The Host Unknown Podcast - Episode 136 - The old man is in New York
Episode Date: January 20, 2023This week in InfoSecWith content liberated from the “today in infosec” twitter account and further afield19th January 1999: BlackBerry IntroducedRIM introduces the BlackBerry. The original BlackBe...rry devices were not phones, but instead were the first mobile devices that could do real-time e-mail. They looked like big pagers. They way the story goes, the name “BlackBerry” came from the similarity that the buttons on the original device had to the surface of a blackberry fruit. Those crazy Canadians!17th January 1994: Supreme Court Rules on Home VCR RecordingsThe US Supreme Court rules 5-4 that private use of home VCRs to tape TV programs for later viewing does not violate federal copyright laws. This ruling opens the floodgate for VCR sales, changing the landscape of TV watching forever. Rant of the WeekMailchimp 'fesses up to second digital burglary in five monthsEmail marketing service Mailchimp has confirmed intruders have gained access to more than 100 customer accounts after successfully deploying a social engineering attack.This is the second data spill in five months and yet the company, bought by Intuit for $12 billion in September 2021, continues to tell customers – with a straight face – that it takes the "security of users' data seriously."The latest digital burglary happened on January 11 when the resident security team spotted an "unauthorized actor accessing one of our tools used by Mailchimp customer-facing teams for customer support and account administration," the company blog states. Billy Big Balls of the WeekIllegal Solaris darknet market hijacked by competitor KrakenSolaris, a large darknet marketplace focused on drugs and illegal substances, has been taken over by a smaller competitor named 'Kraken,' who claims to have hacked it on January 13, 2022.The Tor site of Solaris currently redirects to Kraken, while blockchain monitoring experts at Elliptic report no movements in the cryptocurrency addresses associated with the site after January 13, 2022.Taking down competitorsSolaris was a Russian-speaking platform reportedly affiliated with Killnet, a pro-Kremlin hacktivist group that launched several DDoS attacks against organizations in the western world in 2022.Elliptic has traced several donations from Solaris to Killnet, amounting to more than $44,000 worth of Bitcoin. The DDoS group presumably used this money to purchase more firepower for launching disruptive attacks.In December 2022, Ukrainian cyber-intelligence analyst Alex Holden claimed to have breached Solaris and stolen $25,000, which was donated to a humanitarian charity in Ukraine.While Solaris disputed the claims about the hack and called out the lack of evidence, Holden later released more details and leaked source code and databases allegedly associated with the marketplace.On Friday, January 13, 2023, Kraken announced they had taken over Solaris' infrastructure, GitLab repository, and all project sources, thanks to "several huge bugs in the code."Kraken's statement claims that it took them three days to steal the clear text passwords and keys stored in Solaris' servers, access its infrastructure located in Finland, and then download everything without anyone stopping them.Finally, the attackers said they disabled Solaris' Bitcoin server, which aligns with Elliptic's observations in the blockchain. Industry NewsEuropean Businesses Admit Major Privacy Skills GapNissan Supplier Leaked Data on Thousands of CustomersChatGPT Creates Polymorphic Malware1000 Shipping Vessels Impacted by Ransomware AttackOver Four Billion People Affected By Internet Censorship in 2022FTX: Over $400m Stolen from Bankrupt ExchangeMailchimp Hit By Another Data Breach Following Employee HackThreatModeler Makes DevSecOps More Accessible With New MarketplaceRoaming Mantis' Hacking Campaign Adds DNS Changer to Mobile App Tweet of the Week These are the Google searches Brian Walshe made before and after killing his wife Ana Walshe, according to prosecutorshttps://twitter.com/pedramamini/status/1616257197591109633?s=20&t=gQIsTkL_9exHYNvkcVyokg Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
That's why I think that, you know, you only tell a person's true character in times of toughness.
Like, you know, when times were good, it's like, oh, this is all virtue signaling.
I'd never go and sell my soul like that.
And now recession's hitting and, you know, having to support ex-wife and kids.
And all of a sudden, I'm on tour.
I'll talk about the time I nearly killed myself.
You're listening to the Host Unknown Podcast.
Good morning, good afternoon, good evening
from wherever you are calling from.
From wherever you're calling from.
Wherever you're listening from.
