The Host Unknown Podcast - Episode 183 - The Midnight Express Episode
Episode Date: February 10, 2024This week in InfoSec (08:59)With content liberated from the “today in infosec” twitter account and further afield8th February 2000: A 15-year-old Canadian identified at the time only by his hand...le "MafiaBoy" launched a 4-hour DDoS attack against http://cnn.com. The attacks also targeted Yahoo, eBay, Amazon and other sites over a 3 day period. In 2001 a Canadian court sentenced him to 8 months.https://twitter.com/todayininfosec/status/17555767303060892457th February 2000: Dennis Michael Moran (aka Coolio) performed a smurf attack against Yahoo's routers, causing its websites to be inaccessible for hours. Conversations on an IRC channel led to him being identified and convicted for a series of DDoS and website defacement crimes.https://twitter.com/todayininfosec/status/1755267532540244316 Rant of the Week (14:35)Viral news story of botnet with 3 million toothbrushes was too good to be trueIn recent days you may have heard about the terrifying botnet consisting of 3 million electric toothbrushes that were infected with malware. While you absent-mindedly attended to your oral hygiene, little did you know that your toothbrush and millions of others were being controlled remotely by nefarious criminals.Alas, fiction is sometimes stranger than truth. There weren't really 3 million Internet-connected toothbrushes accessing the website of a Swiss company in a DDoS attack that did millions of dollars of damage. The toothbrush botnet was just a hypothetical example that some journalists wrongly interpreted as having actually happened.It apparently started with a January 30 story by the Swiss German-language daily newspaper Aargauer Zeitung. Tom's Hardware helped spread the tale in English on Tuesday this week in an article titled, "Three million malware-infected smart toothbrushes used in Swiss DDoS attacks."https://www.malwarebytes.com/blog/awareness/2024/02/how-to-tell-if-your-toothbrush-is-being-used-in-a-ddos-attack Billy Big Balls of the Week (21:50)Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police.The elaborate scam saw the worker duped into attending a video call with what he thought were several other members of staff, but all of whom were in fact deepfake recreations, Hong Kong police said at a briefing on Friday.“(In the) multi-person video conference, it turns out that everyone [he saw] was fake,” senior superintendent Baron Chan Shun-ching told the city’s public broadcaster RTHK.Chan said the worker had grown suspicious after he received a message that was purportedly from the company’s UK-based chief financial officer. Initially, the worker suspected it was a phishing email, as it talked of the need for a secret transaction to be carried out.However, the worker put aside his early doubts after the video call because other people in attendance had looked and sounded just like colleagues he recognized, Chan said.Believing everyone else on the call was real, the worker agreed to remit a total of $200 million Hong Kong dollars – about $25.6 million, the police officer added. Industry News (28:58)Clorox and Johnson Controls Reveal $76m Cyber-Attack BillMeta's Oversight Board Urges a Policy Change After a Fake Biden VideoMalware-as-a-Service Now the Top Threat to OrganizationsChinese Spies Hack Dutch Networks With Novel Coathanger MalwareMeta to Introduce Labeling for AI-Generated Images Ahead of US ElectionGovernments and Tech Giants Unite Against Commercial SpywareFrance: 33 Million Social Security Numbers Exposed in Health Insurance Hack20 Years of Facebook, but Trust in Social Media Remains Rock BottomAI-Powered Robocalls Banned Ahead of US Election Tweet of the Week (37:15)https://x.com/gossithedog/status/1755282171198054805?s=46&t=1-Sjo1Vy8SG7OdizJ3wVbg Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
but then obviously you do things
like accidentally book a flight
to another country
yeah
am I cutting that bit out of the recording
no of course not
ah
hit the music
alright let's just go shall we You're listening to the Host Unknown Podcast Hello, hello, hello, good morning, good afternoon, good evening
From wherever you are joining us
And welcome, welcome one and all to episode 183
187
Of the Host Unknown podcast.
Welcome, welcome.
Jav, welcome.
