The Host Unknown Podcast - Episode 134 - Happy Birthday The Duchess of Ladywell
Episode Date: January 6, 2023This week in InfoSec (07:15)With content liberated from the “today in infosec” twitter account and further afield3rd January 2009: The Genesis of BitcoinThe pseudonymous Bitcoin creator Satoshi Na...kamoto mines the first 50 bitcoins, now known as the Genesis Block, six days before the initial release of the bitcoin software and launch of the cryptocurrency network. Bitcoin has become the de-facto digital currency, popular for its decentralized approach because no single entity can control, manipulate, or deactivate the currency and transactions can be highly private yet still remain secure.1st January 2000: Y2K Comes and GoesAfter years of hysteria regarding the Y2K bug, the world’s computers begin using the date 2000 with no major catastrophes. There is still debate whether the “Year 2000 Problem” was overblown by the technology industry or if the frantic updating done by armies of software developers leading up to Y2K averted disaster. I tend to lean towards the latter.Wrap up of the year:https://www.computing.co.uk/news/4061865/cyber-computings-biggest-security-stories-2022 Rant of the Week (17:02)ChatGPT banned in NYC schools over learning impact concernsThe NYC Department of Education has banned the use of ChatGPT by students and teachers in New York City schools as there are serious concerns about its use hampering learning and leading to misinformation.The organization manages the largest school district in the U.S., so others might follow with similar decisions.ChatGPT is a next-gen chatbot optimized for dialogue-format user interactions, released by OpenAI in November 2022. The chatbot has been very disruptive for several disciplines, including programming and essay writing.Another field that AI-based chatbots like ChatGPT are expected to revolutionize is internet searching, as those tools can provide richer answers to search terms and allow users to find what they're looking for using natural language.Microsoft is reportedly planning to integrate ChatGPT into Bing to give its search engine an edge over competitors like Google Search.NYC Dept. of Education is worried about the information that ChatGPT may convey to students, specifically the safety and accuracy of its answers. Moreover, the organization fears young students will grow complacent and lack the necessary skills to evaluate information. Billy Big Balls of the Week (27:01)WhatsApp adds proxy support to help bypass Internet blocksWhatsApp now allows users to connect via proxy servers due to Internet shutdowns or if their governments block the service in their country.The new proxy support option is available to all users running the latest WhatsApp iOS and Android applications.WhatsApp said that connecting through a proxy will maintain the messages' privacy and security as they will remain protected by end-to-end encryption.This ensures that they can only be read by you and the recipient, with no one in between, like the proxy server, Meta, or WhatsApp, being able to access their contents.[All this while the outcome of their use of personal data on WhatsApp in Ireland is still awaiting a decision from the courts after they were fined €390 million ($414 million) for misuse of data from Facebook and Instagram]"Using a proxy doesn't change the high level of privacy and security that WhatsApp provides to all users. Your personal messages and calls will still be protected by end-to-end encryption," the company said on Thursday."Our wish for 2023 is that these internet shutdowns never occur. Disruptions like we've seen in Iran for months on end deny people's human rights and cut people off from receiving urgent help," WhatsApp said."Though in case these shutdowns continue, we hope this solution helps people wherever there is a need for secure and reliable communication." Industry News (38:39)LockBit Hands Ransomware Decryptor to Kids' HospitalNHS is Most Scammed UK Government "Brand"General Electric Insider Handed Two Years for IP TheftRail Tech Giant Wabtec Discloses Global Data BreachMeta to Appeal €390m GDPR FineCops Catch Serial Child Abuser After Tech BreakthroughOver 200 Million Twitter Users' Details Leaked on Hacker ForumFive Guys Discloses Data Breach Affecting Employee PIIHackers Leverage Compromised Fortinet Devices to Distribute Ransomwarehttps://www.bbc.com/news/uk-england-gloucestershire-63637883 Tweet of the Week (45:53)https://twitter.com/igb/status/1611057796606488577 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
so Dana White
who's the president of the UFC
and you might have seen, heard this
he bought this
is this a wrestling thing?
UFC, Ultimate Fighting Championship
cage fighting, mixed martial arts
yes
completely different Tom, completely different
keep up Boomer
do they pretend?
he bought this organisation called Power Slap.
Are these the guys that stand either side of a table and you get one slap?
Exactly.
Yes, yes.
They stand either side of the table and you've got a handle on the table you've got to hold on to, I think, and what have you.
And you just slap.
And it is just brutal.
Yeah.
The women's one is even like, you know.
You can lose teeth just by getting slapped.
Yes, yes.
And then on New Year's Eve at a party, he was filmed.
Him and his wife are talking about something.
She slaps him and then he proper slaps her and knocks
her out as well and now i think that they're just removing all mention of power slap because every
time you search for it it comes up with dana white power slap and it's not about the organization
it's about him and his wife like slapping the shit out of each other oh man i didn't know he
owned it yeah he just recently just recently i've seen loads of those videos. Some of them hysterical.
