about how easy it was
missing outlines you can't even get like the taglines right to certain things what did we miss what is a perfect episode besides that how many years ago in the uh
yeah completely messed up yeah and then um that's because that's your thing it's not my thing it's
your thing you just sort of said oh with content from further afield. You didn't even do the whole build up.
I mean, we say it every single week.
It's actually written in the show notes.
And you still couldn't get it.
And then on top of that, I even try to help you out with the story about the Aussie, however much it was in Australian dollars.
And in brackets, I put like, you know, so when it's in brackets, that's what I've added.
And I did the conversion to US dollars to make it a bit easier to understand and you read
out us dollars twice with two different numbers i'm like what is this show people what is this
you're killing me that's why i've had to come back i had to move the audits over yeah so and i hope you know this is yeah my missus i passed the audit with flying
colors oh wow that's so good see well the sofa now listeners listeners if you are in the market
for a good auditor whose anal go through every last you know make sure every t is crossed and
every i is dotted and Andy's your man.
Or just someone pragmatic.
Yeah, someone who's pragmatic knows it's never going to happen with these two monkeys.
So just, yeah, I can also accept that, you know, you can't change some things.
Do you know, I was out for dinner with a mutual friend of ours last night,
and she was rather concerned about your health,y oh really yeah yeah so um i mean if i
could have taken a picture of her face when i showed her a photo of you because i wasn't she
obviously realized you were half the man you used to be but when i told her it was all down to
sugar-free haribo she um she wondered if basically the laxative effect meant you shat the fat away it's possible
that is a uh that is a well-known effect of uh sugar-free haribo however i uh i moved to plant
based stuff uh you know favoring a vegan diet um ah so you're eating broccoli now uh well along with uh you know steak and protein food uh no but in terms of sweets uh i do eat
plant-based sweets so like you know they're sort of they're called jello sweets um but they're
bears made with stevia rather than um you know the sort of sugar-free stuff that haribo used
oh yeah stevia is the natural one isn't it it. And that's actually what I've got in my coffee as well. Oh, get you.
Blimey.
I know.
Blimey.
It's a whole new world.
But how are you guys doing?
Like now I've got that off my chest about if there's any listeners still here.
I mean, after last week, you know, whether they came back, it's maybe I heard the thoughts and prayers.
Please, Andy, please return.
I'm here.
Jav, can you tell that the pressure is now off Andy this week?
It's kind of like, you know,
the finger has been removed from the dike and he's gushing.
He's just blowing.
Hang on, steady on.
Enough with the smirk.
He's just like, you know, he's off on one. Basically, he's had like he's awful
basically he's had enough of being shouted at
and talked down to all week
he thought he'd have a go at us
I know
we'll let him have his playground for the week
after he's ordered at work
he's ordered at home
all that kind of thing
he's on the toilet
12 hours a day
thank god for tiktok yeah jav how are you what you've been up to this week so this week i did
spend two days in excel at black hat europe um it was a good event so i don't know if anyone went
last year where it was completely dead because
kovic was still around but um yeah you know it was it was well done so dan cuthbert done the
opening keynote and it was probably one of the better keynotes i've seen in many years
he was really well delivered um you know he's got a wonderful head of hair he's
extremely good looking i I dislike him already.
And intelligent.
Oh, I definitely dislike him.
And made some really, really good points.
And I thought, there are people like that out in the world.
What a bastard.
There are people like that out in the world.
I know.
And then I spent my time chatting to him.
He's good looking, full head of hair, intelligent, charismatic.
Not only does he have a full head of hair, intelligent, charismatic. Well, not only does he have a full head of hair,
his hairstyle is also one where he affords to shave so much of it off
because he's got that side part.
He's just got so much he's wasting it.
And he's an excellent photographer as well.
Won't somebody think of the bald people?
Now, if you haven't seen seen i can't remember his website i'll
find it out later and then we'll post a link in the show notes but he does a lot of like what's
it called photo documentary or photojournalism type of things where he goes to places but
he tells us wonderful wonderful wonderful stories just with his photography. Wow. A few years ago, he went to Chernobyl
and done a photo series there.
Absolutely hauntingly beautiful
pictures.
But yeah, anyway, he done the opening keynote.
It was really, really good.
Well, good points.
Well made, for real.
And then, yeah, the
vendor booth area was
down, so they have several floors in the ICC corner of Excel.
Yeah.
And the vendor area was downstairs.
And I have to say, Black Hat, really, it was a bit shoddy.
It was cold.
There wasn't carpet everywhere.
It was only like whichever vendors paid for their carpet areas.