How are you doing, sir?
How has your week been?
I'm doing great.
Finally, The Rock is back for WrestleMania.
And he's come back as a heel, My favourite version of The Rock, that is.
And is this an analogy you're doing or is this an actual news thing?
No, it means that The Rock, the wrestler, he's come back as a bad guy in the.
Really?
In the world of sports entertainment.
Yeah.
Right.
OK.
Why is he a bad guy?
He's a villain character now.
How they write the stories you know people get bored of someone being a good guy all the time so then they have them flip roles depending on audience reaction they're like how much heat
they're generating or whether they get a decent pop when they come out and so you know sometimes
they'll double cross like it's a bit
like marty genetic getting super kicked out of the british beefcakes oh the barbershop window
yeah crazy times and that was like a complete heel turn for sean michaels at the time
never forgive sean michaels for that no no um of course there's some times when like it's it's used
as part it's it's sort of like borderline kayfabe where like you
know so the montreal screw job great example um you know brett was absolutely shafted by vince
but then they they actually use these things as a storyline later so it's like you know and to be
fair with recent allegations brett wasn't the only one getting shafted by Vince. No, no, no. As we know.
Okay, so what I'm getting from this is Dwayne Johnson, The Rock,
has gone back to wrestling.
Yeah, but he didn't need to, right?
This is the great thing.
This is the weird thing
that I'm trying to work out.
Yeah, he's doing it
because he loves the sport,
entertainment.
I don't need to work, but I love cyber security.
I mean, that's the same thing.
Or is he just coming in to try and divert attention away from Vince McMahon?
Even I know Vince McMahon's name because he's, you know, unpleasant.
No, I mean, Vince isn't even around the wrestling anymore.
Yeah.
Isn't he?
Then why is it always
Vince McMahon
WWFE
whatever
letter comes up?
They got acquired
by another company.
Yeah.
They're part of the same company
that the UFC is part of.
Okay.
If you're just joining us,
welcome to Host Unknown's
WrestleMania.
Anyway. Other than that really weird thing, Jav, what else is going on in your life?
I'm happy. I'm full of energy today. I'm not up at 7 a.m. to record this.
Much more reasonable 11 p.m. to see you two while I'm fully awake and caffeinated and had my breakfast so i'm loving
this time yes we are we we have had a little shift in schedule so rather than really early
in the morning it's like really late at night which is almost as bad so but there you go all
right andy how are you this fine evening pre-midnight pre-mid i'm not doing too bad although you i'm sure my fellow uh frequent
flyers will have received the email that british airways have changed their tier point scheme
yes and so now everyone's tier point year resets at the same time yes which has messed up my tier
point runs for the year no because you were doing some weren't you i had a big plan in july to head
to san francisco for three days but start off in malaga go via helsinki uh new york los angeles
before landing in san franc and then doing a turn leg landing in amsterdam which would have netted
me what i needed to get to gold um alas i now seem to have what six weeks to uh
to try and make silver let alone uh let alone uh uh gold so an impromptu trip to malta uh last week
oh right has helped me get on the way there okay okay why malta was that was that literally just
there and back or well so it's there's a promotion on at the moment that you stay for five days you
get double tier points right okay so malta is a medium haul destination so although it's in europe
and it's a short flight,
you actually get more points than you would do for a regular trip to Europe.
Very scientific, very like, you know, lots of stuff I've had to work out.
And I'm very annoyed that BA changed the date.
We are slowly drifting away from a cybersecurity podcast
into a wrestling stroke consumer advice on flights podcast
no if if you think about it this is hacking this is proper hacking and this is proper
how do you game the system how do you get points you know true more points for the least amount
of effort and i admire that i i respect anyone that's willing to put in the hassle
and, you know, go do that for the greater good.
Because like, you know, what's, I mean,
the purpose of life is to step onto the plane from your lounge.
Exactly.
Looking right.
With a full belly.
Yeah.
