The Host Unknown Podcast - Episode 188 The Don't Mention The Name Episode
Episode Date: April 1, 2024This week in InfoSec (07:32)With content liberated from the “today in infosec” twitter account and further afield20th March 2007: Dragos Ruiu announced the first Pwn2Own contest, which was hel...d that April in Vancouver, Canada. The contest is still being held today - and in fact Pwn2Own Vancouver 2024 started today.https://twitter.com/todayininfosec/status/177059269525524903816th March 1971: The first computer virus, Creeper, infected computers on the ARPANET, displaying "I'M THE CREEPER : CATCH ME IF YOU CAN." It was named after the Creeper - a villain from a 1970 episode of the TV series "Scooby-Doo, Where Are You!"https://twitter.com/todayininfosec/status/1768973007555375317 Rant of the Week (14:29)Majority of Americans now use ad blockersMore than half of Americans are using ad blocking software, and among advertising, programming, and security professionals that fraction is more like two-thirds to three-quarters.According to a survey of 2,000 Americans conducted by research firm Censuswide, on behalf of Ghostery, a maker of software to block ads and online tracking, 52 percent of Americans now use an ad blocker, up from 34 percent according to 2022 Statista data. Billy Big Balls of the Week (23:01)Execs in Japan busted for winning dev bids then outsourcing to North KoreansTwo executives were issued arrest warrants in Japan on Wednesday, reportedly for charges related to establishing a business that outsourced work to North Korean IT engineers.At least one of the individuals – a 53 year old named Pak Hyon-il – is a South Korean national. His alleged accomplice, 42-year old Toshiron Minomo, is Japanese and once worked for Hyon-il, according to local media.Pak served as president of Fuchu-based IT firm ITZ, while Minomo was the head of Fukuyama-based Robast. Industry News (29:09)UK Blames China for 2021 Hack Targeting Millions of Voters' DataFake Ozempic Deals on the Rise as Experts Warn of Phishing ScamsPortugal Forces Sam Altman's Worldcoin to Stop Collecting Biometric DataOnly 5% of Boards Have Cybersecurity Expertise, Despite Financial BenefitsUK Law Enforcers Arrest 400 in Major Fraud CrackdownChinese Hackers Target ASEAN Entities in Espionage CampaignNHS Trust Confirms Clinical Data Leaked by “Recognized Ransomware Group”US Treasury Urges Financial Sector to Address AI Cybersecurity ThreatsCISA Launches New Cyber Incident Reporting Rules for US Defense Contractors Tweet of the Week (40:52)https://twitter.com/bettersafetynet/status/1773626490384511113 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
who's our guest this week uh no guests this week unfortunately it's just uh it's just the
original crew you and i it's yeah it's just just us us sole founders okay um that's a shame i guess
i guess it being good friday that doesn't surprise me really exactly but it's always difficult to get
hold of people yeah exactly i know i know graham wasn't available and uh you know anybody else
worth talking about but uh okay Well, let's get cracking then.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us. And welcome, welcome one and all to episode 188 of the Host Unknown podcast.
Welcome, dear listener. Welcome, everybody. Welcome. And it's so good.
It's just a pure vanilla episode this week with no sort of random guests appearance. So fantastic.
How have you been? There's pure vanilla episode this week with no sort of random guests appearing, so fantastic. How have you been?
There's nothing vanilla about this.
Do you know what? I'm looking at the screen now and I realise this is the Easter egg episode.
Like, our finely polished domes look like Easter eggs.
We are on brand this week.
We are. We are on brand.
It's good. That's why we didn't have any guests, right?
If only people could see
what a pair of tits we look like but when you put us together literally without the nipples yeah
yeah exactly but it's amazing what you can do with makeup indeed highly polished domes highly
polished indeed so have you had a good week this week uh i have and you know what one thing uh i looked at some of
your um twice talks online oh yes uh or at least i started to uh listen to one of them um and you
know what surprised me is that you you opened it as you opened this podcast good evening good
morning good afternoon good evening and welcome what and welcome. Hang on a minute.
