The Host Unknown Podcast - Episode 174 - The Brexit Episode
Episode Date: November 17, 20236:48 This week in InfoSec With content liberated from the “today in infosec” twitter account and further afield15th November 1994: The earliest known example of the Good Times email hoax virus ...was posted to the TECH-LAW mailing list. Variants of the hoax spread for several years. In 1997, Cult of the Dead Cow (cDc) claimed responsibility for initiating the hoax..https://twitter.com/todayininfosec/status/172486786372541262712th November 2012: John McAfee went into hiding because his neighbor, Gregory Faull, was found dead from a gunshot. Belize police wanted him to come in for questioning, but he fled to Guatemala where he was then arrested. He was never charged, though he lost a $25 million wrongful death suit. https://twitter.com/todayininfosec/status/1723790884053938623 11:57 Rant of the WeekClorox CISO flushes self after multimillion-dollar cyberattackThe Clorox Company's chief security officer has left her job in the wake of a corporate network breach that cost the manufacturer hundreds of millions of dollars. 18:15 Billy Big BallsBlackCat plays with malvertising traps to lure corporate victimsAds for Slack and Cisco AnyConnect actually downloaded Nitrogen malwareAlphV files SEC complaintAffiliates of ransomware gang AlphV (aka BlackCat) claimed to have compromised digital lending firm MeridianLink – and reportedly filed an SEC complaint against the fintech firm for failing to disclose the intrusion to the US watchdog.First reported by DataBreaches, the break-in apparently happened on November 7. AlphaV’s operatives claimed they did not encrypt any files but did steal some data – and MeridianLink was allegedly aware of the intrusion the day it occurred. 24:15 Industry newsMPs Dangerously Uninformed About Facial Recognition – ReportCyber-Attack Could Have “Devastating” Impact on Aussie ExportsNCSC: UK Facing “Enduring and Significant” Cyber-ThreatUK Privacy Regulator Issues Black Friday Smart Device WarningUS Government Unveils First AI Roadmap For CybersecurityEuropean Police Take Down $9m Vishing GangBlackCat Ransomware Group Reports Victim to SECRussian Hacking Group Sandworm Linked to Unprecedented Attack on Danish Critical InfrastructureCyber-Criminals Exploit Gaza Crisis With Fake Charity 30:56 Tweet of the Weekhttps://twitter.com/FadzaiVeanah/status/1724825417196904743 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Oh, I see Tom sneakily hit the record button there,
trying to catch me out.
I know.
I was trying to catch you out.
I mean, it's not often you talk about hookers and blow anymore.
Yeah.
No, it's not often he talks about it with you, Tom.
Yeah.
Yeah, with me.
I was just going to say, it's just a Friday morning chat normally
for me and Jav.
Exactly.
Yeah.
Plans for the weekend, sir.
I'll be such gusto as well.
Anything for the weekend sir are we such gusto as well anything for the weekend
sir
oh what
you're so lormos
anyway
oh dear
we better hit record
before we get into
something
we should
yeah
let's go
you're listening
to the host
unknown podcast You're listening to the Host Unknown podcast.
At least we got it right this week.
Last week we were all over the place.
I think we were about 50 out, weren't we?
I think last week was pretty painful for many people.
It was actually a painful listen as always.
You should have been in the room with us.
It was terrible.
But nonetheless, we got an episode
out we got an episode out in fact it's an international episode i'm in dublin i've been
at the iris con conference uh andy's well andy hasn't gone anywhere he's in london and jav is in
jav is in in uh in germany at a team meeting apparently apparently. So this is the Brexit episode.
But I was at Iriscon, and one of my jobs was to scan tickets
as people arrived because, you know, this is the big leagues for me.
Exactly.
All those years of a CISO.
Exactly.
Global multinationals, they found your sweet spot.
The thing is, Tom will do for a free ticket.
I know.
The ticket's only 50 euros as well.
It's not even...
And this particular job, I actually was able to keep my clothes on.
It was so much easier.
But, yeah, somebody said,
the reason you're here,
is this why we only get an episode every two weeks now?