And there were like these hot spots just like standing in the middle.
It was a bit
tacky for a black hat i must say it was tacky uh but uh the content was good the the conversations
were good and uh i i was standing one at one point and behind me i saw like you know stewart
winter tear and stewart colson together talking and i took a picture I said oh it's StuCon going on which I
thought was extremely extremely funny and they both laughed at it because they have no friends
apparently and but yeah now I had lots of good conversations uh met met uh Dr Jessica Barker
NFC for lunch uh one day and uh that was really good that was really good and next year, I don't know whether you saw
the tweets, but they're actually relocating
to the US
Are they?
Yes, they're going to start off at
Nevada and see where life takes them
so I did say to them
Bloody hell
Kind of a bit jealous of their
free lifestyle but all the more power to them
So also I heard you had a bit of a bit jealous of their freelance style, but all the more power to them.
So also I heard you had a bit of a fanboy moment as you left yesterday.
I did.
I did.
So you know how it is when you're as famous as me, when you're as popular as me.
You go to these events and inevitably people come up.
They're like, you know, want a hug.
They want like an autograph uh they want a selfie
selfies are the most popular ones so as i was leaving yesterday the main hall uh to come home
there's two guys outside they're like sort of asian indian maybe and uh one from saw me and got
a bit excited took a couple hurried step towards me and he had his phone in hand and it was on i
just saw on the screen he had the camera mode on so i was like thinking okay let me take off my big coat and like you know i'll get ready for the
picture he goes oh hi excuse me i said yes uh yes it is me it is me pretty much because can you take
a picture of me and my friend in front of the Black Hat logo.
You hear that big noise in the background?
That's you crashing to earth, right?
That's your ego for it.
Just out of spite, I didn't even frame the picture properly.
I just had it on one side.
Cut off the Black Hat logo.
Well, you just flipped the camera and took a picture of your own face.
That's what they wanted anyway.
They were just too embarrassed to ask.
Oh, dear.
So how was your week, Tom?
That was a Black Cat recap, which I have to admit I completely forgot was on.
Yeah, same, same.
So, yes, it's been good.
It's been good.
Busy.
I've been up here since Monday, and I'm not leaving until Saturday because of the B-Sides tomorrow.
Oh, we've got B-Sides tomorrow, yeah.
Yeah.
Yeah, are you guys coming?
I am.
Yes, yes.
What?
So we're actually going to be in the same room together?
Well, let's not say that because this podcast will go out before the event.
We don't want anyone to bomb the place and wipe out those people.
There are some jealous competitors.
There are some competing podcasts, security podcasts out there
that would love to see us wiped off the face of this earth.
They would because we're such a challenge to them, aren't we?
Exactly.
We are. We are.
And you no longer have the human shield capabilities that you once did, Andy, so we weren't going
to hide behind.
But yeah, so it's good.
I was on the Smashing Security
talking about Jealous Competing
podcast. I was on the Smashing Security podcast
this week, which was good fun,
I have to say.
So welcome
to our new listeners
from there
we've got some
we've got some
jingles lined up
for Smashing this week
just to sort of
prove how much
we live in their head
rent free
so that'll be good
and
yeah so I'm looking
forward to it
it's going to be good
tomorrow I reckon
it's going to be good
right
shall we see
what we've got coming up for you today?
Well, this week in InfoSec talks about when an MTV Music Awards presenter showed off his borrowed Metallica shirt.
Rant of the Week is checking if Apple did something right for once.
Billy Big Balls talks about the US government's attitude to TikTok.
Industry News brings us the latest and greatest security news stories
from around the world.
And Tweet of the Week is a surprisingly serious note
to end the show with.
So let's move on to our favourite part of the show,
the part of the show that we like to call...
This Week in InfoSec.
It is that part of the show where we take a stroll down InfoSec memory lane with content liberated from the Today in InfoSec Twitter account and further afield.
And this week we have gone further afield and to the point that Jav made when he looked at the show notes before the show,
didn't you just do this story?
And as Tom pointed out,
it was probably three podcasts ago for Jav
because that's how often he is missing.
However, our first story will take us back
a mere 23 years to the 7th of December, 1999,
when the RIAA, the Record Industry Association of America, sued Napster.
So the Recording Industry Association of America sued the peer-to-peer file sharing service Napster,
alleging copyright infringement for allowing users to download copyrighted music for free.
for allowing users to download copyrighted music for free.
And so the RIA would eventually win injunctions against Napster,
forcing the service to suspend operations before eventually filing bankruptcy.
