The Host Unknown Podcast - Episode 14 - The one that was crashed
Episode Date: July 10, 2020If you thought Avengers was the greatest crossover event of all time, hold our beer.Host Unknown was sans Jav this week, but we were crashed by the Friends of the Show, Smashing Security. We managed t...o get the Tweet of the Week and Billy Big Balls before we were rudely crashed by the fragrant Carole Theriault and the plummy Graham Cluley.Four grenades recovered by police.Industry News.Ranting about the copy clipboard scandal.It then pretty much goes off the rails.Thank you Carole and Graham for you assistance in filling the Jav sized ego space in the podcast. Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
So, gents, yeah, we had a whole bunch of applications for the presenter that we needed in light of Andy's, let's say, certain indiscretions.
And the consensus is that actually we don't need another presenter.
We just need to lose one.
So this week we don't have Jav.
to lose one so this week we don't have jav you're listening to the host unknown podcast hello hello good morning good afternoon good evening welcome to the host unknown podcast the
slimmed down light version of the Host Unknown podcast.
The new and improved,
I think is the phrase
you're looking for.
Indeed, indeed.
I think that's exactly
what we're looking for.
Because we are Son Jav.
So we actually have,
it could say,
when Jav leaves the room,
everybody else's egos
can return to normal size
because uh you know his take up so much space that everybody else has to kind of shrink so
and i actually feel lighter myself you know i'm not carrying dead weight well yes that's right
i'm feeling good i'm feeling good about myself today it's uh it's so much easier when you don't
have to uh carry when you don't compare yourself
to jab basically when i've got time to think yeah exactly and and also not having to make up for the
fact that he's just rolled out of bed we're lucky if he's even you know got out of bed um just sort
of you know phoning it in from his uh from his bedside in In fact, I'm sure one week he just sent me a WAV file
of just him going, uh-huh, yeah, urgh, China, urgh, uh-huh,
oh, Andy, you're wrong, urgh.
And then we just sort of interspersed them.
It worked.
And that made a difference.
No, exactly.
It did, absolutely.
Yeah, so what have you got going at your end, Andy?
What's happening in your world?
It's actually been a really busy week.
Yeah?
Yeah.
I mean, like I say, I am happy it's Friday.
It's Friday, then it's Saturday, Sunday, what?
It's Friday, then it's Friday, Sunday, what?
Leave the sound effects to me.
I want the proper ones.
Well, you know what?
I am conscious, as we did manage to catch up two minutes ago,
and it did sound very echoey where you were.
Yeah, I'm actually sat in rather a large, empty room at the moment.
Because Jav's ego isn't there to because well for a start jav's ego
soundproof the room but as uh avid listeners may remember i'm moving home and um i've emptied out
the place and was all ready to go and then the broadband failed i've got to have an engineer
visit so i've had to come back to the original residence and i've got my desk set up in an empty
room i haven't got any of the right cables if i play sound effects i can't hear them so i just have to sort of you
know hope for the best um so you know playing this i can't hear this one
i can't hear what's going on
so did we get to the good bit yet yeah you can switch it off now it's okay great right there you
go so so yeah i couldn't even hear that so it's it's very odd very weird um and uh i i packed my
pop filter i packed all my audio cables it's i mean i'm in a bit of a mess so this is not only
is this light it's raw and unplugged. This particular version is actually a killer not having broadband.
I don't remember those days, but I have on my travels.
You know, I have ended up in locations where, you know, you couldn't even get a 3G signal.
Yeah.
Yeah.
Well, you've got two broadband.
I do have two broadband connections.
Into your hand.
Yeah.
Two broadband. yeah well you've got two broadband i do have two broadband into your hand yeah two broadband
and and technically well i've got one broadband one narrowband because i got one of those uh little
you know um air card things yes okay yeah i mean i've got a yeah a me a 4g yeah exactly yeah just
in case but i got one that plugs into the network itself so yes that did fail over yeah i need to send you the picture of that
but um where i am i'm i i get between 3g and 4g so it's not great uh and certainly not broadcast
quality uh ladies and gentlemen but um so uh yeah who knows i I mean, in the famous words of Stingray, anything could happen in the next half hour or, knowing us, an hour.
So, yeah, yes, all very interesting.
So we've got a wide range of stuff for you.
I'm looking at our show notes.
Yeah, we have the usual.
Literally for the first time.
And so we've got Billy Big Balls.
We've got Industry News,
we've got
Rant of the Week. Yeah, I'm
really going off on one this week.
Jav still hasn't
delivered his Little People. He promised
us like three weeks ago that
he had one. So I don't know.
I don't know. I think
we were right to cut the dead weight.
He brings nothing to this show dead weight, you know.
He brings nothing to this show.
Well,
he certainly doesn't bring any little people segments to the show.
And that was his,
that was his segment,
you know?
So anyway,
so shall we,
shall we move on?
Sure thing. What should we,
what should we do?
Should we hear Tweet of the Week?
Tweet of the Week.
Yes.
Let's do Tweet of the Week.
Tweet of the Week. let's do tweet of the week tweet of the week so i have this one uh if you
don't mind this is one from a guy called jim watson and it wasn't so much what he said it's
more the article that he published and this is a vice article about how police secretly took over a global phone network for organized crime.
And you may be familiar with this.
And it was admittedly just over a week ago.
You know, I was going to add it in last week, but we had a veritable feast of various...
Always good to have a backup story.
Exactly.
However, this week, this is about a encrypted phone communications network called EncroChat.
And I don't know if you're familiar with this or if you've seen any of this stuff in the news.
I saw a little bit of it.
Yeah.
So imagine, Tom, that our group chat was compromised and it went out publicly.