I was like, I found one in the wild.
I found the other fan.
Anyway, anyway.
Just out of interest.
Yeah, he wasn't very clear.
I couldn't hear him particularly well.
But anyway, yes, Jav,
how are you?
Talking of noise and interference, how are you doing?
Yes, I like how you chew horned that in there.
That was a good, a solid B plus for effort.
I give you that.
But I'm doing good, yes.
As you've rightly pointed out, I am in Berlin today.
I was at a conference in London onon on wednesday at the qe2 center the queen
elizabeth the second conference center which which is really nice because it's right in the heart of
westminster and this was the highlight of my my date so take from it what you want i i went to
the toilet and uh good story jess well a man of your age is improving yeah the man of your age going to
the toilet is a big deal and and i'm in there and and they've got like windows it's like an
external facing thing and i turn around and i look over there and i see big ben out the window
um so like you know she didn't she didn't just sit down yeah i was waiting for that
it was a very nice venue very nice location it's like not often you get but it was really good
because in the morning as i was walking not often what you go to conferences like three times a week
yeah not often that in right next to you know the house of parliament and everything
so often he can urinate against the walls of Big Ben.
Yeah, yeah.
It's great because they had, like, there's always a protest or a demo.
There was a few people holding placards at one corner or something.
And they had, like, on the grass verge, they had the TV crews,
like, with their tripods and everything.
And I was just so tempted to just stand on the grass verge myself
and, like, pull out my phone and, like, right here behind me
in the House of Parliament, they are debating this, this, this.
And I was, like, just so pointless being there.
Just green screen it and just sit at home and do it.
Honestly, there's no value in being there at all.
Oh, dear.
Dear.
So, yes, the toilet story with a green screen.
I'm liking this one.
I'm liking this one.
Starting strong this week.
Talking of wasteful byproducts, Andy, how have you been?
How are you?
I've been good.
I've been away for a couple of weeks,
and I came straight back into a external audit at work.
We've had people from BSI in.
So it's been a busy week
and I'm glad that Jav asked if we could all start early today and then decided to spend 25 minutes
sorting himself out, calling in tech support in front of us on screen so we could genuinely see
that he's having issues. But yeah, it gets to a stage where someone who's a professional speaker can't set up his own laptop
to get audio out is uh yeah it gets a bit worrying after a couple of decades that's like you going to
a professional actor like ryan gosling or robert downey jr and say why can't you light the scene
and roll the cameras and do sound and do the editing no No. They have their job and they're very, very good at it
and they get paid for that.
They're the meat punks.
Yes, exactly.
I am like the InfoSec version of Pedro Pascal.
I mean, and that's like universally agreed.
When he gets his head crushed in Game of Thrones, right?
Yeah.
I've never seen Game of Thrones.
What?
Oh, dear.
Jeez.
Okay, then let's
move on, shall we?
Shall we find out
what we've got coming
up in the show
for you today?
Yes, I hear you cry.
So, this week in
InfoSec is a reminder
of the good times,
literally.
Rant of the week
is a story about
finding a fool guy
or gal, of course.
Billy Big Ball's
aims for compliance
through extortion.
Industry news brings the latest and greatest security news stories from around the world.
And Tweets of the Week is some job hunting advice.
So let's move swiftly on, because we're running out of time for Jav, to this week's...
This week in InfoSec.
This week in InfoSec.
It is that part of the show where we take a trip down InfoSec memory lane with content liberated from the Today in InfoSec Twitter account and further afield.
And today we are going back a mere 29 years to the year I was born when the 15th of November 1994 the earliest known
example of the good times email hoax virus was posted to the tech law mailing list and variants
of the hoax spread for several years and it wasn't until 1997 when cult of the dead cow claimed
responsibility for initiating the hoax so for those that don't
know the good times virus was a notorious email hoax that circulated throughout the 90s and sort
of went into the early noughties taking advantage of a growing concern about computer viruses
and the email falsely claimed that opening an email with the subject line good times would
unleash a destructive virus that could wipe out a user's hard drive.
