The Host Unknown Podcast - Episode 160 - The Lacklustre Performance Vol 2 Episode
Episode Date: July 14, 2023This week in InfoSecWith content liberated from the “today in infosec” twitter account and further afield13th July 2001: Code Red Worms its Way into the InternetThe Code Red worm is released onto ...the Internet. Targeting Microsoft’s IIS web server, Code Red had a significant effect on the Internet due to the speed and efficiency of its spread. Much of this was due to the fact that IIS was often enabled by default on many installations of Windows NT and Windows 2000. However, Code Red also affected many other systems with web servers, mostly by way of side-effect, exacerbating the overall impact of the worm, ensuring its place in history among the many malware outbreaks infecting Windows systems in the late 1990’s and early 2000’s. 10th July 1995: After writing the initial version of the yet-to-be-released SSH, Tatu Ylonen emailed a request to IANA for SSH to be assigned port 22, receiving approval/assignment mere hours later.https://www.ssh.com/academy/ssh/porthttps://twitter.com/todayininfosec/status/1281629953360982016]Rant of the WeekAustralia's 'great example of government using technology' found to be 'crude and cruel'. And literally lethal to citizensAn Australian government initiative described by the then-minister in charge as "a great example of the Government using technology" has been described by a Royal Commission as "a crude and cruel mechanism, neither fair nor legal, and it made many people feel like criminals."The initiative came to be known as "Robodebt" – reflecting its automated matching of data sets and issuance of debt notices to welfare recipients.But the algorithm Australia's government used to calculate the debts was based on massively and tragically incorrect assumptions.Australians are eligible for welfare payments if their income dips below certain levels in a given two-week period. In the early 2010s, the government of the day decided to ensure that welfare recipients hadn't received more payments than they were due, with data sharing between welfare and tax agencies informing the process.To assess whether proper payments had been made, the relevant department averaged recipients' income across a year.Which was a huge mistake. Billy Big Balls of the WeekIndian developer fired 90 percent of tech support team, outsourced the job to AIHere's a story from the Department of Massive and Terrifying Irony: a startup Indian software developer struggled to afford its customer support team, so outsourced it – to an AI chatbot that was more efficient and cheaper.The developer is called Dukaan and offers a platform it promises allows rapid deployment of online stores.Founder Suumit Shah took to Twitter to reveal that the change to robo-service saw time to first response fall – from a minute and 44 seconds to zero. Resolution time plunged as well – from two hours and 13 minutes when humans were doing it, down to three minutes and 12 seconds with AI on the job. Overall customer support costs dropped by around 85 percent.Shah detailed how Dukaan struggled to hire people with the skills to work as support agents. "It's like – Lionel Messi doing a full time job at Decathlon, though the theory has some merit, but is ultimately flawed," he wrote.It is that time of the show where we head to our news sources over at the Infosec PA newswire who have been very busy bringing us the latest and greatest security news from around the globe! Industry News Martin Lewis Shocked at Deepfake Investment Scam AdCentral Bankers Develop Framework For Securing Digital CurrenciesEU Adopts New US Data Privacy AgreementClop: Behind MOVEit Lies a Loud, Adaptable and Persistent Threat GroupEthical Hackers Reveal How They Use Generative AIFewer Than 100 Scammers Responsible For Global Email ExtortionWhite House Publishes Plan to Implement US National Cybersecurity StrategyMandiant Unveils Russian GRU's Cyber Playbook Against UkraineNew CVSS Version Unveiled Amid Rising Cyber Threats Tweet of the Weekhttps://twitter.com/matthew_d_green/status/1679215510951477248 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
shit how can we do this every week and just not fucking
it's it's almost like we've run out of inspiration that's why some of us don't
bother turning up every week some of one of us i was using the royal we
you're listening to the host unknown podcast one of us. I was using the royal we.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us and welcome.
Welcome one and all. Welcome listener to episode 164 of the host unknown podcast jav welcome back again we could we could be saying that a lot actually uh welcome back jav
how how was your week i'll just say welcome to the show jav no no no this is great this is great
thank you for joining us.
Thank you for agreeing to appear.
Regular listeners will notice that Graham couldn't make it this week.
So Jazz filling in for him.
This is like, well, I can imagine like in China where you have those massive factories
and the boss walks in and everyone stops, turns around and bows.
This is the equivalent of what's happening on the podcast.
Yeah. So we stop, turn around and break. This is the equivalent of what's happening on the podcast. Yeah.
Except we stop, turn around and break
wind.
I was going to say, I thought you were going to go
down a route of like, you know, you're just a replaceable
worker that, you know, we kick out the door
it doesn't matter whether it's you
there's plenty of other seven year olds who can do the same job.
Exactly. If you die, we'll make
another one.
That's what my dad used to say to me.
Yeah,
tacky.
Oh dear.
