The Host Unknown Podcast - Episode 180 - Its a Full House Episode
Episode Date: January 22, 2024This week in InfoSec (09:34)With content liberated from the “today in infosec” twitter account and further afield11th January 2000: Newly declassified documents proved the existence of ECHELON, ...a global eavesdropping network run by the NSA.https://twitter.com/todayininfosec/status/1745518896495390826 13th January 2009: The domain name http://clintonemail.com was registered - the one used for email addresses on the Clinton family's private email server, which drew controversy when it was revealed that then Secretary of State Hillary Clinton used it for official communications.https://twitter.com/todayininfosec/status/1746214861091053961 Rant of the Week (15:53)The 'nothing-happened' Y2K bug – how the IT industry worked overtime to save world's computersForty years ago, both Jerome and Marilyn Murray saw their brainchild reach the light of day. In 1984, their book, Computers in Crisis, was published, becoming the first authoritative guide to the Millennium Bug coding problem, which, in the final year of the century, would consume media, political and business attention.Today, more than 20 years after the date-field imposed deadline passed, the Millennium Bug — or Y2K problem — still gets a mixed reception. While many in the industry see it as a job well done — or at least adequately done — it has also become a byword for the over-reach of experts. Billy Big Balls of the Week (26:55)Woman films herself being fired by HR to expose how cold U.S. corporate culture can be (Link to actual TikTok video in here)Forbes article: Viral TikTok Video Of Cloudflare Employee Is A Lesson On How To Not Fire WorkersRecently, many of the new workplace trends have emanated from TikTok. Influencers have ushered in new themes, such as bare minimum Mondays, acting your wage, quiet quitting and rage applying. A new phenomenon has arisen where employees are now documenting their layoffs on the social media platform.This week, Brittany Pietsch, a mid-market account executive at Cloudflare, an Internet infrastructure provider that offers a variety of security, performance and reliability services for websites and applications, went viral after posting a video of her being let go from the tech company.Pietsch anticipated her firing, as her “work bff” had been given the pink slip 30 minutes prior to her meeting. The account executive was joined on a video call by a member of the human resources team and another individual, who didn’t introduce himself and jumped right into the purpose of the call, “We have an important meeting today. We finished our evaluations of 2023 performance. This is where you have not met Cloudflare expectations for performance. We have decided to part ways with you.” Industry News (36:02)1.3 Million FNF Customers' Data Potentially Exposed in Ransomware AttackHelloFresh Fined £140K After Sending 80 Million Spam MessagesBritish Library Catalogue Back Online After Ransomware AttackSenators Demand Probe into SEC Hack After Bitcoin Price SpikeTool Identifies Pegasus and Other iOS SpywareMajorca Tourist Hotspot Hit With $11m Ransom DemandAI, Gaming, FinTech Named Major Cybersecurity Threats For KidsNCSC Builds New “Cyber League” Threat Tracking CommunityIranian Phishing Campaign Targets Israel-Hamas War Experts Tweet of the Week (42:01)https://twitter.com/0xdade/status/1747820425693045014 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Welcome to the Smashing Security Preview Show.
Indeed.
Have you heard this, Geoff?
I downloaded the Smashing Security Podcast.
One, you know, very unpleasant guest I wish I didn't hear.
But two, literally a repeat of all the stories that we covered last week.
Unbelievable.
It's like lazy research, that's all I'm saying.
Well, I called it efficient and Graham didn't say a word.
And he heard our previous episode because he mentioned it.
Basically, it's like when a partner leaves a consultancy
and takes all the secret sauce to another consultancy.
That's exactly what Tom did last week.
Oh, hardly. Come on.
I tell you what, why don't we just make this episode, as you say,
here are the stories that you're going to hear about on Smashing Security next week.
You're listening to the Host Unknown Podcast. Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us.
And welcome, welcome one and all, dear listener, to episode 118.
184.
Mine's got a much better ring to it.
Yes, welcome. We're doing well.
Yes, I have just come off my brief stint on the smashing
security podcast i tell you what they know how to run a tight ship they do yeah like they can
produce like an hour show in 10 minutes they can they can i mean it's all sponsored content for a
start but uh but uh yeah it was it was i mean it was. They plugged in their microphones and it just worked.
Jav, I mean, here we are, what, recording an hour later.
It was quite incredible, quite incredible.