Oh, dear God. I mean god I mean obviously career is over well I think you know you and me would be okay but you know the the guy that we sometimes
acquaint sometimes acquaintance of ours he would be absolutely ruined yeah imagine if you were
extrajudicial love interest would be out yeah and, and then, yeah, it's not even worth thinking about it.
That's just, you know, that's too much.
That's too much.
Now, imagine you were a kingpin criminal
and you relied on these sort of group chats to conduct business.
Well, hey, I'm large, I wear suits wear suits i'm bald and i'm on web chats
so yeah i'm a kingpin well i can already see it i can see myself sat on a big chair
a pinstripe suit you know you just need the cap and then yeah i don't need to imagine i don't need
to imagine at all uh so this uh is what happened the um The EncroChat communication system was compromised by law enforcement officers.
And they managed to capture all communications from between at least March and June of this year.
And, you know, the more you dig into it, this company that guaranteed the secure communications, they became aware of bugs.
Things weren't working properly or weren't working as they should.
Some users reported they weren't able to wipe their devices
as they should be able to by entering a PIN code and the device wipes.
They're saying that they put in a PIN code, the device isn't wiping.
And the anchorage at tech support was kind of just saying,
look, maybe you forgot your PIN you know a typical sort of help desk uh you know sort of uh the way some it
help desk people look down on the end users um and then they sort of discovered that there was
this malware that was uh going through some of their devices and certain models of devices were
um prone to you know these bugs so
what they did they sent out this you know system-wide reset but then the bug came back but
it came back harder and so then they started to suspect hey you know we need to cut this off so
they went to the the sim company and you know it turns out that you know they just start getting more and more paranoid
they're like maybe the sim company are in on it you know stuff just wasn't working and uh by this
point you know in june they sort of sent out a message to all their users saying look guys we're
screwed we don't know what's going on wipe your devices now like we're shutting down the network
um you know which had people in a panic but it was too late you know the horse
had already bolted by this point um and you know people they they police law enforcement agency
they've captured details on uh you know money launderers drug dealers um you know drug labs
or organized murders uh you know extortions robberies hostages um and the fallout from this just keeps going and
keeps going it's absolutely phenomenal you know they recently found uh i think last week they
found these shipping containers that had been set up to be torture chambers uh you know with sort
of chairs in the middle of the room they're all soundproofed that was in holland wasn't it it was
yes that i i saw quentin commented on that did you see quentin's tweet
i know unfortunately basically he said i don't think much of those torture instruments
they wouldn't be very effective and i responded like that's a little specific cue
how do you know i mean surely anything pointy or stabby or slicey is is bad enough but no
apparently that's not good enough for quentin so yeah but yeah this was just a you know an
absolutely amazing find by the uh law enforcement agency and um you know the fallout will still be
going on yeah there's gonna be lots more of that yeah the thing that gets me and i'm you know looking at the the notes you made so 746 kingpin arrests i'm assuming that's 746
bald fat men in suits uh of course that that's what i mean by kingpin um no so this uh so you
know you've actually combined this with the billy big balls um so i was going to give a shout out
to the nca um you know for this okay Okay, well, I'll tell you what then.
Let's immediately go to...
Because we have the technology to do that.
So let's blend in, shall we?
Yeah, so go on.
Well, as you say, you can continue on that one.
I think you were just...
Okay, well, let's tag team it.
So you said there's 746 kingpin arrests,
two tonnes of drugs.
Hey, that's a lot of good Saturday nights.
That is a lot.
And some bad Sundays as well.
Yeah, exactly.
I remember those.
54 million in cash.
That's a lot of cash.
77 firearms. Okay, you you know not too bad i mean that's
you know that's one in every 10 kingpins has got a firearm um but four grenades i mean is is there
like a shortage um i mean if you can get if you've got 54 million in cash, surely you could get more grenades than four, you know,
or was it a bog off or was it, you know,
maybe they're just samples, you know, that, you know,
how, you know, when you buy, you know, you go to a shop, you know,
especially these market traders and they're like, Hey, my friend,
do you like this rug? You know, maybe you want this,
this lamp to go with it. You know, maybe it's like that. It's like, Hey, I see you like these MP5 hey, my friend, do you like this rug? Maybe you want this lamp to go with it.
Maybe it's like that.
It's like, hey, I see you like these MP5s.
All 77.
Yes.
Actually, we only want 75.
Hey, you buy 77, we throw in four grenades.
Exactly.
It's a special offer this month.
Exactly.
It seems a little bit, I mean, don't get me wrong,
grenades are pretty explosive things.
You know, they're going to do a lot of damage, et cetera.
But it does seem, if you're going to go, you know, all in, right,
you've got a lot of drugs, a lot of cash, a lot of firearms,
surely you'd go up a you know up a notch on the grenades um although
you know they're they're not exactly subtle approaches are they to no but gangland no you
gotta bear in mind this is only stuff that was uh identified between march and june of this year
so imagine uh you know they've got stuff in transit or, you know, they move things around.
You know, throughout the I don't think this is, you know, the sum of everything.
I'm pretty sure that these guys, you know, keep stuff moving.
And this just happens to be, you know, this this this particular bad quarter.
I wonder if they when they find some more and they find another four grenades, but it's actually the same ones that they're moving around.
Which reminds me of the, I think it was a Top Gear special
or something like that, and it was talking about the rally car championships.
And I can't remember.
I think it was Lancia.
Lancia wanted to get in and win the rally championships.
And part of the rules are that they're supposed to be road cars right um you know obviously souped up
but their base is is road cars and you had to provide i think it was you had to provide proof
of 300 um road cars to the same sort of basic spec as the rally cars in order to enter your rally car.
Lancia couldn't afford to make 300.