It is Friday the 20th of January 2023.
And we are sans old man today.
That's right.
Mr Langford is, well, I mean, he's kind of vague about whether or not he would be here for this.
Yeah, he's been very cagey the last few days about his whereabouts and what he's doing.
And other than to brag about, he used his white privilege card the other day.
He did. And do you think the thing that absolutely really impacted him was the fact he couldn't tweet about it?
Yes. Because Twitter disabled third party apps from tweeting and he didn't have it.
So I noticed he sent a screenshot of the toot that he sent to mastodon so four
people can view it instead uh but yeah no he got his uh he played the white privilege card got a
upgrade to business class uh on his flight out and the reason this is such a massive privilege
and i know people will say well you know he flies all the time and you know he used to fly all the
time you know his company you spend a lot of money this is with an airline he has zero status with like he doesn't even have
whatever their basic membership card is and they said oh hello mr well-dressed white man
you look like you could do with a upgrade here yes he probably left all of his gold cards you know the gold tag from ba on his luggage
and they saw it and thought ah gold we if we treat him well he could be spending that money with us
yeah that's true actually yeah i see a lot of those and you can see that like the expiry date
is like 15 years ago yeah it's like the old british airways logo which they changed in 1994 yeah but
alas right it's always fun to rinse tom when he's not here uh what have you been up to this weekend
what have i been up to so exciting middle age uh live stuff diy renovations yes
diy renovations exactly i've actually got carpet put into my office now after
10 years of having this with with uh flooring I finally decided to go for carpet it's um
hopefully reduce some of the acoustics yeah yeah improve the acoustics so when you're singing
and doing your karaoke yes yes it's a bit warmer as well.
The floor's not as cold to the feet.
There's a real reason.
It's like, oh, yeah, my work call sounded terrible,
so I needed to do something about it.
Yeah, I mean, that's how I expensed it to work.
I mean, like, I'm no amateur.
Oh, man, I need to get in on all this like expensing stuff i think
you are the worst person when it comes to expenses you don't even expense the legit
things that you should be expensive but tom is just like oh no i'll pick this up or no i've got
this much uh i can spend this much per day so let me pay 40 pounds of this bill yeah he's got it worked out to an art he's like
an absolute genius um but yeah so that was that and other than that i started watching tulsa king
with mr stallone and i'm really really enjoying it it's on uh one of those amazon add-on channels
like paramount or something? I don't know.
Okay, so now I've put a halt to subscriptions.
I'm no longer paying for extra channels.
Yeah, I just took out the trial, 30-day trial,
so that I can watch it and then I'll cancel it.
Okay, and then it's going to be the old change your email address every 30 days.
Yes, yes.
Yeah, I couldn't be arsed with that.
That used to be the great thing about Netflix back in the day.
I think they cut their trial period down to like seven days or something, didn't they?
Something like that, yeah.
So they realised students were actually prepared to just sit and binge watch without sleep.
Yep, yep.
Anyway, what have you been up to this week?
Just, I guess, feeling dumb as usual in a professional environment with extremely smart people.
In May, I kind of left the, I wouldn't say I left InfoSec, but I'm no longer reporting into a group security function, as it were.
So I still represent security, but I do it for the legal function of a company which um is very different because you
know like how we always uh you know people regularly talk about oh you know we're so used
we've got our own lingo and we just assume everyone understands everything about security
i'm kind of seeing that you know when i sit with lawyers i think everyone just assumes that i know
about the law and structures and all these kind of things but no
it's absolutely an education uh but sometimes sitting in team meetings I'm like just absolutely
wowed by uh you know the the depth some people go into that we otherwise take the mickey out of
so so it's not like you can just rehash lines from Better Call Saul or suits sadly not no and you know what you know when you get on um you see some people and they're like oh you can just rehash lines from Better Call Saul or Suits. Sadly not, no.
And do you know what?
You know when you get on, you see some people and they're like,
oh, you can't film me, you can't film me, GDPR, data protection.
And they've got absolutely no idea about GDPR.
They're just chucking words in and stuff like that.
And I almost feel like my last, you know, 10 years in security
where I've kind of reviewed contracts and, you know, sort of pushed back.
