The Host Unknown Podcast - Episode 135 - Better After The Edit
Episode Date: January 13, 2023This week in InfoSec (09:55)With content liberated from the “today in infosec” twitter account and further afield12th January 1996: Apple posts major lossApple Computer announces that it will post... a US$68 million first quarter loss. It also announces a restructuring plan to reduce the company by a thousand employees. This event leads to the resignation of Apple CEO Michael Spindler, who is replaced by Gil Amelio. Gil Amelio eventually purchases Steve Jobs’ company, NeXT, which leads to the development of Mac OS X as well as the return of Steve Jobs as Apple CEO.9th January 2007: Apple introduces iPhoneApple introduces the iPhone at Macworld. The phone wasn’t available for sale until June 29th, prompting one of the most heavily anticipated sales launches in the history of technology. Apple sold 1.4 million iPhones in 2007, steadily increasing each year to sell over 230 million in 2015 alone Rant of the Week (17:25)Royal Mail, cops probe 'cyber incident' that's knackered international mailRoyal Mail confirmed a "cyber incident" has disrupted its ability to send letters and packages abroad, and also caused some delays on post coming into the UK.The postal service, and the UK's National Cyber Security Centre and National Crime Agency, issued similar statements about the IT SNAFU on Wednesday, with Royal Mail advising customers to stop sending international mail until it fixed the problem."We're experiencing disruption to our international export services and are temporarily unable to dispatch items to overseas destinations," the organisation tweeted. "We strongly advise customers to hold any export items while we work to resolve the issue." Royal Mail added it was "sorry for any disruption this may cause," and would not comment further. This is a developing story; we'll keep you updated as we confirm any other details.Lockbit Ransomware - It was Russia!Royal Mail hit by Russia-linked ransomware attack Billy Big Balls of the Week (27:24)VALL-E AI can mimic a person’s voice from a three-second snippetMicrosoft researchers are working on a text-to-speech (TTS) model that can mimic a person's voice – complete with emotion and intonation – after a mere three seconds of training.The technology – called VALL-E and outlined in a 15-page research paper released this month on the arXiv research site – is a significant step forward for Microsoft. TTS is a highly competitive niche that includes other heavyweights such as Google, Amazon, and Meta.Redmond is already using artificial intelligence for natural language processing (NLP) through its Nuance business – which it bought for $20 billion last year including both speech recognition and TTS technology. And it's aggressively investing in and using technology from startup OpenAI – including its ChatGPT tool – possibly in its Bing search engine and its Office suite of applications.A demo of VALL-E can be found on GitHub.Semi-related - Microsoft Will Likely Invest $10 billion for 49 Percent Stake in OpenAIThis after the report by The Information about how Microsoft plans to integrate ChatGPT and GPT-4 into its software bundles like Word, Outlook, Bing and so forth. Industry News (33:40)UK Charities Offered Free Cyber Essentials SupportUS Supreme Court Allows WhatsApp to Sue NSO GroupSensitive Files From San Francisco Transit Police Allegedly LeakedGitHub Adds Features to Automate Vulnerability Code ScanningNew APT Dark Pink Hits Asia-Pacific, Europe With Spear Phishing TacticsRoyal Mail Halts International Deliveries After Cyber-IncidentTwitter: Leak of 200 Million Accounts Not Due to Historic BugGoogle Chrome 'SymStealer' Vulnerability Could Affect 2.5 Billion UsersThe Guardian Confirms UK Staff Data Was Accessed in Ransomware Attack Tweet of the Week (42:50)https://twitter.com/IanColdwater/status/1613690189246828544 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
That was a good dinner last night.
Thank you for that.
It was all right.
It was all right.
Do you know what, though?
I am shocked, shocked that Andy didn't finish his plate of food.
Hey, I ate more than both of you guys practically put together.
I think it was actually than we put together.
But nonetheless, you didn't finish.
You didn't even finish your starter.
I left one rice ball.
You are quite literally half the man you used to be.
Yes.
We're definitely overruled in that Korean barbecue.
I'll be honest.
When the guy said two plates would be enough for the three of you,
we should have...
Did he say that?
He did, yeah.