And in the end, the RIA and its members would actually settle with Napster's financial backers for hundreds of millions of dollars.
And although the case was about copyright violations the bigger
picture for the RIAA was all about control because the recording industry was in general just caught
with his pants down when it came to digital music at the time they were not prepared for the sudden
popularity of digital music downloads that Napster introduced and were not in a place to monetize that ability to capitalize on that downloaded music.
Yeah, all of the early digital stuff was basically bought on CD and then ripped to digital format, wasn't it?
And then uploaded. And then, I mean, we did have the issue with, you know, Napster where people would buy, you know,
upload music renamed as something completely different.
It was very much a trust-based system.
Yeah, yeah.
Not as bad as LimeWire where, you know, everything, you know,
old programs.
Yeah, yeah, that's not really a virus.
That's not really a Trojan.xc.scr or whatever.
No, no, you can download that.
It's definitely, you know, BritneySpears.xc. But or whatever um no no you can download that it's definitely you know britney
spears dot xc um but yeah no yeah but you know i mean napsa absolutely changed the direction of
music uh and technology industries um in 1999 and it's one of those things it was it's one of
those things that was absolutely necessary at the time. Yeah.
Despite it took, you know, sort of three hours to download a song.
Well, yeah, that was another matter, though.
That was because we all had BT dial-up.
Yeah.
But, yeah, it was absolutely necessary because otherwise
we wouldn't be where we are today, right?
We wouldn't have streaming movies.
We wouldn't have iTunes.
We wouldn't have any.
Yeah, we wouldn't have any of that stuff. Was Napster was napster before no itunes was out wasn't it at this point
no so itunes actually because of um you know the amount of music that was just going on
like everything was going downloads there was what mp3 to ru as well which is a russian site
um yeah so itunes actually launched their store in apr 2003. So it was nearly four years later that Apple actually got in on the action.
April 2003?
iTunes was launched?
Yeah.
The iTunes Music Store.
But their iPods were out before that, weren't they?
I can tell you it was actually April 28, 2003.
Apple launched the itunes music store the store sells music for 99 cents a song uh for use with that price has pretty much not
changed which is interesting as well but um yeah i mean that's a whole nother issue with um
uh you know artists not getting what they deserve right you know that's yeah uh yeah we won't go
into that i remember in 2003 in april 2003 i i i was given my first ipod and it was the third
generation ipod they had two more before it the ones that had um uh native uh firewire 400
connections so i'm guessing they must have had did they how did they down
well they copied music you had to connect it to your laptop didn't you you had to use the itunes
yeah um software back in the day but you couldn't yeah but the itunes wasn't around
for the generation one and two is what i'm saying uh itunes music is yeah so i do you know what i was reluctant to
adopt apple back then i was someone that was like no it's a passing fad i had my nokia n900 i was
quite comfortable yeah with uh exactly with a linux based uh you know uh interface and you know
that i had to get a colleague to write the apps for it
because I was too tired to do it myself.
That's right.
Well, what is it?
I heard the other day we have Mac for work,
Windows for games, and Linux so we can tell people we've got Linux.
Yeah, exactly.
Oh, dear. Alas, our second story takes us back a mere 22 years
to the 4th of December, 2001,
when the goner worm hit the internet.
So disguised as a screensaver
and spread through an infected user's Microsoft Outlook email software,
the goner worm spread through the internet
at a pace second only to the love bug virus the previous year.
And the goner worm was estimated to cause about $80 million of damage.
Bloody hell.
And this one, yeah, I threw in because we just don't compare viruses
like this in the past, right?
We don't talk about this you know
not not as technically sophisticated as nimda um but you know it spread faster than lovebug and so
back then these were these were measurements of uh units of measurement that we everyone understood
uh but these days no one has a clue in terms of you know what that means unless you're there at
the time um but this was just one
of those like all the other worms that used to go around back in the day attached to outlook
um came as an attachment subject line of hi uh an email said hi how are you i saw this screen
save and immediately thought of you uh i promise you'll love it and then obviously you're in the
dot scr file because back then we would send xes to each other we would send scr files to each other
elf bowling was a classic xe that used to go around at this time of year right yeah and the
other ones um you know where you turn who timer.exe yeah or christmaslights.exe uh you know
which you'd have uh you know that go around the top of your screen and just flash all day um but yeah we got
out of those practices for some reason well here's a talking to units of measurement i did hear that
the gunner worm the the the uh damage it did in america was measured uh as i think roughly 3.5
football fields and in the uk it was about 22 London buses.
Yeah, standard.
And 17 elephants.
That's for the
Asia region, right? The India region.