It's like I feel like I may be exposed for some of the things I said
just because it doesn't sound right or I don't like the tone of it
and push back on it.
If a real lawyer looked at it, they'd be like,
what is this clown on?
But yeah, no, every day is a learning day.
So I am continuing to learn on that.
And right now I'm learning about China's cybersecurity laws
and how that's impacting the wider company.
Oh, interesting.
China.
Yeah.
But at last, I know, so it's going to be a short one.
It's you and me then.
And I'm not making a pun on the average height, you know,
being a short one.
But shall we take a look at what's coming up today so this week in infosec takes us back to the rioters
preferred mode of secure communication rant of the week is some monkey business deja vu
billy big balls is a competitive smackdown industry news brings us
the latest and greatest security news stories from around the world and tweet of the week is
being typed as i favorite part of the show
which is the part of the show that we like to call
this week in infosec memory lane with content
liberated from the today in infosec twitter account and further afield and this week we
have gone further afield and we are going back to the 19th of January, 1999, when BlackBerry was introduced to the world.
So 24 years ago, this was.
Wim, Research in Motion, introduced the BlackBerry.
And the original BlackBerry devices, if you recall, were not phones, but they were instead the first mobile devices that could do
real-time email and basically look like giant pages the way the story goes the name blackberry
came from the similarity that the buttons on the original device had to the surface of a blackberry
fruit yeah there's uh crazy canadians but uh i mean these things were genius right i remember when
they first came out and we kind of had those pages where you know you get cool and it's like
well actually mobile phones are a thing now but mobile phones were chunky but they couldn't do
email no or text messages actually back yeah for a long time yeah but this i mean this was absolutely
fantastic and then obviously you know as they evolved and like you know the products
got big they started doing you know phone devices and they were real challenges for smartphones at
the time i think so many businesses deployed them because they were secure uh in terms of like you
know secure messaging but as long as you set it up properly um and also yeah uh with the exception
of certain countries that had authoritarian
regimes that you know basically instructed you to leave the back door into it um
but yeah they were great and you could also nuke devices so when people left you could
literally nuke those devices and i remember one time we'd uh we'd completely messed up our whole
inventory um or rather i'd say the sales team had messed up our
inventory by swapping i don't know what they'd done but you know they had repurposed device or
swapped devices before they were properly set up and so we had all the wrong pins or they picked
up the wrong boxes or you know just ignored everything there and so they all had the wrong
pins associated with their devices and it was just i mean one time one salesperson left you
know we got the note nuke their device and we're just like randomly nuking devices that other
people are coming in going oh my uh my blackberry is not working and let you know we could still see
this person was receiving emails we had no idea why we just couldn't stop it um but yeah so it
wasn't without his challenge it's like it's like the worst game of battleship
ever it's just so much collateral damage it's brilliant um but yeah no they're a great thing
and you know i've still got a friend now that uses a blackberry and she refused and it's not
one of the old school blackberry so i was thinking when she said this how is that even possible like
surely they went bust because i think they did shut down yeah but I think it's actually an Android phone but on a
black Android OS on a BlackBerry device so it's still got the hard keyboard however she can't
take her phone out with her when she walks a dog at the moment because the battery goes flat in the cold straight away
oh so yeah wow well um and then oh obviously yeah i did reference the rioters choice that
had that secure messaging function of it when they had like all the what's that sports shop
jd sports and you know the uk had all those riots yeah Yeah, yeah, yeah. It started in Tottenham, didn't it?
Yeah, and it was all being coordinated
through BlackBerry Messenger.
That's it.
Because you couldn't intercept it
and it was like nice and secure.
And it was like one server in Canada
that was running the whole infrastructure, wasn't it?
Put all these chaps in Croydon,
like burning down sofa shops
because they all had blackberries yeah
yeah it was just such a weird phenomenon it was just like a it was just like a hot long summer
and everyone was bored what do we do this is a problem they took away the playground so there's
nothing for kids to do so you got to go out and riot um no blame them no anyway our second story takes us back can you believe it 29
years to the 17th of january 1994 where the supreme court ruled on home vcr recordings VCR recordings. Now obviously VCR is a video cassette recorder yeah so very old technology
where you know be kind rewind you had these tapes you had to put in it it wasn't like
DVDs or you know just streaming as you get these days. No. Just for the the younger listeners there.