Obviously, we don't advocate, you know, slapping your wife around.
That's a horrible start to the year.
It's fireworks, man.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you're joining us.
And welcome to the merry new year episode 134.
138.
That's gone up by one.
Of the Host Unknown podcast.
Welcome one and all. Welcome dear podcast. Welcome, one and all.
Welcome, dear listeners.
We hope you are well.
We hope you had a lovely, restful break and a lovely new year.
Many of you will have been celebrating Christmas.
Many of you will not.
Many of you have just been enjoying the days off.
So, yeah.
Jav, what did you get for Christmas?
Oh, nothing.
He doesn't celebrate Christmas, man. He doesn't celebrate Christmas, man.
I don't celebrate Christmas, exactly.
What? You don't celebrate having two days off in a row for free?
No, nothing's for free. Nothing's for free. Although I was filled with hope and optimism when New Year struck.
Well, actually, I was sleeping,
and then I was rudely awoken by the fireworks at midnight because let's all be honest you had no scheduled destinations for that day
you knew something was amiss
no no you know the new year, what is it?
It's nothing more than a false promise off a false start
and a chance to make things better.
But, you know, the truth is I'm just still here with both you Muppets.
So if you don't celebrate Christmas,
I'm guessing you don't want your Christmas present from me.
No, I respect your wishes and your culture.
I don't want to be offensive towards
you.
Oh, dear.
But did you have a good... You had a good break, though?
Not really. Well, yes, I did.
Come! Bloody
humbug!
Throw us a bone here, man. We're trying to keep it...
No, no.
Why should I?
You know what?
It's like I was off and the first day I was just lying there with my feet up and my wife
comes up to me and goes like, you're off for a few days.
I go, yes.
Well, remember I mentioned to you that we wanted to repaint all the bedrooms and get
new flooring in.
No, I don't remember that.
We agreed this.
We had this conversation.
Oh, did we?
Off you go to B&Q, buy some paint and start painting so um yeah it was a a lot of days of
hard manual labor sounds like cooking the Christmas dinner right yeah something like that
Andy I hope you had a slightly more pleasant one than that
uh well it's certainly less uh depressing than that one i'll tell you that one i mean
obviously you know i did far too much eating far too much uh enjoying myself gorging
have you all the party food comes out have you reinflated to your original sizing
do you know i can tell you during december i put on 3.1 kilos what yeah all right so i mean
i went i went big in december i sort of you know starting with the food markets by the office
um like the dirty fries which they had the korean fried chicken loaded with like the whole like the
full works i didn't worry about it i was just like enjoying myself that's what it's here for
and then obviously cheese and biscuits every day and you know i've got like the biggest turkey um so i'll get them
fresh every year from this place and you never know how big it's going to be they just guarantee
it's going to be enough to feed like however many people you want what she said
yeah it was just fantastic no i enjoyed it enjoyed it. Nice bit of time off.
Nice and quiet.
And how about yourself?
How was your Christmas?
Yeah, very good.
Very good.
Lots of Lego, which is always a bonus.
So Christmas with my mother and then New Year's with my mother and the kids. That was nice.
It was Duchess of Ladywell's birthday on January 1st.
So we went out for a
tea which is very good so yeah yeah it was really nice and then it was only a three-day week this
week but blimey it's come back with a like a slap around the face isn't it and you say i'm depressing
like a power slap.
Wow.
Well, happy birthday to the Duchess of Ladywell.
Yeah, I do listen when you start talking about your semi-naked men wrestling.
What's wrong with that?
Nothing more manly than seeing semi-naked men wrestling.
No, this is true.
I mean, I'm up for it. That sounds like a Tuesday night.
Right.
Shall we see what we've got coming up
for you today?
Well, this week in
InfoSec takes us back to the
origins of the de facto
digital currency.
Rant of the Week discusses knee-jerk reactions
to everyone's favourite
AI chatbot. Billy Big Balls is either a feature for good or a tool to capture more data
en masse, and I'm sure Jav will be defending the criminals in this case. Industry News brings the
latest and greatest security news stories from around the world, and Tweet of the Week
is a new executive position in the world of cyber.
of the week is a new executive position in the world of cyber.
So let's get cracking, shall we, to our favourite part of the show, the part of the show that we like to call This Week in InfoSec.
it is that part of the show where we take a stroll down infosec memory lane with content liberated from the today and infosec twitter account and further afield and this week we
have gone further afield and our first story will take us back a mere 14 years to the 3rd of January 2009.
The genesis of Bitcoin.
Yes.
Yeah, I know.
So that pseudonymous Bitcoin creator Satoshi Nakamoto
mined the first 50 Bitcoins, now known as the genesis block,
six days before the initial release of the Bitcoin software,
which ultimately led to the launch of the cryptocurrency network.
And obviously, since then, Bitcoin has become the de facto digital currency,
obviously, originally popular for its decentralized approach.