Yeah. We're inclusive
here. We're global.
Yeah, absolutely.
Absolutely. I think in Australia, it was about
122 pommy bastards.
I think in Australia it was about 122 pommy bastards
Excellent, thank you, that was
this week's
This week
in InfoServe
When listeners leave the Host Unknown podcast
in favour of another security podcast
they raise the average IQ
of both audiences.
You're in good company
with the award-winning Host Unknown podcast.
I do like their metaposts.
Yeah, I think you want to put that
on the end of every single jingle, don't you, Jeff?
It just goes with everything.
So, as you have just heard,
we've got some new jingles coming.
You know, look out there.
We're coming for you.
You know it.
You know it.
You podcasts that have used the same jingles all the time.
No, we like to mix it up, don't we?
We even got one for free, didn't we, from your man?
We did.
Yep, jingle guy
he's so happy with the repeat customer he gets
and he's heavily invested in the podcast
so yeah
he did some for us
yeah your father-in-law is brilliant
right let's move on to this week's
listen up
rant of the week it's time to mother rage
so the rant this week may be that it's not a rant but it but i'm not sure i'm i'm intrigued
as to how this is going to go for me because i i am in two minds on this so uh headline egads did Headline, EGAD, did Apple do something right? End-to-end encryption for most iCloud services.
So it was announced not that long ago about Apple doing on-device scanning of images and documents
as they get loaded up to their iCloud services for CSAM, for child sexual abuse
material.
And there was a big, big outcry because there is a significant privacy issue here.
And alongside plenty of cries of won't somebody think of the children, et cetera, et cetera.
And as a result, they put it on hold.
And as a result, they put it on hold. They have officially said they will no longer be continuing with this scanning for potential CSA material moving forwards. And I've seen a lot of privacy advocates who said that, you know, this is both unexpected but welcome, which is great. And I think, you know, Apple should be lauded for listening and actually taking time to have a considered conversation about something like this.
Apple has said it's going to provide end-to-end encryption for most of its iCloud services.
So the three security enhancements, one of which it calls advanced data protection,
which is Apple's highest level of cloud data security,
given users the choice to protect the vast majority of their most sensitive iCloud data
with end-to-end encryption so that it can only be decrypted on their trusted devices.
Now, they already offer end-to-end encryption by default
for their other 14 iCloud services, blah, blah, blah, blah, blah.
But it's not generally being made available for iCloud as a whole.
So for me, the main rant here is why is
this only just happening now? It feels a little bit weird that I guess what they're doing is
softening the news here somewhat. But surely this end-to-end encryption should have been
de rigueur from the get-go, especially as it is elsewhere. So I'm a little concerned about where this is going,
what it's doing, because what it does mean, and if you go to the register, as Andy pointed out,
scroll down, look for the downvoted comments, and then you'll see where some of the snark is going
to come in. And it's basically what they're saying is that the potential is is that apple whilst they will
not sell your data uh which a lot of the other services do they do because it's end-to-end
encrypted and it's sat on one of their devices they do potentially have access to um to some
of your content because the uh the all of your content all of your content yeah yeah well
yeah basically you know so for as for the data from your email contacts and calendar for instance
you know that's a vast amount of PII that you're giving them now Apple have recently uh upped their
uh advertising game when in a rather cynical move which I think we covered a few weeks back,
where they'd spent the last year stopping Facebook and others from profiting from advertising,
which is great, and then quietly ramped up their own advertising, which I think was very,
very cynical. So for instance, with access to email, contacts, calendar, you're emailing a
friend about a holiday, you get ads for holidays.
You've got an upcoming birthday from one of your contacts,
you get a reminder of the best gift shops near you.
Next appointment with your dentist, here's a toothpaste you can use.
And the only good thing about this is that Apple will not sell your info.
They'll just use it for their own purposes.
So I'm getting a real mixed bag of emotions from this. One, I think Apple have always been
a bastion of privacy to a greater or lesser degree. For many many years they've been talking about uh you know privacy has been one of
their main selling points and in this they're you know they're they're even pushing back on some of
their own plans to to protect said privacy but then they're moving forwards with uh activities
and services that are frankly as i as i've said many times just a cynical sell to you of their and other people's services based
upon the very unique access they have to your data, despite advanced data protection, as they
rather, well, imaginatively called their new product. So yeah, a real mixed bag on this one, I think.
And I think there's going to be more to come out of this.
Yeah, I mean, basically, this is going to mean that law enforcement can't access your data anymore.
