The Host Unknown Podcast - Episode 15 - Barely Adequate friend
Episode Date: July 17, 2020Tweet of the Weekhttps://news.sky.com/story/twitter-accounts-of-obama-biden-musk-and-others-hacked-in-apparent-bitcoin-scam-12029394https://javvadmalik.com/2020/07/16/twittersupport-a-lesson-in-incide...nt-response-comms/Billy Big BallsIndustry NewsRant of the Weekhttps://twitter.com/TriciaKicksSaaS/status/1283721814896771072?s=20Oh, and Carole Baskin as well. Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
okay so he said he went to get a coffee but you know i don't know if he's coming back grace us
with his presence this week oh i don't know let's just get cracking anyway shall we
you're listening to the host unknown podcast
hello hello good afternoon good morning good, good whatever you are in.
Welcome to the Host Unknown podcast.
We are literally waiting for the cynic to return.
Again?
He said he was going to get a coffee.
Part-time Host Unknown member.
Friend of the show, Javad Malik.
Friend of the show.
Well, he's fast becoming not a friend. Acquaintance of the show, Javad Malik. Friend of the show. Well, he's fast becoming not a friend.
Acquaintance of the show.
Yeah.
Less than adequate friend of the show.
But, you know, he said, you know, don't start without him.
So we, well, that was just a challenge as far as I was concerned.
That must have been about an hour ago, was it?
Yeah, that's right.
I mean, we're completely synced up now on what we're going to talk about
and what we're going to say.
So, you know, we might have to kill some time until he gets back on.
We'll see.
We'll see.
So how are you, Mr. Agnes?
What's your week been like?
Do you know what?
I say it's busy every week, and this week has been no exception.
Yeah.
I don't know why.
Well, I think I do. It's because of of this um i guess with everyone working from home people seem to be a lot more contactable
uh than they previously were yeah absolutely so yeah it's uh is that you moving around or is this
uh no i i think that might be the cynic returning oh not, see, see. Not only did he... You know he has. Not only did he piss off before I got here,
he didn't even mute his microphone before he left.
No, he didn't.
You could hear him clumping off, you know.
We decided to start anyway, Jack.
Farting as he walked out the room,
scratching his balls as he comes back, yeah.
Yeah, that's right.
Sipping his coffee.
What, have I got my camera on as well?
What's going on here? We couldn't wait for you, Jack. We started anyway. What, have I got my camera on as well? What's going on here?
We couldn't wait for you, Jav.
We started anyway.
Oh, thanks a lot.
You know what?
I'll give up.
I'll give up.
Let me close my door properly.
It is.
Clomp, clomp, clomp.
Oh, my day.
Is your phone on mute at least?
Did you turn it down on silence?
No.
Are you expecting any deliveries in the next 20 minutes?
Sorry, let's just figure out what we're in for here.
People of the interwebs, I am back.
I'm so sorry that I wasn't here last week
and you had to put up with these two buffoons.
Do you know what? What a great here last week and you had to put up with these two buffoons. Do you know what a great show
last week was.
I think it was our highest
listened to show.
Were you looking at the
same show that I was?
Because that was just terrible.
You've been in all the others
and they're not as high as this one.
Although that's probably got something
to do with friends of the show, Carole and graham who managed to sneak their way in so um so less about
us but you know absence of jab and inclusion of of two internet celebrities two professionals okay
two professionals yeah yeah and graham and carol yes absolutely and you know what's funny i'm
thinking we're probably recording
the same time as they are now, right now.
No, they record Wednesdays.
Oh, do they?
Do they just not publish it until Thursday?
Oh, no, they record Tuesdays
and the Patreon thing goes out Wednesday night
because obviously being more professional,
they spend a bit more time on the final cut.
And so, yeah, the patreon goes out wednesday night and then the um the the hoi polloi get it on thursday gotcha okay so but they they they don't do um any of this sort of thing live
you know or that or see they add all that in post so it takes them a long time
we just we just go with it chuck it out there son let's just upload what we got
absolutely i've got another one here what's this one
hey that would be really professional wouldn't it yeah i've not heard this before so so i'm
assuming you've got your setup all all done and proper so you can hear the sounds this week tom yes
i'm i'm in my new setup i've got a dedicated sort of media and recording desk and computer so
um i've got a little bit of sort of felt backing around it to absorb the sound i'm going to get
some more tomorrow at lovely ikea to to pad it out to absorb the sound i'm going to get some more tomorrow at
lovely ikea to to pad it out because the the office i have now is about well about a third of
the size of what it was before so a little bit more echoey so i need to you know put a bit more
effort into that but after many late nights and lots of time uh and pulling cables, I'm ready to go.
I'm ready to go.
So, yeah, we're good.
We are good.
And just to be clear for the Australian listeners,
that is a different type of routing.
Let's not pretend you're getting any.
No, I can guarantee it's only routing that I've got.
Which to me, routing is when you cut a channel out of wood.
That's something entirely different.
That's a woodworking term as far as I'm concerned.
I just thought it was the way the Americans pronounce router.
Well, it is, but in the UK, routing is when you cut channels into wood,
so you have a special routing tool.
Sounds very much like grouting to me.
Yeah.
Grouting.
We've established that two out of three
of the hosts on this show
know absolutely nothing about DIY.
Yeah.
Yes.
So, Jeff, you've been engaged in some DIY projects against advice.
You know, even as me, someone who knows nothing about DIY,
who looked at it and said, this is a very bad idea.
Against my advice.