So how,
how was your week away,
Jovan?
How,
how is your first week back,
more to the point?
So the week away was fantastic.
It was just me and my,
my daughter.
We went to New York for a week.
We saw the 4th of July fireworks. We were really patriotic.
And, you know...
Shotguns in the air.
USA.
You were patriotic in the fact that you tried to stop it
or what?
Let's not go into details.
They're irrelevant.
The court case will decide what's relevant.
Relevant, Your Honour. Yeah. Objection here, say. the court case will decide what's relevant relevant to your honor yeah
but no it was a great it was a great week it was like one of the first
proper proper holidays i've had in a long time where like i did oh can't be right you can't say
that with the amount of time off that you've had you cannot say this is the first proper holiday
event in a long time no no no well it's just like because when you go with the family,
then you have to look after the kids
and you make sure they're all fed and watered.
And this child is like...
Your daughter did come back with you, didn't she, Jeff?
Yeah, she did.
Okay.
I just wonder where you're going with that one.
No, no, no, no.
She actually loved New York a lot.
And she was like, you know what?
I could easily live out here.
I said, no, what you mean is you want to live out here.
You clearly have no idea about how money works and how much the rent is over here.
That's right.
And what a green card is.
Yeah, yeah.
But no, it was good overall.
And yeah, the week back after a week off is always, I think, really tough.
It's a bit crap, frankly.
You know, it's just, you know, you come back to a mountain of emails.
Because I didn't take my laptop and I wasn't checking emails when I was gone.
So, which was a first.
Which is kind of the point of a holiday, right?
This is where I was going with it. It's the first proper holiday i've had for a long time before i was rudely interrupted by
by a regular host of this show mr turkish delight so mr turkish delight what is his name fry
no no he was just showing us pictures before we started about how he had Turkish delights. Yeah, that's true. Of that delicious box of Turkish delights.
Delicious Turkish.
Or halal as well.
Yes, yes, yes.
So, yeah.
Anyway, let's pass the baton over.
Andy.
I've had a great week of eating lots of delicious foods and meeting up with friends.
Actually, do you know what you're
what the amount of stuff you've said in in whatsapp you look like a one of those instagram
food influencers do you know what i want if i put filters on this stuff and then like you know
maybe i could go on to um you know create a a vlog of like eating challenges because i don't
think anyone's ever done that man eats world yeah exactly no one's ever done this it's a brand new idea yes it is completely unique
yeah oh in fact i didn't so obviously threads more and more people are joining threads yeah
are you gonna partake in the threads no i'm twitter till it till to the last i don't believe
that for an instant i don't believe that for an instant. I don't believe that for an instant.
I mean, you jumped onto TikTok for God's sake.
Why wouldn't you do Threads?
No, TikTok actually was something different.
You can't compare TikTok to anything else.
Exactly, exactly.
Threads is clearly, I mean, no one even tries to hide the fact
it's a Twitter clone or replacement or competitor.
TikTok came on the market.
They weren't competing with anyone.
In fact, YouTube has competed with them with their shorts
and Instagram with their reels.
Yeah, true.
And where all the TikTok content gets repurposed, to be honest.
Well, in fact, we actually, Tom,
you actually mentioned just before we started about something.
We were like, yeah, I saw that like a month ago.
Yeah.
Hey, look know i'm only
just starting on instagram really let's face it let's face it but uh but yeah do you not find
that well i was gonna say do you not find that twitter is is the quality on twitter is just
going down through the floor it has been for a long long time i don't think that's a really you
can't say that's a recent thing it has been oh i think i think there's been a sharp decline recently definitely definitely
since musk or even before that um well obviously i'm going to say since musk but yeah obviously
you're going to be biased and say since musk but no i agree with andy i think it's been going
downhill for a long time those those i think there was a
certain innocence back in whenever was it 2006 2007 yeah where it was a new thing and people
were genuinely just trying to connect to each other and then what's happened like most things
it becomes a gamified system of clout and how do you get followers and you know people not really
being sincere in the interactions it's more about like look at me look
at me so um i think whatever happened to clout do you remember clout yeah it came out for a bit
and then disappeared didn't do anything probably bought up by somebody bought up but so so jab this
this platform that's been going downhill for forever you're you're staying on it because
it's still like you know it's it's like if a airplane starts
descending rapidly from 30 000 feet it's at 20 000 feet right now whereas you know you're on a boat
you're already at sea level so you know it's still got a long way to go before it drops down to your
level tom you you've always got a long way to go until you drop down to my level mate
that's why i'm always smiling and you're not true
oh dear so yeah so so for me this well i was i was at uh bristol pride last week it was very
good i got some photos up on my photography website quite pleased you won there's a little
bit of an accidental rena Renaissance one in there as well,
which I quite like.
And yes, up in London this week, that was good fun.