Pulling the curtain aside as you look through and go i bet you wish you studied
harder at college and then closing it quickly yeah so actually last time it was a girl who
opened the the curtain she said to me i bet you wish you had pretty feet and then she closed it
i have no idea where that came from.
Talking to people that look down on others.
Yes.
How was your week, Pete?
Well, I looked down on YouTube because, inexplicably,
I'm the tallest of the three, but there you go.
But, yes, do you know what?
I was on another podcast on Wednesday.
It was with David Spock.
It doesn't surprise me, you slut.
The CISO podcast.
Well, you know.
But do you know what?
We recorded on Wednesday.
So what was that, 7th of February?
It doesn't come out until the middle of April.
He said it goes through two editors.
Two editors.
I'm like, is this how it's supposed to happen?
Is this how the professionals do it?
I'm like, two editors. We record kind of you know just top and tail it
it takes you four hours to press the publish button sometimes yeah yeah even yeah exactly
exactly yeah as opposed to two months though so actually i think i'm doing all right
but uh yes you can always select data to make yourself look good yes exactly but but it was
another one of those where there's no jingles where everything is done offline and everything's
you know done in post so it was one done really quickly and also really odd to record but it was
good fun because it was david spark friend of the show and also uh andy ellis friend of the show, and also Andy Ellis, friend of the show.
Wow.
Interesting.
I did promote our podcast on theirs,
so hopefully we should see at least another couple of more listeners.
Yeah, they're not going to make it to this point.
No. They start in this podcast, they heard about wrestling.
Not after the start.
About flights.
Exactly.
Exactly.
So talking of disappointing numbers,
shall we see what we have got coming up for you this week?
This week in InfoSec is a small blue story that wears a white hat.
Rant of the Week is something that needs doing twice a day.
Billy Big Balls is when you can't believe your own eyes.
Industry News is the latest and greatest security news
stories from around the world and
Tweets of the Week explains the
real reason behind the news.
So, let's
move on to our favourite
part of the show, the part of the show that we like
to call
This Week
in InfoSec.
It is that part of the show where we take a trip down InfoSec memory lane with content liberated from the Today in InfoSec Twitter account and further afield. And today our first story takes us back a mere 24 years to the 8th of February 2000
when 15 year old Canadian identified at the time only by his handle MafiaBoy
launched a 4 hour DDoS attack against CNN.com
The attacks also targeted Yahoo, Ebay, amazon and other sites over a three-day period
and in 2001 a canadian court sentenced him to eight months inside wow 2000 that's quite big
it was in janet rena the u.s attorney general at the time she said i think that it's important
first of all that we look at what we've seen and let young people know
that they're not going to be able to get away with something like this scot-free.
So, you know, she's setting the tone early on this one.
So he's Canadian.
I'm assuming there's an extradition order or something,
or maybe he was Canadian and living in the US,
but it does seem a little bit...
And also the US are the world police, let's face it.
Yeah, absolutely.
And if you think back then,
we didn't have the protections against DDoS that we have now.
No.
It was a big thing to get caught out.
Yeah.
To take off the biggest sites online at the time,
believe it or not, Yahoo was one of those.
Yahoo! Yeah, exactly. to take off the biggest sites online at the time believe it or not yahoo was one of those yeah exactly but alas he's probably he's 39 years old now if he was 15 at the time so um quick math i know i know i i done it while you were speaking earlier with my calculator
okay i was just thinking like in my mind i I thought, oh, this is 24 years ago.
He's 15 years old. He must be about 70 now.
Oh, man. So it's in our second story, which also takes us back a mere 24 years.
Yahoo was having a very bad week that week on the 7th of February 2000,
a day before Mafia Boy was causing them problems.
Dennis Michael Moran, a.k.a. Coolio,
performed a smurf attack on Yahoo's routers,
causing its websites to be inaccessible for hours.
And it was actually the conversations on an IRC channel
that led to him being identified and convicted
for a series of DDoS attacks and website defacement crimes
because obviously it's when you brag about it,
that's when you get caught.