But talking of dysfunctional technology and equipment, Jav, how are you?
Welcome to our special guest, Javad Malik. Happy New
Year, guys. Or Sick Note, as we call him at the moment. Yes. So, no, I entered the new
year with a terrible cough and everything, which I picked up from my son, and he's had
it for about two months, and he's on a course of antibiotics and everything,
and it wasn't getting better.
So last week, we spent an entire day at the hospital.
He had, like, swabs, chest X-rays, blood tests, temperature, everything.
He had the full works done, and it came back,
and they said that, oh, you've got microplasma,
which is basically standing pneumonia.
Oh, microplasma, because that sounds like, I don't know,
one of the Transformers or something.
I know, I know, it does.
And it's a milder form of pneumonia.
It's called standing pneumonia.
And I looked at him and I said,
the doctor said, you've got standing pneumonia.
And he looked at me from his wheelchair
trying to process the statement.
So anyway, I've got, that's what I've had as well.
Pneumonia, standing pneumonia.
So I've started my course of antibiotics.
So I'm a lot better this week than
i was last week thank you so much for your concern i received your get well soon cards
and flowers and chocolates oh yeah yeah it's an absolute pleasure mate it's an absolute pleasure
mate yeah absolutely absolutely uh tom i'll send you the cash but yeah I thought I was going to send you the cash
I'm going to be like
a lot nicer to you two
I'm just going to like you know
be a generous and caring
boss
so do you promise to come
on the show as our guest
at least once a month
oh right yeah that kind of thing
yes
I will come here oversee you're right. Yeah, that kind of thing coming on the show. Yes, yes.
I will come here, oversee you, give you moral support.
Is that right?
Do you know how, like, when Ryan Reynolds shows up to a Rexham game?
Is that before or after you fix your microphone?
It's a bit...
I'm not touching anything now, mate.
It's a bit like what?
Ryan Reynolds turning up to a Rexham game every game every now and then like you. And talking
about short people who speak with a funny accent, Andy, how are you?
I thought you were going to say, talking about the boss. I'm here. How are you guys? Do you
know what? I'm not, but I've had a fantastic week.
It has been busy at work, but I've got some colleagues in town from out of town.
That's always fun for the evening dinners and stuff, right?
Yeah, but she organised some great events.
So this week I was at the Ceremony of the Keys last night at Tower Bridge.
We were a special guest of the Yeoman Warder.
Tower Bridge or Tower of London?
Tower of London, sorry, obviously.
Yeah, so a ceremony that's nearly 800 years old.
One of the longest unbroken ceremony.
They've never missed it in 800 years.
They were six minutes late one day during the war when the tower got bombed.
What did the king have to say about that?
Well, he said, don't let it happen again.
In writing, they wrote to him, they apologised,
and he said, OK, no worries, but don't let it happen again,
as all good motivational leaders do.
Yeah, that's right.
Yeah, and the other thing I did this week for the first time,
axe throwing, which was a good bit of fun as well.
Is it good?
Did you hit anything?
I did.
That you were supposed to hit, not what you weren't supposed to hit.
Oh, okay.
Well, that's a different question.
That's not what you asked.
No, I did.
I made it through to the semifinals,
and then I lost to a colleague of my team so i'm grateful for losing to uh one of my own rather than
another department so yeah another department but uh yeah you actually don't throw them as
hard as you think you need to no because the that's what like the momentum of the heavy head and the light handle kind of
yeah gives it all in the wrist action yeah it's
it's uh yeah everyone acting like they know how to throw axes until you actually does it feel
better if you throw it with your left hand
i could talk about throwing axes all day on Twitter. I'm an expert when it comes to throwing axes on Twitter,
but I've never actually thrown one physically.
So pretty much like your day job, you talk about security all day
and you don't actually do anything.
Don't actually do anything, no.
100%.
So talking to people that don't do anything, Tom, how are you doing?