So what they did, when the inspection team came round,
they specifically found a car park that only had 150 spaces.
They took the inspectors to that car park with 150 spaces and then said, we couldn't fit them all in this car park.
We've got another one across town.
Why don't we go for lunch halfway across town and then go to the other car park?
During which time, 150 people jumped into the car and drove around to the other car park.
Do you know what?
In a similar sort of situation, this was many years ago,
and my first job in a bar, and to this day,
my favourite job in the world, being a bartender.
And this was when the measures had changed in the UK,
so we no longer used...
What did we use before the meals?
Was it ounces we were using using or was it gills or
something no pounds and ounces no for drinks um oh oh yeah you know the optics yeah yeah yeah i
know yeah so we had that and we had a inspection from weights and measures uh at the time and they
came and they did the downstairs bar and we didn't have enough of the new optics for upstairs and um so what we did as they were
in the downstairs bar everything was looking good and it was you know they were looking around
and then we took them around the front by the restaurant and walked them up the stairs
meanwhile in the background we went up the staff stairs legged it upstairs and swapped all the
bottles and the optics uh you know similar sort of thing on a much smaller scale but
uh i think in the world of order i don't think it is that uncommon um no it's very much a cat
and mouse isn't it but i still think back to the story it is the original four grenades just being
moved around show of force is what it is these kingpins are like look we don't want these people
thinking we're we're lightweights.
We've only got four grenades.
Try and get them back.
You know, they've probably got people in the police evidence room, right,
that can get the grenades back out, you know.
So, yes.
Well, anyway, that was our This Week's...
Billy Big Balls of the Week.
And it is also This Week's... Tweet of the Week And it is also
this week's
Tweet of the Week
We combine them both
So Tom, I'm a bit concerned here
Just tell me one thing
Is your calendar public?
Have you got the lead for this show?
Is it public?
All I can hear is a very wheezy laugh
I think Mutley has joined
oh my god there's someone else here as well well we couldn't leave graham here on his own
you've got the smashing security team talk about crashing us oh yeah well you know we're vips right oh you heard that um uh that jav's ego has left the room so
there's uh space for two more then hey i don't know i listened to the last show and i'm i i'm
all on what's what's happened with javad what's happened with him oh he's he's he's gone on a
week we outgrew him or something he's done yeah it's tiring graham week's detour or something. He's done. Yeah. It is tiring, Graham.
It is tiring carrying people for so long.
And there's a lot of Jav to carry.
I like that you've replaced...
That's quite a lot of me.
I like that you've replaced Jav with a middle-aged white guy.
That's no way to talk about Carole.
Yeah.
What the hell's your problem?
We're not talking right now, now actually that person on the show yes i heard about that what's that all about and and by the way when did you two get
married thank the lord that didn't happen i thought your internet had dropped out carol
you were yeah i bet in one second and then suddenly you know it's really hilarious because I thought your internet had dropped out, Carol Yeah, I bet
It's really hilarious
because we have these fights all the time
and I'm just like, I can't talk to you anymore
but I put this 3M film
on my phone, like a privacy film
and one of the downsides
of the privacy film is it kind of
makes the buttons a little bit less
pressure sensitive
so I sit there and you can hear me going trying to hang up on him is it kind of makes the buttons a little bit less pressure sensitive.
So I sit there and you can hear me going,
trying to hang up on him angrily for about 30 seconds.
It kind of loses its...
It's the phone equivalent of slamming the door behind you.
Exactly, but never closing.
What's going on? Is Siri activating?
What the hell's going on? I know, sorry.
Someone said something about Siri and then it popped popped up i was told this was a highly professional
i think you guys are gonna be so disappointed today
what can i say graham we've got your money we've already spent it
our money yeah smashing security money your money come on yeah yeah i want to talk to you about that
actually if i may um uh i listened to last week's show and it seems you spent quite a bit of wonga
down at ikea and uh that seems to coincide quite nicely with our sponsorship offering
absolutely what sponsorship money tom you said it was uh what you said it was all for show you said
there wasn't any real money i gotta have some i bought the furniture to put all those smashing
security stickers on i mean he was handed graham was handing him out like smarties when i last saw him. Oh, shush. No, but seriously, I'm an IKEA fan as well.
I think IKEA is awesome.
Yeah, it's lovely.
Especially now in lockdown, once you're in,
there's nobody there.
Are you doing IKEA hacking, Tom?
Some of it, some of it.
I'm hacking picture frames and stuff like that.
I'm making magic mirrors out of picture frames.
I've got a couple on the go at the moment.
Oh, yes, I heard.
When you gaze at your glorious face it what it gives you calendar information calendar
and tells me how much how much diesel i got in the car and how long it's gonna do you how long
it's gonna take to drive to you know somewhere so sad so sad do you do you align those things
with the more unsightly wrinkles in your face?
So you can look really young. Yeah, he has one of those apps to make him, he's got a full head of hair.
And when you say unsightly, I mean.
You're right, you're right. Characterful.
Hey, would you two like to help with the industry news?
I don't know what happened today because it's my day off. Oh dear. Hey, would you two like to help with the industry news? Okay.
I don't know what happened today because it's my day off.
Can your news wire tell us what's happened?
Yes.
Yes. Hang on. So, oh God, how do I do them?
This is really professional, guys. I love it.
Does this get edited?
No, it actually doesn't. No.
It's very much, guys, I can't be arsed.
It's live.
That's what we generally get from Tom on a Friday.
Yeah.
Okay, so, Karol, how about you do that one?
I've got to tap on.
It's on the.
Yeah.
Okay.
Let me know when you want me to.