Yeah.
So for our listeners, I mean, we all know obviously,
but for our listeners, what is a smurf attack?
A smurf attack is one one where you set you send fragments
to the router and it struggles to put it back together the other side isn't it
you don't see it too often anymore because i think it was about when
when the next gen firewell when routers sped up a bit right
yeah yeah and they stopped sort of taking stuff in fragments and then put them together on the
other side they sort of checked what they were going to do before it did that.
But yeah, one of the network engineers at Yahoo at the time,
Jan Coombs, said that the attackers were above your average script kiddie
and knew about our topology and planned this large-scale attack in advance.
And that network engineer, Jan Coombsom is the billionaire co-founder of whatsapp
and so even 24 years ago we were saying nation states are responsible for all of these attacks
and not not uh 20 year olds or you know or not 14 year olds and in their mother's basements and
things like that yeah Yeah, exactly.
Things never change.
Oh, it's the... You know what the Smurf attack is?
It is actually just another
DDoS.
It's not the one where it does a fragment.
It's where you...
It's something that neither Jav
or I corrected you.
We just took you at face value
there.
I was about to correct you
and then I didn't want to make you look
bad. Plus I didn't want to extend
out the segment too much. Of course I know
what Smurf attack is. Everyone knows
there's Smurfette,
there's Papa Smurf, there's
Papa Smurf.
You spoof your source IP address,
ping servers, and then get the replies
to go to your intended target.
Yeah, exactly.
Yeah, that's what we were thinking as well.
Absolutely.
And on that knowledgeable note...
Thank you for giving me the chance to correct myself.
On that knowledgeable note,
that was this week's...
InfoSweep If good security content
were bottled like ketchup
this podcast would be the watery juice
which comes out when you don't shake
properly
in a niche of our own
you're listening to the award winning
Host Unknown podcast.
OK, let's move on now to this part of the show.
Listen up!
Rant of the week.
It's time for Mother F***ing Rage.
All right, so unless you've been living under a rock or you're Andy,
you will have heard about this story.
This is the story, the viral news story of the botnet with 3 million toothbrushes,
which actually turned out to be too good to be true.
So there was this news story that was pushed out there,
terrifying botnet that consisted of 3 million electric toothbrushes that were infected with
malware. And while you were just brushing your teeth and, you know, if you can multitask going
for a wee at the same time as you attended to your oral hygiene,
little did you know that your toothbrush and millions of others,
well, 2,999,999 to be specific,
million of others were being controlled remotely by not just your average criminals,
but nefarious criminals, the very worst kind.
But actually, this story that came out from an interview with a company called Fortigate
was obviously just too good to be true.
It was slightly ridiculous.
slightly ridiculous.
It was the company FortiGate.
They did actually blame the fact that the story was originally run by the Swiss-German language daily newspaper Argar Zeitung.
And then Tom's Hardware did a translation of it
and tried to spread the tale in English on Tuesday of this week
in an article titled,
3 million malware-infected smart toothbrushes used in Swiss DDoS attacks.
So, and if you click on our link, you can see what they're saying about it.
Now, it didn't take long.
It didn't take long for various security experts to uh poke some uh some real
cavities into this story did you see what i did there um so we did that
um so yes these cavities were very very quickly uh uh shown uh and uh it was it didn't take long for the story to be completely debunked.
Although, which is pretty much the real rant of this,
Fortygate did not come straight out and say that they didn't say this.
They kind of let it run and run and can't imagine why.
Maybe they were just enjoying the exposure.
But I think one of the best responses was by a friend of the show,
Robert Graham, Erata Robb, who said, there is no evidence three million toothbrushes performed a
DDoS and that the hypothetical offered by a security company was misinterpreted by a journalist.
The quote continues, what the fuck is wrong with you people?
This is why we love Rob.
There are no details, like who is the target, the DDoS?
What was the brand of toothbrushes?
How are they connected to the internet?
Hint, they aren't.