So on 17th of January 1994 the US Supreme Court ruled in a five to four favor the private use of home VCRs to tape TV programs for later viewing did not violate federal copyright laws.
Champion.
At which point, yeah, that ruling then opened the floodgate for VCR sales and, you know, just change the landscape to TV watching forever.
gate for VCR sales and you know just change the landscape to TV watching forever uh I guess one I didn't realize that was such an issue um in the US in 94 because be honest everyone was recording
programs off TV right yeah because that's that was a great thing and you know if you were watching it
in real time and you have been extra cool you could like pause recording when the adverts came
on yes and then like unfortunately oh yes oh yes
but it was just common like i mean i'd do things like this is quite sad back in the day i would
remember that australian tv show called neighbors it was like a long running soap one of the uk's
longest running soaps and um you know i would like record the like one o'clock showings it was
always on at lunchtime and then repeated in the evening.
Most people watch it in the evening because, you know, we were at school all day.
Yeah. But now I'd record like the one o'clock showing.
Then as soon as I got in, watch it, watch it there.
So I already knew what was going to happen like an hour before anyone else.
Spoilers, man.
I know. It was just, God, if I had the ability to text people back then,
God, I would ruin stuff.
Were you from Future Boy?
Yeah.
And, you know, I remember I had friends that went to Australia. They actually eventually moved there, but they went there for a bit.
And they recorded episodes of Neighbours in Australia
and then brought the tape back.
And it was like, wow, because they were like nine months ahead of us
right unbelievable that god and these days they do simulcasts on i know i know it's just amazing but
you know this has all been such a long-ranging debate isn't it about you know what's personal
use and what's you know what what do you when
do you actually violate the the copyright laws I mean I remember like um that my mum like was uh
on on Christmases when um say like Capitol or whatever used to do the the top 50 songs of the
year or something and she'd sit in the kitchen and like she'd be like oh hit record and then like
stop cut out the DJ DJ rambling on and then hit record again and like and like she'd be like oh hit record and then like stop cut out the dj
dj rambling on and then hit record again and like and then she'd have like these awesome
mixtapes made up oh man yeah and there was always that confusion about whether you could
take a copy for backup you know and that's what people said about cds for a long time with music
yeah yeah alas.
Those days are long behind us.
People will never understand the struggles.
You just don't have stuff on demand.
Like captured on YouTube violating every copyright in the world.
Yeah.
Alas, that was this week's...
This week in InfoSort.
Go!
Recording from the UK. This week in InfoServe.
Recording from the UK.
You're listening to the Host Unknown podcast.
Indeed.
So I'm kind of lost here now because at this point,
because we've already wound Tom up before the show.
So we can then just hand over to him here.
That's all right.
I'm a method actor.
I can do this section as Tom.
Excellent.
Look forward to this part.
Listen up!
Rant of the week.
It's time for Mother F***ing Rage.
Yes, well, hello, um, um,
hello, mum. Um, yes,
so, this week,
I am ranting about something in a ranty manner.
Mail chimp.
Mail chimp apparently is
run by a bunch of monkeys.
The hint is in the name,
Tom. I know that.
Well, they slipped up on a digital banana skin.
So they have had a social engineering attack
and many of their accounts were compromised.
This is the second time this has happened.
Now, I'm not one that likes to victim blame.
Tom, you're victim blaming.
But this is terrible.
How can a company in a year get social engineered twice?
Oh, my God.
I need my blood pressure pills right now.
So if you're using MailChimp, stop using them now because their emails are whitelisted if criminals
can get access to it and send emails through that that is a whole big mess and as a CISO
as a recovering CISO as an ex CISO as someone that likes to remind people that I'm a CISO
that nearly jumped off a building 10 years ago this is absolutely unbelievable
over to you Jav 10 years ago. This is absolutely unbelievable.
Over to you, Jav.
Okay, I think, do you know what?
I actually have a really strong need to move on to the next part of the show.
Rant of the Week.
This is the podcast the king listens to.
Although he won't admit it.
Whoa.
Wow.
Tom was really ranty today.
Tom is, yeah, you need a, yeah,
I thought a little break to the US would do you good,
but it's a tough one.