You say that. say i tell you what
this week i knew it wasn't going to start well because i got back home on sunday night to find
that my bloody washing machine had flooded the kitchen it was oh gutted gutted but you know what
i worked it out to go before you left uh no no i've just taken
some clothes out because it's a it's a combi dry you know washer dryer taking some clothes out
turns out that we had some water um uh leaks around the area and they switch the water off
and then you have to run it because it's full of silt etc turns out that i think what happened is one of the the water pump's filter got silted up and um basically meant it was constantly
running so after a bit of research i opened it up got the offending part out two hours later part
and fitted it again so i feel pretty handy actually you know i'm thinking god i tell you what if this was andy
you'd have had a you'd have had a man round i'd have had three men around just to make sure it
was done two for the washing machine and one for the plum plumber sorry
so yeah and that and combined with with well just utter madness generally
in the day job
it's been quite a week I have to say
quite a week
and it is actually very late today
I don't think people realise
no we are
as opposed to recording very early
in the morning we're recording very late
at night so
if you're listening
just be patient you won't get the
podcast until a little bit later today yeah absolutely so talking about things that have
been delayed uh once too often shall we see what we've got coming up for you today this week in
infosec exonerates those who are accused of being paranoid in the 90s.
Rant of the Week explains why you can't win when you do your job right. Billy Big Balls is a
textbook example of how to not fire someone. Industry News is the latest and greatest security
news stories around the world. And Tweet of the Week takes a deeper dive into those metrics that you are constantly reporting.
So let's move on, shall we, to our favourite part of the show, the part of the show that
we like to call...
This Week in InfoSec.
It is that part of the show where we take a trip down InfoSec memory lane with content liberated from the Today on InfoSec Twitter account and further afield.
So our first story takes us back a mere 24 years to the 11th of January 2000, when newly declassified documents proved the existence of
Echelon, which was a global eavesdropping network run by the NSA. So in 2000, the European Parliament's
report on Echelon spying asserted its existence, proving that people were not crazy,
people really were listening on the wires,
deemed it unlawful,
and then called for the UK's accountability of it.
So Parliament looked at three approaches.
They scrutinised military-run listening stations globally,
examined the unclassified documents
and considered testimonies from former security personnel.
And they established that there were all these military-controlled
listening stations worldwide, including the US, Australia, UK, New Zealand.
Well, Five Eyes.
All of this.
The Five Eyes, as we now know them as.
All off-limits to the public.
Well, I mean, it would be a bit odd if it was... It would be a bit odd if it was it would be a bit
odd if the public was allowed to enter these places right you know so come on have a listen
well no as in you know the the output of what what comes of it and so you know they did some
these um satellites did actually intercept civilian communications um quite often and
there's you know they then uncovered there's actually this agreement
between the UK, USA
and all the rest of the five IS.
They'd share.
Yeah, exactly.
Yeah.
And so, yeah,
it's horrific.
Until it got to the point
where a subplot emerged.
So, you know,
not only if you can't trust
the people that are spying on you,
who can you trust?
Turns out they're actually engaged in economic espionage you know against each other as
well um and this is when parliament european parliament actually then advised companies to
encrypt communications oh interesting especially especially between the uk and the us and no doubt
well yeah i mean and even now we still argue about US privacy shield, right?
As to whether or not that's around.
Well, it's on its third attempt now, isn't it?
Oh, yeah, it's going to get defeated as well.
Part of me thinks that, you know,
we shouldn't be surprised about this sort of stuff.
Of course, governments are going to spy.
Of course they are.
And of course, sometimes they're going to look inwards as well.
But it depends on how benign they are and all that sort of stuff but it's you know the it's just the gaslighting that
goes around yeah exactly of course we're not spying on you you can trust us we're the government
yeah yeah we're your allies yeah precisely more to the kids once somebody think of the children?
But alas, our second story only takes us back a mere 15 years to the 13th of January 2009.
And I thought I'd chuck this in because it's topical after the IOWA...
What do they call them, carcasses?
Caucasus.
Caucasus are what Trump leaves behind him.
Exactly, yeah, after his dinner um so 13th of January 2009 is 15 years isn't it yeah the domain name clintonemail.com was registered
uh the very one used for email addresses on the Clinton family's private email server
obviously which at the time drew huge controversy
when it was revealed that the then Secretary of State,
Hillary Clinton, used it for official communications.
Oh, how we shit the bed on that one back then,
thinking it was the worst thing in the world.
Little did we know that not only does the entire Trump administration
basically use their Yahoo accounts or whatever,
but even the UK's Home Secretary decided...
Uses WhatsApp.
Yeah, and Gmail and stuff like that.
It's for classified documents.
What goes through these people's heads?
I don't get it.
I don't get it.