And so the message warned people not to open any emails with that subject line and to pass on the information to others.
So was that technically a virus?
No, it was just an email.
It was just an email, but it was a virus because it was replicating exponentially almost, wasn't it?
Well, everyone kept forwarding it, right?
Yeah, yeah, precisely. That's my point.
It's still around today.
And, you know, I was kind of hoping that maybe Graham, our regular host Graham, would be here to take this story home.
But, you know, unfortunately, I've got lumber for you to...
Chums, chums, I remember when this one came
out did I tell you I've got a funny story about good times
so so speaking of Graham uh I'd just like to put this out right now he he was he's in he's been in
a black hat in Middle East Africa in in Saudi I think and he tweeted or X'd a picture where he's got a friend of the show, journalist Dan Raywood,
holding up a smashing security sticker and smiling and pointing at it or what have you.
And then he made some sort of like sarcastic quip about how, you know, he prefers smashing
security and like hosts unknown who or what have you.
And, you know, wars have been waged for much less
so uh we've taken it as a declaration of war yeah he went on to the infosec stick yeah yeah
as i say mr raywood you're dead to us yeah i thought he died three years ago anyway forget it moving swiftly on our second story takes us back a mere 11 years to the
12th of november 2012 when uh john mccaffey went into hiding because his neighbor gregory fool was
found dead from a gunshot uh so the belize police wanted him to come in for questioning but he fled
to guatemala where he was then arrested.
He was never actually charged,
although he did also unsuccessfully or lost a $25 million wrongful death suit.
And so this is the story that back in 2012, John McAfee,
the guy who once fought computer viruses
and all around the legend,
found himself in a real-life thriller in Belize.
So after he was accused of his maiden murder...
And fought his own inner demons.
He did.
He went full James Bond, claiming a government conspiracy.
It was like dodging the investigators.
Didn't he dig himself into a hole and hide in it for a few days?
He went, yeah, he got that in.
He also disguised himself as a homeless person to keep track of people.
Not exactly a push, is it? Not exactly out there.
Put a hoodie on. He's done. Yeah, exactly.
But yeah, he actually got nabbed in Guatemala for illegal entry, of all things.
But yeah, the extradition battles, conspiracy theories ensued.
And it was the kind of drama you'd expect from a cyber security legend like John McAfee.
Absolute legend.
Absolute legend.
I met him once.
He was like really nice, really like, really charismatic.
You only know that you met him once.
He actually met you several times.
You just didn't realise.
Once he was a homeless person I gave change to.
Once he was the bus driver on the bus I got on.
Once you woke up in the middle of the night with him at the foot of your bed,
but you don't remember that.
Exactly.
It's all right.
Brilliant.
That's always a good one.
Thank you so much, Andy, for this week's.
This week in InfoZone.
If good security content were bottled like ketchup,
this podcast would be the watery juice
which comes out when you don't shake properly.
In a niche of our own,
you're listening to the award-winning
Host Unknown podcast.
So I'm just busy trying to read ahead on the notes because we started so early this
morning and I haven't even read my story. But anyway, that's probably the source of the rant
today is that Tom never reads his stories. Listen up! Rant of the week. It's time for
mother f***ing rage. Today's rant is all about falling on your sword because of a breach.
So the headline, Clorox CISO flushes self, see what they did there, after a multi-million dollar cyber attack.
The Clorox company, and for Clorox, I guess Clorox is a bit like Domestos in the UK, right?
That's kind of like the...
Yeah, but probably a broader range, isn't it?
Yeah, but broad comparison but they do toilet products or the ones you clean your toilet with anyway
so uh yeah so the clorox company's chief security officer has left her job in the wake of a
corporate network breach that cost the manufacturer hundreds of millions of dollars. Amy Bogack, Bojack? Bojack Horseman? No, Amy Bogack
held the title of Chief Information Security Officer and VP of Enterprise Security and
Infrastructure. Oh God, how wide was her business card? Since June 2021. It doesn't look like she's
got any job change going on, but Friday was her last day at the at the company according to
bloomberg news god you know you screwed up when your linkedin profile was picked up yeah exactly
to find out when your last day at work was um which reviewed an internal memo and cited two
people familiar with the matter uh so chow banks the chief information
data officer of the seven billion dollar biz niz who reportedly penned the mono uh and will
replace bogak um continues to sort of mop up the mess uh maybe they maybe they need some more
cleaning products dear me who wrote this he said? There's so much going on here.