I did a couple of talks as well, which was good.
One was in the Lloyds of London Library of all places.
Oh, interesting.
Didn't know that.
Well, it's the old library.
Basically, back in the day, Lloyd's executives toured the country
looking for stuff from country houses that they could buy
to fit out the offices.
This is the old, you know, literally back in the day.
And they came across...
It was Tuesday.
Yeah, that's right.
No, in whatever it was, 18...
So they were like the British Empire,
just touring countries and taking interesting stuff back.
Oh, it gets better than that.
So they were going around all these big houses
and sort of saying, you know, can we buy this painting?
Can we buy that? Blah, blah, blah.
And they sat in this place...
That's what they tell you.
Yeah, they sat in this place called Bowood House.
Distract him at the front door.
Yeah.
They sat in this place called Bowood House,
which, interestingly, coincidentally,
is literally about a mile and a half from where I live. And they sat in this place called Bowood House, which, interestingly, coincidentally, is literally about a mile and a half from where I live.
And they sat in this room and they looked around and said, oh, we actually were looking for some artwork, but actually, can we take this entire room?
And so they did. They basically pulled the room apart and reconstructed it into the Lloyd's headquarters.
And then when they moved into the new building, they deconstructed it and moved it into the Lloyd's headquarters. And then when they moved into the new building,
they deconstructed it and moved it into the new headquarters.
So you've got this inside-out concrete glass steel building,
and then you've got this oak-panelled,
galleried library room with oil paintings on the walls.
It's quite fascinating, really.
So, yeah. And what else?
Oh, and tomorrow, although it looks like it's raining,
which is going to be a shame, I'm off to the Fairford Air Show.
I'm going to take some photos there.
So that'll be fun.
Nice.
Yeah.
Well, talking of showstoppers,
shall we see what we've got coming up for you this week?
This week in InfoSec is Code Red, literally.
Rant of the Week is a great example of government using technology.
Billy Big Balls is a great example of the private sector using AI.
Interesting News is a great example of bringing us
the latest and greatest security news stories from around the world.
And Tweet of the Week is a great example of predicting the future for Twitter.
I think we've got a few repeats in there, actually.
So shall we move on to our favourite part of the show,
the part of the show that we like to call...
This week in InfoSec.
InfoSec.
It is that part of the show where we take a trip down InfoSec memory lane with content liberated from the Today in InfoSec Twitter account and further afield.
And our first story takes us back a mere 22 years to the 13th of Julyuly 2001 when code red worms its way into the internet
see what we did there with that headline so the code red worms released onto the internet targeting
microsoft's iis web server and code red had a significant effect on the internet due to the
speed and efficiency of its spread and much
of that was due to the fact that iis was often enabled by default on all installations of windows
nt and windows 2000 i remember it well yes however code red also affected many other systems with web
servers mostly by way of a side effect exasperating the overall impact of
the worm and ensuring its place in history among the many malware outbreaks that infected windows
systems in the late 90s and early 2000s and now this part gets slightly awkward because i was
going to hand over to graham for his insights yeah i was going to say because it sounds like
you're just reading that, you know, rather than
Because you've got a
resident expert, right? Exactly.
Our SME would step
in here. But
unfortunately, Jav, you know,
sort of turned up this week.
I can tell
you about the worm if you want.
Okay. As if we didn't hear
the keys clacking in the background.
And the cursor
click on the link in the story. You know what?
Put the link in the show notes.
Let people read it themselves.
All you had to do was start with chums
chums and we would have been fine.
Yeah.
Brilliant. chums and we would have been fine yeah brilliant alas our second story takes us back a mere 27 years to the 10th of july 1995 after writing the initial version of the yet to be-be-released SSH, Tatu Yolen emailed a request to IANA for the SSH to be assigned port 22,
receiving approval mere hours later.
Ah, yes.
My favourite port back in the day.
Indeed.
Well, and this is how it was done back then, right?
You just email IANA the Internet Association name assignments or something.
Number assignments.
Number assignments, yep.
And said, hey, can we get this done?
So obviously port 22 was already in use and very commonly used for SSH,
but this was just making it formality.
Obviously, as we know, the port's one to 1024 reserved yeah yeah and then
yeah you can just have what you want after that yeah it's it's great the the tweet actually has
the screenshots of the email going out and going in and you know reply and it the email was sent at 11 45 and the reply was sent at 3 35 so you know that is quicker than like you
know i get my travel approval email yeah yeah that's right and this is this is something that
is foundational to the internet as we know it today just like you know and they probably their response was probably apologies for the delay
yes it was american it would be like i was i was undergoing heart transplant so that's why
there was a delay yeah yeah but uh but no and the reply is like really short it's just like
tattoo we've assigned port number 22 to ssh with you as a point of contact. Boom.
Email ends.
Can you imagine
being a point of contact
for a port number?