It's almost like we don't learn from history.
Actually, just a few days ago,
I saw the story about the NCAA's director,
Nikki Holland.
She got sacked because she was using WhatsApp
and personal emails to send information.
In some cases, I think she declassified information
so she could get it out onto her.
Was her maiden name Trump?
No, it's here in the UK.
Nikki Holland.
Let me.
It's just like we just don't learn.
I mean, this stuff is, do you know what I mean?
Like 2009, 15 years ago, and people are still not following.
But at least in the example you gave, Jav,
the right punitive action was taken.
She was sacked from the job, etc, etc.
Here in elsewhere, certainly in politics, nothing happens.
Nothing. Absolutely nothing.
Well, in fact, the Home Secretary tendered her resignation
and then was rehired by the next Prime Minister four days later.
Exactly.
It's utterly absurd.
Utterly absurd.
Anyway, much like the rest of this show,
that was this week's...
This Week in InfoSoul.
this is the podcast the queen listens to although she won't admit it should i delete that one so close
how about the queen of denmark technically yes that's who we're talking about yes yeah
yes or we just change it to say this this is the podcast Graham clearly listens to.
Andy, take note.
All right, let's move on, shall we, now to...
Listen up!
Rant of the Week.
It's time for Mother F***ing Rage.
All right, now I know you two youngsters know nothing of this,
of what I'm about to talk about, or at least you're going to claim to.
But actually, this was something that happened, well, started 40 years ago, would you believe?
Before I was born.
Before you were born allegedly so jerome and
marilyn murray saw their brainchild reach the light of day which was in 1984 their book computers
in crisis was published uh and it was became the first authoritative guide to the millennium bug
remember that remember what about the Millennium Bug?
No, you don't.
Of course you don't.
I read about it in a history book.
You read about it in a history book.
It happened just after the Egyptians, didn't it?
Yeah.
Didn't they change it to the O2 Arena then after that?
That's right.
No, the O2 Bug.
But this was for our younger members of the audience, both of you.
What happened was computers back in the days of yore used to store their year date in just two digits, the last two digits.
So 71 was always considered 1971 and 82 was always considered 1982. Of course,
when you hit the millennium, the theory was that when it rolled over to 00, it was likely that
your system would recognise that as 1900 or 1901, which would cause massive crashes and things like that. And this was a huge deal.
Governments around the world were embracing this,
sorting things out.
Airliners, sorry, airlines were suggesting
that aircraft could fall out of the sky.
Airlines would fall out of the sky.
As the clocks ticked over and all that sort of thing.
I think it was Qantas or someone like that
who got their executives who were fixing it.
I think the rumour was they made their executives spend their New Year's Eve on the planes as they flew over just to ensure that they actually fixed it.
But it became a massive deal where every single company had to be Y2K prepared.
And I remember going through all of the testing in the months leading up to it
and rolling machines over, et cetera.
And I had one casualty come January 1st, which we just looked at and thought,
oh, fuck it, we're not going to fix that. It'll be fine.
And we all lived, basically.
lived basically but nowadays because we live in the world of a well a democracy i would call it there are plenty of people out there who seem to have this whole conspiracy theory that actually
it was no big deal and it was just some big government or sinister forces at work trying to scare the
people. So it's become a byword as well for the overreach of our so-called experts, to paraphrase
our British government at times. And this really pisses me off, having been somebody who lived through it, right,
and who understood at the time that it was a big deal
and that in some cases older computers would fail.
I used to work in a fairly straightforward environment,
but can you imagine banks with their mainframes
that they've been running for the last 20 years and all that sort of stuff?
This is a big deal.
So for me, this is really annoying.
This is starting to get into that whole, you know,
the moon landings are faked type thing.
It's ridiculous.
The Y2K bug, the Millennium bug, was not faked.
It was an actual real emergency.
Now, some people milked it for all they were worth consultants making you know real
coin on the run-up and you know and the you know being paid like 15 or 20 grand just to babysit
computers for a 20 24 hour period and stuff like that absolute you know what i say shocking
behavior pretty fucking standard for many uh many it
consultants right um so yeah my friend's dad was a y2k consultant and he retired after the millennium
oh wow at the age of 35 yeah in kent in kent was he was he the one did was his job going around
putting a floppy disk in a computer
that's all they did that is exactly the sticker on it saying y2k compliant yeah that's exactly
yeah they did yeah oh dear that's so funny by a kit it's funny tom you mentioned like
banking mainframes and what have you so if you took out a mortgage a 25-year mortgage
in 1975 when would that have expired
because if there was a problem the computer would the mainframe would have farted it out there and
then yeah yeah absolutely i see i see where people are saying that it was overhyped in many cases.