Professional advice, you know,
giving you all the details about what you need to do
and you're still like yeah whatever yeah well no it's it's only a bit of concrete what could
possibly go wrong exactly and and that's that's the stance i'm taking and you know like every
parent growing up and every child growing up they can remember their parents saying i can do it better myself
whether it's their mum making them a mcdonald's burger at home or whether it's their dad trying
to take the chimneys out they can do it better and and i i'm embracing that role uh and yeah so
there's a the drive that goes out into the back into the service road my ad it's not the front
of the house it's not somewhere where the masses of public the service road, my ad. It's not the front of the house. It's not somewhere where the masses of public are going to look.
The service road where the staff have to enter, right?
Where the hired help come into the building.
You're confusing that with my place.
That's right.
Oh, man.
How can we all be so different?
Anyway, do tell.
It's just overgrown with weeds weeds and i took a picture of it and sent it to these two fine gents for some reason i said hey um if i wanted to you know pave it or concrete
it you know surely i just need to cut the weeds dig it up put a bit of sand pour a bit of concrete
on top they're ready mixed bag put some in it, shake it about and pour it
over and job done. And both of them were like, no, you're going to mess it up. You're going to ruin
it. You're going to do this. You're going to do that. So anyway, last weekend, I spent a couple
of hours clearing it out and digging it up. And I've still got a bit more digging to do. And then
I'm going to get the concrete. I'm going to mix it up. I'm going to pour it. And I'm going to show
it to these two that look with a bit of grit determination and effort and many youtube videos you can do whatever you
set your mind to very true i think you know you're already in a slightly more advantageous position
than you were before because when you asked us you were talking about putting cement in there
um rather than concrete so you're already one step ahead which is great because
also i do however i do think you underestimate quite how much concrete you will need um
you will probably need about five times the amount you think you will well what if i use
cement first and then pour a little bit of concrete over the top? No, no, no, no, no, no.
Anyway, welcome to the Host Unknown DIY show.
I hope you're enjoying these top tips for your home improvement.
Moving on, I think, well, what else have we got going on?
I've moved house.
My broadband is back, so that's good. I've got some lovely old speed going on there. Andy, what else have we got going on? I've moved house. My broadband is back, so that's good.
I've got some lovely old speed going on there. Andy, what about you?
Andy, how's your diabetes?
It's good. Do you know what I found? And so today is a different day for recording for us, isn't it?
It's an evening recording session we're doing today, which we don't often do.
So one, we have Jav awake for the show which uh may
may yield your positive results you say that but he was up at 5 a.m this morning he was up at 5
a.m actually it's 4 30 but yeah yeah 4 30 um and so i guess at the moment my teeth are feeling a
bit furry uh it's the end of the day. Lovely.
I know we joke about it a lot in terms of I do have a bit of a sweet tooth.
But I did find a kilo of Haribo in my cupboard,
which my sister bought me a couple of months ago.
I forgot about it, back of the cupboard.
And I've been on phone calls all day.
So I've literally just been munching in the background.
How much is left?
Visually looking at it, about half a kilo.
Oh, wow.
I don't know.
Maybe I've done a couple of hundred grams of Haribo.
Do you know what?
You should, I don't know how much you weigh in kilos, Andy,
maybe 90, 100 kilos. Maybe 20, 30 kilos, I don't know. much you weigh in kilos, Andy. Maybe 90, 100 kilos?
Maybe 20, 30 kilos.
Let's assume you're 100 kilos.
You should eat 10 kilos of Haribo
and then you can state that you are 10% Haribo.
That would perfectly sum up everybody's opinion.
So why do you not believe
that uh i'm 30 kilos because i'm 78 kilos
i'm yeah and uh i know you are slightly shorter than me and i'm pretty sure at the very least you're
going to be at least 80 kilos i think i was told that i'm the wrong height for my weight
so yeah i've got some growing to do i know that feeling if you're any taller your feet wouldn't
reach the ground yeah exactly right what have we got coming up today uh we've got our usual features we've got um we've got
our tweet of the week we've got a billy big balls we've got a rant of the week we have even have a
doozy of a little people now i know jav you have not provided the goods for a long time now so
andy and i have taken it upon ourselves. We have sourced a brilliant little piece.
It's a good one.
It's a good one.
It is a good one.
Okay.
Well, I look forward to it, you know.
See, that's why I should take more weeks off.
It gives you the initiative,
the motivation to go out and do something for yourselves.
I can't, you know, father you forever.
Are you reading this from a
script it's just the way you're you know stumbling over those words anyway let's let's move straight
on shall we to this week's tweet of the week who's doing this one i am because i'm back and
you know to bring some quality security news to this.
We don't usually let guests speak this much, but go on, Geoff.
We don't normally let them come in right from the beginning.
Being kicked out of my own house.
It's like you two are claiming squatter's rights on a podcast.
This is just unbelievable.
Anyway, we've already played the jingle, haven't we?
Tweet of the week.
Where are we?
Yeah, hang on.
Play it again.
Tweet of the week.
Multiple accounts, along with those of former President Barack Obama,
former presidential candidate Kanye West,
Kim Kardashian West, Warren Buffett, Jeff Bezos, Mike Bloomberg.
What's similar about them all?
They all posted tweets yesterday soliciting donations via Bitcoin.
So this made mainstream news, didn't it?
This did make mainstream news.
So this made mainstream news, didn't it?
This did make mainstream news.
So I sent Elon Musk like, you know, two Bitcoins.
And apparently, I'm just waiting.
He's going to send me four back.
But no, this was a big story.
Apparently, somehow, some miscreants got into the back end systems of Twitter.