This stuff's trademarked.
This is copyright material.
I'm going to have to check your contract.
The non-disclosure, non-compete.
I can't believe it's taken you two years to work this out.
Oh, you know, it's been on my to-do list.
But, you know, it's just one of those things. It just keeps getting nudged lower and lower and lower.
I know, I know.
The fact is, I know I can say it really easily now without even thinking.
So even when I do, I've done some interviews for other companies and stuff like that.
I use it there as well.
Whenever I'm in front of people, easy, easy, easy. I can you can do it can do it so it just rolls off
yeah all the pre-programmed stuff you got going on exactly yeah no it's the end of the financial
you'll never guess how i sign off now stay secure my friends stayure absolutely every time on the Tice webinars I do that as well so uh I mean well I
mean let's face it I did copyright it many many years ago so um I think actually it was a joint
copyright between us it's a host unknown copyright yeah yeah yeah I was gonna say there was uh you'll
see my name on there as well yeah yeah exactly but yeah so well i'm glad i'm glad you listened to
one i'm not even going to ask if you enjoyed it or not because uh you know we we don't we try not
to encourage too much swearing on this show let's face it too much feedback yeah you don't need that
kind of negativity on it i don't on a holiday weekend not on an easter weekend exactly no oh dear but how's your uh how's your week been do you know what I'll tell
you it's been a tough week and I have to say I I'm glad it's a four-day week because I was feeling
murderous by the end of play yesterday oh my god just a tough week so but but you know the less we
talk about the better so it's good to have two four-day weeks um just to sort of get uh you know, the less we talk about, the better. So it's good to have two four-day weeks just to sort of get, you know,
get back into the swing of things.
The only downside is I've got to take my car in for a service on Tuesday morning.
I know it's going to cost me nearly four figures, if not four figures to do,
because it's a Mercedes and it's, you know, four-plus years old now.
And, you know, and I need two tyres.
So that's 500 quid straight away.
That's a monkey gun.
Yeah.
It's kind of like, you know, it's almost like I can see the future
and my future is poor.
That's what it feels like.
And yet I drive out with exactly the same car.
I don't get it.
Do you know what?
So Mercedes and those sort of areas,
I remember going with a friend of the show, Mikey,
a long time ago when he had a Beemer.
And his Beemer was four years old
and he took it in for service.
And I drove up there with him
because I was giving him a lift back to the office afterwards.
And when we got in there, the guy was sort of like,
you know, he took the,
oh, the way you spoke to him, like, what we call like gas lighting he's saying oh this is going to be uh this you might as well buy a new car so it's it's just over three years old now
this one it's like almost as if he was driving this complete piece of junk that just needed to
be chucked out the way you spoke to him and there's me in my, I had like my 10-year-old Fiat Barchetta at the time.
I was like, dude, he thinks that, you know,
three and a half years old is old for a car.
I was like, I'm happy with mine.
I did hear that the difference between like the German cars
and the Japanese cars.
The German cars are very well built.
They will run, you know know for hundreds of thousands of miles
often on the original engine block you know and all that sort of stuff but only if they are
regularly maintained um you know and uh whereas sort of japanese cars and i think the um that the
toyota uh what we what we referenced it in the other show like the the one that top gear
tried to blow up and just could not destroy you know the actual the japanese ethos is people will
not maintain their cars therefore we have to build them to run until literally the very very end
you know when when the engine oil is like is is like treacle or honey, you know, hard honey or whatever.
You know, so it's an interesting thing.
Both of them last about the same amount of time,
but one needs a lot of maintenance and the other one doesn't.
It's just a lot more reliable.
Yeah, yeah, that's right.
So, you know, I guess it pays you money, it takes what you get,
but it's fascinating.
Anyway, this is not Top Gear.
This is Host Unknown.
We're a topical, apparently, a topical information security podcast.
At least that's what it says in our description anyway.
So shall we see what we've got coming up for you this week?
This week in InfoSec really requires people more qualified than us to discuss.
No surprise there.