He said, just get two plates all right
it's all right i know what i'm about son don't tell me what i can't do
you're listening to the host unknown podcast
hello hello hello good morning good afternoon evening from wherever you are joining us and welcome to episode 135
139
of the Host Unknown Podcast
Welcome one and all, welcome dear listener, we trust you are well
We, we were in the same room together again yesterday
It was, it was, well, I don't know the stars aligned that's that's twice in
two months isn't it crazy crazy what is going on i know i know some weird stuff and you know what
what was funny when i first sat down and you said order now we've got an hour um yeah which didn't
turn out to be true but we actually left after an hour and a quarter i then worked out we then stood outside in the cold talking for another hour
we could have just sat at the table and talked to be to be fair it was an hour on the it's just
the guy said there's no that our table was not booked afterwards so we were good to stay i know and to be fair to be fair they had they had no dessert so there was no point in staying there they i don't know what
kind of restaurant establishment it is that they don't even have ice cream no and to be fair it
wasn't the first choice restaurant no it was had a bit of a geographical issue. Yeah, for anybody listening who's looking to book a restaurant in central London,
maybe around about the Cannon Street area,
Cannon Street Road is not near Cannon Street.
It's about a mile and a half away.
So the interesting thing, so Tom tom i don't know if you
notice it but the link that andy sent us for that restaurant first if you click on it it actually
it's in a different language it's sort of like i don't know some european language or something oh
it was yes so it makes me think he outsourced this to his one of his like thai sort of like
fiverr people to say find
me a restaurant and they sent him the link and he just blindly followed it on i'm glad you said that
because i thought what's why is this google search in a different language what's going on
let me have it i'm not buying this what is going on i'm right i'm looking this up right now this
is this is perfect for radio or podcast or
whatever you want to call it but right where is it uh you know what it is yeah yeah no i get it's a
google link right but obviously it's shorted it my phone settings are in french at the moment
oh obviously i mean i didn't realize it would share it with you in French.
I thought that it would just convert it to whatever your local regional settings are.
Why is your phone in French?
This is a long story.
No, no, no, no.
We don't have to go through the show notes.
This is interesting.
Let's continue.
This is going to be far better.
Long story short, I've got a lot of stuff to get done in Mauritius this year,
and I don't want to get screwed over with documents which are half in English,
half in French.
So I'm brushing up on my French reading so I can correctly interpret what I'm signing.
So you're learning French um I would say relearning
French right so you do realize that just learning how to order at a restaurant in French is not
going to help you with understanding French legal documents from the Mauritian government
it's uh it's one step at a time.
I'll take them to dinner.
I'm going to bribe them.
I'll just do it there.
Oui, oui.
No, he's not going to take them to do that.
He's just taking them to dinner.
C'est drôle.
So, Jav, anyway, for the benefit of our listeners if not us how's your
week this week oh it's been great i mean what better way than to meet two of my best friends
for for dinner and then come down and see us afterwards yeah exactly you don't even let me
set up a joke properly but but uh tom thank you so much for the for the gifts uh both of you like you know i don't
celebrate christmas but you two do being the pagans you are yeah but um yeah so for listeners
i can't show you but tom got me well one was a poster of iron man because he sees me as the
tony stark of the group and the other one was this amazing artwork that he put so much effort into.
He took an iPhone 4S, which was the last iPhone I owned before switching to Android.
So according to Tom, it's the last proper phone I ever had.
And he dismantled it all and mounted it on this schematics sort of like board,
which labels all the components.
And it is absolutely wonderful.
It's framed, it's lovely, took a lot of effort,
and I'm truly appreciative of it.
And Andy just got me a T-shirt.
But, you know, so thank you, Tom.
And Andy just got the other iPhone that I could afford off eBay.
No, it was epic.
It was a very nice.
It's already up to, let me have a quick look,
already up to 200 pounds on eBay.
Yeah, and I have to say the T-shirt is awesome.
Minister of Host Unknown.
No, Minister for Host Unknown. That's right. which apparently are quite common t-shirts in ireland is that right
that was a question by the way oh no the uh the
no obviously the host unknown part is the custom part it's the minister for yeah the minister for yeah so yeah because we haven't
quite got into the government there yet no not yet work in progress mr honan if you could help
speed that along yeah that's right if you could if you could push our petition to the government
a little bit further along that would be great yes that'd be great andy what about you what's
uh what's your week been like uh well i told you all about it last night so we probably don't need to uh
no it's been good it's uh i'm glad it's the weekend it's been um
yeah hit the new year like a uh rocket uh yeah it has isn't it it's it's
i've had meetings that are like,
it's as if there's not been a two, three-week gap in between
where nobody's done anything.
It's like, have you done this yet?
No.
Did you not notice that little thing called Christmas and New Year
between our last meeting?
Yeah, it's bizarre, isn't it?
We've really seemed to have gone into overdrive.
Yeah. How's your, isn't it? We've really seemed to have gone into overdrive. Yeah.
How's your...
Anything that we missed last night?
I don't know.
I don't think so.
I mean, my train was cancelled coming back this morning,
hence why we're recording a little bit later than anticipated.