Yeah.
What's port 1?
No idea.
Are you going to start testing me on port numbers now?
Yeah, well... so commonly, right?
Everyone, 22 SSH, 25 SMTP.
Yeah.
Was it 44 is pop?
Is that right?
Pop 110.
Pop 110.
Oh, 110.
Yes, of course it is.
What's 44 then?
44 is MPM flags. No no not the one i was thinking
i'm all over this mate this is what this is what the internet was invented for so we could look up
how the internet works yeah and also if you ever did your ccna back in the days you had to learn
all of these all of these numbers thank god i never had to do all of these numbers.
Thank God I never had to do my CCNA.
So quote of the day, 17.
Quote of the day?
Yeah.
God, is that actually still in use?
Can you still ping a QOTD?
Ping it or finger it?
Didn't you used to have a finger?
Yeah. You could tell there were some basically very frustrated young men
in charge of the internet at the time.
Oh, you're making stuff dirty.
So, 43, who is Protocol?
Oh, yeah, 43.
Yeah.
44 was the MPM flags.
Wow.
Who knows?
Welcome to the Host Unknown podcast with three clueless men.
Look up a Wikipedia entry and mull over the contents.
Well, there were just standard ones.
Like back in the day, you always had to log, you know,
you went to just standard ports that you always knew about for various things.
And if you wanted to spoof mail you'd
log into port 25 on someone's mail server well we wouldn't know that andy no i've read about it
i've read that this is how people used to do these things but you'd literally connect to that
you know message say you know recipient from crafty message, send to.
Gosh, you've heard a lot of detail.
I've heard a lot of detail about these things.
Oh, dear.
Excellent.
Thank you, Andy, for this week's...
This week in InfoServe.
People who favour the Smashing Security Podcast are statistically more likely to eject USB devices safely.
For those who live life dangerously,
you're in good company
with the award-winning Post Unknown Podcast.
I might see if I can jiggle that around
and take the award-winning part out
in front of our name
and put it in front of the smashing security bit,
you know, just for accuracy.
We have won awards in the past.
That jingle is not incorrect.
Exactly.
We may not be the current holders of the award.
Well, technically we are because they're literally five yards away from me.
I'm looking.
Oh, well, yeah.
Yeah, yeah, yeah.
But it's like when you see a movie trailer and they say with Oscar award winner,
like Academy nominated.
They don't tell you the year in which they won the Oscar.
It could have been 10 years ago, 20 years ago.
But the fact is that they won an Oscar.
And same thing with these awards.
Oscar winner Nicolas Cage.
I mean, that was a long time ago, right?
I can't even remember what it's for.
Yeah, it doesn't matter what it's for.
No.
And so it's not like these awards overwrite each other each year.
It's just for that particular year, you won an award.
And that's our story and the one we're sticking to.
Exactly.
Right, let's move on to...
Listen up!
Rant of the Week.
It's time for Mother F***ing Rage.
So, you know, a few years back,
the UK Post Office had their Odyssey software
that ended up with uh um uh
postmasters and mistresses being going to jail yeah sent to prison and it meant there was it was
a cause of uh suicides in some cases um criminal records you know completely shattering of you know
of their of their personal and professional lives and then
it turns out that basically the software was wrong um and um lots of backpedaling and it's just
utterly outrageous how how sometimes you know we we we just completely i don't know put on a pedestal
the idea that technology can never be wrong well there's a similar thing and it's probably similar stories all around the world, but there's a similar story in Australia.
So Australia's great example of government using technology was found to be crude and cruel and literally lethal to its citizens.
lethal to its citizens so there was a an initiative a number of years ago that was described by the then minister of in charge of it as a you know a great example of government
using technology and has been described by a royal commission as this crude and cruel mechanism
that was neither fair nor legal and made many people feel like criminals.
And it resulted in being known as robo-debt, basically,
because it reflected this automated way that it matched data sets
and subsequently issued debt notices to welfare recipients.
issued uh debt notices to to welfare recipients so what it came down to was um under the sort of the australian welfare system if your income was deemed to be below a certain amount over a two
week period you were you were eligible for um for top-ups effectively, for welfare payments to ensure that you met the basic minimum.
Sounds very, very good.
So it still kicked off in the early 2010s.
And what the technology was there to do,
what it was implementing,
was to ensure that welfare recipients
didn't receive more payments
than they were due with data sharing going on between welfare and uh tax um agencies in form
of the process the problem was rather than looking at each sort of two week period you know weeks one and two weeks three and four etc etc what it would do is take an uh a
year of income and divide it by 26 so basically into two week chunks uh and if that number was
above that minimum then it would charge the difference you know if they had paid out a certain amount, they would basically then recoup the difference.