Rant of the week is all about blocking and tackling, as the Americans say.
Billy Big Balls is the ultimate outsourcing hack that companies don't want you to know.
Industry news is the latest and greatest security news stories from around the world.
And tweet of the week is a challenge to change your mind.
So let's move on, shall we, to our favourite part of the show.
It's the part of the show that we like to call...
This Week in InfoSurf.
It is that part of the show where we take a trip down InfoSec memory lane with content liberated from the Today in InfoSec Twitter account. And our first story takes us back
a mere 17 years to the 20th of March 2007 when Dragos Rui announced the first Pwn2Own contest
which was held that April
in Vancouver, Canada.
And that contest is still being
held today and in fact
Pwn2Own Vancouver 2024
started
just last week.
How fantastic is that?
So Pwn2Own's computer
hacking contest is held annually at the CanSec West Security Conference.
And it's where vendors literally, they can just bring their kit down and people just go at it and try and hack it.
And then, you know, it's now grown into this huge thing where there's massive prizes.
now grown into this huge thing where there's massive prizes and in fact a lot of the stories in the last week have been about how uh companies google mozilla tesla they've all fixed uh
vulnerabilities that were discovered um at pine to own by by teams there um but on you know the
first day it's like free pen testing right well it's not free obviously you've got to you know
incentivize people but um yeah so i I think on the first day this year,
contestants demoed 19 zero-day vulnerabilities in Windows 11,
Tesla, Ubuntu, Linux, and other devices
to win a total of $732,500 and a Tesla Model 3 car.
So some big prizes on offer there.
So $735,000 in total.
Given it's a Tesla car.
I mean, come on.
Build quality alone.
Oh, dear.
No, but yeah, so they actually, as a group uh synactive won the tesla model 3
um and also two hundred thousand dollars in total after hacking tesla
um in under 30 seconds oh bloody hell overflow yeah so it's it's not it's not good for the ego
uh put it that way your chief your head dev is not going to have his ego stroked.
You're going to get punched in the face in that one,
metaphorically and possibly even physically
if you take it the wrong way.
I can tell you that's pride that you feel stinging with it.
That's pride you feel running down your legs.
But that's our second story.
Takes us back a mere 53 years to the 16th of March 1971, when the first computer virus, Creeper, infected computers on ARPANET,
displaying, I'm the Creeper, catch on ARPANET displaying,
I'm the Creeper, catch me if you can.
And it was named after the Creeper,
who was a villain from a 1970 episode of TV series,
Scooby-Doo, Where Are You?
And I miss the days of... The good old days of viruses.
The good old days.
This is why it's a shame because it's, you know,
because it's a public holiday today,
we couldn't afford Graham Clewley's fees to get him on.
No, it's time and a half on a holiday.
Yeah, well, time and a half.
That's if he's doing us a favour.
That's to take the call, I mean.
Oh, right, yeah, of course.
Then we get to negotiate his fees.
But, yeah, this is exactly the sort of thing that he loves.
I mean, he was a young lad of 22 at the time, I believe,
you know, early in his career.
Yeah.
Yeah, he'd tell us more about this than we would find out if we even click the link
let's face it well you know what i can tell you is that creeper had a minimal impact on the
computers it affected and actually infected no more than 28 machines as that was the number
of machines that was running the 10x operating system on ARPANET.
It's one of those limited, limited,
I'm sure it was a big deal at the time.
Yeah, because it was probably... I think these days, if you think 28 machines is a big deal,
getting infected these days,
that's pretty much one developer's test lab running his VMs these days.
Well, exactly, because actually it infected 28 of the 32
that were on the internet at the time.
Oh, my God, 90% of us, the ARPANET is down.
Oh, dear, nice one. Excellent. Thank you, Andy, for this week's. and that is down oh dear
nice one
excellent
thank you Andy
for this week's
this week
in InfoSwim security podcast they raise the average iq of both audiences you're in good company with the
award-winning host unknown podcast do you know what i'm so we're gonna tell everyone we're excited
that we yeah we've got that random button we've got i've got a random jingle button now yeah
do you want evidence i'm gonna press the same button. You ready? Ready?