Not that you two believe me.
I had to send photographic evidence
that I was actually at the station at quarter to seven
when I said I would be.
And also include the cancellation note from your mum.
Please excuse Tom from the morning train.
Here is the note from the rail operator stating that they have cancelled the train.
Here is the note from the rail operator stating that they have cancelled the train.
Although that being said, you did send us a picture last night of you on the train saying,
still going home or still on your way home.
Yeah.
It's like, yeah, all right, Andy, we know you live outside of London a little bit further than you used to.
Thank you for your service to coming for dinner with us.
Yeah, well, it is an effort. I will say that.
Well, talking of effort,
shall we see what we've got coming up for you this week?
This week in InfoSec takes us back to the time
when Apple was a terrible investment.
Rant of the week is a special delivery from the UK's
postal infrastructure. Billy Big Balls makes a dolly old tech. Interesting news brings us the
latest and greatest security news stories from around the world. And tweet of the week is a plea to hotel guests. So let's move on,
shall we, to our
favourite part of the show.
The part of the show that we
like to call
This Week in
InfoSec.
It is that part of the show where we take a trip down infosec memory lane with content liberated from the today infosec twitter account and further afield or even a step down memory lane
or even a step down memory lane what i'm trying to think we're kind of stretching the infosec
connection here it's more of a tech connection but i'm going to roll. We're kind of stretching the InfoSec connection here. It's more of a tech connection.
But I'm going to roll it for this week because we're up against the time.
So our first story takes us back 27 years to the 12th of January.
Who's typing?
That would be Jab on his typewriter.
No, you know what?
This is my new laptop.
I apologize.
Before, I had this software on my old laptop called Crisp.
It would mute out any time I'd start typing or anything.
And I've forgotten that I don't have that anymore.
So, apologies.
Right.
Get it installed, dude.
But don't reboot.
All right.
So, 27 years ago, Apple Computer announces that it will post a $68 million first quarter loss.
It also announces a restructuring plan to reduce the company by a thousand employees.
And this event actually led to the resignation of then Apple CEO Michael Spindler,
who was replaced by Jill Emilio.
And Jill eventually purchased Steve Jobs' company Next,
which led to the development of the Mac OS X software and the return of Mr. Steve Jobs himself as the Apple CEO.
I don't think it was Jill.
I think it was Gil.
Oh, Gil.
Well, Gil, Jill.
I told you, I'm speaking French again these days.
It was Gil Amelio.
And Mejio.
French, not Mexican.
It just looks like a Mexican name as I read it, right?
But with this, yeah, so the world's most valuable company uh was actually making a loss 27 million uh 27 million years ago 27 years ago
was making 68 imagine it was making a loss there yeah it was um huge but just to say look you know
don't give up you can turn it around
um just stick with it you know have a vision and go for it yeah it was the stuff that jobs
was developing at next which which as as you say you know led to the mac osx and then ultimately
to the adoption of intel chips and stuff that that really made it take off as well yeah yeah what a turnaround story though
i know you're happy with that it was it was yeah i mean you're right about never giving up
apparently vlad the impaler wasn't called the impaler until he was like 33 years old so
you know never give up and genghis khan he, it took him until he was about 15
before he got his notoriety.
Yeah, exactly.
Some people are just late bloomers.
There's still hope for you, Tom.
Oh, no, I'm definitely blooming, but just all in the wrong places.
Shush, your mum listens to this podcast, Tom.
Behave.
Sorry, mum.
So our second story takes us back a mere
16 years to the 9th of january 2007 when apple introduced the iphone uh so at mac world the
phone wasn't available for sale until the june of uh that year uh prompting one of the most heavily anticipated sales launches
in the history of technology.
So Apple actually sold 1.4 million iPhones in 2007,
steadily increasing each year to sell over 230 million devices
by 2015 alone.
Wow.
I mean, 1.4 million iPhonesiphones is incredible anyway right yeah especially what
they charge compared to other phones yeah yeah well they actually had to drop the price didn't
they they dropped it by a hundred dollars i think and gave a rebate to those who bought it at the
original price yeah i mean i i wasn't sold at the time i was like no never gonna take i'm sticking with my
trusty nokia uh and then you know the nokia n900 touchscreen came out and i was like why would i
ever need an iphone i've got a slide down keyboard in this device it's like you know
better than a blackberry it's better than anything um now i'm a complete apple whore yeah i was completely converted can confirm yeah
yeah i remember i but i i had uh one of those um microsoft uh windows it wasn't windows c
pocket pc devices because i'd used all of the earlier versions and blah blah blah going back
you know to 2000 etc in fact or late 90s I remember I had to reboot that damn thing virtually every single day.