They got access to the God mode for lack of better term.
They they started tweeting out from these high profile accounts and saying, you know, similar messages. They were like, I'm feeling generous. Send bitcoins. I'll double it or I'll match it and give it to a charity and what have you.
And within an hour i
think those wallets they'd they'd amassed over a hundred thousand dollars are you serious yeah
yeah dead serious okay so i mean these have come from um you know quite high profile accounts as
well you know yeah just uh yeah general flooding this is no it was it was they they specifically
chose some very, you know,
the really high following accounts.
There was Apple was one of them as well.
Elon Musk.
Bill Gates was another.
Bill Gates, yeah.
So, you know, and they're all like, hey,
we're only doing this for the next 30 minutes or one hour or something.
So it's all the hallmarks of a classic like phishing scam like time-based
too good to be true exactly time opportunity sense of urgency yeah exactly i have to wonder
though how much they got a hundred thousand that's a lot of money but how much did they really invest
in making this happen um because a hundred thousand dollars that's like one person's salary for a year you
know one sort of senior engineer or something like that for for a year and how long it took
them to get this done and etc so it would i'd be really interested in the economics to see how
profitable this particular uh scam was so is this uh sorry you go ahead yeah i was saying it depends on what their objective was
maybe i mean some have speculated that the the actual bitcoin what was the smoke screen
uh to get everyone investigating that while they were siphoning information out from dms or
things like that so we're not really entirely sure how long they've been in there for,
what access they have had,
and what they're planning on doing with data,
if they have got it, with it.
So there's a lot of unknowns.
Maybe it's just for the notoriety.
I don't know.
But it's one of those really weird ones.
You're absolutely right.
It doesn't make sense to go through all this trouble.
When you could have started World War III,
instead you just make off with 100 grand.
Yeah.
Mind you, it's probably 100 grand that we know of at the moment.
People are probably still seeing those tweets
and still sending stuff.
Maybe they shorted some prices.
I don't know, stock prices.
Yeah.
Well, that reminds me of a story that I was working with a crisis communications company.
I was saying there was this French bank that had their Twitter account broken into.
Not Twitter itself, but just their Twitter account.
And the criminals tweeted the fact that they had been breached and they had, you know,
hundreds and thousands and millions of records had been lost, etc.
And they were going to report to the country's equivalent, the ICO, etc.
Their share price fell dramatically by, you know, a good sort of 25 percent or something.
before they could even create their own response because they were so unorganized internally
that the hackers about an hour later said,
it's okay, we were mistaken, we weren't breached,
we're going back to normal, et cetera.
And the shares rose dramatically in between time what
happened however was that the hackers waited for the drop bought the shares at 25 percent less
then artificially raised them back up again through their tweet made 25 percent on top of the shares
all of which during the time the company itself was struggling to put out their own actual press release.
Brilliant.
That is such a fantastic story.
And I think in this whole Twitter hack, one thing that really stands out to me is how good Twitter was in their response, their incident response.
Oh, really?
Yes.
You actually made quite a big deal about this didn't you Jeff?
I know you were banging this drum
About being impressed with their response
Sort of ignoring all the other speculative
How it happened
Did they take our security seriously?
Yeah no you know what
They were very transparent
With their communication
And they were very timely
So if you followed the
twitter support or even jack's account but twitter support it's within three hours they went from
we're aware of an incident and it's impacting it we're investigating and taking steps to
okay we've locked down certain features you might be able to do this you You might be able to do this. You might not be able to do that. This is how we think they've gotten in. And, you know, we're going to lock some accounts down and
we're only going to give it back once we're fully happy that we can give it back to them in a secure
state. So it's very reassuring from a user perspective. I think, you know, everyone is
liable to get breached at some point.
And, you know, incidents happen and people don't know.
And no one, I think, expects you to have all the answers.
But just that transparency.
And it also demonstrates that they have a structured incident response plan in place.
I think.
And they're coordinated internally.
Exactly.
Yeah.
Yeah.
Yeah.
Very true.
Very true.
Excellent. That was a good one. I like that. I like that. That was,
that was this week's
Tweet of the Week.
Now, if you're quick, Jav,
I think that you also had another contender, didn't you?
Yes, I did. The other contender.
Which I thought was what you were going to
be doing but you know i uh so the other contender for tweet of the week and this isn't really
well it's it's probably not the tweet uh that that was the it's it's the uh what i what i
referred to as a human sequel injection. If you
cast your mind back to earlier in the year
when Tiger King
was on TV.
Oh, yes.
You know what? That feels like one of the most
normal parts of 2020 right now.
It does, doesn't it?
It seems so far away, doesn't it?
Globally,
everyone watched this same series.
Yeah.
So Carol Baskin,
so you might remember as the bitch that killed her husband,
she does these...
You can beep that out, can't you?
She does these birthday wishes for cash type of deal
where someone sends her some cash and uh she in response
she will read out a personalized birthday or greeting message not unlike a podcast that if
you want to send money to i was gonna say that there could be something in this who's birthday
anybody we know play the jingle tom play the jingle oh hang on host unknown sponsored by
insert name here i thought you were saying big cat rescue yeah
it is so um you'd expect that anyone that when you're sent this kind of thing you do
some sort of background check you'd validate the input that when you're sent this kind of thing, you do some sort of background check.
You'd validate the input, as they say in technical terms.
But she didn't.
She was told, oh, we've got this birthday coming up.
Could you please wish it?
And she read it out very sincerely.
She said, happy birthday from all your kids, Rolf Harris.
All the kids you've touched.
