The Host Unknown Podcast - Episode 186
Episode Date: March 5, 2024This week in InfoSec (06:53)With content liberated from the “today in infosec” twitter account and further afield1st March 1988: The MS-DOS boot sector virus "Ping-Pong" was discovered at the Po...litecnico di Torino (Turin Polytechnic University) in Italy.The virus would show a small ball bouncing around the screen in both text mode (ASCII character "•") and graphical mode.https://twitter.com/todayininfosec/status/1763540406443163705 26th February 2004: Antivirus firm F-Secure apologized for sending the Netsky.B virus to 1000s of its UK customers & partners via a mailing list. The unknown sender sent it through the email list server, which didn't scan for viruses. And there was no business reason to accept external emails.https://twitter.com/todayininfosec/status/1762092359313936553 Rant of the Week (11:48)Meta's pay-or-consent model hides 'massive illegal data processing ops': lawsuitConsumer groups are filing legal complaints in the EU in a coordinated attempt to use data protection law to stop Meta from giving local users a "fake choice" between paying up and consenting to being profiled and tracked via data collection. Billy Big Balls of the Week (20:16)Fox News 'hacker' turns out to be journalist whose lawyers say was doing his job A Florida journalist has been arrested and charged with breaking into protected computer systems in a case his lawyers say was less "hacking," more "good investigative journalism." Tim Burke was arrested on Thursday and charged with one count of conspiracy, six counts of accessing a protected computer without authorization, and seven counts of intercepting or disclosing wire, oral or electronic communications for his supposed role in the theft of unedited video streams from Fox News. Industry News (27:48)UK Unveils Draft Cybersecurity Governance Code to Boost Business Resilience34 Million Roblox Credentials Exposed on Dark Web in Three YearsBiden Bans Mass Sale of Data to Hostile NationsUS Government Warns Healthcare is Biggest Target for BlackCat AffiliatesSavvy Seahorse Targets Investment Platforms With DNS ScamsPharma Giant Cencora Reports Cybersecurity BreachUK Home Office Breached Data Protection Law with Migrant Tracking Program, ICO FindsFive Eyes Warn of Ivanti Vulnerabilities Exploitation, Detection Tools InsufficientBiden Warns Chinese Cars Could Steal US Citizens' Data Tweet of the Week (35:17)https://twitter.com/_FN8_/status/1762583435745402951 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Jav not making it this week
well unfortunately
as you know
with last week's episode
which was thankfully fixed post edit
Javad Malik has been suspended
for two weeks
for his comments
probably for good reasons
yes so it's about his comments
to the
communities
the
communities the people who defy as his comments to the communities, the communities,
the people who defy
as our
friends over at
the
people, the
communities
and those
just communities.
And these are just the people we receive
complaints from.
Yeah, I'm going to let you finish there.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us.
And welcome, welcome, one and all, Welcome, dear listener, to episode 186.
190.
Of the Host Unknown episode.
The Host Unknown episode?
The Host Unknown podcast.
Dear me.
That tirade we started with, I think, has just put me off my stride somewhat.
Well, we've just got to be careful about what we say, right?
You never know. I'm just going to have to replace the batteries in our beat machine.
But especially after last
week.
Well, we would ask Jav how he is
but God knows where he is at the moment.
He's probably off gallivanting somewhere.
Community service.
True, yeah.
Yeah, that's right. Making amendsends orange is the new black for jav
yeah absolutely more orange is the new brown one or the other i can't remember
but um the uh yeah so well in that case andy how the devil are you
not too bad thank you it's been a uh a busy week. I know it's coming up towards the end of the financial year for a lot of companies in the UK.
I think that has something to do with it, but it does just seem busier than usual at the moment.
It's like, you know, you just don't feel like you've had a minute to sit down.
It's the longest January ever, isn't it?
It just feels like...
I know we're in March. I know today's the 1 January ever, isn't it? It just feels like... I know we're in March.
I know today's the 1st of March.
And congratulations to any of our couples who are listeners
who got married yesterday, because was it yesterday's the day
that women are allowed to...