This is the award winning Host Unknown podcast, guaranteed to be a solid five out of 10 at least once a month or twice your money back.
And you can take that to the bank.
I'm telling it no more pressing the wrong jingle button.
You know, no more the podcast that the queen listens to
no more um me getting lost and thinking oh what am i going to press next it's i've got
random jingle set up yeah and you know i'm glad that we didn't publish the um the princess kate
um jingles that you know it was it was lucky we didn't go on air that week because that that
wouldn't have aged.
That was close, actually.
That was close.
It's a shame we're not going to get our money back
from your Jingleman either, is it?
No.
I know, but it is what it is.
He did warn us.
He did warn us and he did get us to sign a waiver.
But, you know.
Right.
Let's move on, shall we?
It's time for this week's.
Listen up!
Rant of the Week.
It's time for Mother F***ing Rage.
Right. Rant of the Week. What is the rant?
Oh, yes. Yes.
So apparently, according to a study, which you can see if you click on the link in the show notes,
the majority of Americans now use ad blockers.
So more than half. I mean, that being the majority, I guess.
I think it says 52 percent off the top of my head are using ad blocking software.
And the people that are doing it are mostly advertising programming and
security professionals um so it seems like well apparently more than half of americans are in
advertising programming and security it would seem but uh i'm not entirely sure how that works
um but uh but certainly amongst that group it's an even higher
proportion but but yeah 52 that's quite considerable so it's a survey of 2 000 americans so
statistically i'm not quite sure what that might be uh and what their socio-economic backgrounds
are uh it's carried out by research firm census wider on behalf of Ghostery, a maker of software to block ads and online tracking.
50% now using ad blocker.
Up from, get this, 34% in 2022.
It's quite a jump.
Yeah, it's a massive jump.
Massive jump.
So I think the ranty part here is this doesn't surprise me at all, because, you know what?
I think the standard advertiser's response to this will be what more than half of people are blocking our ads.
We need to deliver twice as many ads in that case, which I mean, you could absolutely see that decision being made.
I mean, you could absolutely see that decision being made.
And I think people are just fed up with the amount and volume of ads and not just the volume, the quality of the ads.
The fact that the ads in many cases carry malware, take you to criminal sites that will try and strip your data, etc. And also are using your personal data in very sort of nefarious and very often we see illegal means.
So it makes no surprise to me. Now, obviously, there is an argument that if, you know,
if you want certain websites for free, you've got to pay for ads, which is not a problem.
This is why we have, you know, certainly in the UK, commercial stations are ITV and all that sort of thing.
And you watch the ads. That's the quid pro quo for the free programming. Right.
But in this instance, I think the online ads, as I've said, are so insidious, are so plagued with, you know,
insidious are so plagued with uh you know problems and uh you know criminals uh leveraging the advertising platforms uh to either deliver malware or get try and direct you to a site which will
you know try and attack you etc plus the fact that they are well let's face it buying data from
companies that um you know that gathered gathered that data without our knowledge.
So, for instance, you know, having you're having a conversation about, I don't know, horse feed.
And the next thing you know, you've got adverts for horse feed and horse bedding and things like that because they're either listening to you on your microphones
or as we covered in a show I think about a year or so ago even when you don't grant it access to
the microphone it's using the accelerometer in your phone to listen to your conversation it's
listening to vibrations it's picking up in the air which is just shocking so it doesn't surprise me at all and and frankly if we if
advertisers want to start seeing a drop in the number of ad blockers they've got to smarten up
their game it's a it's a bit like when um digital music started happening and uh music companies
just did not embrace it and pushed back and started to to criminalize uh people um for
downloading tracks that were not available in their in their region or downloading tracks which
would then lead them to potentially buy uh actual music what they should have done was embrace it
early on which they did eventually but embrace it early on um and and in such a way actually provide a better product
and a much needed product for for the market so so yeah it doesn't surprise me at all in
advertisers you've got to up your game but you know i i actually have for reasonable adverts
you know things so i've got you know friends who actually completely
embrace this type of thing say well they actually just want to see ads that are relevant to them
right whereas i don't want to see any ad full stop especially the other day i was so
pissed off with uh i used to subscribe to ground news um which is a news app that uh tells me
whether i'm reading sort of um content which is right leaning left that tells me whether I'm reading sort of content,
which is right-leaning, left-leaning, or in the middle.