They are Bluetooth.
So it was very quickly ridiculed and turned around. around now the real thing like i said the real
rant here is the fact that forticate just sort of let it run and as as was as you'd imagine there
was a a huge number of responses on the internet and on the twitter sphere or the x sphere or
whatever you like to call it memes started coming out coming out, lots of jokes about tooth factor authentication
being able to stop things and the fact that FortiGate were withholding the truth
because we can't handle the tooth, all that sort of stuff.
But I think the best response has to go to Endpoint Protection and EDR vendor Malwarebytes,
who have a very well-respected blog.
And the title of this blog post was
How to Tell If Your Toothbrush Is Being Used in a DDoS Attack,
which I think is really rather important
because we need to know how to protect you know, how to protect ourselves.
The fact is it was effectively two words, which was, it's not.
And this was picked up obviously by everybody.
And it was a very, very good retort.
I liked it a lot.
And I think, you know, well played by Malwarebytes.
But Fortygate, you should be absolutely ashamed of yourselves,
not just for not jumping straight on this
because we're just making a mockery of ourselves.
People won't take us seriously in the future
when we talk about DDoS attacks.
We do know that there are instances of Internet of Things devices
being used and being capable of being used for these sorts of things
and why we should secure them,
your toothbrush is not one of them.
Yet.
Yet.
I mean, that's probably true.
Someone's going to do a Wi-Fi-enabled toothbrush
with an overpowered bloody CPU on it
that can run cycles while it's recharging.
But who knows?
Who knows? Yeah.
And what's it going to do?
Mine cryptocurrency.
Yeah, that's right.
Yeah, but with 3 million of them.
Yeah.
Who's actually sold 3 million Wi-Fi-enabled toothbrushes?
None. No one.
I know. Have you seen the cost of them?
They're bloody expensive.
Yeah.
And, you know, it's just so bad.
It's such a bad reflection on the industry when this stuff goes.
Like, to your point, Tom, and yes, I know.
I'm agreeing with you.
Something's weird.
There's a new lunar moon that started.
Third week in a row.
There's something very, very odd going on.
There's something in the air. Mercury's in retrograde or something.
I don't know.
But, yeah, this is so, so damaging for the industry and our credibility.
People already struggle to take us seriously or understand what comes out of our mouths or understand what to do.
And then you come out with stuff that's absolute fabrications
which yeah twaddle very good point uh yeah not a fan of this at all and i think it's a it's a very
well thought out rant this week i'll give you that yeah which is pretty good given we pulled the notes together just before the show right excellent thank you and it's late yeah that was this week's rant of the week
this is the host unknown podcast the catch potato of infosec broadcasting
all right uh jav let's go to you.
Let's see if I can possibly agree with you as well.
We'll see.
Billy Big Balls of the Week.
This isn't quid pro quo.
If you want to disagree with me, you're more than welcome to try.
So...
LAUGHTER
The Billy Big Balls of the Week comes to us from Hong Kong,
where a finance worker at a multinational firm
was tricked into paying $25 million to fraudsters.
This was an elaborate scam. It wasn't just someone who phoned him up and said, would you mind transferring $25 million? But what they did was they sent him a message and
it was purportedly from the company's UK-based chief financial officer, and he suspected it was a phishing email
because it talked about a secret transaction to be carried out.
So this was good.
The employee had his doubts.
But then they said, like, oh, we can do a video call
and we can talk to you about it.
So there were, like, oh, we can do a video call and we can talk to you about it. So there were like a video call that took place and there was many people on there.
But apparently all of them were AI generated avatars.
They weren't actually real people.
And some of them he recognised as being his colleagues who he'd seen before in real life.
So he believed it to be true and sent the money off,
like, you know, 200 million Hong Kong dollars,
which is about 25.6 million US dollars.
Wow, Dan.
You're probably wondering what the Billy Big Balls is in this whole story.
I think it takes balls of steel to come out and make an excuse like,
oh, it was AI on the video call.