There were some issues, but I don't believe it was...
Planes falling out of the sky.
The problem was, I think, it was an unprecedented issue.
The 2000s and the late 90s,
there'd been a boom in personal computers,
a boom in computing computers, a boom in, you know,
computing in the workplace. I remember when I joined one of my first companies back in the sort of early 90s, they were still sending paper memos around companies, right? You know,
internal post. Yeah, internal post. Absolutely. You know, and so And then suddenly in the space of five years,
that entirely disappeared as companies moved on to email,
moved on to computers, moved on to the internet, et cetera.
And so I think the world felt much more vulnerable about it
than we do today when we've been living in this world for,
you know, well well nearly another 25 years
right so i think we forget that i'm gen z yeah exactly gen z or your gen whatever the next gen is
um little boy uh but um but but i think at the time it was an unprecedented thing
that never never happened before and so i think the response it was an unprecedented thing that had never, never happened before.
And so I think the response was valid,
but like all things, there were some, you know,
horror stories of people taking advantage
and just slapping stickers on shit.
But, you know, I did like, there was one analogy,
someone came up and they said,
the bomb disposal teams get this bullshit too.
Yeah.
But do you know what reminds me of this?
Is the, what is it, the Boeing Dreamliner?
Oh, yeah, the 737.
Yeah, the 737.
No, it's the 767, is it?
The Dreamliner?
The ones that have just been grounded.
No, no, no, no.
This is their brand new plane, six seven is it the dreamliner the ones that have just been grounded no no no no this is this is
their brand new plane um uh which it's got bigger windows blah blah blah it's it's not a re
reconverted thing you know higher higher pressure inside the cabin so less um uh less jet lag, all that sort of stuff. But they found that they had to power cycle the onboard computers
at least once every 200 flights or something like that,
which goes in an instance when you're doing like four flights a day, right?
Because if it reached something like 227
cycles they would just shut down brilliant uh so it's it's not like these sorts of things don't
happen if you see what i mean but and they need to be taken work around yeah yeah switch it off
and on again i mean jav tried it and it almost worked
it almost worked it almost worked but that's like saying like oh
after every flight you need to put fuel back into the airplane again otherwise it won't not take off
again it's just yeah but most aircraft tend to stay operational for long periods of time, as in switched on for long periods of time.
So anyway, anyway, you young people...
I don't get what the rant was there.
I don't know where you were going with the rant,
whether you say it was a good thing or a bad thing.
It's very simple. People like you saying it was overhyped
and it's a conspiracy and blah, blah, blah.
Utter bullshit. You weren't there. You didn't live blah blah utter bullshit you weren't there you didn't
live it and if you were there and you did live it which i know you both were so shut up
that's what annoys me you two pretend that you weren't there
i no no it was my first first year of working and i saw those consultants going around making
coin on putting in a floppy disk and slapping a sticker on it i'm not saying it's a conspiracy yeah yeah you're putting words
into my mouth now it's good sir i i refute that and i expect an apology from objection hearsay
yes yeah net fault be bad speculation like i do i do believe that there were many people that
overhyped it and took advantage of it, as we see happening nearly every time
there's a vulnerability or a bug of any sort.
Yeah.
That was just like one of the biggest ones.
So, again, I do not see where the disagreement is
or what the rant is about.
You're starting off very disappointing to my first episode of 2024, Tom.
I expect you to do better.
Well, in this third week of January.
This might be good enough for when you go on Smashing Security.
This is not good enough for the standards I expect of my podcast.
Dear me.
I don't know.
I don't know.
It's your turn next anyway.
Rant of the Week.
It doesn't matter if the judges were drinking.
Host Unknown was still awarded
Europe's most entertaining content status.
Two years ago.
You can tell I've got my sound deck on
because I'm getting all the old jingles out.
Yeah, exactly.
Exactly.
Right, Jav, it's over to you now for this week's...
Billy Big Balls of the Week.