It is.
Let's see if you can balance that out shall we yeah
well as you know this is my section every week and i do not victim blame uh if tom was there
he would say that i'd be uh praising criminals which is uh no i'm just asking the questions, man. So this story relates to Solaris, a large dark net marketplace, which being on the dark net means it's focused on drugs and illegal substances.
So they've been around for a while.
And, you know, it's a Russian speaking platform reportedly affiliated with Killnet, which is a pro-Kremlin hacktivist group that has launched several DDoS attacks, you know, in 22.
And, you know.
Just staying on Putin's good side.
Yeah, yeah, yeah, exactly.
Yeah, yeah, exactly.
Elliptic, you know, a research org has traced several donations from Solaris to Kildnet amounting to more than $44,000 worth of Bitcoin.
So, you know.
They're active.
They're active.
They're active and they're making their regular payments and what have you.
The DDoS groups presumably use this money to purchase more firepower
for launching disruptive hashtags i love
the terminology um in our industry uses it's like what is this firepoint you you're imagining these
javelins or something like that and no it's just another server or a graphics card but um anyway
uh they are like you know a naughty group out there but apparently there's a smaller group
out there called kraken and uh they have released the kraken yeah they have claimed to be released
uh they're a small group and uh they're claiming that they have hacked and taken over Solaris.
That is actually a Billy Big Ball's move.
That is a Billy Big Ball's move.
Actually, there was a Billy Big Ball move before that,
back in December, where a Ukrainian cyber intelligence analyst called Alex Holden, who claimed to have breached Solaris,
stole about 25 grand and donated that to a humanitarian charity in Ukraine.
Brilliant.
Still from the proper Robin Hood,
the Ukrainian Robin Hood.
It is, it is.
And you know what?
I am still like,
I've got a hat tip to these Ukrainians
who in the midst of a war
still find ways of like being more active on the cyber realm
than a lot of countries out there
well not just that actually managing to do it like how they're keeping that internet connection up
it's just phenomenal it is it is it's it's absolutely like you know such a billy big
balls moves but um yeah so uh solaris disputed the claims about it and then Holden later released more details
and leaked source code and databases.
Yeah, I see.
And I think that's what Kraken might have used,
some of that information.
And they've taken, and they announced
they've taken over Solaris' infrastructure,
GitLab repository, and project sources.
Thanks to, quotes, several huge bugs in the code oh man that's just um do you know that
meal was it look at me i'm the captain now it's like one of those exactly exactly came along in
a rubber dinghy yeah on board took them all over uh brilliant story. I love it. That is actually a proper Billy Big Balls move.
It is indeed.
Loving it.
Thanks, Jeb.
Billy Big Balls of the Week.
People who prefer the Smashing Security podcast
over the Host Unknown podcast
are statistically more likely to enjoy the Harry and Meghan documentaries.
Read into that what you will.
Hey, you like them apples?
Jev, what time is it?
No, wait, stop. I meant to ask you that.
It's one line, but you deliver it so well.
Andy.
Yes.
What time is it?
It is that time of the show where we head over to our news sources over at the InfoSec PA Newswire,
who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News. greatest security news from around the globe. News. Chat, GPT creates polymorphic malware. Industry News. 1,000 shipping vessels impacted by ransomware attack. Industry News. Over 4 billion people affected by internet censorship in 2022.
Industry News. FTX, over 400 million million stolen from bankrupt exchange.
Industry News.
MailChimp hit by another data breach following employee hack.
Industry News.
Threat Modeler makes DevSecOps more accessible with new marketplace.
Industry News.
Roman Mantis hacking campaign adds DNS changer to mobile app.
Industry news.
And that was this week's...
Industry news.
Wow.
Huge if true.
Huge if true.
Huge.
I'm actually, I'm going to look at this MailChimp story.
I don't think Tom went into many details earlier.
No, he didn't.
I'm curious about the employee hack.
So it suffered, yeah, another day to break,
as a result of social engineering attack on its employees and contractors.
So the company stated unauthorized actor was able to gain access
to select MailChimp accounts using employee credentials that were compromised.
So basically someone sent a phishing email,
they put in their credentials, and that's how they...
I do, Joe, I like it.
According to MailChimp, the incident was limited to 133 accounts.