I swear they look just like you.
I was just about to say that.
I was just about to say, how do we know?
Did he screenshot this conversation did he did
he have someone else on the call with him saying oh look that looks like dave our cfo from britain
you know or did he just go fuck right what can i say yeah
i don't know were those those people were they just like real people but they're wearing those old
AT style Mission Impossible masks over there
I don't know
and this is, I'm always
sceptical a bit about these
these kinds of stories
you want to see receipts
people say oh there was a phone call
it was AI generated voice just to sound like my manager or something You want to see receipts. Yeah, exactly. Exactly. People say, oh, there was a phone call.
It was AI generated voice just to sound like my manager or something.
Or this is like this.
And yeah, it's like, unless he took screenshots,
unless there's some sort of, you know, digital evidence or trail about this,
it's, I'm not saying that it couldn't be true,
but I'm also saying there's no evidence to support that it did happen.
Yeah, because technologically-wise, it's possible, right?
We've had the voice, the fake voice, AI voice scam that worked once
and then was...
Allegedly.
Allegedly.
Yeah, it worked once and was detected a second time, but allegedly.
And we've seen deep fakes and we've seen how effective they are although we've not seen one
live like that so you know on one part of me it's it's kind of i want to believe it and also because
when i first uh became a security advocate within a month i was asked what are your predictions for 2021? And mine was, we're going to see the first AI deepfake
phishing attempt.
And then the next year they said, what's your predictions for 2022?
And I said, we're going to see the world's first AI phishing attempt.
So technically I've been proven correctly eventually.
But yeah, it's...
Does Occam's razor say actually it didn't happen?
This was a Zoom call.
There was no video involved whatsoever.
It was audio only.
And people, the hacker or the fraudster
just uploaded people's LinkedIn profiles from the company
and just added the names of other people.
And so, do you know what? I don't think there's any video involved.
So we should have, basically what you're saying is we should have clicked on the link and looked
into this a bit more. No, I've not read the story at all. And this is the problem. There's no
details. I'm just, I just. Oh, you're theorizing. I'm not reading off something. I'm theorising.
No, no, no.
This is pure.
I just haven't seen that level of AI flexibility yet. So he did go onto a Zoom call and he did talk to people.
I reckon he just.
But what he's saying is, oh, but everybody looked real.
Yeah.
When actually there was no video.
Yeah.
I think it was just other people with like headshots instead of actual video.
That sounds far more plausible.
And it's hard to then say, like, do you know what I mean?
Like, what did the logs say?
Whether it was a video call or an audio call?
Or would the logs just say it was a Zoom call?
Yeah, the logs would say it was a...
Or a Teams call, whatever he did.
But even so, they'd probably still say it was a video call just because you're, you know,
he may be putting his video over, but they might not be putting theirs over. It's still a video call just because you're you know he may be putting his video over but they
might not be putting theirs over it's still a video call right it's not so wow yeah i want to
see receipts yeah i want to see receipts i have to say you know you're right balls of steel in
this instance let's see what comes out in the wash here because bloody hell nice at some point i mean a lie is so big
you just have to roll with it right and this guy's committed now in this hole yeah it's the first
time ever it's the first the first time we've seen this in the wild yeah he's gonna get some
internet fame from it as well he's gonna get his 15 minutes you know and and the next person will be doing you know we're doing exactly the same
oh dear okay brilliant very good uh jeff thank you for that that was billy big balls of the week
people who favor the smashing security podcast are statistically more likely to eject USB devices safely.
For those who live life dangerously,
you're in good company
with the award-winning Post Unknown podcast.
Well, we know what time it is because it's really bleeding late.
But is it that time, Andy?
It is. It's that time of the show where we head over to our news sources
over at the InfoSec PA Newswire who have been very busy
bringing us the latest and greatest security news from around the globe.
Industry News.
Industry news.
Clorox and Johnson Controls reveals $76 million cyber attack bill.
Industry news.
Meta's oversight board urges a policy change after a fake Biden video.