I don't know what I do in air quotes,
but allowed to propose to men seems a little bit
archaic to me but um yeah so congratulations those you got married but uh or got uh engaged
sorry but yeah it is it's insane at the moment and everybody it doesn't matter which company
you work for it seems everybody's just really really busy yeah do you know what prior to the pandemic i was actually looking at
setting up a catering place you know like a get a get a lease near a train station commuter place
and just oh yeah hot drinks and lunches and stuff like that but then you know the pandemic hit and
it's not everyone's yeah no one's like lots so many people working from home, you lost all that footfall.
And, yeah, I just kind of miss that daydream of not working
in an office environment.
Yeah, just making coffees all freaking day.
Exactly what I do at work.
I make coffees all freaking day.
Anything to avoid.
I want to make coffees for different people,
not the people I work with.
Yeah.
I want to make coffees for different people and get paid poorly for it.
Yeah, exactly.
But talking of getting paid poorly, how's your week?
Yeah, yeah.
Not bad.
Again, like you, it's just shockingly busy at the moment.
I was saying but
you know we were talking just before about there seems to be so much going on and
um i've got well i don't even have a free weekend now even even my extracurricular activities are
uh are cutting in so i'm doing a a wedding photography show tomorrow uh man in a booth i'm a booth babe tomorrow would you believe
nice i know no i know right i know right i'm gonna put my my tightest pants on just to uh
uh you know show my my myself just a saturday for you yeah just a regular saturday exactly
but yes i shall be uh chatting to couples who are looking to hire photographers for a wedding.
So that will be interesting.
And then Sunday, I've got to do some more work.
What's that all about?
It's shocking.
Unbelievable.
I remember looking for the photographer when I got married many, many years ago and going to these wedding fairs and seeing them.
And you know what it was?
The guy that we went with,
it was actually his work that sold him or sold us on him.
And we were quite lucky because he was booked up very far in advance.
I didn't realize how far in advance people book these things.
But he was due to get married the same weekend we were and then he postponed his wedding because his fiancee got pregnant uh and so they sort of delayed their wedding uh so he became free
for our weekend oh wow uh which was a big stroke of luck. But absolutely the best photographer that we saw there.
I'm impressed by you getting his fiancée pregnant
so you could just have him.
Well, whatever it takes.
Whatever it takes.
Whatever it takes, OK.
We discussed it as a couple and I said,
look, I'm going to go for it.
Exactly.
Where there's a will, there's a way.
Well, you know, I'm looking forward to taking bribes tomorrow as well.
What can I say?
Yeah, exactly.
And talking of unintended consequences,
shall we see what we've got coming up for you this week?
Well, this week in InfoSec is a tale of two viruses.
We should have got Graham on again
this week. Rent of the Week is
meta just being meta
again. Billy Big Balls uses
the legal defence. It's just a prank, bro.
Industry News is the latest
and greatest news stories from around the world.
And Tweet of the Week is
a password trick
hackers hate.
So let's move on to our favourite part of the show, shall we?
It's the part of the show that we like to call...
This Week in InfoSec.
It is that part of the show where we take a trip down InfoSec memory lane with content liberated from the Today in InfoSec Twitter account. And our first story takes us back a mere 36 years to the 1st of March 1988 when the MS boot sector virus ping pong was discovered at
the Turin Polytechnic University in Italy or also known as Politecnico di Torino I think I
as the Italians would say. So 36 years ago, this little bouncing balls driving computer
uses bonkers
and it's spread by infected floppy disks,
if you remember those.
And so when users booted their computers up
with this infected floppy disk inserted,
the virus spread.
And by the time the message
non-system disk or disk error appeared,
the damage was already done and then
ping pong resided on the computer attempting to infect subsequently infected floppy disks
and so you know an infected computer with period periodically display a tiny white bouncing ball
that careened from corner to corner of the screen and and then rebooting the computer, removed the ball until its next appearance.
And it was the Intel 286 machines
that were most likely to crash
when the bouncing ball appeared.
Yeah.
Thanks to the instruction on the virus code
that only impacted the 8.8 and 8.6 processors.
Wow.
This was back in the day when viruses were fun.
They didn't ask you for money.
They didn't absolutely muller your computer.
They just said, look at me, look at me, look at me.
Come on, that's pretty cool.
Yeah, these were fun ones.