And this whole idea that no single entity can control, manipulate or deactivate the currency in transactions.
And obviously, because people think it's
highly private and still
remain secure.
Which is not true, is it?
Well, I think, you know, it's not entirely...
It can be traced, can't it?
Yeah, I think, yeah, there's more than
just, you know, out of the box.
This is safe out of the box.
Yeah, yeah, yeah. And no single
entity can manipulate it other than when Elon Musk tweets about a particular coin. Yeah, yeah, yeah. And no single entity can manipulate it
other than when Elon Musk tweets about a particular coin.
Yeah, that's right.
Yeah.
I bought Dogecoin because of that Muppet.
Serves you right.
Well, I don't know.
That's like Pop calling the kettle black
in that statement you just made there, wasn't it?
You took financial advice uh from uh yeah this was a couple
of years ago in my defense you know when he was still kind of like slightly tony starkish
he'd only he'd only called people pedos once or twice at that point
when he hadn't lived long enough to become the villain at that point yeah that's right that's
right it was his origin story so back in 2009 and going into 2010 uh myself and a couple of guys at
the company i was working at we probably had between us at the time maybe 150 odd bitcoins
back then yeah so we were quite lucky
that we were doing this data center migration
right and
a few spare CPU cycles
not just CPU we had the power
as well right
24-7 power
dedicated so we had this
third data center that we obviously
probably took a bit longer than we should to shut down
all these graphics cards were running you know that way yeah we absolutely need all the
developers need these graphics cards um we just loaded them up we had all these miners in these
racks in this data center in maidenhead and it was you know it was just mining for it but we
lost them in uh one of those exchange hacks that occurred. What? Seriously?
Yeah.
And I did sort of suspect one of the other guys at first.
I was like, no, man, that didn't happen.
But, you know, back then it was probably, you know,
we were talking about hundreds of pounds rather than millions that would have been in these days.
But, yeah, don't cry over spilt milk.
I mean, there's no way I would have helped.
Even if we did still have them, there's no way I would have helped way you'd have bought a pizza with them or something yeah exactly i wouldn't have
held on to this for this long like you know once they'd been worth you know oh we can get 100 quid
for this right yeah sell out in 2012 um yeah but yeah alas that was uh yeah good times but it's
obviously still bitcoin still around it's obviously it's one of its uh lowest points for now um it may or may not come back uh i work with someone now
whose husband is actually um he works for one of these cryptocurrency trading firms um and it still
sounds like a great gig you know it gets uh quarterly bonuses and you know highly paid and
is there that much money to make it well this is it currency now
i don't know how they're making money yeah like it's a gamble right it's falling out of that
market but yeah it's still a obviously a big deal uh yeah this stuff's still going on my job i guess
i guess they've got the over 60s now to rinse yeah there's still more yeah you've heard of cryptocurrency this is the latest one
yeah buy into my solana coin which i've managed to buy a shitload of at their peak
what about your your cummies did they have they they're not doing too well
no they haven't reached the moon just yet i mean once they can get into a format where it makes it easier to sell i'm gonna
sell them like it's so i mean when i bought matter install some browser extension get on some other
network and just like it's just such a hassle whereas some other network you mean the dark web
uh no it wasn't even the dark web it was yeah it's basically i'm sure a proxy could have done it
easier like it really is so convoluted.
And this is why I think, you know,
there's been low adoption with some of these things.
Yeah. Oh, yeah.
But yeah, alas.
So let's take us on to our second story,
which let me see if I can work this one out.
It takes us back a mere 23 years to the 1st of January 2000 when Y2K comes and goes.
And also, I'm not talking about the wrestler Y2J.
This is after years of hysteria regarding the Y2K bug,
the world's computers begin using the date 2000 with no major catastrophes.
And there's still debate whether the year 2000 problem was overblown
by the tech industry um or if the work that was done in the run-up um to y2k by the armies of
software developers actually averted any disaster um i think it's a bit of both i think it's a bit
of both because there was a lot of work done to make sure things were okay there was a lot of
people that made a lot of money i don't know there's a lot of work done to make sure things were okay. There was a lot of people that made a lot of money. I don't know if there's a lot of work done.
I wasn't one of them.
No, me neither.
I did all the work beforehand.
But we did have a server that went down over Y2K
and would not come back up.
But was it just some guy that was fed up with the server
and just said, like, this is a perfect excuse?
Do you know where?
Well, no, because I was that guy, if you see what I mean.
Oh, okay. But the fact was we left it down for the day and nobody said anything
and then the next day nobody said anything and the next day nobody said anything so in the end
it was like i think we'll be all right yeah and that happened a lot back then right just switch
that's a common thing right who owns this machine don't i switch it off see you complain
yeah oh no one complains oh there we there we go. Yeah, so not needed.
Yeah, so I was working at a credit reference agency
coming up to year 2000,
and they had...
This is a US-headquartered one,
and they paid, obviously, a shitload of consultants to come in.