So if somebody was out of work for, say, four months, they would they would get payments for that, you know, to obviously make sure they met minimum standards of living, etc.
they then got a job for eight months what the system did would then take the average of that 12 months and decide therefore that they had to pay back potentially all four months of that money
um and the net result being that there was well one the the incentive to get a job was minimized
because if you got a job you're going to have to start paying back a whole bunch of money
and two people who you know who dipped into this
process you know because they were down on their luck etc between jobs couldn't get uh couldn't
get access to uh you know to the workforce or for whatever reason uh found that they they ended up
sometimes years later with large crippling debts which were followed up on really quite aggressively you
know these debts were handed out to various agencies etc they were chased up for a number
of years and um and of course in many cases these people who were barely just getting on their feet
were not able to to either challenge these or or eat more or obviously pay for them either so um resulted in
well suicides extreme poor health uh etc what the hell i would talk about management well even
government by excel here which is just an absolutely appalling approach. You're taking a good thing, which is making sure that your citizens,
your people are not below a certain line of income, which is giving them a basic minimum,
and then using it as a, well, not even as a stick, as a club by which to draw more money out of them
and actually push them into greater levels of debt uh medical illness and and potential death
uh so yeah really awful and it only really came to light in may last year when a new government was elected in,
which promised a royal commission into it.
And the final report was published just last week.
The report found that ministers made untrue statements, abused their power,
report found that ministers made untrue statements abused their power and senior public servants knew the scheme was flawed and or illegal but did not act to stop it uh the report recommended
hundreds of people be considered for possible civil or criminal prosecutions um although the
identities of those are not known so not only was this an awful mistake and an avoidable mistake,
but then when said mistake was found, it was covered up,
resulting in extreme misfortune and extreme ill health and potentially death.
Appalling. Shocking. Absolutely shocking. misfortune and extreme ill health and and uh potentially death appalling appalling shocking
absolutely sure but i hope that uh they do follow through with that um yeah prosecution yeah i think
so because if you know that something's wrong unless you've got that email from your boss saying
thank you for your email shut up or you're fired then really you should have been doing something
about that right that's the point of being a civil servant whistleblower lines yeah wow exactly
it's it's it's really unfortunate and like you know the unfortunate thing here is that you
probably get like our government over here current government or whatever looking at that thinking that's a really good idea now how do we do it so that we find some loopholes in the
legal process so that we don't get done for it and actually um i was reading some tweets uh the
other day and uh friend of the show rowena fielding uh was was uh there was a thread and she was
replying about uh these loyalty cards that you
get in stores like so like and sometimes the price difference is so great especially in like tesco
whatever you sometimes it's like price in some basic things she was like well you know this is
like really like you're you're you're you're targeting the the most vulnerable like people
who can't afford like like, you know,
they might be struggling, pretty much everyone. And, you know, but no one really knows or cares
too much because of the price difference as to what's happening with that data. And she was like,
well, this data, who knows, anyone could buy this data and then use it for whatever. So maybe your
health insurance provider would say,
well, according to your purchases, we've seen you've been buying a lot of unhealthy stuff.
So therefore now your diabetes is not covered by our payment plan.
The NHS could access it.
Yeah, or again, the DWP could, or HMRC,
or anyone could access that information.
And these sorts of scenarios would then be inevitable because
you know that it's not someone going to go through it logically they're just going to outsource it to
some spreadsheet or some automated mechanism and they're going to make these horrible horrible
decisions it's just yeah but you got your meal deal for three pound thirty instead of four pound
sixty exactly exactly uh and and that's where it's terrible.
This surveillance capitalism is just like absolute,
the gutter.
Yes.
Oh, God, we agree with each other, Jav.
Jeez.
Okay, okay.
Let me turn it around and say,
it was a Billy Big Balls move by the Australian government.
I have to give them that.
Very good.
Very good.
Anyway, that was this week's...
Rant of the Week.
This is the podcast the Queen listens to.
Oh, not again.
Although she won't admit it.
Literally, never again.
Never again.
Do you think I should delete that one?
It just feels wrong deleting it.
Maybe I should just mark it so I don't use it.
Okay, let's try another one, shall we?
Sketchy presenters, weak analysis of content
and consistently average delivery
but they still won an award like and subscribe now
that one's definitely more accurate
right jav over to you and your lovely pair of
and your lovely pair of...
So this is an interesting one.
I quite like this story.
So there's a lot of irony to this story,
but there's an Indian startup software company called Dukan, which translates to shop. Dukan means shop in
English. So it's a platform that promises and allows rapid deployment of online stores.
And their founder, Sumit Shah, went to Twitter and revealed that they changed basically their support structure
where they ended up firing 90% of their tech support team
and outsourced the job to AI.
Ha!
There was a benefit to this, I mean, apart from cost.
Cost.
I mean, apart from cost.
Cost.