So this week's Billy Big Balls
is something you might have seen online already
from the best website there is on the internet or on your phone these days, TikTok.
The best one being that they banned Tom after like 48 hours,
which is just like the most beautiful thing ever.
It was a week.
A week, okay. which is just like the most beautiful thing ever um it was a week a week okay so you know many trends of the workplace emanate from tiktok one of the one of my favorite ones is like when people
talk about their jobs like hey i'm a you know whatever x of course y2K Millennium Bug Consultant. Yes, yes, exactly.
Of course we milk people for money.
Exactly, exactly.
And they do bare minimum Mondays, acting your wage,
quiet quitting, rage applying.
That sounds like Monday toursday so far for you mate
so there's a lady britney peach pesh peach peach okay pronounced the wrong way i mean you'd think
peach would be p-e-a-c-h but that's p-i-e-t-s-c-h i'd fire her just on those grounds alone but
she documented uh she's a mid oh she was a mid-market account executive at cloudflare
the uh the famous uh internet uh sort of like infrastructure security provider and what have you um and she caught wind that she was
going to be fired because other colleagues had been given had been scheduled these like 15 minute
catch-up calls with HR and been told like all right as they're going yeah we're parting ways
Yeah, we're parting ways. So she set up her phone before the call started and recorded it all from her end. So we hear the voices of HR on the other end and her. And, you know, it was a really it's it's it was quite a heartbreaking call,
because I think when people lose their jobs, when they're fired, it's never easy.
I think it's when you see them as a person as opposed to a number on a spreadsheet, it's never easy.
But I think she came off, in my opinion, really well.
She composed herself and she made some very, very valid points.
So she was like, they were like well you've
underperformed and she's like well i joined three months ago i was on my three month ramp up period
so the first month is just onboarding the second month was christmas uh and january is like the
third month so what are you basing that on and they were like uh we don't have the facts and
figures we don't have the exact numbers yet so she's like so you're saying i'm underperforming but you don't have any data
no we can get that to you she's like so why are you firing me like can you tell me a reason why
you're firing me you know why isn't my manager on this call or someone who actually knows what i'm
doing you don't know what job i do you don't know what my status you know it was it was very very
well presented and i think that was a really big ballsy movie because a it's always a hard hard thing to go through something like that
and keep yourself composed I know I'd probably be like effing and blinding if I you know I probably
wouldn't be able to conduct myself as well as she did but secondly then to post that online for
people to see um that's also really ballsy because you know that could go
south really quickly there's probably loads of people out there are some people out there that
would say that the company did the right thing and what have you but i think the vast majority
show that she actually conducted herself really well back in the wrong horse no do you know what
my photo the fact that hr every time she asked a question hr came back with either i hear you yeah i understand your frustration yeah or you know
yeah uh you know well let me come back to you on that one and then she's like when are you
going to come back to me like i'm being fired there is no there is no other meetings like
totally agree how are you going to tell me this was based yeah totally agree with
that but but once you have you seen the video i have yeah she recorded the people without their
knowledge and posted it publicly didn't show them yeah it doesn't matter she still recorded their
voices they're still potentially recognizable um also who's going to employ someone like that again anyway?
Why would you employ somebody, one who has publicly shown that... Who can make valid arguments, who's prepared to stand up for themselves.
Valid arguments against people who...
I have to say, Cloudflare in this instance do not cover themselves with glory.
There's no doubt about that.
It should have been a far more...
I'm sorry, what?
The CEO even admitted on Twitter that they got it wrong,
that they didn't do the process very well.
No, they didn't.
They did a really bad job.
They should have just said, as she said, I believe,
we hired too many people, we need to let you go and
we're doing that within you know your contracted period so they they did not cover themselves in
glory but to post this in a public forum when you know just because they have screwed up as well
doesn't mean that they're not getting rid of you for other reasons maybe and we don't know this
maybe she was just really argumentative
and not a very pleasant person to work with.
If they'd said that, if that was the case,
they would have said it.
But...
Well, if that was...
But also, I think,
would the CEO have ever been made aware of this
had it not been for a video?
Would he have ever publicly come out and said we got the process wrong and potentially changed the process and made it better?
And I think this is why there is that who are victims of anything like we hear about this all the time from women who are subject to sexual harassment in the workplace or something.
all the time from women who are subject to sexual harassment in the workplace or something.