Industry news.
Malware as a service now the the top threat to organisations Industry news Chinese spies hack Dutch networks with novel coat hanger malware
Industry news
Meta to introduce labelling for AI-generated images ahead of US election
Industry news
Governments and tech giants unite against commercial spyware.
Industry news. France. 33 million social security numbers exposed in health insurance hack.
Industry news. 20 years of Facebook but trust in social media remains rock bottom.
AI-powered robocalls banned ahead of US election.
And that was this week's...
Huge if true. Huge if true.
Huge if true.
Do you know what?
All three of my stories are about Meta or Zuckerberg.
Do you know what?
That one about France, as soon as I read it,
I realised I should have done it in the voice of that Miss Universe contest
that was doing the rounds on social media,
where all of the contestants came out
and shouted out the name of their country.
And they were, you know, Yugoslavia, Portugal.
And then France came out and went France.
Do you not remember that?
That was an old one though.
Yeah, that was a long time ago.
What, four months?
No. No.
Four months ago
is when it made its way onto Facebook.
It starts on TikTok
and then trickles down to TikTok.
That's when it got to your Instagram reels.
Yeah, my friends reunited
to page Hadid.
I was going to say,
did it still have the Vine logo
in the corner of the video?
Very good, very good.
But, you know, me and Andy, when you read the 20 years of Facebook,
we're trusting social media remains rock bottom.
On the camera, we've both done the sign for the rock bottom hitting.
Rock bottom, rock bottom, rock bottom.
Oh, my God.
Oh, we're back to that.
Oh, my days.
Jav, this is your story.
I know.
I just clicked into it.
Yes, yes.
Which one?
The rock bottom one?
The rock bottom one.
Yeah, I've just clicked into it.
I'm quoted in it.
It's not written by me.
Oh, so you didn't do the headline then?
No.
What does Jav say about it?
People should move off Facebook to TikTok.
Javad Malik told InfoSecurity,
with the continuous number of breaches and misuse of data
have occurred and continue to occur at social media providers,
it is no surprise that people don't trust these organisations
to safeguard their data.
Did you get ChatGPT to write that again?
No.
Malik pointed out that people still use these platforms
and almost resign themselves to the fact that this is just how things are
and there's not much they can do about it.
Nah, we'll see we'll see i did say
very good further on as well but um oh oh you want you want to read that out as well oh was it was it
more insightful than your previous than your previous observations otherwise in many cases people are oblivious to the fact that they have options he added
yeah they are yeah i think like you know if you go on on i haven't used facebook for years but
when i was on it like you try and go on there find how to make stuff private by default and
not share with everyone it's buried in three three layers or what have you. If you want to know what your rights are and how to delete data,
you don't know.
It's really hard for the average user to figure out these things
or even understand that these options are available.
Totally agree.
Totally agree.
Terrible, terrible platform.
What else have we got?
Coat hanger malware.
Oh, yeah, coat hanger malware.
It sounds really unpleasant.
Maybe it came about because of the repeal of Roe versus Wade.
Do you know what?
I was just thinking if this was like five years ago,
that's the type of crass joke that I would make.
like five years ago that's the type of crass joke that i would make oh god he's gone offline to have a coughing fit
i'd spare you coughing down there so below the belt at top
but it is better to introduce labelling for AI-generated
images ahead of US election.
How can Meta
tell whether
images are AI-generated?
Well, you can tell
if a photograph has been manipulated,
can't you?
There's artefacts.
It's getting better and better, but also
it's getting better at hiding it.
But there are mechanisms and algorithms you can use
that sort of see if certain artifacts on there are inconsistent
and all that sort of stuff.
I assume it's like that, but just, you know,
they look at 24 frames a second, 24 pictures a second.
I don't know.