There's one guy that's really annoying.
Sitting in our office,
he's always unplugged the fax machine to plug in his uh modem uh so he could dial out i know it's so
frustrating when he did it and he's always like that's right the fax is all back up and they'll
come through when i plug it back in um but he was a y2k consultant i know it is just a complete
obviously you know year 2000 i was about four old, so I couldn't complain too much.
But I remember just going into PC world as well
and just literally going up to computers,
setting the date to 1159, 2359, 1999,
just watching it hit midnight.
So the computer still works.
Everything's fine.
Yeah.
I just thought that's a really easy way to test.
I still, to this day, don't know what they did to fix it.
Nothing.
Turned it off.
Exactly.
Yeah.
I remember we had a Lotus Note 7 because we had no development
of test environments or anything like that.
So as part of the test one weekend when we were testing it all,
I just rolled it over to 2,000 and it was fine.
It kept on running, rolled it back.
And then there was this glitch for the next two months,
this date glitch that would not go away.
And I was like, I bloody hope this goes away on January 1st, 2000.
And it did, so it was fine.
One of these problems has solved itself.
Yeah, exactly. Leave it, it, you know. One of these problems has solved itself. Yeah, exactly.
Leave it, it'll be fine.
I mean, it wasn't catastrophic by any means,
but, you know, dates weren't showing properly
and stuff like that.
It got itself in a little bit of a tizz.
And do you know what?
Even a reboot didn't fix it.
Oh, unbelievable.
Yeah.
Note, say.
Was that your other ideas then?
Time to call these consultants?
Time to escalate to fourth line
or go back
to the
manufacturer
I switched
it off on
everything
oh dear
brilliant
thank you
for that
mathematically
challenging
this week
in
infosec
this week in InfoSec.
This week in InfoSec.
This
is the EasyJet of security
podcasts. Let's be honest,
your cheap ass couldn't tell the difference between
us and a premium security podcast
anyway.
That's a good one. That's good i like that one yeah i like that we might have
to change our corporate colors to orange and white all about the branding it's all about the branding
right shall we move on to the angry part of the show the part of the show we call... Listen up! Rant of the Week.
It's time for Mother F***ing Rage!
So this story, if nothing else, just says how quickly the world is moving
because I first heard about ChatGPT when I was last on the Friends of the Show Smashing Security podcast,
which was not that long ago.
It was only about four weeks ago or something like that.
It's every other week for you, isn't it?
If they can't get a guest, they just call up.
They scrape the barrel.
Let's be honest.
They scrape the barrel.
And when that barrel's empty, they come to me.
To help for the opening of a packet of crisps, old Langford.
And an envelope
um but um so yeah it was only a few weeks ago maybe six tops something like that that i first
heard about chat gpt because friends of the show graham mentioned it as his um pick of the week and
was playing about you know not pick a week sorry as part of his story and he was talking about how
actually very good it is and he he was asking chat gpt if you know, not Picklewicks, sorry, it's part of his story. And he was talking about how actually very good it is.
And he was asking ChatGPT if, you know, its opinions about human beings.
And basically it said it was going to take over the world and destroy everybody and all that sort of stuff, which is great.
which is the artificial intelligence conversational and writing text bot.
So you can give it some prompts and it will write something for you.
So tell me about the Host Unknown podcast and it will talk about,
it will give you a whole spiel as if it's written by a human,
very florid writing in some cases and it's very um it's it's quite difficult to distinguish it's it's um it's it's
very very good so i only hearing about it sort of six weeks ago and it's already been banned
it's already been banned so it's been banned in new york city schools over learning impact concerns would you
believe um because they're worried the um department of education in new york city have
said they've got serious concerns about it's just hampering learning and leading to misinformation
is this particularly around geography lessons like i think americans are
yeah yeah exactly so as they say a much better description of it maybe if i'd read ahead in
the notes i could have described it as this chat gpt is a next-gen chatbot optimized for dialogue
format user interactions uh it was released in open ai in november 2022 so yeah i was right that's right
very soon the chatbot has been very disruptive for several disciplines disciplines including
programming and essay writing and that's true so we you know we what uh graham was talking about
is you can tell it to write code for you you can tell it to debug code for you you know it's it's
early doors on it it's it's not perfect but it's only
going to get better obviously and it's going to be you know it's its ability to use natural language
is fantastic but the fact that within weeks weeks of something like this coming out it's been banned
immediately in schools now this this reminds me and we were talking about this just before earlier before we
went on on air was this reminds me of uh you know when the internet came out because when i when i
was at university um we we did well we had it was pretty much what was left of the arpanet at the
time but um there was not a lot of content on there. That all came later. You were still passing notes around on paper.
Yeah, not far off, not far off.
It was all terminal-based, let's face it.
And so the ability to use the internet to write essays for you
was very, very limited, but it didn't take long for that to change.