And a lot of times they're like, we don't want to come forward because no one will believe us.
No one want to hire us again. You know, all these things that you just pointed out. So I think that's why I think it's very, very brave of her. I think it's definitely a Billy Big Balls move.
We can argue about whether some of the things she could have done better.
Did she need to publish it publicly? Maybe she should have sent it internally first to Cloudflare saying this is the conversation she could have done better did she need to public it publish it publicly
maybe she'd have sent it internally first to cloudflare saying this is the conversation or
what have you yes there's a hundred and other things that you could have done but i think when
you look at it holistically um i think it was a brave move i applaud that if you say she's a
villain even more i'll give a double kudos for that then. Because that's what I do, apparently.
Well, start digging deep in your kudos wallet then.
I don't think she should have done it.
I think Cloudflare suck.
I think there needs to be more transparency
around when people are mistreated or what have you.
And yes, I'm not a big fan of trial by public opinion or
trial by social media per se but i do believe that sometimes people are left with no alternative than
to shine a big light on an injustice in order to protect themselves did she get her job back or
no no and she was never going to get her job back no but so it wasn't an injustice then yeah
if it was an injustice she would have got her job back but she didn't
so it wasn't an injustice zero protections well yeah exactly there is that as well you know
but yeah i i don't know i don't know i'm normally you know know. I'm normally on the side of, you know, the people versus the business.
But, well, in fact, I'm against both of them in this instance.
I think they both handled the whole situation very badly,
both Cloudflare and Brittany Peach.
Definitely a Billy Big Boys move.
Point to Javad. Thank you. God damn you. The ad Billy Big Balls move. Point, Javad.
Ah!
Thank you.
God damn you.
The adjudicator has spoken.
Billy Big Balls of the Week.
We're not lazy when it comes to researching stories.
Nope.
We're just energy efficient like and subscribe to the host unknown podcast for more esg adjacent tips
all right let's go we are running out of time let's move on really really quickly to this week's
industry news really quickly to this week's Industry News
Or you can say the words as well.
It is that time of the show.
We head over to our news sources
over at the InfoSec.
Pierre Newswire,
who have been very busy
bringing us the latest
and greatest news
from around the globe.
Industry News
We completely screwed this up.
1.3 million FNF customers'
data potentially exposed
in a ransomware attack.
Industry News HelloFresh. 53 million FNF customers' data potentially exposed in ransomware attack. Industry news.
HelloFresh fined £140,000 after sending 80 million spam messages.
Industry news.
British Library catalogue back online after ransomware attack.
Industry news.
Senators demand probe into SEC hack after Bitcoin price spike.
Industry News. Tool identifies Pegasus and other iOS spyware. Industry News.
Mallorca tourist hotspot hit with 11 million dollar ransom demand industry news ai gaming fintech named major cyber security
threats for kids industry news ncse builds new cyber league threat tracking community industry
news iranian fishing campaign targets israeli hamas war experts industry news and that was this week's...
Huge if true.
Huge if true.
Huge.
HelloFresh need to stand more meats other than just spam I think
I think
this is why they're being fined
right it's just oh even better the head of
investigations is called Andy Curry
that's brilliant
we need to investigate
HelloFresh
what do they do they're a food delivery company
right we've got just the man for the job so apparently they they were found guilty of
overwhelming consumers with spam messages you'd think by now people would know not to do that sort of thing, right?
Oh, so do you know what?
Actually, just under a year,
they sent subscribers 79 million emails and 1 million texts.
Wow. And they did not have proper informed consent.
It's such a fundamental thing, right?
Yeah.
Dear me.
Oh, yeah.
Customers were not suitably informed that their data would continue to be used for marketing purposes
for up to 24 months after cancelling their subscription.
Oh.
Ha.
Ha.
Oh, they...
Dear me.
No wonder their price is going up.
Yeah.
You know, I saw this first story about 1.3 million F&F customers,
and I was like, wow, I didn't know that many people bought clothes from Tesco.
And actually, F&F is the Fidelity National Financial.
Yeah.
Yeah, so I got that one wrong.
Who's F&F then from Tesco?
They're the clothing brand, F&F.
Oh, really?
F&F.
Yeah, that's what their clothing line is.
Oh, well, there you go.
Clearly, it's not something you'll find in Savile Row or anything, Tom.
No.