So she was, the Memo Red, the champion of cybersecurity best practices externally and across the company
through her ongoing participation in our Lunch with a Leader series.
Seems a bit of a stretch.
To influence and educate others on cybersecurity awareness and relevant topics of memory. During her time at Clark, she also developed a strong security and infrastructure
team. But there was a breach. Well, I can't imagine she left out of her own volition.
So falling on her own sword is probably just the equivalent of gone to pursue other interests,
I think is the speak for,
we think you should go.
Spend some time with family.
Yeah, exactly.
But here's a lot of money.
Don't change your LinkedIn profile because you're still officially
on contract with us.
You still officially work for us.
But can we have your laptop?
It seems odd.
If the memo talks about her being this champion and doing lunch and
learns by the sounds of it um maybe that was a problem i've never seen a lunch and learn really
work particularly well uh but there's a breach and yeah yeah exactly people all you can hear is
the rustling of sandwiches and wrappers and papers and nobody can talk because they're all eating.
And, you know, it's and also it's it's a lunch break.
The whole point is you're supposed to. This is what we should be doing the rant about.
Bloody lunch and learns brown bag sessions.
All this sort of. Yeah, this is where this is when you should be Taking time away from your computer
So your brain can reset and come up with
More brilliant ideas
Rather than getting crumbs in your keyboard
And spreading more bloody microbes
And damaging bacteria
On your desk and keyboard and mouse
Than are found on your toilet seat
For goodness sake
This is not good
I rock up to the lunch and learn and just go for
lunch afterwards it's not difficult like manage your own time yeah what do you mean manage your
own time you might be able to do that mr autonomy here but most people who literally have a lunch
break or a lunch half hour whatever oh and you have to go to this lunch and learn, that's not possible.
Just because you're up in the top 1% of earners
and management and all that sort of thing,
nobody thinks of the little people here.
Half a percent.
Half a percent, sorry.
Yeah, but it's the bottom half percent of that.
The bottom half, yeah.
But not everybody can do that. Some people have to work for people like you or
constantly on bloody lunches and oh no i've got a meeting a lunch meeting the irony of listening
to the rant from the cso that's sitting in his hotel room in dublin who's taking a another week
off because he scored a free ticket to a conference that he could easily have paid the 50 euros
for the ticket. I buy a
freaking ticket to
Irish Con and never even turn up.
Yeah, but do you know what?
Do you know what?
Brian Honan got his value
for money. I gave him
my whole day yesterday, apart from when I
was scanning tickets, as a photographer,
as an event photographer.
But anyway, all I can...
Yes.
Sorry, Jeff, yeah?
I think Andy just buried you.
It's best to stop digging.
Oh, please.
It was a quid pro quo.
That's all it was.
You know what?
18 months is the average lifespan of a CISO.
That's how much the Clorox CISO did.
I think it's a good win for everyone. is the average lifespan of a CISO. That's how much the Clorox CISO did.
I think it's a good win for everyone.
Nothing to see here.
Nothing to see here at all.
Breaches kills 99.9% of CISO careers.
Guaranteed.
And that was this week's Rant of the Week.
If you work hard, research stories with diligence,
and deliver well-edited, award-winning, studio-quality content for high-paying sponsors,
then you too can be usurped by three idiots
who know how to think on their feet.
You're listening to the award-winning Host Unknown podcast.
Right, breathe. I'm in my warm and happy place.
Just calm down. And talking my warm and happy place. Just calm down.
And talking of warm and happy places.
Okay, so I saw this story last night and I immediately sent a message to you two saying like,
this is the Billy Big Balls of the week and Andy is replying back. I've already put it in the show notes. So we're in perfect agreement here. So affiliates of the ransomware
gang ALFV, aka Black Hat, have done the biggest, billiest balls move that I have seen in a very,
very long time. So they went and they reached or compromised a company called Meridian Link.