That's right.
Oh, my God.
And I can't wait to hear all the great stories about you
and your friend Jimmy Saville, as she pronounced it.
Holy moly.
So I know this did go viral on Twitter as well,
and I'm sure you guys will be pleased to know that
its origins were actually tiktok so it has there's an australian comedian called tom armstrong who
he has a bit of a history for doing this with celebrities um he's not really deviated too much
out of sort of you know local australia but i guess you've got the Rolf Harris link and then the Jimmy Savile link obviously
brings it into the UK.
So this all comes from an app called Cameo.
And Jav, you may
be impressed to know there's a couple of ex-wrestlers
on there as well who will also
read out birthday wishes
for cash. Send me the
link, brother.
That sounded like a jingle.
We should record that one. I was actually looking brett hitman hart is about
500 dollars uh if you want him to read out a message worth every penny we need a couple but
we need two more sponsors two more sponsored episodes that we can get a message from whoever
it was you said and so yeah so carol baskin's on there for 199 you can get her to read out a message
um but like i said it's not the first time this comedian's done this so he did it um
before he got an uh an american 90s soap star uh from a program called seventh heaven um
and he got her to read out uh you know a message for um basically one of australia's most notorious serial killers
um evan millet uh something along the lines of you know hey evan not many people pick up hitchhikers
anymore um but you know you really helped out the backpacker gang um you know thank you we need more
people like you in the world and um yeah i mean celebrities you know, when they're looking at these revenue streams, they're just exposing themselves to, you know, being fooled.
Oh, I know that feeling very, very well.
No, exposing yourself.
No, no, no, just not doing my due diligence when it comes to clients.
Let me put it this way.
One of my clients, a lovely client um has supplied me with a laptop
for a particular piece of work and of course i just said yeah fantastic and you know what turned
up it was a windows laptop for goodness sake oh dear oh i know and is this uh is this that job
where they've asked you if you could just do a bit of repacking for them? So you're a bit of a repacking agent.
Yeah, that's right.
Yeah, you're getting lots of iPads delivered.
And I get to keep one.
Yeah.
So I get to keep 10% of whatever it is they send to me.
You know, it reminds me of this Ali G episode where he's talking about raising funds in Africa for kids.
And he goes, oh, Reebok have agreed to donate like 10,000 pairs.
And he goes, they're poor, they're not desperate, Reebok.
And that's how I imagine Tom must have felt
when he saw a Windows machine show up.
That's right.
I, you know, I crossed myself and prayed forgiveness
to our Lord and Saviour, Steve Jobs.
And then I thought...
Put your gloves on, got your PPE.
Well, the other Steve, Steve Ballmer, must be air-punching himself in his grave.
How did you look at yourself in the Apple mirror?
I know, I know. I don't know.
Dreadful, dreadful but uh in all seriousness it's
a nice piece of kit i like the look of it especially now it's got a tl2 security sticker on
it that's um taking the edge off a lot but and the uh just out of interest the client just gave
you this like do you have to return it no no no it's it's it's their laptop okay so it's on an
asset register somewhere yeah Yeah, exactly.
Exactly.
But they're in a different country.
So come and get it, baby.
No, seriously, if you're listening, Mr. Klein, it's lovely.
Please continue giving me work.
And I will continue to use this laptop while you give me work.
No problems at all.
No, but it's great.
It certainly, as a company it's it saved me
um you know a good couple of grand to uh to be able to do this work which did require a windows
machine because it's how does the windows machine cost two grand oh it's a nice windows machine
it's not a dell or an hp or something like that right how so jeff that that's the part you're
concerned about so i just realized tom said he's going to be doing some testing
does uh powerpoint not work the same on a mac as it does on a windows machine okay okay you know
what that was this week's tweet of the week right we've moved on We have now officially moved on.
Because my client may be listening.
Oh, dear me.
Dear client, whatever you're paying Tom,
we'll do it for half the price and better.
Oh, will you now?
Oh, dear.
Right, shall we move on? Christ, we're halfway through the show and we've done one
segment already so let's speed it up yeah show it okay let's see let's go on to
billy big balls of the week
uh now this one's me and although i think it's uh's it does qualify as a Billy Big Balls because of the the sheer ego it takes to do something like this.
It also really pissed me off because it's a scam and I can see it affecting small businesses of which I am a part of um all you know over the coming few months so
those you you may or may not know but um as a result of the covid lockdown etc small businesses
have been uh affected quite considerably um the government the uk government initially did a what
was called a c bills which was a i can't remember what it stands for, Coronavirus Business Interruption Loan.
Wow.
And that was only available to certain sized and certain types of companies. where small companies could, uh, have a hundred percent guaranteed loan from, uh, a bank, uh,
of up to 25% of revenue, which is great. So I've spent the last two and a half months trying to
get hold of one of these. Uh, mine finally came to the other day, which is fabulous. It takes a
lot of the stress out now that's the background. So let's move forward to
just a couple of days ago, actually, and a car dealer went on to, I think it was LinkedIn
and Twitter with a little video, a little sort of, you know, selfie videos talking about
something that happened to him. So he was basically he was contacted by somebody who
wanted to buy a car he had in stock. This isn't just a regular second-hand car showroom.
The cars in here are sort of 40, 50 grand, etc.
Wanted to buy this car, but without viewing it, which is a little unusual.
Yeah, and I suspect the car dealers are wise to this one as well.
This is similar to the old, you send a check, you know,
which then gets withdrawn X many days later sort of thing.
Yeah, okay.
Exactly.
The spy detentives were tingling, right?