And so what happened was universities were finding that uh there was a huge amount of of cheating
when it came to essays and people were just copying and pasting from the internet and it took
them a little while to catch up but now there's loads of tools available that show if somebody is
you know cutting and pasting and you know their text and it will check sources automatically and all that sort of thing
it didn't take them to to ban it and then just turn turn their back on it and ignore it to address
it they sort of use the same tools to um you know to to work to make sure it was used properly
so similar with this it's like okay so students are using chat gpt to write their essays
for them what do you think the teachers are doing when it comes to marking essays i'm sure that
they're popping these essays through um this this chat bot and saying check for grammar and spelling
mistakes and then boom they're done you know so it just this this standard knee-jerk reaction to tech you know oh technology
bad you know why i don't have time to move to round wheel this square wheel will do for now
type thing so yeah it's it's bizarre that within weeks quite literally weeks um you know six weeks or so that an education department has immediately uh
banned it rather than actually doing a study into investigating how it might work how it might
benefit the school system how it might benefit teachers how it could be used you know more
sensibly which i think is is probably a you know not a bad thing, right? So, yeah, very, very disappointing in this kind of...
Come on.
You're talking about America, the land that gave you prohibition
because they know how banning stuff actually makes a big difference,
doesn't it?
Well, we're talking about any country that bans anything, right?
Yeah.
Well, you know, it just...
Bring back opium dens, I say.
This reminds me of like being in
school and like they they used to do a lot of i don't know whether they still do it in schools
but you know mental times tables you have to know up to your 12 times table and everything
yeah don't do that anymore what's 12 times nine is like i don't and then mr morgan who's our head
teacher who also used to do like our maths sort of group as well.
It's 108, by the way.
Yeah, oh, thank you.
And he'd be like, Javad, you're not always going to have a calculator to your hand.
You must know this, like stuff.
And now I wish I could go back and say, see this phone in my hand.
I do always have a calculator in my fucking hand, you bigoted prick.
Why was he bigoted i don't know i just like it just uh my dad actually referred to him as a bigot once in a in a parent teacher meeting
i'm guessing your grades didn't improve immediately after that.
Wow.
So, no, I think you're right, Tom.
I shouldn't say that.
We start in the new year like that.
No, no.
New year's resolution.
Agree with Tom more.
No, it's just like you say.
There's new technologies out there find ways for embracing
it and using them for the best benefit if you just try and sweep it under the rug and pretend
like it doesn't exist yeah running scared from it yeah yeah um and you know you you probably
remember the day i mean i remember the days when like um we we didn't have like internet access
from the desktop and only in the in the office then, like, you had to submit a special request to get that approved or external emails.
And now it's just, yeah, sure, we've got Google on our desktop.
You still need to know what to ask it.
Yeah.
Like, you know, but, you know, how do you write a security policy or can you review this third-party assessment document for me?
But, you know, you need to still know what to ask.
And that's what we need to get people better.
Why are we wasting our time trying to get kids to learn pointless stuff when the technology has moved on?
Yeah.
So there's two things on this one which are interesting. So one, obviously Microsoft is reportedly planning to integrate
chat GPT into Bing in order to make it a more powerful search engine
than Google.
Is that a countdown to making Bing a Nazi or something like that?
Well, potentially.
You know, get their history in this.
But secondly, there was someone who, I've got to send you a link before,
someone spent New Year's building GPT-0,
which is an app that can efficiently detect whether an essay is chat GPT
or human written.
Boom, there you go.
Six weeks, chat GPT is launched.
Four weeks, someone's built something to see if chat GPT is in use.
Yeah.
So I think, yeah, this is like what you're
gonna do you're gonna bang b ban beam um sorry yeah but a beam hey gotcha wise guy yeah
yeah so i mean you can't ban search engines or what's the point you're just gonna start
taking the internet away from people yeah yeah i know utterly
bizarre utterly bizarre i don't know right well we're all in agreement on that one i'm glad to
hear so uh that was this week's rant of the week you're listening to the award-winning host unknown podcast like a real security podcast but lighter
so true so true right let's move to the next part of the show now now that we've got jav
woken up and wound up let's get him off onto this week's yes um haven't done a section for a while and now all of a sudden i felt like oh i'm on stage
the spotlight's on me i'm a bit nervous anyway uh this week's uh bill Big Balls comes courtesy of WhatsApp.
And the head of WhatsApp in Meta, Will Cathcart, tweeted out, Happy New Year.
While many of us celebrated by texting our loved ones on WhatsApp,
we kind of forwarded the same message to everyone.
Let's not get ahead of ourselves.
There are millions of people in Iran and elsewhere
who continue to be denied the right to communicate freely and privately.
So today we are making it easier for anyone to connect to WhatsApp using a proxy.
So that is the, I suppose a billy big balls move when a private company is ready to take
on entire nations and their their internet censorship um sort of regime um so yeah you
can now allow whatsapp well whatsapp is now allowing users to connect via proxy servers. So, you know, if you're
in a country where they block WhatsApp, you know, you can use it. Apparently, your messages will
still be kept safe and secure with end-to-end encryption. So no one, not even the proxy server,
Meta or WhatsApp can access their contents and hopefully not even law enforcement or the government.