And they're obviously trying to get ransom out there.
Maybe the negotiations didn't go so well.
So what they did is they filed an SEC complaint against the firm for failing to disclose the intrusion.
I think this is just brilliant it's like you know what what next they're gonna like start start making complaints about like we've gone
through their accounts clearly there's some errors here there's a bit of money laundering going on
here there's some bribery going on here it Is the irony that they're also protected under the whistleblower act?
I would hope so.
I mean, like, if they're in your network for so...
It's a bit like squatters' rights.
I think if you're in the network for more than 30 days undetected...
It's your network. It's your network. You own it.
You're an employee and you should be offered whistleblower protection.
Yeah.
Oh, dear. you're an employee and you should be offered whistleblower protection yeah oh dear so this is what so the break-in actually happened on what 7th of november yeah yeah we're going to tell the sec that you didn't notify
alpha v claimed they did not encrypt any files but they did steal data and Meridian Link were allegedly aware of the intrusion the day it occurred.
And so like, you know, they claim that Median Link made a material misstatement or omission
in its filings and financial statements or a failure to file. So the thoughtful folks at Alfie
asserted they are simply filing the paperwork for me and giving it 24 hours before we publish
the data in its entirety just we'll take care of the admin for you don't worry about it yeah
that's right so you just you just pay us a lot of money as a fee yeah so we compromise you and
we'll also do the the sec filings on your behalf this This is better than my accountant, man.
It is.
This is like an end-to-end managed service now.
This is brilliant.
So are we going to see more companies in the future?
Because people always want to manage their reputation, right?
And so they're always like, do we need to disclose this or do we not?
Like, do you think these ransomware groups are going to be up to date
with all the different global laws?
Obviously, this is a US SEC requirement. Do you think they're going to know about the uh the ico and you know think they'll
give like 72 hours to british companies if there's one thing we've learned is that the criminals
seem to be a lot more organized than we are yes yes they're going to know this stuff their
financial incentives are way beyond the average infosec person's value proposition but this is also
this could also turn into an sec denial of service type of attack but you have like hundreds of files
being you know being submitted to the sec that this company's been breached this company
on one hand it's all part of a larger plan like 80 of the time
anyway the company was breached they just don't know about it um but then like what does the sec
prioritize and and who do they go after first i think i think that this could open up a big can
of worms but i i applaud the billy bull billy big ballness of them and that's all i've got to say
about that it's very true you know companies
obviously should be filing their sec information correctly etc but i just you know again you're
just backing up the the criminals here jab you're just saying that they're just you know the
criminals are here doing wonderful things doing good jobs and mopping up the paperwork for us
you know they're criminals.
To be fair, in this week they are.
Those two things are mutually exclusive.
They can do good things and still be criminals.
Yes, but they're still criminals.
Robinhood, yeah, absolutely.
Such a thug.
If you were around in those times, you would be like with the sheriff
at Nottingham.
Fried tough.
No, I'd be dead.
I'd be dead in a ditch somewhere.
I just, I couldn't, I couldn't hack it.
I couldn't do it.
No.
All right.
Excellent.
Thank you, Jeff, for this week's Billy Big Balls of the Week.
Feeling overloaded with actionable information fed up receiving well-researched
factual security content ask your doctor if the host unknown podcast is right for you
always read the label never double dose on episodes side effects may include nausea
eye rolling and involuntary swearing in anger so So through the power of mime, Jav has just informed us that he might not make
it all the way through to the end of the show. In fact, let's just do it now. If we record you
saying goodbye and thank you for a wonderful show, we'll put it in the end. Honest. I promise you.
Now, I didn't say that I might not make it. I said I will make it, definitely, if we finish the show in the next ten minutes.
Right. We're not going to make it.
You're not going to make it.
Time is a subjective thing,
isn't it, Andy? What time do you think
it is?
I think it is ten to
seven. He went there. How dare
you? Yeah, of course it's ten to seven.