So he just said that, like, you know, profitability is hard and like, you know, times are tough and finding good staff is hard. And like, you know, times are really bad when an Indian firm based in India can't find staff to manage their tech support team.
find staff to manage their tech support team um but uh the analogy he used it's like it's uh so he's like it's really hard to find people with the skills to work as support agents because if
they have those skills they want to work in a more senior role they don't want to be just like that
level one support following a script like have you tried this and what have you.
And the analogy he uses, it's like Lionel Messi doing a full-time job
at Decathlon.
Though the theory has some merit, it is ultimately flawed
because Lionel Messi would want to be playing football, I assume.
Well, that doesn't make sense.
It doesn't make sense.
I'm sure when he said it in Hindi in his head,
it made perfect sense.
Lionel Messi, considered one of the greatest footballers of all time,
and Decapolon is like a sports shop.
Yes, but they didn't hire Lionel Messi
when he was the greatest footballer of all time, right?
That's like saying he's trying to hire a team of bruce schneider's to run his um to to run his his sock and his tech
support team when actually no he wants he needs to hire and continue to hire and train and grow
a bunch of junior people who will learn and grow and contribute to this thing so his his his
analogy is wrong.
It is wrong.
It is wrong.
But, you know, you can't take... Just because Jav and I don't do football, Andy,
doesn't mean we don't understand him.
Yes, yes.
You guys are missing the hole.
I don't know.
I'm with...
Who's our boy over here?
He tried to make an analogy.
I think you guys are reading into it too much.
He made a terrible analogy.
He's essentially saying
that he can't get he needs people who can hit the ground running as soon as he hires them
but those people don't want to do that job because no one wants to come in at that level
what because what he's saying is he doesn't want to he doesn't want to invest in his staff is what he's saying pretty much but also but also in in his defense like when you look
at the first level layer these staff are just like they're reading a script they're not doing
anything beyond that it's like have you tried turning it off and on again are you sure that
this is plugged in are you sure that's working and what have you and then if they can't resolve it
then it gets escalated so i think it's that level that is outsourced which i think it makes sense if you've
got something that can take you through a basic troubleshooting thing i i don't think it's that
sensational as um as as it might seem to be because because he posted a long Twitter thread and he says, oh, we use this AI chatbot.
He goes, time to first response went from one minute and 44 seconds to instant.
Resolution time went from over two hours to just over three minutes and customer support costs reduced by 85 percent.
And then he goes into like here's how we
did it a thread and uh you know he went over about how he set it off one night and it on by the
morning it had closed 200 tickets and um but it's like because people just like gave up like
resolution time well yeah it takes you two minutes to realize you're talking to ai and then it
follows you around some of these things.
Bloody hell.
So, oh, that's it.
Next morning, 200 live chats and 1,400 support tickets
have been marked as resolved.
And again, this is a bit like the previous story.
This is like, okay, those numbers look good,
but actually what do they actually mean?
Have you looked into it?
And it could be that you're bleeding customers
now because they're like
this is just rubbish
but he posted a picture off the poster from the movie Limitless
and said this is how I feel
oh dear god
he's one of those
does he get up at 5am
and do his chakras
5am is for losers Tom
4am club you want to be part of the
4am club if you want to get stuff done I am I am I'm still awake at 4am it's normally through
insomnia and endless worrying but uh you know yeah yeah and not not tiktok like Andy
no the the secret is you go to sleep only for 15 minutes a night.
And the purpose of that sleep is only so that you can have a dream
that you can wake up and crush.
So that's what real hustlers do.
Anyway, that was the story.
All right.
Okay.
Okay.
I'm in agreement with you again, Jav.
This, oh my God.
What is going on here?
I think, you know.
I should take more time off, isn't it?
Exactly.
I think you've mellowed and I hate you slightly less.
So I think, yeah, it's, well, let's just say.
Billy Big Balls of the Week.
If good security content were bottled like ketchup,
this podcast would be the watery juice which comes out when you don't shake properly.
In a niche of our own, you're listening to the award-winning Host Unknown podcast.
All right, Andy, it is that time of the week.
So tell us what's going to happen.
It's that part of the show where we head over to our news sources over the InfoSec PA Newswire
who have been very busy bringing us the latest and greatest security news
from around the globe.
Industry News
Martin Lewis shocked at deepfake investment scam ad.
Industry News
Central bankers developed framework
for securing digital currencies.
Industry News Central bankers develop framework for securing digital currencies. Industry news.
EU adopts new US data privacy agreement.
Industry news.
Clop! Behind Moveit lies a loud, adaptable and persistent threat group.
Industry news.
Ethical hackers reveal how they use generative AI. Industry News.
Fewer than 100 scammers responsible for global email extortion. Industry News. White House
publishes plan to implement US national cyber security strategy. Industry News.
Mandiant unveils Russian GRU's
cyber playbook against Ukraine.