And what they've, you know, done a very good job of doing is sort of selling a story without actually saying,
well, actually, because this hasn't been in place before,
you know, law enforcement's been able to access all your data.
Yes.
Yes.
Which they have, in fairness, pushed back on on a number of times,
a number of occasions, right?
Well, they told us about the ones they've pushed back on.
They told us about the high profile.
You're right.
You're right.
They must get thousands of requests.
Yeah.
But does that also mean that, you know, various governments are going to push back against this?
Potentially. I mean, there's a reason why Huawei is more popular in China, right?
Yeah, that's right. Because they can control the platform.
Yeah. So we'll see. We this is a this is a weird one i
think there's there's there's some complexities that we are yet to to uh to reveal themselves
to be honest on some of this um and i'm gonna have a play with these you know or have a play
i'm gonna take a deeper look at this you're gonna have a play and then you're going to get back to the story and then i'm going to be it's i mean apple apple like like a lot of
the other providers they do publish their annual transparency report where they where they break
down by region the number of government requests they got for access to data and devices. So at the moment, the latest one comes from January to June 2021.
And in the USA, they received over 4,000 device requests,
710 financial identifiers, 7,120 accounts,
and 335 emergency requests.
Because that's like 100 a day, basically, isn't it yeah it's it's a lot
it's a lot but if you're in andorra uh they only the government only sent five device requests so
that's because fuck all happens in andorra
oh in belarus only one device request yeah and the rest of the audience go, where's Belarus?
Well, that's because in Belarus,
the government would actually just break your fingers
and make you open your phone.
Exactly.
They do law enforcement differently in Eastern Europe.
Yeah, yeah, yeah.
But I think, yeah, no, I think it is, it pains me to say, I think you're right in your observations, Tom.
It's a very cynical play of both sides.
And I think it's a really, for any provider out there, it's kind of a tricky position to be in where you want to be profitable.
So you want to use some of the
information you have you don't want to sell out your users you don't want to give government
agencies carte blanche access but you also don't want to be the ones that are saying well because
you didn't give access to law enforcement when they asked this many children have died yes yes so you know it's a it's it's a tightrope uh but what um going back
to dan kufbert and and his keynote at black hat he made a really good point so he grew up for a
while in in south africa and he goes uh there's apartheid and all these horrible things but there
was some rich uh streets like people were like you know there's million pound houses or whatever
and the people that lived there they didn't like poor people walking down their roads
so they implemented barriers on either side of the road so that only if you have like the key
or the key fob or whatever you could enter because you live there or you're a guest or
someone that lives there and this is a public road so technically you don't have right to do it but
because money talks you can restrict it yeah and he took that analogy to say this is kind of like
how security is today if you have 1500 pounds you can buy an iphone and you can or you can buy a
google pixel or something or a samsung which has pretty good security built into it. But as
soon as you step away from people who can afford a 1500 pound phone and the max they can afford
is like 150 pound Android device that's running, I don't know, an outdated version of Android that's
not supported. Yeah, exactly. That's where a lot of the world is but they can't afford the security because they can't
so it's kind of like this walled garden that gets higher and higher so um you know i thought it was
a really interesting sort of point there that you know it's good i think what apple do is good enough
what google do by and large is good enough but it's not good enough for the majority of people.
It only caters for like, you know,
a certain percentage of people who are, you know,
largely in the West.
Very good.
And on that note.
Rant of the Week.
This is the podcast the King listens to.
Although he won't admit it.
That was our free one, wasn't it?
No, that was the one that I actually intended to get done.
Oh, and you got the other nine done as a result as well.
You know what it's like when you're at the checkout,
and that's why they move the sweets in the checkout, right?
You pick up one.
They have.
It's really annoying.
Right, Jav, let's move over to you for this week's
Billy Big Balls of the Week.
Okay, so the Billy Big Balls of the Week.
Quick update from last week's story.
If you remember that San Francisco were proposing robots that would go in and disarm terrorists by basically blowing up next to them.
The legislators have changed course on their killer robot policy, banning the police from using remote-controlled bots filled with explosives.
For now.
So, you know, on Tuesday,
the city's board voted unanimously
to explicitly prohibit lethal force by police robots
following public backlash and worldwide media attention.
Unbelievable.
They couldn't get ED-209 back on the streets.
Are they also petitioned by
ChatGPT.
Anyway.
Robots have lives too.
Yeah, yeah.
Robot lives matter.
It's like, what's that
Will Smith, iRobot, you know,
where they just dump them in the desert.
Okay, so
the Billy Big Balls move is the US.