So I'm surprised they didn't add,
because I think Okta did the same or other companies,
so that's less than X percent of our, you know,
really downplay its time.
Yeah.
Oh, they've also suspended access, temporarily suspended access
to accounts where suspicious activity was detected.
Wow.
I'll actually give out, if you've got any concerns,
you can email CISO at MailChimp.com.
Yeah, so they weren't too explicit about how the employee was compromised,
but I see someone does say efficient emails
are the most successful initial access factor for breaches.
Yes, yes, very true very true mailchimp has confirmed it was breached by a phishing slash social engineering campaign itself
yeah so spit is i'm looking at this other story which is relevant to what you were talking about
earlier um where isaac had done a a bit of research and uh they're
saying like yeah they're finding it they're struggling to find skilled practitioners to
take up critical privacy related roles um you know so apparently simply just throwing out the words
gdpr and i know my rights yeah do you know and yeah so I've been um recruiting for the last
couple of months and um there have been people you know and like we're not getting into the
debate about credentials certifications whether they're worth it or whatever right but you would
you'd expect a base level of understanding of certain things if someone holds particular
credentials with ISACA or ISE squared or anyone you'd expect a base level of understanding of certain things if someone holds particular credentials with isaac or
isc squared or anyone you'd expect a base level of understanding right um interviewed someone who
said on their cv that they were an expert or you know very proficient in this area
literally couldn't even give any examples of where gdpr may apply at all like literally just kept saying personal data oh it's
about personal data it's about personal data and it's like well you're not wrong but you know
gonna need a bit more to go on than that you know when does it apply what sort of things would be a
concern you know what technical and organizational measures are you know appropriate for these scenarios and
it was yeah i i found there's a lot of people applying for jobs that they're not qualified for
yeah this is like those um tiktok accounts where they're like police audit or something they're
going around filming in police buildings because they've read somewhere that they they have a right
to film and what have you and then they get yeah confronted by someone that actually knows the law and then they suddenly like oh shit yeah it's it's
frustrating it is it's so annoying and like you know tiktok's got a lot to answer for it does
it does i mean these are good questions they're asking. Yeah, I mean, that's the thing, right?
It's used for good and bad, but it's the same with any platform, right?
Once a platform becomes popular, it's really the people behind it that, you know, it's just easier access to more crap.
You're right.
You're right.
And which nicely, even though we didn't plan it, ties into that story about chat GPT creating polymorphic malware.
And I feel like it's the same thing applies here.
Chat GPT is just a tool.
And, you know, people can use it for good or bad or whatever.
You know, it makes it easier for some people to do certain stuff.
But remember when, like, you know, Google was all like, you know, internet was first allowed some people to do certain stuff but remember when when like you
know google was all like you know internet was first allowed on the desktop and what have you
and people yeah oh no students are gonna like cheat and find out all the answers or then
wikipedia came online and that was going to destroy academia or or what have you and you know there's
all these sorts of things out there they'll always happen and yeah like you said that they're just tools and just need to know how to use tools properly like how we use tom yeah so i know
when you talk about when internet first came on and we spoke about it a couple of weeks ago with
how to remember in corporate environments you have to apply for access yeah to the internet
and i remember i was working at a place that was a
big us company obviously been in the uk and to create a justification to get internet access
and what i did i spoke to my boss said like you know can we get this extra desktop and just leave
it here that everyone can use that way you know we don't all have to apply for internet access
because they wouldn't give it to a whole team it had to be like one representative of the team and potentially a battle so i created a fake fake employee called
nathan station um which would stand for like nat station and um because it couldn't be net station
because it's too obvious because that's the way the user accounts were done yeah and so yeah i
got this uh credential created a fake account because I worked in the IT department and could.
Yeah, I got it processed by the team that process Internet access and they allowed it through the proxy.
And we had this desktop called Nathan Station that we let anyone use.
And it was permanently logged in.
Excellent.
Excellent.
It's like one of your Internet kiosks before.
It was, yeah yeah but a corporate one
yeah uh yeah and uh obviously yeah we could see what everyone was doing and then go through the
search history but yeah good very good i love these these old stories of like how we
used to find workarounds kids today who've got no idea no no they they just like got their phones
and they they can access everything on it and what do they do they instead of becoming geniuses
they just read tiktok all the time watch tiktok no no i'm feeling attacked i'll send you this
other video the other after this show though it. It's not relevant to our listeners, but I sent it to my daughter as well.