Industry News.
New CVSS version
unveiled amid
rising cyber threats.
Industry News.
And that was this week's
Industry News.
Wow.
Huge if true.
Huge if true.
Huge.
Huge.
Huge.
I can't believe we're talking about Martin Lewis.
How's my favourite, Martin Lewis?
What's going on here?
Oh, I did actually...
I saw a headline about him.
I didn't look at...
Well, it hasn't even got a picture of the deep fake.
That's outrageous.
So for those not in the UK,
Martin Lewis is a household name.
He helps consumers.
Consumer champion, I think, is
a good way of describing him.
He likes to hold people to account.
He's very good, actually, I have to say.
He is. He runs something called Money Saving
Expert and always highlights how people can you know make the most of services they're
supposed to be getting uh anyway you know discounts and interesting he's also completely
transparent about how his website is funded as well oh yeah yeah yeah that's it's almost
more annoying than the uh cookie pop-up thing yeah Yeah, exactly. In terms of like, you know, if you click this link,
I'm going to get paid 7p.
Yeah.
You know, that sort of thing.
But, yeah, no, so they, he's often,
he has been used a lot, in fact, to scam.
Yeah, that's true.
This is anything new.
People always slap a picture of Martin Lewis on it,
sort of saying like, you know, I like this product or something,
because he does carry a lot of credibility.
And he's also very, he's not really aligned with any product he doesn't get paid to advertise stuff i think that's the key thing so um you know he just talks about things um that are
generally good for people or good deals for people very down to earth very sensible about what he
does and very realistic as well not everybody can do this but if you can
for instance yeah exactly and yeah so i think this is the one where um people have now started
you know obviously with with pictures it's known that you can just slap a photoshop picture on an
advert and you know everyone can believe that martin lewis published it but if you've got him
on a video and he's talking about something different yeah
yeah that's gonna be that's it is it's it's quite challenging quite concerning actually given you
know quite how uh realistic those are going so but you know on the flip side and this is going
to go on a tiktok there's um there's an account called Bear I Ruined It
or something like that.
And they use AI to generate voices
with different words and things like that.
So it actually sounds like the original artist.
And there's just hundreds of them that they do.
But last night I heard Johnny Cash singing
Aqua's I'm a Barbie Girl
to the tune of Fools and Prison Blues
last night Andy I saw that
last week
okay you must be ahead of me
on that one
yeah
to be fair I have been busy
I haven't been on TikTok for a while
but yeah I saw that I thought it was absolutely genuine
absolutely
brilliant
they do sound excellent you shut your eyes you'd believe it was absolutely genuine. Absolutely. It was brilliant. Absolutely. They do sound excellent.
They do sound very, very good.
You shut your eyes, you'd believe it was them.
Yeah.
Yeah.
So speaking of AI and just going a bit on a tangent on this,
have you seen that the Screen Actors Guild are always like...
Oh, yeah.
Yeah.
People that really need money.
Yeah, yeah, yeah. Yeah. People that really need money. Yeah, yeah, yeah.
And actors.
They've all gone on a huge strike as of midnight last night.
Oh, in support of the writers.
In support of the writers.
And also, well, you know, it's not just that.
Against AI.
Because there's been cases or suggestions where, like,
studios want to get an actor in for a day scan them and then create a
whole series or whatever using ai to end their likeness but not only get paid for the one day
and yeah also they're they're they have an issue with a lot of these streaming services like
sometimes they get rewarded by based on how a film performs and in the theaters it's easy to say like
oh this is how much money
they've made but streaming services don't disclose that amount so you know obviously it's you know
they they don't want so so they they they the union basically is trying to seek guarantees that
ai and computer generated faces and voices will not be used to replace actors um but i think it's such a tough tough thing like you know they
might win this part of it but you know i think you're going to see just celebrities who are
completely ai from the offset doesn't the um like the cast of avatar just sort of like sitting in
the corner yeah yeah yeah although in fairness they they they
did fully perform that though didn't they i don't know it was whilst it was computer generated it
was sort of motion captured but they performed it on a set you know albeit a green screen set
etc with you know cameras on their faces and all that sort of thing so they did the whole
performance but i guess yeah yeah i guess don't they have the the perfect response to this is
when a studio says hey come in we're going to film you for a day and then use your likeness
you know to to do a whole film and we're just going to pay you for the day image right
to do a whole film and we're just going to pay you for the day.
Image rights.
Yeah, don't they just say no?
Right?
Or just say,
this is my fee,
this is my image, right?
And for every hour
or per three minute increments.
Or every second of that minute used.
Yeah, usage.
This is what it costs.
They're going to have to go to a SAS model, right?
It's like the old SAS model.