This is the sort of one that Graham Cloulet would
approve of yeah we should have got
him on we should have got him on
exactly that's on me
resident virus expert yeah that's on
me
but alas our second story
takes us back a mere
20 years
to the 26th of February
2004 when antivirus firm F-Secure apologized for
sending the Netsky B virus to thousands of its UK customers and partners via a mailing
list.
The unknown sender sent it through the email list server, which did not scan for viruses.
And there was actually no business reason
to accept external emails on that.
Yeah, so F-Secure did apologise for the cock-up.
It blamed it on human error, as you can imagine.
Was it Mikko's fault?
Yeah.
Mikko.
Mikko.
It wasn't Mikko's fault.
Yeah, so... Yeah, but do you know what?
Back in those early days, it hasn't really done them any harm over the years, right?
No, they are actually, of the traditional AV vendors or the old school AV vendors,
I think they're the ones with the best reputation today.
vendors i think they're the ones with the best reputation today in my and you know what to be fair kaspersky i think are unfairly targeted you're right you're absolutely you're right but
you know that's out of their control as it were that's out of their control yeah yeah you know
that's that's not something that they could do much about and it's very unfortunate because
you're right they are absolutely quality and ethics wise
they're up there but I think
F-Secure, unless we go to war
with Finland, who knows, I mean
stranger things, unless we go to war
with Finland then I think they're more likely
they're just
going to remain top of their game
in that space. I'm still not
seeing them in the sort of crowd strike space, as it were,
but they are, well, they're trustworthy is the bottom line.
And I think Midco has got a lot to do with that, if I'm honest.
Absolutely.
Good advocates can represent the brand well.
Indeed. Indeed.
Excellent. Thank you, Andy, for this week's
InfoSweep.
It doesn't matter
if the judges were drinking.
Host Unknown
was still awarded
Europe's most entertaining
content status.
All right. Let's have this week's... Listen up!
Rant of the Week.
It's time for Mother F***ing Rage.
Oh, favourite subject of a rant, as always, every time.
Who is it? Go on, take a wild stab in the dark andy
is it uh something to do with an organization that zuckerberg is in control of yep i think
it may well be the lizard controlled uh um uh the lizard control corporation that we are talking about. You're absolutely right. It is Meta. And Meta are once
again in the news for doing dodgy crap. So what they are doing, the headline is Meta's pay or
consent model hides massive illegal data processing ops lawsuit. So consumer groups are filing numerous legal complaints in the
EU, because let's face it, the EU has probably got the best sort of privacy protection for individuals,
in a coordinated attempt to use data protection law to stop Meta from giving local users a fake
choice between paying up and consenting to be profiled and tracked
via data collection so as you know we get this little cookie banner warning every time we hit
an eu or a website uh which basically says do you accept these cookies and which 95 percent of us
just go off crying out loud yes let's just get on with it uh or do you would you would you like to um
you know review them can i just say for our um non-american listeners it's the biscuits banner
that we get over here i know you're saying it for our american listeners i am it's cookies to
the americans it's biscuits for us it is it is but not know, not the biscuits that you have in gravy, but the proper biscuits, the proper, that come in a red tin that is then subsequently used for all of your sewing paraphernalia.
Exactly.
Or whatever other paraphernalia you might have.
So you're absolutely right, Andy.
Do you know what?
It's good to have a, you know, a trusty sidekick.
No, I'm not a trusty co-presenter on the show for once.
It's just diluted when the other one's here.
So, yes, as we know, we get these cookie,
and you decide yes or no, and if you say no,
then you have to select which ones,
and it's normally a vast list of things that you have to uncheck, etc.
Well, what Meta are doing is basically saying,
if you say yes to this, we're going to hammer you with adverts
and harvest all your data.
Or you can pay us.
You can subscribe, give us money.
But actually, we'll still harvest all your data.
It just won't look like it.
It's pretty much what this is coming down to.
And if you click through and read on the story, it's been summarised.
It's a simple bait and switch.