It wouldn't be any other time.
And also, back off, Jav.
That's my job.
Andy only responds to me at this part of the show.
Right?
Hey, Langford's job.
And anyway, as we all know, time is subjective.
So, Andy, what time is it?
It's that time of the show where we take a trip down InfoSec memory lane.
But it's not. It's that time of the show where we take a trip down InfoSec memory lane, but it's not.
It's that time of the show where we head over to our news sources over at the InfoSec PA Newswire,
who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News.
MPs dangerously uninformed about facial recognition.
Industry news.
Cyber attack could have devastating impact on Aussie exports.
Industry news.
NCSE, UK facing enduring and significant cyber threat.
Industry news.
UK privacy regulator issues Black Friday smart device warning.
Industry news.
US government unveils first AI roadmap for cyber security.
Industry news.
European police take down $9 million vishing gang.
Industry news.
Black Cat ransomware group reports victim to SEC.
Industry News.
Russian hacking group Sandworm linked to unprecedented attack on Danish crystal infrastructure.
Cyber criminals exploit Gaza crisis with faith charity.
Industry News.
And that was this week's...
Industry News.
Huge if true. Huge if true. Huge if true huge if true huge if true uk privacy regulator issues black friday
smart device warning uh the ico has urged shoppers to investigate the privacy and security credentials
of any smart technologies they're planning to buy this black friday um i thought the government
released um guidance on this,
guidance to manufacturers of smart IoT devices already.
But how did people get this information from ICO?
No, but the guidance was for manufacturers.
I thought in order to sell in the UK,
they had to comply to certain standards.
This is the ICO's urging shoppers to investigate.
Yes. certain standards but maybe not this is the iso is urging shoppers to investigate yes i think yeah because the average shopper knows exactly who the heck ico is right yeah exactly exactly exactly you know european gang take down nine million dollar vision gang
this is police in ukraine and chechya and we we speak about ukraine police
a lot since the war started this has like been the sixth or seventh big takedown
they've been involved in.
How are they fighting a war in Russia, saving the population
and taking down cyber criminals at the same time?
And homeboys in the rest of the world, they're like,
oh, I don't know, really hard to do it.
But I do like the term vishing.
And I always think if I always think like, you know,
if I was a criminal, I'd target hospitals with vishing things,
but attack terminally ill patients and call it the Make-A-Vish Foundation.
Hey!
Oh, very good.
Dear me.
Although I was thinking, although attacking hospitals is quite, you know,
it's a little bit harsh, Jav.
I mean, it's quite, you know.
Well, no, no.
It's like you attack the terminally ill patients at hospitals.
Oh, okay.
Sorry, I misheard that.
That's obviously all right.
So that makes it a lot better.
That makes it completely fine, okay. Sorry, I misheard that. That's obviously all right. So that makes it a lot better. That makes it completely fine, yeah.
And if you're just joining us, this episode is brought to you by the Euthanasia Organization.
It's like, you know, John Cena does the most number of, like, make-a-wish appearances.
So you just call up people and say, like, John Cena will come and see you.
Just give us your credit card details and bank information.
Yeah, that's right.
There you go.
Does he actually do the most?
Is he on record as doing the most Make-A-Wish things?
I believe so.
I mean, I know he does a lot.
I know he does a lot.
Who's fact-checking us, Tom?
Let's be honest here.
Who's fact-checking what we say?
Take it as gospel. Let's be honest here. Who's back checking what we say? Take it as gospel.
We would have researched this.
Our sources are...
Trust me, Brian.
Yeah, exactly. Between the two of you
two as well.
So, last September,
the Guinness Book of World Records confirmed
that FINA officially holds
a title for granting the most
Make-A-Wish wishes
with 650 since 2002.
Jesus.
Bloody hell.
How?
Since 2002?
Isn't that the case?
Yeah.
Hmm.
That's quite a lot.
Well, 650 over 20 years, 21 years.
That's actually not as many as I thought it was going to be.
How many is that a year then?