What are you using? Oh oh you're using the chat
yeah so
you're going to go second
okay
and then
Graham you are going
to go
fourth
and then Andy and I will take it home
alright
I'm sure you will.
I love being number two.
Thanks, guys.
Right.
So we've got some stories for the news.
We might edit that out.
I don't know.
Maybe we won't.
You've listened to this before.
So, Andy, we've got quite a few stories.
In fact, I'm glad we got some some helping
yes the uh our reliable sources over at the infosec pa newswire has been very busy this week
indeed our our infosec stig has been um as trademark by the way trademark host unknown
um has been um has been very busy uh in fact they were talking to me the other day and telling me that their annual appraisal
said they needed to produce more content,
and this is really helping.
Because they're feeling the pressure
to produce stuff every week.
So that's always good.
So why don't we go into...
Industry News.
God, I love that. It's like like radio three you know when they it's cooler than radio three we're gonna have to start that again this is the one serious segment we have
and mutley comes and ruins it come on on radio three they have these long pauses and that was
so the best thing is you guys probably didn't hear at the
beginning but tom actually can't hear the sounds as he's playing yeah basically because he's in
the middle of moving house he can't tell when it's uh when it's starting or finishing the
broadband in my new place is screwed up so um so i've had to come back to the old place to use the broadband.
It's like my mom blaming the equipment.
Yeah, but I packed all my cables and everything,
so I can't hear everything.
In fact, I'm just randomly talking in the hope that actually it sounds natural.
Shall we start that one again?
Let's try that one again.
Serious.
Yeah, yeah.
We're on this.
We're on this.
Okay.
Now, ladies and gentlemen,
it's time for this week's
Gap.
Industry News.
Floor fixed in hotels.com
generator as Tesco
club car users impacted.
Right, we're going to do this.
I'm definitely going to edit this again.
Okay.
Oh, this is the best coffee I've ever had.
I think I need another one.
This really is time for...
Industry News.
Floor fixed in Hotels.com generator as Tesco Club Carb users impacted.
Industry News
Billions of banking and social media credentials available online.
Industry News
Malware uses postal app lure to send SMS messages and steal data.
Industry News Microsoft confirms takedown of phishing domains. SMS messages and steal data. Industry news.
Microsoft confirms takedown of phishing domains.
Industry news.
Fake TikTok app targets Indian users.
Industry news.
Alert fatigue and overload an issue for majority of security analysts.
Industry news.
And that, folks, was this week's...
Industry news.
Look at that. Brilliant. Perfect.
Absolutely perfect.
Nobody will be able to tell where the joins are.
Oh, dear. So how are you two anyway how what's what's how's life treating you apart from not talking to each other and you know my life's great
ever since yesterday i'm fine
no nothing wrong at all, is there?
Why shouldn't there be anything wrong?
No, I'm not going to tell you.
But I loved that bit on your show last week
when you were talking about the Nextdoor app,
which I was rolling my eyes at.
But the fact that people who have cash can't actually do stuff.
It never even occurred to me because I don't leave the house.
Is that agoraphobia playing up again?
No, I leave the house.
I just don't go into any places other than my own house.
I stay outside.
That's right.
Yeah.
I haven't gone into a shop since February, no joke.
Seriously?
Wow.
Where do you get all your stuff?
I know.
Or do you just send someone else? Well, I other people lovely people yeah yeah like i'm very good to
my delivery people the riverford man is on his way now and i have a piece of cake waiting for
i like i like i look after i i am a big fan of cake but I do not think I would accept it if someone gave me cake that was unwrapped.
Well, he's the same guy.
He's been coming every week, and at first, for the first two months,
he couldn't have any, and then he finally broke down, and he's alive.
I haven't left the house anyway.
He takes the cake, drives around the corner, and throws it out the window.
Carole's quite a good – I don't want to say anything nice about Carole,
but she is quite a good cook, I want to say anything nice about Carole but she is quite
a good cook
Anyone threw out my cake I'd have to punch them in the face
What you're saying is
that Carole is a distinctly
above average cook
She's a chef
She once won a competition on the radio didn't you Carole
Oh you're such an answer
A cooking competition on the radio It sounds you carol oh you're such a cooking competition on the radio it sounds like
you know a brilliant media concept i probably shouldn't i had to go on his local channel and
sell this like i don't know like menu and then i won and then they wanted me to go to the restaurant
and cook for a hundred people based on what you you said about something. Based on what I said I was going to do.
And I guess for free.
Presumably you just copied it out of a Gary Rhodes book or something.
Well, I suddenly got really, so yeah, I didn't do it.
This is like the equivalent of Jav talking a good game about security
and then someone actually hiring him to do something about it
but the worst the worst is i totally pr'd it up like you know it was the fall and i was like
i will use apples grown in oxford picked from the trees to make apple crumble blah blah
anyway um i have some other cool news if you want oh oh yes the industry news well it is for me
sorry not everything includes you Mr.
Cleary I got
a new domain for you know
for my other extracurricular activities
and it's a very cool domain
what is it
I haven't set it up yet right but I own it
so fuck everybody
carol.wtf
nice where's wtf from Right, but I own it, so fuck everybody. Carol.wtf. Nice!
Where's WTF from?
God knows.
I thought they all had to be countries or something, you know.
No, come on.
There's art, there's dot art.
There's loads of them now.
Yeah, that's true.
Anyway, I'm very happy.
How short and sweet is that?
It's very appropriate.
Isn't it? Well, inappropriate, which makes it happy. How short and sweet is that? It's very appropriate. Isn't it?
Well, inappropriate, which makes it appropriate.
Yes.
Just like my mum.
I just want to remind everybody that this isn't the Smashing Security Podcast.
Oh, I'm sorry.