Tech has already been there, so actors are going to have to get on board with it so you can actually
generate obviously we know you can generate people like purely from ai and so it's entirely possible
to i mean they have seven fingers but hey you know that's fine yeah but you know we're not
that there's a market in the deep south of america and yeah exactly and also the um if you think like you
know for internal sort of training videos and awareness video you can actually use
ai that's right do your talking heads and stuff like so the voice is already there you know it
can create your own content and you've got a talking head i don't know how well the voice
uh or you know how well the mouth lines up with what's been said i assume it's fairly good
but if it's small enough it's not going to make a big difference but we are on the cusp of this
actually just being very easy and i'd say with the actors if they go on strike they may actually
expedite expedite the release of the technology to do this it's a bit like the music industry
and digital right it's it's kind of like, they fought it and fought it and ended up having ended up fighting a piracy war
as a result. Yeah. And I think if, if they're not careful,
if they don't embrace it and work with it, it's going to work against them.
But conversely, you got somebody, you know, coming at you saying you're,
you're redundant, you know, your your your skills are no longer required um that's that's a
problem you know because it's not just the big the big players here sure they can look after
themselves but there's you know millions of of jobbing actors out there that that keep the
creative industry going yeah well you know you say that but that's just the nature
it's just the the nature of innovation isn't it and um and adaptations it's like when when
factories were first set up oh my god now what what are the you know manual labor is going to do
so you had to re-skill and just move on and well they had to go off and make babies so they could staff them
with children yeah yeah exactly so so i think these sort of things always happen you just need to
see which way the the trends are going yeah and and follow it i mean it's like yeah some people
still prefer vinyl records and you could make and produce vinyl records but you can't complain that
oh it's not as profitable as it was it as what it was back in the 60s or 70s because
the world's just moved on well vinyl is actually a bigger market now than it ever was
but it's still not making as much money as as what people would want it to well no but it's
making more money than it used to.
Just inflation. I think if you
take into account inflation, it's only like
three shillings of a record it's making.
Three
shillings and a
groat.
Right, let's
move on, shall we? That was this
week's
Industry News. Let's move on, shall we? That was this week's...
Industry News.
We are officially the most entertaining content amongst our peers.
Right, Andy, time to take us home, please.
Take us home with... Tweet of the Week and we always play that one twice Tweet of the Week
and this week's Tweet of the Week comes from someone called Matthew Green and they quote tweet
uh someone else I'll read the original tweet they're quoting they say Twitter is accused of
refusing to pay at least 500 million dollars in
promised severance to thousands of employees laid off after elon musk acquired the company
according to a lawsuit and matthews quoted that and said it's hard to escape the feeling this
site will be sold to verizon for three million million sometime before February.
What I think is missing from this context is Verizon will ask Alex Stamos to oversee the acquisition.
Oh!
Sorcerer of milk for my learned gentleman in the corner.
And then six months down the line,
they're gonna
have a massive breach yeah oh dear but yeah i mean verizon they tell me what other big aol yahoo
all other companies they bought at their peak at a high cost and then just absolutely ruined yeah
yeah so i did the other tweet that i sent was one from from elon musk basically that said zuck is a
cuck yeah he's so i think elon's getting a bit unhinged he is this is do you know it took me a
while to dig through but that was genuinely from elon mus. The account had 159 million followers.
That ain't a parody account.
And yeah, he came,
it was in response to something that Zuckerberg said,
or somebody commented about Zuckerberg and came out,
it was Zuck is a cuck.
I mean, come on.
Yeah, but then he challenged him to a dick measuring contest.
Just, you know, this is the CEO of a global...
I know.
..billion, multi-billion dollar empires.
Do you know what, Jav?
I think I'm quite happy at sea level
because your pilot is fucking crazy.
Excellent.
And that was this week's...
Tweet of the Week
Marvellous, marvellous, marvellous
We have made it to the end of the show
Gentlemen, thank you so much
Thank you so much, Jav
Thank you for coming back to us
We did miss you
It might not always seem it, but we did miss you
Oh no, it blatantly shows
through your tears
and your long voicemails that you leave me late at night.
So you're welcome.
The long, breathless emails
with the rhythmic thumping in the background.
Yeah, absolutely.
Thank you.
And Andy, thank you, sir.
Stay secure, my friends.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
Worst episode ever.
R slash smashing security.
Food me too, sir.
I've got to go and get the door.
I'll be back in a second.
Oh, wow. Today is Andy today is that's a weird outro that is he probably he probably saw the postman that only shows up like once every three months yeah yeah that's right that's right oh we might just have
to finish without him then um well i don't know andy's performance was quite lacklustre, I thought, actually, this week. Yeah.
Tighten off your sex tape.
Yeah.
Lacklustre performance, volume two.
It's a very short, very short film.
It's a TikTok.
And much of it, Andy sitting on the edge of the bed saying,
I'm sorry, it doesn't always happen like this.
I'm back.
Excellent.
Excellent.