Every time you wanted to make a phone call,
the screen would lock and crap like that.
I was walking up, I think it was Knightsbridge or somewhere around there,
and went into the Apple store and just picked up this iPhone.
I thought, let's have a look at this.
And it was like, holy crap, this is amazing,
the responsiveness of this and the the way the
screen scrolls and the colors and the way it feels in your hand and you know had someone buy me one
from the us and well and then that's history and you've been polluting people ever since
yeah yeah exactly and now destroying them and putting them in frames. Yeah.
Oh, yeah.
But, yeah, it's fascinating looking at, even interesting because I've got the original iPhone on a frame
and then the 3G on a frame and then a 4 and a 5, et cetera.
Just seeing the development of it
and how much better they got at manufacturing.
You know, so much less glue holding stuff together, so much less tape.
Well, the kids learned fast, didn't they?
Well, they did, yeah.
And then some.
But, yeah, and it's just phenomenal engineering.
You know, I mean, even the original one is phenomenal engineering.
But just you can see the improvements in the way, you know,
the logic board has decreased in size and shape and stuff like that.
Fascinating stuff.
Yeah.
The secret is the tears of the seven-year-olds.
I understand that's what really made the early versions successful.
Well, that's what allows the things to sort of slide together so easily.
Yeah.
Well, on that note,
thank you very much, Andy.
This week in InfoSec.
In 2021, you voted us the most entertaining
cybersecurity content
amongst our peers.
In 2022, you crowned us
the best cybersecurity podcast in Europe. You are
listening to the double award winning host unknown podcast. How do you like them apples?
I like them apples a lot.
You always did. I have to say you always did like those apples. Let's move on, shall we,
to the orangest part of the show.
Listen up! R rent of the week it's time to mother rage so unless you've been living under a rock or or possibly in a
different country you'll know that uh us us britons have been suffering uh quite a few months of uh
industrial action with rail strikes and postal strikes and uh i'm sure there's quite a few months of industrial action with rail strikes and postal
strikes. And I'm sure there's been a few other strikes going on elsewhere and other important
stuff, ambulance and NHS strikes and all that sort of stuff. Well, the Royal Mail strikes are
particularly painful for Brits at the moment because as you know we we all like to send
postcards and we we send each other Christmas presents you know or deliver them by hand about
four weeks late uh as as we know from firsthand but uh um the uh the Royal Mail has been on strike
for an awful long time I think what was it the last date you had to send something for it to
arrive by Christmas or something like the 12th of december yeah it still wasn't even guaranteed to go it was only yeah to be fair
i think they're only on strike four days before christmas it's just the backlog that's created by
that yeah it has a huge knock-on effect yeah yeah exactly but but it's also you know the day before
the strike people are leaving early and the day after there's a massive... Yeah, so it might be four days, but it creates weeks of disruption overall.
Well, the Royal Mail has recently sent out a message.
It tweeted,
we strongly advise customers to hold any export items
while we work to resolve the issue,
which may...
And this issue is not industrial action this time.
So basically they're saying, don't use Royal Mail,
don't send us stuff because we can't deal with it.
And why is that?
Well, they got hit by a cyber incident,
which has disrupted its ability to send letters and packages abroad.
And there's even caused some delays and posts coming into the UK.
So the UK's National Cyber Security Centre
and National Crime Agency
have issued statements alongside Royal Mail
about this screw-up snafu on Wednesday
with Royal Mail basically advising people to stop sending them stuff.
They said they're very sorry for the disruption this may cause.
Sorry. Yeah.
You'll love that. We're a postal company. Just stop sending us posts.
That's right.
I can't cook right now. I need some mealy time.
You know, the national grid, you know, stop switching on your kettles.
You know, so they're unable to dispatch stuff to overseas destinations.
And I'm sure this is having an impact elsewhere.
Very sorry for disruption this may cause.
Would not comment further until last night, apparently,
when they confirmed that they'd been hit by lock bit
ransomware which means it was russia woohoo um maybe maybe russia's trying to stop
britain from sending challenger tanks in the post to ukraine something like that i i maybe that's what it is who knows um you know
or javelin missiles because you know you put those in sort of brown paper tubes and pop them in the
post but yeah you think something like royal mail it's is it cni is it critical national infrastructure
uh i'm not sure i would get i would assume it, but let me just double check. Yeah, someone do some research.
Yeah, do some research on Tom's rant.
While our rant's off. Exactly.
It does have Royal in the name, so it...
Well, yeah.
Okay, so Royal Mail engages with BEIS, Ofcom and government
under critical national infrastructure resilience planning.