Yeah, I want to tell everyone this isn't the Smashing Security Podcast.
You're listening to the Post Unknown Podcast.
More fun than a security vendor's briefing.
I thought I'd just crash you talking
about your podcast do you remember how many times tom mentioned his podcast when he was on our show
i was invited
you just rock up this is so if anyone uh has access to's calendar, you're more than welcome to click on the link and just join the show at
any time.
Right.
This is like,
Zencaster bomb them.
This is like people that have,
I don't even have it in,
you know,
you see it in corporate environments where in their signature,
they've got the pin code to their,
you know,
conference conference,
just because it's easier,
you know,
so everyone can see what the host pin is and what the participant is.
The thing is, you can have more than one signature and set one up.
Cause I used to have a, my conference details in a, in a second signature.
So therefore when I would send a meeting request,
this is before integration stuff,
you just used to add a signature and then it would all go in yeah you know so why don't i don't get it well i'm one of these people that
that rarely use the signatures i don't understand it yeah he's young whippersnappers in there
okay the irony of that is not lost on me
yeah i think i think actually i am now no longer the oldest one in the room.
Oh, for goodness sake.
And who's popping a beer?
What number does your age have been with, Tom?
It's not a beer, it's canned water.
Oh, you're a four?
Yeah, he's with me.
You're on your own, old man.
Well, I'm 49.
I know I don't look it with all these unsightly wrinkles but
so where i take where's graham's what 50
yeah all right anyway let's move on seven you're like john luke picard though because
no what's his real name patrick stewart aren't you because he's always looked
quite old but he in a way he hasn't aged because of his lack of hair yeah that's true and you're
you're you're similarly that's true folliculary yeah yeah when i when i was born i looked like i
was 41 and like all babies winston churchill yes and you know that the sad thing is that uh Tom's young son or Tom's son
um he has such a full head of hair and everything about him he looks like Tom
but you know a young a really young version and a younger skinnier yeah and I just have sadness in
my eyes when I look at him because if his hair goes the same way as his dad's well it follows
the mum it follows the mum. It follows the mum line.
So you have to look at your wife's dad.
Yeah, yeah.
Well, he had full head of hair.
Yeah, so that doesn't work.
I think you look at the milkman, baby.
Yeah, exactly.
Yeah.
Rude.
I wonder why my wife was baking all that cake at that time.
It's for the milkman.
How is the Host Unknown podcast going?
It kind of got derailed a bit, yeah.
Not going to lie.
Yes, you did sponsor.
And yes, we did see an uptick.
We saw a very nice uptick.
What, you saw an uptick when we...
Oh, hang on a moment.
It's not the way it's meant to work.
We were meant to see an uptick when we sponsored you.
And did you not get another two unique followers?
I would say that's valid.
Well, did you see an uptick?
I very much doubt it, but did you see...
Our servers are still straining.
I was going to say, I looked at your listenership figures last night.
I just happened to be browsing.
And it was like, Jesus.
What do they look at that?
They really don't need to sponsor us to get more viewers, more listeners.
Oh, I wish that were true.
There are a lot of people that need to learn about security now.
Yeah, it's just true.
Like a lot.
And our show's coming to an end, of course, as of our last episode.
So that's it now because Carole and I don't talk to each other.
Oh, true.
Well, that's why we have a guest, so we can talk through the guest to each other.
Or just record separately and just occasionally go, uh-huh yeah uh-huh yeah yeah grand grist goes
away what did you say sorry it wasn't this would say that again yeah that's i particularly enjoyed
the third point so right shall we move on to um yes let's move on to something agenda yeah
absolutely oh next on the agenda is our sponsorship stuff. Conveniently slipped in there.
Excellent.
It seriously is next on the list as well.
So have we mentioned any companies?
Well, we've mentioned Drug Kingpins.
EncroChat.
EncroChat.
Yeah, so any other sort of encrypted communications companies,
you know, looking for a bit of publicity.
We're here for you.
We'll take your money.
Okay.
Well, given that I can't hear it,
Andy, you're going to have to do the shouting.
Okay, I'll do that.
All right.
All right.
You ready?
Host Unknown.
Sponsored by EncroChat.
Insert name here.
And other encrypted communications companies.
So, folks, EncroChat or other encrypted communications companies,
please contact us for sponsorship.
I think a couple of weeks ago I tagged British Airways,
and I don't know what, maybe their mail servers are down
because they haven't contacted us.
Really? Strange one.
Yeah, exactly.
And Tesla.
Did you give them your silver, frequently executive club member?
Yeah, I think that was probably the problem.
Have you tried contacting Barclays at all?
Because Barclays did that really interesting thing
on their website, didn't they?
Where they were using the,
was it the Wayback Machine they were using
for one of their JavaScript files?
So they'd obviously deleted the file on their own server,
thought, where is it?
And so they linked to an old version of it.
Oh, that's excellent.
Wow. Run it on their, oh oh yeah that's kind of cool it was hey that's that's that's developer thinking that is that's
or no that's actually developer thinking fuck it it'll work i'm not recoding yeah exactly Exactly. Right. We're going on to...
Let's see.
We're going to do a rant of the week.
Where's that?
Sorry, Tom.
We ruined your flow.
No, not at all.
Terrible things to do with a man of your age.
Not at all.
It's absolutely...
Yeah, you don't want to stop me mid-flow.
It's a bit of a...
I was just going to say,
do you want us to piss off?
Oh, yeah. Rub it in, why don't you?
This is also a rant that was covered on the latest Smashing Security podcast.
Yes.
Excellent.
I'm sure you'll have some input into this one.
Absolutely.
Friends of the show, the Smashing Security podcast.
Did you know that, Graham and Carl?