Actually, you know what? I think this is what I'm thinking.
I think it's a Billy Big Balls move.
But as an Iranian citizen, do you want to be caught running a proxy or WhatsApp on a proxy?
The consequences could be worse, I think, than if you're just plainly talking using
their official apps but anyway um you know you can do that you can they've got some guides out
there how you can set it up for others you know for your friends and family and and what have you
uh the the default disappearing messages are there um And all of these improvements came after WhatsApp had to backtrack
on their earlier decisions to restrict some features
or delete user accounts.
So apparently they now have over 2 billion people
from over 180 countries using the platform.
using the platform. So, you know, I think it's a good move, I suppose, on one part, but also I think it's, I'll take that back. It's not a very good move. It sounds good. It gives you good PR,
but if you're living in one of these countries and you're caught using one of these things,
you're probably not going to be looked on favorably.
Secondly, now let's play a little thought experiment here with Tom.
What if we say let's ban TikTok here or let's restrict its usage
and then China comes out and says, for all you budding, you know,
TikTokers out there, we've introduced this proxy that allows you
to bypass your government's restrictions.
How would you feel about that?
Tom's probably gone to go get a package.
He's fallen off his chair.
You know what?
I was worried there.
No, I was on mute, actually.
I was worried there for a minute that once again you were going to be
supporting the bad people in this story.
Because Jav coming out in favour of Facebook and Meta,
it's like, oh, man, not a good thing.
But I'm glad I agree with you, Jav,
and I'm not ashamed to admit it, unlike you.
Wow.
Despite the email that you just sent to my mother
a little while ago,
saying that you were going to be deliberately arguing
with me on the podcast.
Wow.
Do you actually get a copy of all the emails
that your mother gets?
He set it up.
Of course he does.
No, she just forwarded it to me.
Listeners, if you're wondering what was going on there,
just before Jav said, oh, I meant to email the Duchess of Ladewell a
happy new year.
And then he only went and did it.
And then my mum's replied and then copied me in on a response.
Oh, can I read out the response?
It's so nice.
It is, actually.
Yeah, go on, then.
You read it.
Say I'm better coming from you.
So I sent, like, dear Mrs. Langford, happy new year.
May you have a wonderful year, blah, blah, blah.
May it be filled with happiness despite the disappointment of a son you have.
And, you know, but at least his heart's in the right place and she's replied saying
uh javad thank you for your new year sentiment sorry to tell you
that tom is not the disappointment you think you think
he fulfills my belief that there that there is no point in breeding them if they are not useful.
Tom has proved himself more than useful for many years.
You missed a word there.
Well, Tom has proved himself more than useful.
More than just useful.
More than just useful.
You know, I'm sure your mother's used chat GPT to reply.
Not least on my birthday, when I not only received an Apple MacBook Air laptop,
but was taken with the grandkids for afternoon tea in a London hotel.
Perhaps you should...
Next sentence.
...celebrate...
Perhaps you should celebrate knowing and learning from Tom.
The shade is strong with this one.
I was going to say, yeah, attack it.
What did you get your mum for Christmas?
Oh, man.
What did you get your mum for Christmas?
Sorry, it's breaking up.
Okay, let's move
on to the next segment run the jingle tom billy big balls of the week
when listeners leave the host unknown podcast in favor of another security podcast
they raise the average IQ of both audiences.
You're in good company
with the award-winning Host Unknown podcast.
Joe, I can't work out if that celebrates our listeners
or throws some serious shade on our listeners
or celebrates us.
Do you know what?
The logic on that one is lost on me.
I'll tell you what.
When you go across to smash insecurity,
we realise what that's trying to say.
Yes.
Oh, dear.
Right.
No time for any funny wordplay.
It's that time.
And what time is it, Andy?
It is that time of the show where we head over to our news sources
over at the InfoSick PA Newswire,
who have been very sluggish in bringing us the latest
and greatest security news from around the globe.
It's true.
We struggled.
Industry news.
LockBit hands ransomware decryptor to kids hotel... Hotel. Let's start that again.
LockBit hands ransomware decryptor to kids hospital.
Industry News.
NHS is most scammed UK government brand.
Industry News.
General Electric Insider handed two years for IP theft.
Industry news.
Rail tech giant Wabtech discloses global data breach.
Industry news.
Meta to appeal €390 million GDPR fine.
Industry news.
Cops catch serial child abuser after tech breakthrough.
Industry news.
Over 200 million Twitter users' details leaked on hacker forum.
Industry news.
Five Guys discloses data breach affecting employee PII.
Industry news.
Hackers leverage compromised Fortinet devices to distribute ransomware.
Industry news.
And that was this week's...
Industry news.
Wow.
Huge if true.
Huge if true.
Huge if true.
So who are the five guys?