It misleads consumers into thinking that by opting for the paid subscription as it's presented, they get a privacy friendly option involving less tracking and profiling, which is not the case because there is this is still Facebook's primary method of getting getting money, which is by advertising.
getting, uh, getting money, which is by advertising. So, um, they've been allowed,
uh, Meta have been allowed to get away with it. They're not the only ones. Interestingly, there's a number of French, German, and even Spanish companies that do this. Uh, and it's
actually been picked up in, in, uh, in the EU in some of the, uh, you know some of the relevant courts of law, so that this can't happen. Because you should
be free to consent to something, not be forced into it through a lack of means, for instance,
or a lack of intent. So if Meta actually provided their service free with
adverts, but didn't track the users, that would be fine. But it's this forced consent for tracking.
That's the problem. So it's actually, and Andy, you pointed this out, you know, let's look at the, you know, reading the, um, uh, uh, reading and, uh, reading
the, the comments below a story is often the place to get it. Um, it is often a place to get the real
story here. Bottom line is Meta aren't the only company here, but they're so big and they're so successful, and yet they're still
looking to make more and more and more money on the backs of people's personal data and
clicking habits and web surfing habits and the downloading of cookies and all that sort of thing.
And frankly, it's just getting so tiresome how they are
continually doing it. To a certain extent, the GDPR regulation has failed somewhat. And that's
a point that a lot of people are suddenly making. But nonetheless, it's just so cynical.
In fact, a bunch of people sat in a room and said
i've got it this is how we get around it pay up or we're gonna track the hell out of you and even
if you pay up you're still gonna get a bunch of ads they just may not be targeted at you but
you're still gonna get a bunch of ads so yeah not great not it's horrible horrible
do you know what if jav was here, he would argue with you about something.
And I'm trying to play the role of Jav.
It's hard, isn't it?
Because you're not a real cynical git.
I don't have the words in me.
I just don't have that malicious bone in my body to make a personal attack on you instead.
Yeah.
Yeah, they are.
I'm used to that.
That's fine.
They have become so big.
So even people that say, oh, I wouldn't touch Facebook.
You've seen this where someone who doesn't have Facebook for so long,
but so many other people have labeled them in photos,
whether they're,
you know,
whether it's an official tag or not.
So as soon as that person joins Facebook,
they get hit with,
are these pictures of you?
Yeah.
Do you know what I mean?
It's like Facebook already have this entire shadow network of everyone.
And like,
you know,
you think they've got their hooks into WhatsApp and Instagram and God knows
what else.
Threads.
Threads. Yeah. This is just uh it's just it's not cricket is it it makes me feel dirty frankly it just you know and they've got a legal
team to just tie you out as well i know and that's the thing you know even if a big you know if a
government takes them to court um and we see this actually in this country when we come to
sort of planning applications and stuff like that you know if Sainsbury's wants to build somewhere
they'll build somewhere because all they do is just keep going back with more you know legal
action until the council can no longer afford to to challenge it in which case it it goes through
on the fact that it's no longer challenged and this is a very similar situation you know that they're they're running out the clock and it's just so
so cynical and so unpleasant you know why can't we all just get along man um just yeah
unpleasant yes it is
it is rant of the week
we're not lazy when it comes to researching stories no we're just energy efficient
like and subscribe to the host unknown podcast for more esg adjacent tips
okay uh in a little switch to uh a regular programming uh we have uh well andy we've got you doing billy big balls this week uh let's let's see what we can do with this one
okay this week's billy big balls is a is a guy called tim burke who is actually a reporter for
a news uh agency so a florida journalist was arrested and this is tim burke and charged with
breaking into protected computer systems in a case his lawyers say was less about hacking and more about
good investigative journalism so he was arrested on thursday he was charged with one count of
conspiracy six counts of accessing protected computer without authorization seven counts
of intercepting or disclosing wire oral or electronic communications for his supposed role
in the theft of unedited video streams from Fox News.
So amongst the type of videos that he saw,
there were sort of unaired anti-Semitic remarks about Kanye West,
which blows my mind that there's actually more out there
that we haven't seen.
Have they kept the worst ones
back or well exactly like you know what else is there um yeah and so his lawyer um maintains that
the uh clips were actually obtained legally and bur Burke is a journalist whose activities are protected
by the first amendment and they go the lawyer like fair play he actually goes into
you know a whole whole defense about how there wasn't enough you know once he got in using
stolen credentials he then was able to continue to dig deeper and deeper and deeper and just continue to find more
and more data and he's saying because he wasn't challenged every time he went to a different
system he didn't know that it was um you know protected um and so because of that protected
after his stolen credentials worked well exactly i mean um and you know he's using stolen credentials worked. Well, exactly. I mean, you know, he's using stolen credentials.