We consider that we are well prepared.
Oh, dear.
That's going to be coming down soon.
This was March 2019.
Yeah, this is true.
Now, of course, this isn't a Billy Big Balls here.
We're not victim blaming.
No, we're not bashing them.
No, absolutely not. Oh, really? Because it sounded an awful lot like you were victim blaming
oh they're a male organization don't send us mail um okay well yeah they're they're doing it to
themselves let's face it yeah but critical national infrastructure it does seem that they
they've been woefully underprepared for a number of things you know
recently that they've been in the news for all the wrong reasons is all i can say now we're all
hit by you know or let's say we're all hit by ransomware but you know cyber attacks cyber
incidents etc they happen to the to the best of us it's you know that old old and tired adage it's
of it's not a case of if but when blah blah blah but they don't appear to be having
well one much luck or even you know what they're what are their you know recovery plans what are
their alternatives what are their you know surely they've got paper-based systems that they can use
manual systems why is why is the first thing they say stop doing the thing that uh you know we're paying you're
paying us to do in order to to try and recover it doesn't it doesn't really make sense so yeah not
not very impressed by this at the moment still sounds an awful lot like a victim blaming to me
but carry on no i'm done i'm done it's your turn now no i think go and talk about how good
russia is now jeff yeah admire the lock bit ransomware for uh how it's finally crafted
yeah yeah the lock bit ransomware the smoking gun we were all looking for that point straight
towards putin and his cronies.
No, this feels very much like the 80s
all over again, where every movie,
you know, the Cold War,
it was all about Russia.
Everything's blamed to Russia.
I mean, for all we know, this could be some
kid in Mauritius. I mean, check
the ransom note. Is it written
in bad French or something?
And posted from just outside of london in southeast london you know yeah yeah but if it was posted from just outside of southeast london it wouldn't have got there
till you know next week or february anyway yeah yeah but having said that i mean royal mail
is is an extremely resilient organisation.
They've been delivering posts reliably for decades.
And, you know, the reason why this...
Up until the 1980s.
No, that's unfair.
When they were privatised.
Well, yes, but still unfair.
I think they do a great job.
still unfair i think they they they do a great job and you know this is only visible because it just shows how dependent we are and how used to we are of everything reaching its destination
on time and like you said time nearly every organization suffers from some um you know
you're you're probably thinking of dpd or something like one of those courier companies it's not not
royal mail um but but
we should be playing the national anthem in the background while you're speaking here Jeff
no all I'm saying any organization can get hit by ransomware and you know everyone has their own
ways to to recover and their recovery process and what have you maybe their warehouses were full
because it's Christmas
and everything anyway, and they don't have capacity.
So they just ask for people's cooperation to say,
hey, try not to send something for now.
Once things are back up and running, we'll sort it out.
And honestly, those Javelin missiles will reach Ukraine
one way or another.
It's not a problem or another by air quite literally
yeah
we're going to have to employ every or Hermes
oh my god
they're just going to dump them at the border
and save them
stored with labour
yeah
take a photo of them
yeah
oh dear and then somebody's going to come up on the next door app You can take a photo of them. Yeah.
Oh, dear.
And then somebody's going to come up on the Nextdoor app.
I've been given this package by everyone.
It's been delivered to the wrong place.
There'll be a photo on it.
Although, saying that, related to Royal Mail,
there was something I saw before Christmas,
obviously during the strikes, and it did say,
remember, you know, December the 17th is the last day you
can post first class letters if you want them to
arrive in time for Valentine's Day.
But they had the same issues this
time last year as well. I think there was a lot
of stuff. I think
my mother,
Duchess of Ladywellwell i think she was getting
christmas cards right through to the end of january yeah i received christmas cards this week
well you did yeah really yeah which was sent uh yeah last week they uh they were sent last week
well that's no they were instead of last week when i was expecting them they actually came this week
yeah did you guys not get my card i I sent it like mid-December.
Yeah, right.
Yeah, good one.
I'll keep an eye out for that next week.
Thanks.
Yeah, that's right.
Absolutely.
Anyway, that was this week's
Rant of the Week.
When listeners leave the Host Unknown podcast
in favour of the Smashing Security podcast,
they raise the average IQ
of both audiences
you're in good company with the award
winning Host Unknown podcast
I'm still trying to work out the logic
of that as to who we're insulting
it's probably
who knows
anyway it's
get ready J, it's you.
Yo, yo, yo.