Meta said it would develop tools to detect standard indicators that
images are ai generated however no such standards are currently generalized
there's probably some metadata in it if you go into the metadata the face is that
generated created by yeah or something but uh yeah i'm sure that i i know a lot of companies are actually working on this kind
of stuff where they're trying to figure out what's a a deep fake or ai generated um
sort of piece of content but it's still hard but if anyone can do it it's like the likes of
facebook and google and whatever with all their data and the fact that they can generate this stuff you know it'll be interesting they've got
they've got a large data set of material to look at let's face it yeah so also in the same list of
stories we read out right meta's oversight board urges a policy change after a fake biden video
a fake video showing u.s president jo President Joe Biden inappropriately touching his adult granddaughter's chest
sparked calls for Meta to change its policy
on deepfakes and manipulated content.
So the fake video is maliciously edited of actual footage.
Despite being fake, the shocking video was not removed from Facebook
as it does not violate Meta's manipulated media policy.
So they're developing this stuff to say you have to label AI content,
but deepfake's apparently a fair game.
Yeah.
Well, you surprise me that Meta are sort of arse from elbow on this.
Not good.
Right, let's move on
shall we
that was
this week's
industry news
we are officially
the most entertaining
content
amongst our peers
just not recently right point in time yeah appears.
Just not recently.
All right.
Point in time.
Yeah, that's a point in time.
Exactly.
Yeah.
Andy, why don't you take us home with this week's Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
And this week's Tweet of the Week comes from friend of the show,
Kevin Beaumont at Gossy the Dog, who says,
Shout out to Fortinet, who fabricated a story about toothbrushes causing Adidas,
refused to comment to outlets questioning it,
and saw their stock price suddenly inflate.
Who knew?
Who knew that that might be the outcome?
Shock horror.
Yeah.
At least now.
It's the Captain Kirk shocked meme, isn't it?
Yeah, it's right.
Shut up.
Who knew that this might actually be the end result of not saying,
you know, oh, no, that's complete rubbish?
That is just...
Not good.
Anyway, that was...
I think we're just really disappointed in FortiGate, right?
I think that's what it comes down to.
But somewhat unsurprised that it would happen.
Right.
Really?
So you're saying FortiGate because of the meme
of the
instead of Colgate
it says FortiGate
FortiGate
is the product that FortiNets sell right
is that right
yes
or one of the products
yeah
the other products they sell is like a toothbrush botnet.
Oh, dear.
Excellent.
Well, sorry, go on.
Again, this feels like the episode of, like,
cyber-skipping Mythbusters or something like that.
There's the toothbrushes
that we don't believe happened and like all this kind of kind of stuff then there's the um
the video the the deep the video the guy that sent the money to his cousin and yeah it's needed a way
out yeah exactly exactly yeah and and then there's the dodgy definition of what a smurf attack was
yeah yeah absolutely we even chuck in our own myths yeah exactly exactly yeah there you go
we we create our own myths so that we can then go debunk them yeah get kudos for debunking those
myths this is like the the theory of the, way in the 80s,
where AV firms would have created their own viruses,
put them out there,
just so people would buy
their AV product.
Yeah, we generate our own bullshit
very easily and in vast quantities.
Right.
Talking of bullshit,
John McAfee.
Talking of bullshit, Jav, thank you very much talking to bullshit John McAfee talking to bullshit
Jav thank you very much
for your time effort
contributions and
beautiful smile today
you're
welcome now I'm going to head
to bed
and Andy thank you sir
stay
secure my friends.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel. The worst episode ever.
R slash smashing security.
This is normally my TikTok time, you know that.
Thank you for your sacrifice.
Yeah, that's right.
You know what, I was, there was a part,
I did open up TikTok and I thought, that's strange,
Andy's not sent me any messages yet.
He's normally sent me loads by this time of the night.
I sent him one yesterday.
It was just a simple one.
It was like my salary hitting my bank account.
And it was like an aeroplane landing on the aircraft carrier in the sea.
And it basically just goes, touches down and then flies off again.
Oh, yeah.
That feels... Yeah, I off again. Oh, yeah. That feels, yeah, I feel seen.
Yeah.