There's no ID or password required.
Yeah, I mean, they're valid credentials
that get you into the environment.
It's obviously not a zero-trust environment,
but they get you into the environment.
Those credentials are therefore valid,
and he's being checked against those credentials.
I'm not saying it's good right i'm not saying it's good
i'm not saying it's right but it's it's it's a bizarre um defense isn't it well but i think they
did actually you know i don't think it's in dispute that they and the phrasing's very good
did utilize the internet to search protected computers and otherwise to secure credentials
which had been issued to other entities
to which they had no affiliation.
So that's the legalese.
They used stolen credentials.
But then the whole debate or arguments around
there's third-party sites that transmit these live feeds as a service they have password protected sites in this case um you know somebody on the internet
provided him with a username and password or credentials to access a demo account on one of
these services that happen to be used by broadcasters and so tim burke then logged into
the site of this demo account and was able to just, you know, change your URL here legal cases, the devil's in the detail,
to what extent could a hacker claim they're a journalist and just, you know,
OK, so we got in through this means, but actually everything after that was just easy.
All I had to do was a little SQL injection or all I had to do was just to run a little vulnerability
against XYZ database.
At what point is that defense valid?
Do you know what I mean?
Well, the lawyer is actually saying that they absolutely emphasize
that he did not attempt to conceal his activities.
Even a cursory glance tells you where the connection came from it pointed
directly back to his ip address and why was that because he wasn't being secretive about it he
didn't try to conceal it he didn't circumvent anything but concedes that uh fox did not
authorize it but that's the same as saying i walked into a into a a petrol station and
pointed a gun at them you know i didn't have a mask and pointed a gun at them.
I didn't have a mask on, pointed a gun at them.
I'm not concealing my activities here.
I'm demanding that they give me money with menaces and whatever.
I'm not concealing it.
I requested money.
I requested money.
They were quite happy to give it to me,
especially after I waved the object that was in my right hand in their face.
When I showed them my Second Amendment right,
my expression of Second Amendment.
But yeah, so the case hasn't been,
he's not successfully won his case yet, put it that way.
This is still ongoing.
He's not lost it either, apparently. But he's not successfully won his case yet, put it that way. This is still ongoing. He's not lost it either, apparently.
But he's not lost it.
But a legal fund has been set up to help support this case.
But I have to admire the defence.
It's all going to come down to a good lawyer.
It's not bad.
I mean, the saving grace for him, I would say, is it's Fox News.
So, fuck them.
Who cares?
Yeah, and there's some embarrassing footage of Tucker Carlson as well, apparently.
Well, you can watch that days at nine.
It's not just Kanye.
Apparently, Tucker Carlson's doing some embarrassing stuff as well.
Although he was fired from Fox, wasn't he?
He probably was. Sorry, let go.
I think he was let go in a...
They mutually agreed to part ways?
Yeah, exactly.
So that he could pursue other interests,
i.e. Vladimir Putin.
Yeah.
Oh, he did that interview.
Yeah, that was crazy.
Oh my God, it was awful.
Absolutely awful. What a sim was crazy. Oh, my God. It was awful. Absolutely awful.
What a simpering idiot.
Anyway, I'm trying to think of an InfoSec angle to it.
I don't know.
Brilliant.
Thank you, Andy, for this week's
Billy Big Balls of the Week.
Big balls of the week.
People who prefer other security podcasts are statistically more likely to eject USB devices safely.
For those who live life dangerously, you're in good company with the award winning Host Unknown podcast. All right, Andy, keep your microphone switched on.
It's still not time for you to relax because you've still got more to do.
What time is it, Andy?
It is that time of the show where we head over to our news sources over at the InfoSec PA Newswire,
who have been very busy bringing us the latest and greatest
security news from around the globe.
Industry News
UK unveils draft
cybersecurity governance code to
boost business reliance.
Industry News
34 million Roblox credentials exposed on dark web in three years
Industry News
Biden bans mass sale of data to hostile nations
Industry News
US government wants healthcare its biggest target for black cat affiliates
Industry News
Savvy seahorse targets investment platforms with DNS scams is biggest target for Black Cat affiliates. Industry news.