So Microsoft researchers are working on a text-to-speech model,
a TTS model, as we say in the industry,
that can mimic a person's voice,
complete with emotion and intonation after a mere three seconds of training um that sounds absolutely unbelievable i mean so you know
we can get three seconds of tom recording and then we can get rid of him forever because uh
seconds of tom recording and then we can get rid of him forever because uh ai can um mimic him uh effectively so the technology is called val e it's like wally but with a v instead of a w
um and uh it's uh there's a paper being released uh there's a um sort of proof of concept or a demo available on GitHub in the link in the show notes below.
And it serves as a significant step forward for Microsoft because, you know, they're trying to, you know, the big four are always vying for attention, you know, between Google, Amazon, Meta, Microsoft.
They're always trying to stay up there and be competitive.
Of course, like, you know, five years later, Apple will come out with their own version
and just take everyone's market share.
But, you know, for now, it will be better.
It will.
So, you know, what's interesting is, like, I think AI this this next generation of ai and what have you
microsoft is all in they've just like pushed all their car chips into the middle and say like i'm
in um so they uh they they bought this uh natural language natural language processing um uh firm uh for 20 billion last year which is yeah 20 billion with a
b and it includes both speech recognition and tts uh and it's aggressively investing and using
technology from uh open ai you know it's chat gpt. The chat GPT, it's been revealed that they are looking to invest
10 billion for a 49% stake in OpenAI.
I really, really hope that Clippy is going to come to life.
I know.
It would be so awesome, isn't it?
It would be brilliant.
In the voice of Sean Connery.
Well, it could be anyone's voice, right?
It just needs to play it.
It looks like you're trying to write a letter.
So Microsoft wants to take all of this,
and the plans are to integrate ChatGPT and GPT-4
into its software bundle so word outlook
bing anything you want so this is actually a really it's it's kind of like you know is it
the next shift to try and take that search dominance away from google and you know because
a lot of people are now using you know chat gpt for a lot of things that you know, because a lot of people are now using, you know, chat GPT for a lot of things that, you know, they traditionally would have gone to Google for and then gone through like.
And the beautiful thing about chat GPT, which I've seen is that no, it never comes back to you and says RTFM.
It just gives you the answer, no matter how stupid it is, which, you know, will put a lot of like redditor trolls out of business but i think this
is a a significant move on on microsoft's part and i do think it's uh you know with the amount
of money they're investing in it and and all the thing it's it's definitely worthy of a billy big
balls of the week mention i think it is i mean and also just even the concept of it, listening to a recording of somebody's voice for three seconds
and then being able to reliably reproduce that.
I mean, all you have to do, right, is like call or, you know,
target someone and just say, hey, look, is Jeff there?
And they say, who?
Say Jeff.
And they say, you got the wrong number.
Three seconds.
Boom.
Yeah.
Now you contact someone, that person knows, hey, it's me.
I really needed to transfer that money.
Yeah.
That's quite scary.
When you're now picking up the phone to an unknown number,
what's happening on the other end?
Jeez.
There's Putin there saying, you know, send.
I saw on the Nextdoor app that you had something delivered to you.
Can you send it forward to me?
In his finest Austrian accent. Yeah.
Wow.
Wow.
This is scary.
And quite how this is going to be used by criminals is the scary part of this, I think.
Because it will be used by criminals.
Of course it will, right?
Absolutely.
I mean, they're already using ChatGPT to craft their phishing emails, right?
Yeah, that's right.
I mean, how are we going to spot it without the egregious spelling mistakes
and outlandish claims?
Wow.
Yeah, all right, that's a good Billy Big Balls jab.
I've got to say, I'm going to give you that one.
That one's top-notch, that one.
Thank you.
Billy Big Ball balls of the week
this is the easy jet of security podcasts let's be honest your cheap ass couldn't tell
the difference between us and a premium security podcast anyway so andy it is that time of the week, isn't it? And I will ask the age old question. What time is it?
It is that time of the show where we head over to our news sources over at the InfoSec PA Newswire, who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News.
UK charities offered free cyber essential support industry news US Supreme Court allows whatsapp to sue NSO group industry news sensitive files from San
Francisco Transit Police allegedly leaked. Industry News
GitHub adds features to automate vulnerability code scanning.
Industry News
New APT Dark Pink hits Asia Pacific, Europe with spear phishing tactics.
Industry News
Royal Mail halts international deliveries after cyber incident.
Industry News
Twitter. Leak of 200 million accounts not due to historic bug.
Industry News
Google Chrome's SIM stealer vulnerability could affect 2.5 billion users.
Industry News
The Guardian confirms UK staff data was accessed in ransomware attack.
Industry news.
And that was this week's...
Industry news.
Jav, you were definitely up close to the microphone
and you were sounding like a late night radio host right there.