They're friends of the show. We were half an hour ago. Yes, right. They're not friends of each other, but they're friends of the show the smashing security podcast you know did you know that graham and kroll they're friends of the show we were half an hour ago yeah yes they're not friends of each other but they're
friends of the show okay so uh let's see rant of the week uh there we go rant of the week
we're clear damn that's slick that is okay rant to the week so this is the um the uh clipboards
reading uh debacle that's going on so uh ios 14 and i'm amazed this hasn't been sort of done
before but ios 14 came up with this uh notification system that every time something was copied from
the clipboards you get a notification and uh as we um mentioned to andy
uh who is a lover of tiktok as i'm sure you all know big fan of tiktok yeah tiktok was found to
be reading the contents of that clipboard about once every what five seconds or something like
that yeah it's like every 30 seconds or something yeah let's not over inflate this i mean obviously tiktok's the headline you know but i think well it was the right exactly yeah no one looks elsewhere
were they but now they started looking exactly exactly so you know tiktok is is obviously a bit
of a target and the first one to be looked at or the researcher who found this out was just a fan of tiktok and not a fan of other large well-known
apps but for instance uh linkedin has been um caught doing it reddit has been caught doing it
yeah although reddit is new york times although reddit is chinese um so you know that that goes
into the whole um is it is it chinese it's? It's owned by Tencent, isn't it?
Yeah, it's owned by.
It's got Chinese owners, yeah.
Oh, I didn't know that.
See, you learn something when you listen to the host unknown podcast, Graham.
My goodness.
Or Carole.
Yeah, or Carole.
Yeah, when it comes to Carole Graham, I think you should do more listening and less talking.
Anyway, the real rant here is okay it happens that
you know it's a bug in adverted commas or whatever um but to see it come out in so many high profile
and in theory trusted environments like net linkedin you know the network for the business
people owned by Microsoft.
Microsoft, I think, on the whole, are fairly responsible.
I think they're second only to maybe Apple in all of the big players
when it comes to taking privacy seriously,
you know, but, you know, as much as a large corporation can.
But they're copying the content to your clipboards regularly.
Now, it seems to me that if it's a bug,
then how come everybody who uses those libraries
that hasn't been affected,
presumably because they found the bug and got rid of it,
but they decided to leave it in, is what I can make out.
So is this not so much a paranoia
that people are trying to do something nefarious,
but rather just lazy development?
I think it's a bit of both. I think it's a bit of both.
But the thing that really concerns me
is people use password
managers.
Like LastPass, for example?
LastPass.
Other ones are available, but
LastPass. Oh, do you know
what?
Do you know what?
I think a lot of...
LastPass! last oh do you know what i think you know what i think a lot of i think a lot of password managers if if they do use the clipboard they actually blank out the clipboard afterwards but after a period of time i think it's about 30 seconds
because really yeah because it's i i know last pass has got the option where
you can you can remove that
or change the timing on it, I believe.
But it's still a period of time.
Some also don't actually use the clipboard to put it into your…
Well, you're right.
Well, they might, I suppose.
Maybe they do inside applications, but inside browsers, I'm not sure.
Well, it's a combination, is it?
Because sometimes they autofill, in which case I don't think it does.
But sometimes they can't autofill. The website website won't allow or the application won't allow and
so you have to go and you cut and paste absolutely so you know there's probably
millions of passwords out there in these companies that are probably not identified as passwords but
they're there right you know and if you use that lovely man, Troy Hunt's,
have I been pwned and his password checker
and all that sort of thing.
I type passwords in there regularly
to see if they're on the database, et cetera,
because Troy actually, despite being Australian,
I do trust him and the have I been pwned site
and check the passwords.
And my passwords have not been you know the ones i've tried have not been um uh compromised but
they're out there obviously and that that's really poor i mean that's you know companies that are
doing this on a regular basis there there's a massive breach of trust here. Hence why I'm getting all ranty. There is, but my...
This is just my hunch.
I think most of the big name apps
which have been found doing this
aren't doing it to scoop up your information.
I expect most of them might be doing it
for user interface or usability reasons
or there may be some...
I don't think it freaking matters.
Well, maybe it doesn't.
He didn't think it through, did he?
But usability, what usability?
So, okay, Tom, let me give an example, okay?
So, you know, well, it's not an exact example,
but you know how I like to go on a tangent.
Say, you know, if you ever used a website on your mobile phone,
you've got to type in a text message.
So you log into Office 365, for example,
if you've got, you know, text message, you know, MFA set up.
That text message comes in
and it will automatically pop up in my browser and say insert this message you know this code
because it's read my messages you know and to me that saves me from opening my phone app
copying a number that's not an app that's an operating system thing that's a whole subsystem
the operating system but you trust them to do that then? So this is the thing.
This is why I have an issue.
So you say, obviously, you like, you know, have I been pwned.
You trust Troy Hunt.
You trust his site.
What due diligence have you done on that site?
What do you know about Troy that it's an emotional decision that you're making on that?
He's got a jet ski.
He's got a jet ski.
He's tall. he lives in australia um he likes to
blog i mean what's not to like so my point is you make emotional decisions on this you're not
actually basing it on fact it's not pure emotion actually i've read all the blogs about on on how
he set up his environment how he protects it and all that sort of thing and i say i've read all the blogs on how he set up his environment, how he protects it, and all that sort of thing.
And I say I've read.
I mean, I know they exist.
You've seen tweets that other people have written about how he knows his stuff.
I'm an ex-CISO, not an ex-genius.
Yeah, no, I would argue the thing that bugs me about all this
is that there's no way to stop it, right?