Savvy Seahorse targets investment platforms with DNS scams.
Industry news.
Pharma giant Sankora reports cyber security breach.
Industry news.
UK Home Office breached data protection law with migrant tracking program ICO fines.
Industry news.
Five Eyes warn of Ivanti vulnerabilities, exploitation, detection tools insufficient.
Industry news.
Biden warns Chinese cars could steal US citizens' data.
Industry news.
And that was this week's...
Industry news. data industry news and that was this week's industry news huge if true huge huge color me surprised about the current government's home office
breaching data protection laws as regards migrants i mean that seems to be the least of their crimes.
You know, I mean, we've got far bigger stuff to worry about,
you know, but, you know, human rights and stuff like that
and, you know, trafficking of people into other countries
and all that sort of stuff.
So, you know, really, just tracking them just seems like a non-issue, really.
Yeah, so they just slapped an ankle monitor on any migrant
that came to the country.
Just gets given an ankle monitor that tracked the GPS location.
What?
So treated like a criminal straight away.
Yeah.
They said it was designed to test whether electronic monitoring
is an effective alternative to detention
in maintaining regular contact with migrants
and reducing the risk of absconding.
Yeah.
See, I'm...
I mean, come on, right?
What's stopping them from just cutting it off
as soon as they leave, just disappearing,
as a lot of migrants do?
And in fact, if you're being treated like that
in the first place, you're more likely to abscond,
aren't you, rather than,
OK, this is a great place to live, you know,
and I'm being
I wouldn't say
I could be settled here
but yeah
I could settle here
this place
looks like it's got
some good morals
and ethics
Biden warns
Chinese cars
could steal
US citizens' data
so yeah Chinese manufactured automobiles obviously onto Chinese cars could steal a US citizen's data.
So, yeah, Chinese manufactured automobiles, obviously.
Is this back to the old China thing?
Or is there an actual...
You know, they could track away... Well, do you know what?
I mean, I don't keep up with a lot of US politics,
but do you know, like, how in the UK the Labour government
is getting a bit more right wing
to appeal to the conservative voters and sort of try and steal people from there i wonder if biden's
trying to like you know get some of the old trump supporters coming across true um you know and sort
of china um and yeah he's quoted as saying like you know uh i've secretary of commerce to conduct an investigation into connected vehicles with technology from countries of concern and take action to respond to the risks.
And then said China is pursuing unfair practices to dominate the future of the automobile market, including flooding the US market with its vehicles.
I'm not going to let that happen, emphasised Biden.
As opposed to Tesla.
Oh, yes.
I mean, Tesla is the meta of the car world.
Yeah, it's full of Chinese parts as well.
Yeah, yeah.
And he's also talked about banning the mass sale of data
to hostile nations.
A bit late on this.
If you've been doing that for a long time already,
surely it's a little bit late.
Yeah.
So it was okay to do it before,
but now all of a sudden you can't?
I don't understand what the...
Yeah.
Politics, eh?
I mean, obviously, if you're a criminal
that's got all this data,
you're going to say,
well, actually, there's new executive order.
We can't sell this data to...
Oh, jigs up, lads.
Yeah.
Tear off your computers.
Oh, no.
It's stolen data.
We can only sell it domestically now.
You know, we can't afford to.
That's right.
Yeah, do you think there's much market in, you know,
in, I don't know, Bratislava at the moment?
Oh, dear.
Slow news week.
Five Eyes warn of Ivanti vulnerabilities exploitation.
Oh, that's, I mean, God, Ivanti is in the news every week
at the moment, isn't it?
Yeah, they're on a bad run.
They're being hit hard.
Detection tools insufficient.
It's so bad that even if you're monitoring it,
it's not going to make any difference.
Jesus.
So the recommendation is,
or all the agencies that provide recommendations,
assume that user and service account credentials
stored within the Avanti VPN appliances are compromised.
Jeez.
Oh, my God.
Damn.
It would be interesting to look at the Avanti share price.
Over the last few months.
And who sold just before it happened?
Any more.