Jav, what he's done, he's instilled crisp.
No, I haven't have you not you just moved closer to the microphone i've just moved closer to the mic
anyway huge if true huge yes huge if true absolutely so these uh github ads features
to automate vulnerability code scanning is Is that chat GBT?
Let's have a look.
Let's see.
Called default setup, the novel capability simplifies starting code scanning on repositories using Python, JavaScript, and Ruby.
But, you know, hopefully that takes...
Because SaaS can be quite expensive.
So you're thinking various toolings like Fortify, Veracode,
those type of things.
Yeah.
Not cheap for the smaller companies, right, to acquire.
I know there's alternatives that you can use,
which are more of a less feature.
So, I mean, GitHubithub yeah if it's
all built in for free i think it's only a good thing yeah absolutely yeah it's got to be said
anything that's going to sort of raise the bar of those coding standards yeah well yeah i mean
it's one of those things security is always like a cost seen as a cost like either financially or
with effort yeah so the more you
can just make it easier for people and like this is where like you know one of the moves to to more
cloud-based services that you can actually build in a lot of these services for free on top of as
a value add and i think the more that you do this the the better it can become for for everyone so good move but do you think companies
like fortinet and others that provide these um scanning services as they're you know course
as their core product offering are they going to push back on it or are they going to go out of
business no they won't so they're you know the benefits where they come from is that they can
be built into your pipeline elsewhere, right?
So it doesn't actually have to get to GitHub before they start scanning.
You can do it further down the line.
And it's like the Big Four consultancy.
They don't tend to do much more than most people.
They package it nicely.
You get nice reports.
It's very consistent.
It's easily readable.
Similar with Iberico and those things.
They've got very fancy reports. And it's very easy, pleasing's easily readable. Similar with Iberico and those things. They've got very fancy reports.
It's very easy, pleasing on the eye,
and it's very clear about where the problem is
and how to remediate it.
And it's all about something to be pleasing on the eye.
Absolutely.
It's the difference between an Android phone and an iPhone, right?
Exactly.
Android is a phone, I guess, You know, but it's not pleasing.
But my one folds up like a book
and it becomes like an iPad immediately.
Your phone folds like Jev
under the threat of legal action.
It's got a big crease down the middle as a result.
Wow.
Shady-ass mofo.
Just on another, I saw this UK charities
offered free cyber essential support.
Again, making something accessible to companies
where the cost is down.
About raising that bar from the bottom up, as it were.
Yeah, exactly.
I think it's only a good thing.
We need to do more of this in the industry.
Yeah, I think so. Anything, we're you know raising that bar that you know it the problem is the you know the the cost of entries for a lot of this stuff is so so very low now
anybody can can write code or can push something to you know can release a tool that does xyz and
it can be littered with issues.
I mean, just look at the Google Play Store, right?
Whereas if you can actually, by default,
and by using these low-cost-of-entry tools,
fundamentally improve that quality of programming
and security, you know, built in, everybody wins.
Yeah, you've got to make it, why wouldn't you use this?
Well, yeah, exactly.
Yeah, you've got to be the idiot who doesn't use that stuff.
Yeah.
So the Twitter leak of 200 million accounts is definitely Elon Musk's fault
and not the old guard guard is that what that's
saying i am not close to this twitter leak at all like i got so bored about you know
so much stuff about twitter so i didn't um like all i know is there's 200 million
accounts data was lost on those two i assume maybe one of my accounts is in there.
But I don't know what data is in there.
I don't know how it's hacked.
I don't know who's got it.
I don't know where it is.
Okay, let me enlighten you then.
So this is apparently an old leak.
And originally it was felt that there was an an api that was uh yeah open for third parties that was um
exploitable in that you could enumerate um so you could run some queries against it and it would
spit back stuff like your um your twitter id username and um not your password but um uh if
there's a phone number associated with it as well, possibly.
Yeah.
So there's like, it was just like, you know, that kind of thing.
It wasn't anything.
But so then the fear was like, all of this could be used to launch convincing phishing
emails against people.
So like, hey, this is Twitter.
Sign in to validate your account again.
And then, you know, boom, you've got their password as well.
So that's funny. that's on them i
don't even know my password as we asked him before the show right yeah yeah uh so so originally it
was like this is like an old old older thing so this is pre-musk uh era leak that only came to
light recently but anyway twitter now have done a thorough analysis
of the the leak and they've they've come to the conclusion it couldn't be linked to twitter at
all and uh it's probably like an old breach from somewhere else that people have put together
but the researcher now is like arguing no no no this could only have come but from twitter
so it's um you know who cares man 200 million details are out from Twitter. So it's, you know, who cares, man?