Exactly, exactly.
So, you know, he said the price, et cetera,
and said waited for the money.
And this company was called called uh something like um um bbs limited right now
what they what they did was they phoned up and said right we'll buy it put it to one side please
the money will be in your account in a few days uh a few days later cutting a long story short, lo and behold, the £42,000 was in the account waiting to be there.
So actually there, cash in the account cleared.
Now, ordinarily, if the cash is cleared, it's there.
It can't be taken out again.
But Spidey Sense, as you rightly say, was tingling.
So they phoned the bank up.
It turns out that the funds had come from a bounce-back loan.
Now, what the scammer had done was look up, do a little bit of social engineering,
both on the owner of the car company and the company itself,
taken out a bounce- back loan through that company you know pretending
to be that company to the tune of 42 000 pounds and put it into the account to pay them which
meant in 12 you know basically they were they were paying for their own car to be taken. And of course, the money went in there as BBLS.
So it just looks like it was really designed
to fool even more than just the casual company,
the casual salesperson.
So one, hats off to the people for even working this out you know the casual sort of company the casual um you know salesperson so you know one you know
hats off to the people for even working this out that you could do this etc but two um bastards
you work so hard for to get the bounce back loan in the first place and then somebody comes along
and tries to take it away from you right there and then so thankfully they got it reversed they
worked out what was going on and all that sort of thing but yeah really really um i mean i this was almost a
rant of the week but you know what's so disappointing about this is um you know they would have got away
with it if it wasn't for those pesky kids just you know a little bit sharper on the execution
you know visit the showroom you know actually feign an interest in
the car and just appear legit you know that's oh it's so close to uh apparently the only interest
the guy showed on the phone in the car was are the tires any good such a shame such a shame
so close and yet so far away criminal mind criminal mind. I know. The criminal mind.
I'll tell you what, we'd be screwed if the criminal mind was a little bit sharper.
But nonetheless, even so, they still, you know, I bet they've got away with this somewhere.
Oh, for sure.
Yeah, there's no way this is the first time they've done it.
Yeah.
Tom, can you check our bank account and
you know that sponsorship money that came from smashing security allegedly oh oh crikey did it
come from bbl by any chance yeah i thought it was i thought it was um something to do with the Billy Big Balls or something. Oh, dear.
Anyway, that was my
Billy Big Balls
of the week.
Do you know what I've really
noticed, and it was since
Graham pointed it out last week, is the gap
between you
doing the lead up and the actual jingle playing.
Do you know, I keep
trying to do because
you are controlling when those jingles play yeah i know but there's always a pause after you press
the button and i'm trying to press it sooner and it's not quite there you know it's um so listeners
tom is the type of person that why do something for five pounds when you can do it for 500 so he went out and he bought the the actual podcast like
equipment and the little and the little deck as well where you can program buttons to it and you
can have all the it doesn't work yeah it's just unbelievable i had to buy an app for my ipad
instead unbelievably complicated i know i know i'll'll work it out. It's a learning process.
And that's what bounce-back loans
are for, right?
Anyway, okay.
Let me try that again.
Okay.
And that was this week's
Billy Big Balls of the Week.
As you're saying it,
as you're saying it, don't worry
about it overlapping. Just go.
The brain will fill it in.
The brain will fill what?
The listener's brain will understand.
Even if you cut yourself off with the audio track,
they will know what you're saying.
So even if it starts out and that was this week's, you know,
even if you cut it off earlier,
the brain will fill in the gap and it will know what you were going to say.
You're listening to the Host Unknown Podcast.
More fun than a security vendor's briefing.
You mean like that?
Yes, exactly.
So I'm looking at the show notes and before we go into industry news,
yeah.
Why haven't I got any news assigned to me oh you haven't have you um let me see Andy Tom Andy Tom do you know what because like I say we don't normally assign news to guests and also we didn't
know if you're going to turn up again this week. No, I actually didn't.
Actually, why don't we move on to that?
Let's move on to this week's...
Industry News.
Excellent.
So NCSE introduces remote working testing tool for small businesses.
Industry News.
Rogue JavaScript integrations
permit attacking opportunities.
Industry news.
UK bans deployment of Huawei technology
over security fears.
Industry news.
Media and video companies
suffer huge increase in cyber attacks.
Industry news.
COVID-19 accounted for massive increase in Q1 phishing trends.
Industry news.
European Court of Justice deems...
Industry news.
It's all right.
The listener's brain will fill it in.
And that was this week's...
Industry News.
The European Court of Justice deems privacy shield
absolutely beautiful.
It's important.
It's important.
Our PA Newswire Stig works hard on these stories.
He does.
He does.
Thank you, Mr. or Mrs mrs the stick we appreciate it really
that was quite a veritable feast uh quite a veritable buffet it was six again yeah six
and we're recording early as well so it's not like he had an extra day on it this is
pretty impressive this is this is and that last last story is huge if true about the privacy shield.
Yeah, yeah, because that was negotiated with the US Department of Commerce between 2015 and 2016.
Yeah, but it was negotiated to remedy the collapse of the safe harbour agreement.
It happened in 2015, do you remember that?
I do remember.
There's a lot of businesses that depend on this.
It'll be good to see what that means for data sharing with the US.
Yeah.
How does that play in, affect corporate binding rules?
Hey, well, corporate binding rules are your way to get around most of this.