Other than shaming them into changing their behavior the only the ios 14 doesn't stop this it just alerts you yeah so it just has
this you know i'm sure many things would stop working that's the reason why it's not preventing
it i suspect sure sure only introduced that feature after the guys at misc uncovered that
lots of exactly it's good that they did that, and now Apple has responded.
So our awareness has increased dramatically,
and all these apps are now getting updated to stop doing it.
But it allows us to make decisions based upon that information.
But it's because of shows like this and us talking about it,
they're going to force the apps that are dragging their feet
to make the changes to make the changes.
So we can't shut up about it and say, oh, it's all cool,
because it's not cool.'s not very not yeah we i'm not saying it's cool but all i'm suggesting
is there may have been reasons to do it excuse me there's my room for delivery i'll be back
don't forget the cake yeah cake is actually code for drugs
it is where she lives lots of students around there apparently
some Shatner's Bassoon
some Shatner's Bassoon
so
I will actually say
I guess you old guys don't realise that
cake is actually slang for something
it is
we know, we've lived a little
we've watched episodes of Sesame Street
we know
I'm back
nothing happened
well
anyway
we've just been talking about Shatner's bassoon in your absence
Carol
turn your eye,
turn your back for one minute.
So anyway, that, folks,
was this week's
Rant of the Week.
Hooray!
Huzzah!
So,
at the beginning we said when
Javad didn't turn up and we were carrying him,
one of the reasons is he's not,
he's supposed to deliver the little people every week,
you know, two-minute segment.
He hasn't.
He has not done it.
Three weeks we've been promised one.
It's not happened at all.
Is there a reason why you chose Javad
to deliver the little people?
I've seen the photographs.
Yeah, because he's a tall midget.
That's why.
I don't think we use that term, Tom.
It's vertically challenged.
Oh, it's a vertically challenged.
Sorry, Tom.
Yeah, you've seen the photos, right?
He will look for anything to give him an inch of a height advantage.
So William Lau did some brilliant photos before,
but what Jav didn't
realize was that william still had full you know visibility of everything like wide wide angle yes
they could actually see the box that jav was standing on in the pictures which he definitely
tries to edit uh before he stands out but we still have the the originals. If we need to bring him down a peg.
I'm five foot seven
and I feel like I'm a giant
when I'm standing next to Andy and Jeff.
It must be how Dutch men feel.
You know?
But yeah, we don't have a little people.
We've got one.
He had one recorded and it had to go through some...
A company's PR.
We won't mention the company, Telecom's company.
No, that produces the...
Is it the Verizon database breach report?
Yeah, but we won't say who it is though.
No, no, don't.
Absolutely not.
That would be just plain embarrassing
Plain embarrassing
Oh dear so we've actually got to the end
Of the show notes now so we're screwed
We're just going to have to riff it from here
My god this
If you thought the quality was bad now
Wait for the next few minutes
Do you do a sort of, and finally tonight?
No, that would assume the morning.
That would assume the plan.
Yeah, the little people is usually the last segment.
Yeah.
Yeah, the little people.
And then suddenly Jav gets serious and wants to talk about something
because he's woken up at that point as well.
Because normally he rolls out of bed, gets to the desk.
He gets quite opinionated on your podcast.
He does, yes.
He's a little bit grumpy.
I always thought your bed was such a happy chat.
But only after 45 minutes.
He needs warming up.
Like a good bubble and squeaky,
he needs warming up just before,
you know, to get him going.
Tom, do you want me to do a quick one minute filler to try and bring you to your show now?
Oh, yeah.
Perfect.
Yeah.
I've got something I can talk about.
We couldn't even pay for this quality before.
And Carol, we're not paying.
We cannot pay.
Yeah, yeah.
Yeah, I know who the chump is.
Over to you, Karan.
I want to talk about the value of providing positive feedback to people.
Oh, hang on. I've got a phone call.
It's honestly like having Jav on the show.
Do you see what I put up with? He doesn't even know how to mute his mic.
Anyway, do go on.
So, you know, feedback is very important.
You need to have both the positive and the negative for the, you know, the constructive criticism to get you to the next stage, right?
And it turns out that many people don't understand the concept of the shit sandwich.
Have you heard of this before?
Right.
Okay.
So just for those who don't know, the shit sandwich is you get,
the bread is the good, right?
So you give some bread and then the meat or the filling is where there's
a bit of criticism or some improvements to be made.
And then you end it with another slice of bread, lots of good stuff.
And I like to tell people, you know, I like doorstop sandwiches, right? Really heavy on the bread. You need a lot of bread lots of good stuff and i like to tell people you know i like doorstop sandwiches
right really heavy you need a lot of bread yeah a lot of bread right and then maybe one little
smear of hummus and then another huge heel of bread and i think that way when people especially
put their heart and soul into things is a very important and delicate way to help them move on.
Interesting.
There you go.
Interesting.
Do you know, I used to work for PwC many moons ago.
Yeah, wow.
I was a line manager on a particular project,
and he had a really good way of putting the constructive feedback.
His approach was even better if.
Okay, tell me.
Yeah, even better if.
Oh, that is good.
Hang on, hang on.
I need to make a note of this.
And Kroll said this was a good approach.
This is great.
It might even be better.
Yeah, even better if.
So it's an approach of you know this is
this is good but uh well not even but this is good it would be even better if you tried this
this and this so it's a bit like um it's it's it's like a diet sandwich yeah exactly or or
no added salt maybe yeah exactly so I like that
approach a lot
I must admit
unless it really is shit
in which case
you're just going to
have to call it
what it is
you know
that is
yeah
I think if I
I do think
and in fact
on the subject
to feedback
I regularly use
the host unknown
chat to
throw
insults things I've written or insults
yeah but throw things i've written or a presentation i'm doing to jav and andy for instance right
because i know that they don't pull any punches and sometimes yeah pure honesty without any bread
really helps because actually you're you to be blunt you well you cut the crap in a sense
no hang on well no yeah but you have to be mentally strong for it so you're saying anything
so you're saying that anything good they say is crap anything good which means you don't think
much about what you sent them no if they if i said my lost series, for instance, two years ago, I started, right. I sent a sample. Uh,
I did like a little pilot and I sent them a sample and to paraphrase them both,
they said, your career will end if you, if you, if you air this. Um,
so they had nothing positive to say.