200 million details are out there.
You know, it's bad,
but a lot of this information is there everywhere anyway.
And I don't think pointing fingers at Twitter or at the researcher or whatever is really helping anyone.
So much like this podcast, the story got dull very quickly.
Yes. And talking of which, let's move on showy industry news this is the award-winning host unknown podcast guaranteed
to be a solid five out of ten at least once a month or twice your money back.
And you can take that to the bank.
I feel like we've hit the five out of 10 today.
Yeah, definitely feel like we've.
Well, I think Andy and me were like solid eight and nines, but Tom was definitely like a three today.
When I edit it, all these mistakes come out and I'm going to come out
as a solid nine.
I'm telling you.
And when I edit it,
you guys are going to go down
to a six or a seven.
Seriously.
You heard it here first, folks.
Tom deliberately sabotages us.
Yeah.
If I'm going to put the effort in,
I'm going to reap all the rewards.
Anyway,
so let's move swiftly on from that,
shall we? It's
time to wrap up the show with
Tweet of the Week. And we always play
that one twice. Tweet of the Week.
And I shall take us home
with this week's Tweet of the Week.
It's a quote tweet.
So the original tweet was from
Sicklord
on Twitter.
And they have posted a picture of a sign that's in their hotel room.
And the sign says, Dear Guest, please be advised that connecting any device to the television via the HDMI ports will cause the entire hotel system to crash.
Therefore, we must ask that you only use Chromecast built in to cast from your device and do not
connect any other device throughout your stay.
We apologize for any inconvenience this may cause and thank you for your cooperation.
And obviously, Ian Coldwater, you know, quote tweeted and said exactly what I think 97 people
said.
I would plug this in immediately
just to crash that hotel
the entire hotel system
but how? How is this
even possible? I'm not even sure
how this could work technically
but I am impressed
that this is a real thing
Yeah because HDMI
I know it carries data obviously but it's
a signal from one device to another device i.e the tv i know hotel tvs are designed slightly
differently but you know i i don't understand how putting a signal from a, I don't know, a laptop, say,
into a TV versus a Chromecast into a TV would cause it.
What's that all about?
It's almost like that's a sign that someone would be staring at it for a while
and then Jeremy Beadle would come out from the closet and say,
surprise, Beadle's about.
Jeremy Beadle has come out of the closet.
Oh, you know what I mean.
He's dead now, isn't he?
You heard it here first, folks.
Oh, my God.
You heard it here first, folks.
Mr. Beedle is dead.
Mr. Beedle is a gay zombie.
Well, you know, honestly,
now I know we've definitely lost like 80% of the audience.
Like, who the fuck is Jeremy Beadle?
Who the fuck is Jeremy?
Oh, look him up.
Come on.
Google is your friend.
He is the godfather.
He gets royalties every time one of those TikTokers or YouTubes go, it's just a prank, bro.
prank bro yeah so back back in the day in the the early 2000s when i worked at um icd publishing jeremy beadle was one of our client uh well clients it was a customer and um yeah he phoned
up for support one time uh to use the cd that was sold to him ah did you uh did you go oh is this a
joke oh well do you turn around where are the cameras
where are the cameras sadly i wish i did and unfortunately the guy that answered the call
had no idea who he was a finnish guy and like everyone was saying oh it's really jeremy beedle
on the phone and uh yeah petra was just like who the fuck is this guy you mean like most of our listeners Yeah He's an absolute legend
Excellent
Thank you Andy for this week's
Tweet of the Week
So we've come out of our
Second show of the year
Strong or we will do
Post edit
One of us will anyway
Post edit
Gentlemen it's been a pleasure as always.
So, Jav, thank you.
It's a pleasure.
You're welcome.
The enthusiasm has gone back to pre-Christmas levels.
And, Andy, thank you very much.
Stay secure, my friends.
Stay secure.
You've been listening to the host unknown podcast
if you enjoyed what you heard comment and subscribe if you hated it please leave your
best insults on our reddit channel worst episode ever r slash smashing security
you know i've just been googling jeremy beadle and you know that google like
auto um complete or to suggest completion so i typed in jeremy beadle and the the next
two words that cropped up were hand size yeah i thought you were gonna say gay zombie
no no i i i had no idea that one of his hands was smaller than the other. Yeah, did you not know that? No, that's right.
He always stood with...
With one hand over the other.
Yeah.
Always.
And that's why he always held the mic
with his big hand
and the other hand was always out of shot.
Otherwise it'd look like he's holding a huge mic.
That's why Trump's got small hands as well yeah just saying oh sorry jeremy