Yeah. Effectively. So, yeah, absolutely. hey well corporate binding rules are your way to get around most of this yeah effectively so yeah
absolutely i'm only laughing because we're talking about it as if we know what we're talking about
and the notes are right in front of us well i used to i used to work with our chief privacy
officer on a lot of this stuff actually so uh the corporate binding rules are hugely complex
but really important they'll take an average company about two or three years at least to put into place and what it does is actually it means that you don't have to rely on
external regulation such as the privacy shield in order to carry out your business you're actually
uh creating a a superset of of your own um business rules that ensure you are sharing it in a in a proper manner
wow are you reading that from somewhere that's very accurate that's not in the notes that is
i know right i know so basically again the big businesses the multinational corporations they
can get away with whatever they want it's the small person the ones relying on the bounce back
loans that are going to have
to struggle with this absolutely or well but or in my case i just i just stick it all into
microsoft's one drive and let their compliance tool sort it out you know so yeah what can i say
anyway thank you uh mr or mrs the stick for that news. It was very, very good.
Next time you have a performance review,
I think you should mention how actually your news has been syndicated by the internationally renowned
Host Unknown.
And so does this involve us paying some sort of licensing fee
because I'm not comfortable with that?
No, of course not okay of course not just
checking licensing fee you sound like someone from the 90s who's ripped off a copy of microsoft word
trust me in the 90s i had absolutely no qualms with uh being worried about paying for licences. The best thing in the 90s was the MSDN.
Yes.
That massive folder of CDs and DVDs of everything.
Yeah.
It was brilliant.
Yeah.
I ran an entire company off that.
So, Andy, just like compared to then or now,
have you ever paid for a WinRAR licence?
Do you know what
I paid for a WinZip licence
So obviously
Outside of the corporate world
Obviously in the corporate
It's all paid for, that's fine because it's someone else's money
At home I am actually
Pretty licensed these days
Well now, you know, decompression tools are built into every OS,
so you don't need to pay for them anymore.
But all the other stuff, like things like, you know,
my office subscription, you know, it's just an affordable price.
It's a price that I'm happy to pay for the usage that I get out of it.
I think you reach a certain age and you think, you know what?
I don't fancy going to
jail wow i don't think they're gonna jail you for running making some software but i mean if you
remember the old days everyone had a copy of you know people not even graphic design people who
didn't even know how to do so everyone had a copy of photoshop with a key gem you know illustrator coral draw yeah what happened to coral it all came on jurassic
you know the jurassic cds didn't it the wares yes yeah everyone had a you know a big list of stuff
one person got it so one person paid for a boot fair and then everyone else just copied that
yeah i remember in the late 90s I had an Exchange 5.5
server running at home
for my mail
it was like
overkill much
do you know what I had at the same time
Lotus Notes
oh
I loved Lotus Notes
that was a ball eight to install
and try and use as a mail client
but I was obsessed with, you know, everything's encrypted.
Yeah.
Lotus Notes is brilliant, actually.
Very good.
Very funky.
Slow as hell.
I had to manage a move from Exchange server to Lotus Notes
and move an entire company's email from one system to the other.
Normally, you go notes to Exchange,
but because we'd just been acquired by Coopers and Librand,
I had to do it the other way.
So I think over a week period, this is in the 90s again,
we moved 750,000 email messages from Exchange server to Lotus Notes
and trained everybody on Lotus Notes. Jeez.
And trained everybody on Lotus Notes at the same time.
So, yeah, that was the fun times.
Fun times.
Wow.
Anyway, perhaps we should get Lotus to sponsor it.
Do they exist anymore, Lotus?
I don't know.
I know it stands for lots of trouble usually serious, and that counts for the car and the software.
Host Unknown, sponsored by...
Insert name here.
Who?
IBM, I said, because they acquired...
Ah, they did, yes, that's right.
And, yeah, I think they rebranded it to Domino, was it?
Oh, that was...
No, yeah, it was Domino. was it? Oh, that was a lot. Well, Lotus Domino.
No, yeah, it was Domino originally. That was their final release, wasn't it?
The Domino.
Was that version 7 or 8?
Something like that?
I can't remember.
Anyway.
Anyway, let's move on.
Yeah, let's stop embarrassing ourselves.
No one's interested.
Right, let's move on to this week's...
Rant of the Week.
Oh, this one's me.
This is...
Do you know what?
I know I said I'd come up with a rant of the week this week,
but I am struggling to get riled up about stuff this week.
There's lots of people trying to piss me off,
and it's just not working.
You know, I know every time I wake up, I look in the mirror and I know that, you know, somewhere, somewhere in the world,
there is someone also waking up, looking in the mirror, saying that today is the day they're going to try and piss me off.
And it's just not working. You know, I'm actually I'm doing OK.
But this is probably one of my pet peeves. And it's happened to me today.
I'm doing okay, but this is probably one of my pet peeves,
and it's happened to me today.
I was at the, or virtually,
at the Future of Cybersecurity conference.
And I think, as I mentioned, Tom,
just when we spoke when Jav was elsewhere,
when I joined, we spoke briefly.
It's a lot easier for people to get hold of you at the moment, you know,
because everyone's kind of static, you know,
either at home or working from home or just permanently at their desk,
you know.
And at this virtual conference,
obviously you get these vendors sort of reaching out to you.
And this one particular vendor,
I think it's probably the manner that he approached me,
as if he's selling these sort of magic beans I'm going to be interested in.
Yet he had nothing substantial.
There was no substance in his conversation with me.
And yet I was trying to give him the opportunity to sort of really sell me something, what he was doing.