And I like because there's this 18 year old kid.
I'll explain the fact that what your 19 year old daughter likes is also stuff that I'm into.
OK, we'll leave it at that then.
Let's play the jingle and move on.
OK, thanks, Chad.
That was this week's...
Industry News.
We don't research the story,
but let us tell you what we think based on the headline.
You're listening to Insights
from the award-winning Host Unknown podcast.
True stories.
If we had time to actually read through this stuff.
It's not until after we've published and then you hear about the story
and you look into it and you say, oh, actually, that wasn't true at all.
Viewer discretion advised and all that.
It's all right.
We'll issue an apology on page 42 in like font size five.
On someone else's podcast. Yeah, exactlydoch strategy speaking of speaking of speaking of uh someone out of us two
and it wasn't me was on someone else's podcast recently i was i did i went over to the smashing
security podcast they uh for whatever reason obviously Tom didn't answer his phone in time. Maybe he was sleeping. It was a bit late in the afternoon. He was having his afternoon nap.
and by anyone I mean just you two because otherwise you know you'd have blown up my phone you would have emailed you would have called called my wife or whatever just to disturb me when
I was recording so yeah and then just completely forgot about actually mentioning it after I spoke
so yeah I think it was Tom got it in a google alert didn't he which was yes yes he's got posts
on google alerts and like
your name came up so how did it go my trojan horse friend it was good you know it's good
working with professionals every now and then uh you know just to dip your toe back in and remember
um you know how things work but it does you know it trips me up uh because obviously we are truly a live show like when we joke about tom doing editing
yeah his edits are usually limited to if he answers the door and there's like a five minute gap
that's it and he always adds in these calculator sounds when i talk about how long
um you know this week and episode and that is what we call or what we refer to as editing
right and then we mean publish it, you know?
And that is the whole edit thing.
So Tom makes out it's this big hassle.
It takes him about seven minutes, right?
Yeah, literally.
But, yeah, on Smashing Security, they put everything in post, right?
So, like, you can't hear any jingles.
There's no background music.
And there's no gaps between their segments.
We always play a sweeper in between.
We'll go from one segment to another.
But we sort of have a quick breather, have a quick drink or whatever
whilst we go through that sweeper.
They're just constant.
There's just no gap.
And they don't even leave a gap for editing
because obviously whatever they do to
edit they've got far more professional software than we do um so they uh yeah it's just so weird
how quickly they they just go through stuff wow it's like have you ever seen those have you ever
seen like when they show you a marvel movie but without the cgi yeah And it's just like people waving their hands around and you're like,
what are they doing? They look so stupid.
Yeah. But you know,
so they do a feature called a pick of the week and they always play music
over the top and they're like, let's pick it a week. Yeah.
Pick it a week, pick of the week, but there's no music playing.
So they're saying it, but without the music and you're like man it just it doesn't feel right
i'm not yeah i like the um if if we're in the matrix i'd absolutely swallow that blue pill
yeah yeah even though it's not real yeah yeah no that that that is i think it's like a marvel
movie without cgi is what i think security is we are more like wwe live in your face we own
our mistakes yeah and we keep on we keep in character so sometimes you see we're pulling
the punches but you know other times it's there's accidents and yeah people do get hit with a chair
i know i know and then like you know, you see the referee do the cross sign.
Yeah.
Oh man.
Right.
I see.
So we're rapidly approaching 37 minutes.
See,
I can tell you what time is,
or this,
this podcast,
because we don't cut stuff out.
So I guess it is time for,
oh,
I'm going to take us home.
Yeah.
Take us home, Andy andy tweet of the week
and tom always plays that one twice tweet of the week and so this week's tweet of the week
uh has slightly changed from what i thought it was going to be but i i trust you anyway. And it is a tweet from Pedram Amini,
and it just says,
should have used DuckDuckGo,
and it includes a video link to YouTube.
So this is actually a great tweet of the week, Jav.
I'm glad you included a video.
So trust me, that was this week's tweet of the week.