Damn. Come on. I knew there was gonna be that uh yeah i know lowest common denominator
too obvious um so this uh xge engineer who got two years in prison um he stole turbine technology for china um and so this is like he started working at ge
like you know a long time back uh from 2008 to 2018 so it's also like 10 years
um and whilst he was there he started like copying some documents and then encrypting them and
storing them on his like in a special folder uh on his machine but he used like
ax crypt which is like a you know encryption program which g doesn't actually provide its
employees so they noticed he was encrypting these files and so they started monitoring what he was
doing with it um this is like about like a nine month period um and he basically encrypted sort of 40 odd files and then um
used steganography to smuggle the trade secrets out so he actually set like a sunset photo so
you know if you ever read like old school infosec manuals and they talk about steganography
uh you know where you where you embed data in other data and it's just something that's
rarely used or certainly to my knowledge isn isn't, you know, widely used,
but this guy actually used it to exfiltrate data, uh, from GE's network.
Um, you know, to his Hotmail address,
he was sort of sending photographs of sunsets. Um,
Yeah. Cause that's not suspicious at all, isn't it? Sending.
Absolutely not. No. I mean,
sending random images to 42 meg photos of sunsets. Yeah. Nothing wrong with that whatsoever. No, I mean, you know, sort of 42 meg photos of sunsets.
Yeah.
So nothing wrong with that whatsoever.
But, yeah, that's how they caught him.
Like the network guys actually realised there's something suspect going on,
continued to monitor him.
And, yeah, that steganography was not as good as he thought it was.
Wow.
Wow.
Mind you, the criminal mind is never as smart as i think it is
no but he obviously he he sold it to china uh well i say sold it gave it to his um
chinese handler yeah what win-win yes
jesus see um no it's funny you talk about these old old school techniques and
what have you and the other day my missus was on the train and like she she she's reading the metro
or something and in that there's a section about like saw you on the train it's just like
where people write in and say oh it was new year's eve and i saw you on the train like
misconnections yeah misconnections that kind of thing yeah she was like oh it's so cute and i said and and
obviously after watching spy movies and what have you growing up i said oh you know those aren't
actual ads they are actually secret messages that different spies send to each other about what
she says oh you've ruined it all for kids.
No surprise that Meta were appealing a GDPR fine that was basically saying their entire advertising strategy is illegal.
Yeah.
So the best thing is 390 million euros in um freedom units is 414 million us dollars
and that is oh 413 million us dollars uh obviously the exchange rate changed a little bit
but this just covers facebook and instagram and there is still a case out about whether
whatsapp misused data or not so this could actually go up a bit more
well a couple of years ago that would have been half a day's revenue to you know now now that
revenues are much much lower it's probably i don't know three days revenue yeah but you know
what the danger is this is just ireland so if they have violated g... Oh, then everybody will just take that as a test case.
Yeah.
Oh.
Yeah, this could be bad.
This could be the end of Zuckerberg.
But WhatsApp might now offer you proxies.
They can't be that bad.
I keep telling you, we've got to move off WhatsApp.
Well, we tried it for a while, but it just does not support meme distribution.
We did try it.
And Andy, you said no.
I mean, you were like...
We still have it as the backup server, you know,
so when WhatsApp does go down every now and then...
Well, we need to do a DR test in that case
and then fail over permanently.
Wow. We'll see. You know, this story i was looking at just now there's like
the cops catch serial child abuser after tech breakthrough yeah yeah and uh i was just looking
at what the tech breakthrough was and apparently the the person had uh posted his pictures but he
distorted his face in the images yeah and the ncaa use innovative new technology to unscramble
the image distortion that's i was talking this happened years ago well i don't know about years
ago but i was talking to somebody just recently about how you how the ai stuff you can take an
entirely pixelated face and it will reproduce it with some you know a huge amount of accuracy
exactly i mean like you've all seen the zoom enhance yeah it's coming it's becoming real yeah
finally so so i i mean i was a bit disappointed in like that was the breakthrough technology because
yeah i thought it kind of already existed
only in hollywood because, yeah, I thought it kind of already existed.
Only in Hollywood.
Just looking at that Five Guys disclosing data breach.
Aren't the Five Guys burgers and shakes the best in the world?
I wouldn't actually know. So I've never consumed Five Guys. and shakes the best in the world? I wouldn't actually know.
So I've never consumed Five Guys.
Yeah, me neither.
So being allergic to peanuts. Apart from that one time in the 90s when you were experimenting, right?
Yeah, exactly.
And that, you know, yeah.
But, yeah, no, they cook everything in peanut oil,
which I am allergic to.
Oh, really?
Yeah.
So I've never had the urge to go there.
I didn't know they cooked it in peanut oil.
I know you're allergic to peanut.
Yeah.
But I'm just saying that the founder and CTO of Bug Crowd
says that the breach was likely via the Five Guys recruiting system
where candidates upload their resumes.
Ooh.