But he couldn't articulate what he was selling um you know throughout this whole
thing so you know he actually he opened the conversation he was like hi andrew and uh this
is how i know that you know i'm not aware of people or people aren't aware of me is that i
will always fill in my full name andrew you know whenever i register for something or you know my
emails everything says andrew um yeah but if i've spoken with someone or someone's been referred to me,
they will call me Andy because no one calls me Andrew.
So straight away, I knew that I don't know this guy.
And so he says, hi, Andrew.
So I imagine your role's somewhat transformed since 2017
with what you do now being considered a business enabler,
like as a question.
And so I was like, okay, well,
one, this is just like these buzzwords.
Remember like conferences in maybe 2015 or 2016,
even before, probably going backwards,
security as an enabler,
how to talk to the board, the same topics that keep coming up over and over again.
So, you know, I was like, okay, well, I assume that everyone's an enabler, you know, what's
the, you know, what's the purpose, you know, what are you doing?
What value are you bringing to the company?
What's the difference here?
Yeah.
And then, you know, trying to get to the point, I the point i'm like okay you know so what is it you do and he says well you know
we bring a cyber-centric approach to well-known frameworks and tailor questioning and waiting
according to the nature of the relationship well-known framework well what does this mean
i'm still none the wiser as to what you do.
You know, and it's, I mean, yeah,
old Andy would have probably just cut this guy off
and just, you know, walked away.
But, you know, I was trying to give him the opportunity.
I was like, no, I don't mean to be rude,
but, you know, what is it you actually do?
And anyway, he's trying to convince me that, you know,
he can offer, you know, he convince me that, you know, he can offer, you know, he can improve the M&A program.
You know, when I perform due diligence and stuff like that, you know, he's basically saying, you know,
one of his sales points was, you know, there's a reason why some major investment houses are using us in their M&A process.
And it's the way we apply cyber expertise and again i still don't know what he does
okay i'm getting it like what is it i don't get what's going on um and so you know for me it's a
case of look you're here you've got the opportunity you're speaking with someone you actually because
it's a virtual event you have my name the company i work
for uh you know my position in the organization just try and tailor something towards me you know
don't don't tell me a little bit of background exactly yeah but i mean it's a two-minute job
you know any of the uh i think really decent sales people sales exec execs can do this. And, you know, I was very disappointed with this approach.
You know, I kind of, you know, I'm not angry.
I'm disappointed.
You know, that's even worse.
And it is just because, you know, this was your chance.
This could have been, you know, I have actually taken services from vendors that I've met at conferences before.
You know, I had a sit down with a guy before. He took time to listen
to what I was after and he was like, look, do you know what? We can't do everything, but we
can do, we can meet these challenges and this is how we do it.
We still have a relationship to this day and it's like, great, there is value out of
this if you're prepared to tally it. But when you rock up at these events
and just broadcast what you do and chuck in like sales taglines or you know stuff from the marketing
brochure it's just a waste of everyone's time um yeah but i'm sure that he's uh probably you know
ticked off yeah spoke to this guy at this company potential lead lead, and will probably end up spamming me.
Qualified lead, I think is the phrase, right?
Goes into the A leads.
He's a Glyn Gary lead.
He's a Glyn Gary.
Yeah, but it's just generally frustrating.
It's like, come on, man.
There's better ways of doing it, right?
There we are.
Far better ways.
I mean, what is a cybercentric approach
to these days you know when you when you're at a security conference and you're talking about how
you can make security an enabler you know okay god no we don't want that um and also you know
when you're talking about uh you know sort of cyber security um you know bringing a cyber-centric approach
to security that's well do you know what son you ticked two out of the two boxes i'm looking for
yeah it's uh also what what what happened in 2017 that meant your role has transformed i don't know
has he looked has he looked at linkedin and saw that your title changed possibly it's very possible
that he uh yeah he saw that um
so he did do some background work he just done the wrong background yeah yeah it was um yeah and
he was obsessed with trying to sell me third-party uh vendor management as well which is actually
nothing to do with me whatsoever um so again that was the case that you know i think he thought he was doing some sort of
added added value you know he could upsell me but you know i saw i saw a really good video on third
party uh vendor management this week oh really did you oh that's interesting you know i i had a bit
of criticism about that video um the author didn't spell uh fentanyl right and um well in fact that was the only criticism
that the thing that i was impressed with was uh was a two dollar bill which i have not seen before
it was very difficult to get hold of um but where did you get it from
a college student she she had a whole bunch of them.
Oh, yeah.
She was studying medicine.
Working her way through college.
Yeah.
Paying her way through college, right?
Anyway, before we segue off.
Let's not talk about how we acquired it.
The fact is that it's in my possession lawfully.
You know, this is.
Goods and services were exchanged the the sales uh exchange
you need to send it to tricia howard and on on twitter she's like tricia kicks sass um and she's
got a background in in the the theater or dramatic arts and what have, and she started doing these dramatic readings of cold sales emails.
Oh, I saw that today.
It is.
I was just cracking up because she starts off the first email like,
hey, I hope this email finds you well.
And then it's like five days later and then it's like, well,
I guess that email didn't reach you, but I'm just here.
And then it's like to the final email well you know if you ever
want to do this and get in touch it's it's uh really well done i mean i i have to say that
sales and cold calling and you know cold contacts are actually hardest thing in the world yeah but
one of the best people i i know who does this, a woman called Trudy Palmer.
In fact, I've talked about Trudy a few weeks back on LinkedIn.
What she does is just talk to people like human beings and then just happens to throw in what she, you know, what the company is she's representing does, etc.