Again, like, you know, who else has a pair of Biggie Big Balls,
Billy Big Balls than the US government,
the country that bought you the likes of John Wayne and Clint Eastwood.
And the testicles you can hang from the back of your truck.
Yeah, truck nuts. Exactly.
The testicles you can hang from the back of your truck.
Yeah, truck nuts.
Exactly. Truck nuts.
So two more US states have launched an aggressive action
against social media app TikTok.
Unbelievable.
I know.
This is a disgrace.
Of course they have.
It is.
It's saying TikTok harvests vast amounts of data
from its user devices,
including when, where, and how
they conduct internet activity
and offers this trove
of potential sensitive information
to the Chinese government.
The TikTok app
is a malicious and menacing threat unleashed on unsuspecting Indiana consumers by a Chinese company that knows full well the harms it inflicts on its users, says AG Todd Rockita in a statement.
So one of the lawsuits alleges that TikTok lured children,
think of the children, into a digital world of sex, drugs,
profanity and other shocking content.
I'm going to have to have a word with my daughter because she's on TikTok and she loves it.
Is that because she's, you know, in this drug-fuelled,
profane- laden environment?
It is.
Or the fact that she just likes dancing with her friends?
You know, you're better off sending your daughter to a club or a rave.
Take some LSD.
She'll be safer.
LSD? Bloody hell, mate.
The 80s called and want their drug of choice back.
60s?
60s,s yeah exactly
what are the current drugs of choice then tom please ketamine for a start i mean that's an
obvious one melatonin modafinil that's what the cool skinny kids who've got the shits keep taking, apparently.
The second claim is that TikTok provides sensitive and personal data to Beijing and the Communist Party.
It's the same thing, in fact.
The lawsuit says, as a result of TikTok's predatory design,
the platform bought in more than $4 billion in revenue in 2021.
Now, I'm not even going to try and dispute any of this for now. All I'll say is conduct this
exercise. Let's go through the article again and replace TikTok with the word Facebook.
with the word Facebook.
Yeah, exactly.
Exactly.
You know, the place that encourages or allows, you know,
suicide forums to exist
that encourage, you know,
children and young people
to commit suicide.
Well, yeah, didn't they get caught
not just allowing these forums to go, like with full knowledge it was there, but didn't they get caught not just allowing these forums to go,
like with full knowledge it was there, but didn't they actually...
But pushing them.
Yeah, promote it to see whether they could coerce behaviours.
Yeah.
Yeah.
Exactly.
It's just shocking.
It's the hypocrisy and the...
Now, I'm not justifying that any company should really collect lots and lots of data and supply it to governments and everything.
I think, you know, sure, we need some controls, but at the same time, we need to apply the same standard to every organization that's out there.
This is this was one of the big issues with, you know, we Facebook has been fined so many times over these kind of things.
Google has been fined so many things. When Mudge went public whistleblowing on Twitter, everyone was up in arms.
But now, conveniently, everyone's forgotten that now because, oh, it's worse now because Elon Musk is in charge.
it's worse now because Elon Musk is in charge.
So I think it's like, yeah,
let's put our personal grievances against China or against individuals like Musk aside
and say, what are the principles we want
and what do we want to adhere to?
And then apply that blanket everywhere.
You know, it is a Billy Big Balls movie going out against it.
And I realise it's turning a bit into a rant,
but, you know, apply the same standards.
But good luck. Good luck on trying to tell all your kids in Indiana I realise it's turning a bit into a rant, but apply the same standards.
Good luck.
Good luck on trying to tell all your kids in Indiana to not use TikTok.
Good luck, governor.
Especially the ones that are government employees that aren't allowed to have it on their phones.
Yeah.
Brilliant.
Thank you, Jav.
Billy Big Balls of the Week.
big balls of the week
you're listening to the award winning
host unknown podcast
it's better than tinnitus
that's a little concerning because
that sound still hasn't gone away
no
I think it's going to take quite some time before it that sound still hasn't gone away. No.
I think it's going to take quite some time before it diminishes.
But speaking of time, what time is it, Andy?
It is that time of the show where we head over to our news sources over at the InfoSec PA Newswire who have been very busy
bringing us the latest and greatest security news from around the globe.
Industry news.
Gen Z internet users normalise cybercrime.
Report.
Industry news.
Swiss government wants to implement mandatory duty
to report cyber attacks.
Industry news.
Supply chain web skimming attacks hit dozens of sites. Industry news.