No, no, absolutely. And just slapped your face with a piece of ham.
I knew it was rough. I knew it was rough around the edges,
but conceptually I thought it was all right,
but no,
it was,
it was,
you know,
this too much needed to change.
And so I left it for a year and then it took it all on board and did it.
But,
but you have to be in a certain place with people to do that.
I remember a presentation I did as walking out with Andy afterwards.
And I said,
what do you think?
And he said,
well,
I got to the end and I thought, so what?
You see what it could have been like?
And then Andy, do you remember the next presentation I did?
Yeah, which I then shared with you just before I did it.
And it's and it became the most popular presentation ever.
just before I did it. And it became the most popular presentation ever.
And imagine if you did a brand new presentation, something completely different outside your comfort zone and you went to your friends, right? Because you're a little nervous and you're feeling
a little uneasy because they're about to do something really big and really new. And you
said, guys, what do you think? And the first thing they point out is, oh, that's not going to work.
said guys what do you think and the first thing they point out is oh that's not gonna work just sucks so that's why i hung up the phone 8 000 times yesterday until i finally managed to
really hang up yeah on that bombshell we announced the end of the podcast and the closing door yeah
and everyone who was listening to smashingmashing Security now listen to Host Unknown instead? Yeah, that's right.
Yeah, we'll take on the mantle.
Oh, nice.
So last pass, you can come over to us.
We'll take on the same terms.
Don't worry.
Can't guarantee the same quality,
but, you know, not a problem there.
Oh, dear.
Very difficult, Coral.
Very difficult indeed.
I think...
It's all right.
I'm working on it.
I'm noodling on it.
Yeah, exactly.
I'll come up with a solution.
There's a time for bluntness and there's a time for tact and I,
trying to understand that when you need one versus the other,
I just think there's a lot of shit in the world right now.
It's pretty yucky.
And I just think we need to have a bit more sunshine on our belly.
So if we could just be a little nice to everybody, guys,
I think my internet connection is beginning to give up. I might disappear.
So that's being positive and, you know, all that doom and gloom in the world.
This is one of the reasons I dropped social media a long time ago. And Jav, in the last 10 days or seven days, is it, Tom?
He has uninstalled Twitter from his phone.
Oh, really?
And he is a lot happier.
And I think even, Tom, you commented how quiet he is.
Yeah, I'm worried for him.
Well, he's just got nothing to moan about.
You know, he used to get so wound up reading tweets and stuff.
It's the reason that I, you know, just need that positive.
We need to get him back on Twitter for Monday
in preparation for next week's podcast,
otherwise it's going to be really dull let's be honest anyway i think that's time to wrap so um
and that's as in wrap up the show not actually sing okay
lay down a beat yeah yeah don't don't try and rap in front of Andy.
He'll just tell you that the lyrics don't scan.
Okay.
We're not talking about this.
This is,
yeah.
Yeah.
This is now,
this is when we didn't talk to Andy late last year.
Anyway.
So,
um,
uh,
Andy,
thank you very much for rocking up and taking the strain of Jav not being here.
Ever present on my own show, but thank you.
No worries.
I'm glad you could come along today, Tom.
I know, Andy.
Andy, I totally know.
It's just Graham's son told me how did I like being on his dad's show.
That's cold. His dad was the boss. of course he's the boss it's his show
uh Carol thank you very much for uh um crashing the party always always a pleasure always a
pleasure um you know I would come if you invited me oh I Oh, I know. Absolutely. Absolutely. Just check my calendar.
It'll be on there.
If you need a bit of,
if you need a bit of,
you know,
a bit of female perspective
on your otherwise
very testosterone-y show.
I don't think there's
that much testosterone
on this podcast,
to be honest.
I've heard it.
Hey, come on.
We tick the diversity box,
you know.
I mean, come on.
It's one thing
you guys don't do.
So.
Sorry, we've got a Canadian oh dear
anyway thank you Carol and Graham
thank you sir as always
I hope you make it back
onto Carol's podcast next week
just in you know I'm not sure you will
it wouldn't be the same without you two together no exactly it might be better but uh so thank you very much
stay secure my friends
host unknown the podcast was written performed and produced by Andrew Agnes, Juvad Malik and Tom Langford.
Copyright 2015 or something like that.
Insert legal agreements here as applicable and binding in your country of residence.
We thank you.
now the the key thing here is that you cannot close your browsers we know all about it yeah yeah we did have an issue last week where tom just decided to end the
end the show for everyone uh you know midway through recording
and you know we need to lose the motivation to start again so it was everyone, you know, midway through recording.
And you know, we need to lose the motivation to start again.
So it was probably flat, you know, last week.
It was like, oh, God, we've already been through this.
Was that last week?
That feels like such a long time ago now.
Most weeks.
Most weeks.
Ah, that's probably what it was.
Oh, dear.
Thank you, folks.
That was lovely.
No, thank you.
I hope it was okay. Yeah, thank you for this therapy session.
I hope you've taught me a lot.
Even better if.
Even better if, I think, is the phrase of the day.
It needs to have some sincerity, though, doesn't it, Tom?
Hey, if it's said with a plummy English accent, of course it's sincere.
Plummy?