She's one of the most well-connected people i know on linkedin everybody
she knows everybody um but all she does is just chat and try and have a good time with people
um rather than cold call and and sell if you see what i mean you know and okay so i'll just play a
bit of devil's advocate there and and and's absolutely great. I think everyone understands that that's a fantastic approach.
But when you look at a lot of these companies,
tech companies, security companies,
when they hire a sales team and they've got a marketing team,
and it's a standard template that every one of these companies uses.
And when you're there, you're told you need to get,
your target is a million in sales a month or something like that and yeah and here are the leads that marketing
has got here are the a b and c grade leads this is everyone we scanned at the conference we last
went to let's do this and and and then they're forced gdpr compliant list yeah Yeah, it's just a battery farm. And, you know, the problem is that because a lot of these companies are backed by VC funding,
so they have to show a certain amount of movement or growth.
And it's a formula that just seems to work.
Everyone hates it, but it kind of works.
So they stick to it.
It kind of doesn't.
We're constantly talking about this this kind of you
know poor sales technique etc you know and i think you know as you say you get given this box of
inverted commas qualified leads when actually they're not at all um and in fact one of the
things that um trudy was telling me that she does is you know she she keeps going you know around
the horn with a lot of these people in the sense that you know she's because she effectively freelances as a cold
caller for companies um because she's got a good network and she's you know she's very comfortable
cold calling and very comfortable chatting to people so she might be talking to somebody you
know about company a who may not be interested but she then knows next time when she's up
working for company b she can call that person back and they'll know who she is
and what she's doing and you know why she's calling and all that so and it and so it builds
up into a really powerful network of people that she can you know call up on rather than
here's a bunch of badges that we scanned but as you say that that's uh that's someone that does
their homework and uh you know has a good yeah oh absolutely uh exactly the type of person i like
working with yeah yeah you'd like trudy you should have a chat with her i have no idea what she's
selling at the moment as long as it's not tl2 security testing services then we're all good.
Hey, Andy, come on.
You know I could bring a cyber-centric approach and tailor to questioning and waiting
according to the nature of the relationship
to your business.
Come on, man.
Oh, dear.
Anyway, that was this week's
Rant of the Week.
So we're drawing to a close i think we've just just got time for a little people um as we said at the beginning jav you you failed to produce so andy and i we did a
little digging and you say we have time you are looking at the same timer as me, right?
Yeah, yeah.
So we're going to be quick.
I know.
I'm not leaving this one out.
We've not had a little dig for a long time.
So yeah, anyway.
So we did a little digging and we came up with this.
Sorry, hang on.
We're going to be doing this properly.
Hang on.
So we did a little digging and we came up with this. We, hang on. We're going to be doing this properly. Hang on. So we did a little digging and we came up with this.
We need little people.
The Little People.
Well, you know, security is a big field.
It covers a lot of aspects, a bit like medicine.
You know, you have your heart surgeons, your brain surgeons,
your opticians, the ones that do your blood work your your gps and everything and you know security i see similar
you have your pen testers you have your defenders you have your architects you have your your risk
managers you have your c-sers you have you know all sorts of people that that that all play their
part in in a certain way well i'll say it all play their part then i certain way. Well, I'll say all play their part, then I'll say almost,
because then you have people like Tom and Andy, who for the life of me, I've no idea
what role they play in this all. I think they've just been to enough security conferences over the
year that they just picked up some lingo. They know when to scratch their chin thoughtfully and say, hmm, well, it depends.
Or they know how to drop in the word risk into everything.
Or, you know, well, that's your threat model, not mine,
which is just the technical way of saying,
let's agree to disagree.
And if you just throw that around enough,
and if you're like fat and bald and old enough,
then people just, I don't know, I guess they seem to believe that you know what you're doing.
And I think that's what them two have done.
They pulled the wool over the eyes of the industry for a very, very long time.
I mean, don't get me wrong, they're nice enough people.
I like hanging out with them.
If you want to prank someone by taking their phone,
taking some selfies and handing it back to them, you know, that's all good and well. But
yeah, security, they have absolutely zero clue. I mean, this podcast is so much hard work. I have
to educate them on every single point before every single episode and well to put it bluntly it's hey you're
not recording this you son of a so jav i don't agree with the third point um i think that was a
very good summary that was great um and thank you very much for that and we can wrap up the show now
really really are you going to tell us that was one of those deep fake audios or something
no i think we need to we need to review your contract young man yeah you're not invited back
yet no no you can take my podcast from my cold, dead hands. Well, actually, sorry, I take that back.
I mean, you jokers.
Because last week, actually,
Graham said I sounded like a miserable sod on this.
I've got to try to be more optimistic and upbeat now.
But do you know what I did like?
Just as we wrap up,
what I did like was last week when Carole said,
you know, so what do you guys do to wrap up?
And then she kind of saved the show with a professional ending story.
And there's us.
We're like, oh, we just wrap up.
Yeah, exactly.
We just say, thank you, Jav.
Thank you, Jav.
You're welcome.
Thank you, Andy.
Stay secure, my friends.
Stay secure, my friends. Stay secure, my friends.
Host Unknown, the podcast, was written, performed and produced
by Andrew Agnes, Juvad Malik and Tom Langford.
Copyright 2015 or something like that.
Insert legal agreement here as applicable and binding
in your country of residence.
We thank you.
So that's a $2 bill.
Like, seriously, when you say college uh uh got it from someone
that college student what i was thinking was um somebody come get her she's dancing like a
stripper hey somebody come get her she's dancing like a stripper was it that kind of environment where you picked it up?
I'd take the fifth on this if I were you, Geoff. I'll wait until the recording stops.
Just like that.