Go on, get your calculator out. It's about 31 a year. That's actually not as many as I thought it was going to be. How many is that a year then? Go on, get your calculator out.
It's about 31 a year.
That is a lot. That's almost one
a week. That's one a working
week almost. That's like almost... He could
do two or three a week. Come on, let's be honest.
No, he can't because he's on
the telly all the time.
And he's certainly on my
Twitter feed and my Instagram feed all the damn time so i was
thinking how does he get the time to do this well he's not standing around at events scanning badges
when people walk in is he's actually no it's true i was gonna say maybe he's going around
making children terminally ill in a sort of locale near to where he is so we can sort of bag another one i don't
know i'm just asking the questions okay and scanning badges and taking names yeah exactly
uh right what else have we got um oh mp's dangerously uninformed well we could just
stop the sentence there yeah don't need to know anything else about that.
That is just all round.
Oh, Jav's wiggling his fingers.
He wants us to make this a half-hour episode.
I think we should just draw it out a little bit longer.
Either that or he really wants to say goodbye.
Anyway, all right, let's move on, shall we?
That was this week's...
Industry News.
this week's Industry News.
In 2021, you voted us the most entertaining cybersecurity content amongst our peers.
In 2022, you crowned us the best cybersecurity podcast in Europe.
You are listening to the double award winning
Host Unknown podcast.
How do you like them apples?
All right.
So we're going to have to run
the rest of this episode
at double speed.
So if you could take the balloons
I've placed under your chairs,
gentlemen, and breathe in the helium,
that would be much appreciated.
Tweet of the week.
And we always play that one twice. Tweet of much appreciated. Tweet of the week. And we always play that one twice.
Tweet of the week. Tweet of the week.
Well, three times.
Three times this week.
And so I shall take us home with this week's tweet of the week.
And because I know Jav's in a rush, I've actually put in two tweets.
And I'm just going to explain the first one because it's a visual punt,
which is always difficult to talk but
it's the uh scene for the matrix where morpheus is offering neo the blue pill or the red pill
and the red pill is titled a career you love and the blue pill is titled a career that absolutely
destroys your mental health and you see that neo is sort of choosing which one to take and then
it ends with morpheus saying, did you just take both pills?
Which I think a lot of people do in this group.
Well, it says IT worker,
but this could be any type of InfoSec worker or, you know, it's...
I like it.
Anyway, the tweet this week is from Fadzai Venya,
who says, please stop using Indeed.
Today, my identity was stolen using it.
Had to file a police report.
And then there's a whole Twitter thread on this.
So if you don't know, Indeed is a job recruitment website.
And basically people are uploading TVs to this, including their name and address.
And lots of people include their date of birth.
Not entirely sure why.
But the problem with Indeed is that anyone can register as a recruiter and then access that information.
So people thinking they're getting jobs.
And so others going in, getting names, address, phone numbers, dates of birth.
And then obviously the scam then moves on.
You offer people a job, then they have to buy a uniform or, you know, pay for a background check or anything like that.
And then you capture all the details job done identity stolen yeah and it doesn't seem like indeed doing too much about this to prevent
this no it's really like this has been this time a scam been going around for a long time you know
they offer you like oh you could make between 500 and 2000 a day something like that and like you
know it's it's like you get called in for a fake interview and everything and it's just absolutely heinous
anyway I have to go
now I've just been summoned
oh okay in which case
thank you that was this week's
tweet of the week
thank you very much both Jav wonderful to have you
on board
stay secure my friends
hey son of a bitch that's my line
bye Stay secure, my friends. Hey, son of a bitch, that's my line. Performance issues, Tom?
Performance issues.
You're watching me.
I can't do it when everyone's watching.
You've been listening to the Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our reddit channel worst episode ever r slash smashing security
all that's left is an empty office and a spinning office chair from where jav was it's it's really
quite disconcerting i can't believe that son of a bitch stole my line before he left. I know, it's
outrageous, right? Under the guise
of, oh, I've got a meeting to go to.
Yeah.
Anyway,
stay secure, my friends. Yeah, stay
secure.
Which one, man? The one that goes...