So no, so the phrase should have used DuckDuckGo,
and the reason for that is it's a video of the courtroom where a guy called Brian Walsh was in the US and the prosecutors read out his Google search history. So he was a divorced man and he allegedly killed his wife, Anna, and then dismembered her, disposed of her body. And obviously he denied the whole thing. He was like, no, not me.
Nothing to do with me at first.
But then the evidence was presented to him.
And part of the evidence were the Google searches
that he made after his wife Anna
or his ex-wife Anna was last seen
and before she was reported missing a couple of days later.
And so the Google has really sort of helped
the investigators figure out what to look for and you know maybe give a hint as to where things were
going and so his google search is included from the 27th of december what's the best state to
divorce for a man and then from january the first after celebrating new year with a fan with a friend
at 4 55 in the morning how long before a body starts to smell and then at 4 58 how to stop a
body from decomposing and then 5 47 10 ways to dispose of a dead body if you really need to Is this on a BuzzFeed? I don't know. How long for someone to be missing to inherit?
634.
Can you throw away body parts?
929.
What does formaldehyde do?
934.
How long does DNA last?
959.
Can identification be made on partial remains?
1134.
Dismemberment and the best ways to dispose of a body.
1144.
How to clean blood from wooden floor.
Wow.
1158, luminol to detect blood.
108, what happens when you put body parts in ammonia?
121, is it better to put crime scene clothes away or wash them?
Wow, wow, wow.
This is getting worse and worse. It gets worse, all right.
And so obviously they've got all of his google history
and then the next day he went to home depot and paid in cash for supplies which included mops
bucket goggles hatchet baking soda um and then his google search is continued the next day it's like
12 45 hacksaw best tool to dismember 110 can you be charged
murder without a body 114 can you identify a body with broken teeth my god and then it just gets
worse like you know the the following day what happens to hair on a dead body what is the rate
decomposition decomposition of a body found in a plastic bag 120 can baking soda mask or make a body smell good
um so yeah really should have used duck duck go uh in that case i mean this is a guy that
fairly should have just used incognito i'm just just making it too easy amateur hour out here
wow and you know they say like you know always be careful like of any email you send it will be
read out in court and like you always take it as a joke and then uh you know there was that
that one that a bank sent a note to someone because they they transferred money to a friend
and as a joke in the reference field they put something like taliban training yeah that's it
training camp a training camp
yeah training camp and they sent him a note saying we probably know you you done it as a joke but now
we're legally obliged to investigate this and your friend will be investigated too so
don't do it in the future yeah i did apologize for that though. Yeah, thank you. Apology accepted.
And that was this week's...
Tweet of the Week.
You're listening to the host unknown podcast.
Bubblegum for the brain.
So I know we don't usually chuck in a sweeper there,
but I had it on the soundboard.
Yeah, might as well use it.
You don't want to lose it.
Exactly. Isn't it? It's like alc match without anyone using a table or something yeah exactly
no yeah no no disqualifications like you've got to get the table from underneath the you got it
get the tables uh tom's gonna love the wrestling references i know it goes straight over his head
yeah yeah well he'll be like batista no no my reflexes are too quick nothing goes over my head
oh dear so yeah that brings us to the end of friday and uh just in time to start work for
the day i know i know cool know. Cool. Good stuff.
So hopefully we'll figure out how to get this uploaded.
Yeah, I know.
Make sure he hasn't changed your password, right?
That's the...
No, he's probably just changed it to 23 at the end.
Oh, yeah, that's it.
Just increment by one.
Yeah.
Well, always a pleasure to catch up with you.
And it's always good to speak without the old man around, right?
I know.
It's been brilliant.
Thank you so much. I've really enjoyed this me too stay secure my friend
you've been listening to the host unknown podcast if you enjoyed what you heard comment
and subscribe if you hated it please leave your best insults on our reddit channel
worst episode ever.
R slash smashing security.
So what were the answers to all these Google search queries?
I'm just asking for a friend like.
Well, you know, I'm actually thinking like when I used to watch like CSI Miami and stuff like that,
I'd actually Google this sort of shit as well.
I'd just see how accurate it was
yeah, there's going to be
lots of questions if
you know, yeah
anything suspicious happens around here
but yeah