Russia's VTB bank suffers its biggest ever DDoS. Industry news. ICO finds rogue nuisance
coolers £500,000. Industry news. UK government department using unsupported applications
reveals watchdog. Industry News. New Zealand Privacy Commissioner investigates Mercury IT
ransomware attack. Industry News. Pet dog unmasks drug trafficker on encrypted chat. Industry News. Apple introduces new data
protection to increase cloud security. Industry News. And that was this week's
Industry News. Huge. Huge. I know which story we're going to first i see the mouse on there i don't even
need to see the mouse i know which one we're going to go to first
was he a good boy was he a good boy so two drug traffickers uh were uncovered by law
enforcement after they unwittingly took photos of themselves and a pet dog and sent it via the um encrypted platform uh this is the encro chat
platform which was uh cracked by um law enforcement across europe um so within that there was a
reflection of the dog uh in picture, which they had sent.
They only referred to themselves by pseudonames,
so police had no idea who they were.
But they were able to zoom in on the pet's tag to reveal the phone number they're belonging to.
Please tell me they said, zoom in, sector 327.
Magnify.
Enhance.
So, yeah, yeah they were convicted along with
several others for plot to send 448 kilograms of mdma worth 45 million pounds to australia
wow so these guys that's the other great choice jav mdma yeah these guys went through great lengths
to ensure their plot was successful. They thought they were safe.
But my officers did a superb and painstaking job of building evidence against them
through a mixture of traditional and modern detective skills.
I did a great and painstaking job of calling a phone number.
Yeah.
I mean, it's a brilliant story. It it's a brilliant story it just does go to show
it's it's almost a shame that they have to or not have to talk about it but they do talk about it
because there's going to be people well people are going to be a little bit more wary now but
it's it's so good i love it I love it. I love it.
What else have we got? So ICO fining rogue nuisance callers,
probably a very small amount of money that they make from making those nuisance calls.
I feel like we see this story every couple of weeks.
Yeah.
There's always someone somewhere being fined not a lot of money i think is what it comes down to yeah so i'm looking at a report about gen z internet users normalizing
cyber crime uh and it says that a large proportion of young internet users are engaging in some form
of cyber related crimes including moneyuling, digital piracy,
and posting hate speech.
Oh, so they're actually doing it.
They're not just accepting that cybercrime happens.
They're actually going off and doing the cybercrime.
No, according to this survey of 8,000 16 to 19-year-olds,
half engaging behaviour considered to be criminal
in most jurisdictions
holy shit
75% of this
is from Spain
which is a country which has the highest proportion
of cyber deviancy
a blend of criminal and risky behaviour
yeah
so majority of the
definition of something that
breaches legal
it's a bit like those kids that do parkour
where they run over on rooftops and everything.
You know, it's like, yeah, it's illegal, you're trespassing,
but really, are they really intending to do anything bad?
No, they just want to make more videos.
That's how it starts, Jav. You justify the crime.
See, like I've said, Jav always sides with the criminals.
He's going to be talking about
a parkour cyber gang next
week on Billy Big Balls.
They're running with raspberry pies
in their back.
They're going to be like that.
Oh, dear.
It's not like
we've done the Apple story. Do you you know what i think we're getting to the
point where we're going to need a holiday do you know what i mean because all the new stories are
blending into one it seems they are so uk government's using uh aging technology and
it infrastructure and unsupported applications is anyone surprised is there any company that doesn't have this on
their risk register windows xp windows xp the greatest of all time operating system
we all know that every cso knows that yes. The Swiss government has asked Parliament to amend the Information Security Act
and make it mandatory for critical infrastructure providers
to report cyber attacks to the National Cyber Security Centre.
Nothing wrong with that.
I mean, it kind of makes sense, right?
Yeah, yeah.
I'm surprised that critical infrastructure providers
don't already have that.
Or is it like the Indian one where they have to report it within two hours?
Yeah, yeah.
Even if it's someone like pinging, it's like you need to report it.
Yeah, port scans.
Yeah, yeah.
No, that's what I thought it was going to be like.
And then I was like quite disappointed.
It's quite a sensible suggestion.
Which is what I'm saying.
This isn't news.
This is just stuff that should have been done anyway.
You know?
Yeah.
I have a feeling that all their reporters were at blackout this week.
Yeah.
Yeah.
Exactly.
So on which note, that was this week's...