Pharma giant reports cybersecurity breach. Meh. and who sold just before it happened any more farmer giant
reports cyber security breach
meh
nothing sexy
I like the
stunt hacking stories
you know
like where they hack
I mean
it's not sexy
but we do have a savvy seahorse
yeah
I'm just trying to put
in
it's just a DNS
hack right
it's
they just
jazzed it up because it's been a DNS hack, right? They just jazzed it up
because it's been a while since we had
DNS. Oh, hang on a second. What sets
Savvy Seahorse apart is its advanced
methods, including the use of
fake chat GPT and WhatsApp
bots. These
automate responses to users, coaxing
them to divulge personal information
in exchange for promised high returns on
investments.
Same scam, just using AI, right?
And on that slightly depressive note, that was this week's...
Industry News.
Right, well...
Tom, why don't you take us home with this week's Tweet of the Week?
Thank you. You could see me kind of like just looking at you saying,
are we going to swap roles this week?
Well, yes, we are.
Because it's time for...
Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
And it is, alas and alack, Tweet of the week And it is alas and alack
Tweet of the week
And I see you've left me a great one here
With an unpronounceable letter
So this is from
FN8
What is that?
Fn8? Fnart?
I don't know
So which is at underscore FN8 underscore
On Twitter Because we refuse to call it X So the tweet is which is at underscore FN8 underscore on Twitter
because we refuse to call it X.
So the tweet is,
in truth, if your password has,
and here's the letter N with two dots over it,
you are unhackable.
Great password advice.
So two things.
Firstly, if anybody knows how to pronounce that letter N,
N-E-R-N-E-R So I don't know how to pronounce the N,
but the thing on top is like a tilde.
So it's the N that's in mañana in Spanish.
Oh, it's the wiggly line, not two dots.
Yeah, it's not the wiggly line.
No, it's called a wiggly line,
otherwise known as a tilde.
Or a Swinton if you cockney.
Yeah, so we call it the tilde,
but the Spanish call it a verguilla or something.
I'm murdering that pronunciation.
That's right, I've murdered the letter as well.
But it's the N in mañana. I know that pronunciation. I've murdered the letter as well. But it's the N in
manana. I know that one.
What, the first
or the second one?
The second
one.
No, actually I don't know.
I wasn't
prepared to be questioned.
Guy,
this is a hospital pass of a tweet, I have to say.
But there is an element of truth. The first N.
Say it again?
The first N.
Man, N, N, N, N, N, N.
Yeah.
But there is an element of truth in this
because there's also the domain name thing, isn't there,
that you can't, if you say, you know, British Airways, but the A has got a little thingy, you know, a couple of dots over it or a tilde Swinton or whatever, you know, on top of it.
So it looks really close, but actually it's a completely different domain name.
So it can be spoofed. So you can think you're logging on to British Airways.
You're looking at it. It's got the little lock.'s got britishairways.com in there spelt out but it's so
tiny at the top of your screen you can't see it and this is i guess this is the the response right
unless i mean it's you're a spanish hacker
well exactly i was gonna say it's uh quite funny that i think one of the replies was
this is terrible advice
as you can imagine oh dear yeah yeah we just just just speak the same language it's fine
all right that was this week's tweet of the week well we've uh we've sped through that this week's We've sped through that
this week, haven't we?
We're not carrying dead weight.
We're not. We're not. And we're doing it late
at night, so we're desperate for our
cocoa and bed.
A little bit of a Rip Van Winkle
vibe going on here.
So, yeah.
Thank you, Andy, for
your time, effort, good humour, wit and your ability to not be dead weight.
Stay secure, my friend.
Stay secure.
the Host Unknown podcast.
If you enjoyed what you heard,
comment and subscribe.
If you hated it,
please leave your best insults on our Reddit channel.
r slash Smashing Security.
Is this the time when we say
we may not have a podcast next week?
Potentially.
Or we may outsource it.
See you later, guys.
You're away.
Jav's away.
You want a break?
Am I on a break?
I don't think so.
I mean, it could just be me.
Yeah.
But it would be, I mean, much as I think it would be the most listened to episode ever, I would not want to do that
to you two
We've already lost people
I can't afford to lose anymore
Unsubscribed
Maybe I could
get Graham and Carole, maybe we could do
the Smashing
crossover
Basically it's
an episode
of smashing security
but you're the guest
yeah
no
but they're the guest
because I'm always
a guest on smashing