To the tesco extras
do they sell the brand in in um fortnum's
or harrods yes yes out back you can probably find them yes um but you know what i was looking at
that british library catalog back online after ransomware attack, right?
And so they actually got hit on the 31st of October last year.
Oof!
And they've been offline.
For two and a half months.
They've been offline.
Yeah.
Well, two months if you take out the Christmas holidays.
Of course.
Yeah, yeah, yeah.
I mean, I'm with Britney on that one, Britney Peach. It's like the wall, right?
Everyone puts their arms down.
The hackers switched off for Christmas.
Yeah.
It's like during the Second World War, was it?
The Peach defence, I like that.
Was it they stopped fighting on Christmas Day?
Yeah, and played a game of football.
Yeah, yeah, yeah.
That's it.
Maybe that's what
Britney should have done.
Look, can we just play
a game of soccer
about this?
Soccer.
There's nothing else
that's particularly
interesting in here.
Is there really?
Nothing really interesting.
No, really scraping the bottom.
Yeah, like the tourist hotspot
finds, you know,
11 million ransom demand.
It's kind of like,
they haven't got
that kind of money.
Yeah.
Small Spanish island
for Christ's sake.
They wouldn't be
doing shots
for like,
you know,
five shots
for five euros,
right?
Yeah,
exactly.
Yeah.
It's not a cash cow.
No, we're struggling on this so I think it's time to move on.
That was this week's...
Industry News.
People who prefer other security podcasts
are statistically more likely to eject USB devices safely.
For those who live life dangerously, you're in good company
with the award-winning Host Unknown podcast.
All right, Andy, why don't you take us home with this week's...
Tweet of the Week.
And we always play that one twice.
Tweet of the Week. And we always play that one twice. Tweet of the Week.
And this week's Tweet of the Week comes from, well actually, it was going to be Morning Brew
on Twitter, who posted some stats or metrics that JP Morgan dropped on the industry. But then as I
read it, I saw the responses. Actually, do you know what?
The responses are better than the original tweet.
So the original tweet was JP Morgan saying
they spend $15 billion annually on IT defence.
What?
But that's because they experience
45 billion hacker attempts per day.
What?
45 billion hacker attempts per day.
Is that actually possible?
J.P. Morgan.
Well, so J.P. Morgan said, yeah, they're making these hackers work for it.
And then it turns out, so Dade, at 0xDade,
he's got the old Bart Simpson meme where he's writing stuff on the blackboard
and it says, port scans are not cyber attacks.
So if you look at these 45 billion attempts per day
and then remove the port scans, you're going to get a very different number.
No, no.
Maybe a billion?
I think you're absolutely right to call that out.
Maybe a billion? I think you're absolutely right to call that out. Maybe a billion?
That is absurd.
Well, if...
No, these numbers were put together by a Y2K consultant,
so they must be true.
No, the head of InfoSec at JP Morgan,
what is an ex-Y2K consultant?
Yeah, exactly.
Very, very good at justifying his job.
No, it's just ridiculous, isn't it?
And these are sort of numbers that they just, like, lose meaning.
Everything loses meaning.
Nothing seems real.
And then everyone's like, well, what can we do?
Like, you know, it's just crap.
Yeah, well, these are the stats.
You know, I'm just putting them out there
rather than actually here's...
These are the meaningful stats.
Right, excellent.
Thank you, Andy, for this week's...
Tweet of the Week.
And we have crashed into the end of the show at last.
So, gentlemen, thank you so much for your time andy thank you
nope he's still on mute yeah he's still on me it's all right i said stay secure my friend oh
there we go blimey professional all the way through to the end and it's because
you you came to me first that's the issue you normally go to the guest first and then you
well like i said we're professionals all the way around jeff thank you very much for your special
guest appearance ah you're welcome i as judging by today episode, I'd love to make a few more appearances in the coming weeks and months because this is just atrocious.
Same time next year.
Yeah.
Exactly.
And Andy, thank you.
Stay secure, my friend.
Stay secure. You've been listening to the Host Unknown Podcast. If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
Worst episode ever.
R slash Smashing Security.
And we're out.
Do you know the Duchess is in Argentina, Andy?
I heard. She's out for a year. She doesn't know the Duchess is in Argentina, Andy? I heard.
She's out for a year.
She doesn't know the Falklands War is over.
Look, don't put off our international listeners.