Industry News.
industry news people who prefer the smashing security podcast over the host unknown podcast
are statistically more likely to enjoy the harry and megan documentaries read into that what you
will it's true it's very true okay it's time
for
this week's
Tweet of the Week
and we always play
that one twice
Tweet of the Week
please tell me Andy
that given
you know
the world's
moved to Macedon
that you
you got a
a Toot of the Week
jingle made
I didn't
no I'm not doing that
I do not believe
people will be
leaving Twitter
and I deliberately yeah but we've got to get stories from everywhere I will made i didn't know i'm not doing that i i do not believe people will be leaving twitter and i
deliberately um yeah yeah but we gotta get stories from everywhere i will turn around bend over and
play you a fresh tune but i do not believe we should be wasting money on a two it's not going
to take off it's not a thing it's a thing how much did you spend for those nine jingles? I shall not reveal finances on this show until I've submitted my end-of-year tax returns.
It was low double figures, wasn't it?
It was low double figures.
Yeah, okay.
So if there's somebody out there who'd like a Toot of the Week jingle made
so that we can talk about Macedon stories, then send
us £2.50 and we'll talk.
Anyway, over to you, Andy.
People repost them on Twitter anyway because
they're still not willing to cut the umbilical.
This is true.
This is true.
Just find the Twitter link and we'll
refer to that.
Anyway, do you know what? I was going to do a serious one,
but I think I'm going to jump straight into a non-serious one.
So our tweet of the week is from fiendishdoctornoid.jpeg.exe.
And he says, next time you feel like you have imposter syndrome,
remember that there's a fintech out there who laid off their entire security
staff and didn't even bother to ask them what they were working on before showing them the door.
What?
Hang on, did I miss that story?
You guys are kidding, right?
This is like a whole.
No, I'm not even going to go there.
Two thirds of our audience don't know what's going on. whole... No, I'm not even going to go there. No, no, go there.
Two-thirds of our audience don't know what's going on.
This is like... You know what's been going on
at Twitter, right? Twitter's not
a fintech.
This is probably talking about one of those
crypto exchanges or something, the big one
that went...
I mean, don't get me
wrong. Funny, funny tweet. I'm not sure who they're talking about one that went I mean don't get me wrong funny funny
tweet I'm not
sure who they're
talking about
though no
Twitter's not
fintech
it can actually
apply to a lot
of companies
oh no
is it is it is
in the in this
case is fintech
is it describing a company that makes uh
pretend shark fins for swimmers to wear in the sea yes it's uh yeah prosthetic uh
fins for um you know for disabled sharks yeah who've been violated by uh people who consume
their fins in soup and things like that so So I think this is a good tweet.
It would be better as a toot, I'm just saying.
But it's a good tweet.
It just doesn't make sense because we don't know who it is
because we can't point and laugh at them.
That's the problem.
You should have gone with your serious tweet, Andy.
You just, like, failed on this one.
Yeah, do you know what?
I'm actually thinking right.
You know what I did?
Yeah. He's also thinking about not turning up next week and leaving us to failed on his way. Yeah, do you know what? I'm actually thinking right, you know what I did? Yeah.
He's also thinking about not turning up
next week and leaving us to it, I think.
I try, right? Do you know, it's
I know it's a lost cause. I turn up
every day. I get up, I look in the mirror
and I say, right, how are these arseholes
going to fuck up my show this week?
No, I turn up
every week thinking I can rescue it.
Are we still doing it?
Yeah, and I say, look, do you know what?
Maybe this week's the week they do it differently.
Maybe this week's the week they just roll with it.
Maybe this week's the week we make it big.
That glass is always half full.
There's nothing in it, but I look at it and I say it's full.
there's nothing in it but I look at it and I say it's full
he's reaching for his full sugar
Haribo right now I can see
it's a skill
it's a natural God given gift
that was this week's
tweet of the week
and
if there's any paramedics out there who can attend a scene this week's Tweet of the Week and if
there's any
paramedics out there
who can
attend a scene
in
South East London
for a
heart attack
I'm not angry
I'm just disappointed
oh man
hilarious
right
I'd like that tweet.
But, right, so...
LAUGHTER
We've come to the end of the show.
I hesitate to think what's going to come out next.
So, Jav, thank you very much for your time today, sir.
You're welcome. I really enjoyed it.
I think winding up Andy is actually more fun
than winding you up, Tom.
He's so much more eloquent in his defence than Spurs.
And Andy, thank you very much.
Stay secure, my friend.
Stay secure.
You've been listening to the Host Unknown podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
Worst episode ever.
R slash Smashing Security.
Breathe, Andy. Breathe.
I think we've done a good job today. We didn't mess anything up.
We didn't. We didn't.
Well, I mean, Andy lost it at the end,
obviously. I mean, we maintained
our composure throughout, but, you know,
Andy, he just...
I don't know.
The professionalism slipped.
The masks slipped.
Yeah.
The patients of a large hospital.