Yeah.
Hmm.
That's not good no obviously externally facing system upload it not scanning stuff so i'm gonna go off off uh off script just for a second i've just added a link to another story
okay in in the thing and this is like on it's from the bbc and there's a school hit schools hit by cyber
attack and documents leaked and uh this uh so there's uh 14 schools have confirmed that you
know leaked online data but what's really funny in there is that there's a quote from one person
say the ico did not tell us to notify the data subjects. But then the best thing is,
this needs to go in every future press release statement.
Yeah.
Our data was taken by the criminal organization
and placed on its dark website,
which is not easily accessible
and only available to a limited audience
with the technical knowledge and ability
to access this specific site.
You mean...
We're basically saying we don't know how to access it,
so it must be almost impossible for anyone else
to get to it, surely?
Holy moly.
Yeah, schools are seriously under-resourced.
I was going to say exactly that.
That's a statement born of unintended ignorance on the subject, right?
Yeah.
You know, the local council for those schools
should be providing much better support.
Yeah.
I mean, do you remember when GDPR, you know,
sort of first came out,
everyone had to be compliant with and all this stuff.
I remember my sister
works at the school and she's asked me all these
questions. I'm like, why are you
in HR?
Why are you dealing with this stuff? I was like,
speak to your compliance team.
She's like, this is my responsibility.
I am the compliance team.
Yeah, I'm like, you are woefully
underqualified to be dealing with this stuff.
Trust me.
These are the basics.
This is what you need to do.
But in terms of policies and processes and getting that message out there
and educating people, massively under-resourced.
And I think this type of statement, almost embarrassing.
It is.
It is, but unsurprising and quite saddening actually
yeah and on that very very positive note
industry news
this is the award-winning host unknown podcast guaranteed to be a solid five out of ten at least once a month
or twice your money back.
And you can take that to the bank.
You don't get guarantees like that just anywhere.
No, no.
I'm waiting for Jav to say his standard thing after that one.
How do you like them apples?
There we go.
There we go.
Right.
Andy, let's take it home with...
Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
And our final tweet of this week comes from Ian Brown.
He's basically quote tweeted much uh so everyone
knows uh dot much obviously the uh former twitter security chief uh former white house consultant
extraordinary security uh legend ex loft heavy industries and all of that so you know he he
obviously got a lot of headlines recently for leaving Twitter saying the place is a complete state.
They don't take security seriously.
And this is before Elon Musk came in to really kick them
when they're down.
So Mudge posted a quote saying,
Thanks, everyone.
I'm excited to be reporting to the CEO at Rapid7
as an executive in residence.
And then he goes on to say, for clarification,
this is not a full-time
and is not exclusive. This
does not change existing relations
I have with other organisations.
And so, obviously, Ian Brown
has quote-treated this, and he says,
an executive position with no actual
responsibilities is perfect for this
guy.
Oh,
Zing! Wow. Responsibilities is perfect for this guy Oh zing
Wow
I have so many questions
I know
I need that
Executive in residence
What is that?
Does he live in the office?
This is what a security advocate can
Aspire to
This is the next level
Does it mean he's got a camp bed in his office there? This is what a security advocate can aspire to. This is the next level. It is.
But does it mean he's got like a camp bed in his office there?
I don't get it.
And also he's then saying, oh, but by the way,
I'm still going to be available for everyone else.
Who's willing to pay me?
Yeah.
I mean, what a job.
Yeah.
So it's not a full-time job not exclusive like what
are his responsibilities other than sticking his name on a quote or them having him on the website
and saying that like you know oh you mean like a security advocate yeah yeah you know what this is
i want this on my tombstone guys guys, okay? An executive position with no actual responsibility.
He lived his life in an executive position with no actual responsibilities.
Put that on my gravestone.
It sounds like that fellow from How I Met Your Mother.
Oh, which one?
Barney's, didn't he?
Yeah.
Because his job was basically to take the blame for anything.
Oh, please.
Yeah. What's your anything. Oh, please. Yeah, what's your job?
Please.
Oh, brilliant.
What a job.
That is quality.
Very good.
Tweet of the week.
Well, we come screaming to the end of this first episode of the year.
Thank you very much, gents.
That was fun. that was fun that
was fun it's nice to get back into the chair the chair again it feels like with a little bit more
energy than the end of last year yeah we'll soon drain that out of you give it a week or two
very good jav thank you so much yeah you welcome. You know I bring the milkshake to...
No, I...
Yes, it was good.
Thank you.
And Andy, thank you.
Stay secure, my friend.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard comment and subscribe if you hated it
please leave your best insults on our reddit channel worst episode ever r slash smashing security
i hope you're gonna take uh what my mother said to heart, Jav.
Jeez.
The apple has not fallen far from the tree.
The Apple MacBook Air has not fallen far from the tree. I think is what you mean.
Yes, yes.
Even though you gifted her the MacBook Air,
but she still sent the email from her iPad.
Yes, she has