And what it does, it highlights blind spots that I have.
So it will say, like, you know, you're reading a lot of stories from left-wing page.
You want to see something from the right side, you know, to see, you know,
what the alternative view is.
Yeah, and so, you know, I was using it.
But, you know, last week, and it was after the um you know that bridge collapse in baltimore uh earlier this week and four of the
articles it served me had videos i couldn't skip um but they they blew up full screen on my phone
and i couldn't get every time i closed minimally it came back up full screen
and because of i literally i
unsubscribed immediately i was like that's it i'm not paying for this anymore and i'm done with it
and i even got an email saying why are you leaving you know and i was like because the stuff you're
serving me is not i'm not having that and i'm pissed off as well with the prime amazon prime
now serving adverts even though i already pay for it, they're saying, you know,
we're now going to stick adverts into it, but if you want to add free,
it's another three quid a month.
Wait a second, what am I paying for already?
Yeah, exactly.
Yeah, adverts, bane of the world.
Yeah, they are.
And I'd love to know how successful they are.
Yeah, I mean, the click-through rate i can only assume is profitable but i guess
they quite literally have to serve more because less people are viewing them um you know i i for
instance use a pie hole you know the raspberry pi based uh yeah ad blocker it blocks it blocks
at a network level so and even when I'm out of the house,
it can still route traffic through it, et cetera.
And so that's really good.
I don't even have to run anything on my local computer.
But if people knew how easy they were to set up,
I think it would be end of days for this kind of online advertising.
Yeah.
Screw the advertisers.
Unless you want to come on and sponsor
this show. Yes, exactly.
We'll happily run your advert.
Yeah, absolutely.
Yeah.
It might pay for Graham to turn up.
Right. Excellent.
We'll take our course.
We'll take our course. Or take our course.
What's the point?
That was this week's
Rant of the Week.
When listeners leave
the Host Unknown podcast
in favour of another
security podcast,
they raise the average IQ
of both audiences.
You're in good company
with the award-winning
Host Unknown podcast. I mean, I guess audiences you're in good company with the award-winning host unknown podcast
i mean i i guess that was a one in 12 uh dice right i've got 12 jingles loaded up we just
played two the same two in a row right that's annoying that is in fact let me
you're listening to the award-winning host unknown podcast it's better than tinnitus
okay well that's good right shall we move on uh i think it's oh why don't you take this one
andy uh it is time for this week's
Time for this week's... Billy Big Balls of the Week.
I shall take this week's Billy Big Balls.
It's the type of story that sometimes guest Javad Malik would normally stand behind.
And it's about execs in Japan being busted for winning dev bids
and then outsourcing to north koreans so they have
been uh warned by their government for this so two execs in japan were issued arrest warrants
um for allegedly uh establishing a well not allegedly reportedly establishing a business
that outsourced work to North Korean IT engineers.
So it's an IT firm, ITZ.
In fact, it's two firms, ITZ and Robust.
So they obtained application development work from Japanese customers through a business brokering website and then outsourced it to North Koreans.
And the execs are sort of saying, well, we thought that they were in China.
But either way, the work was been carried out without the customer's knowledge or consent for it being outsourced.
But, yeah, it's the authorities basically busted us by they sort of found suspicious remittances to the North Korean IT engineers whilst investigating another case of development of a smartphone app.
IT engineers, whilst investigating another case of developing a smartphone app.
For free, yeah, which violates Japan's Banking Act, you know, to sort of send or make payments.
There have to be sanctions in Japan against North Korea.
I mean, there's sanctions globally around North Korea.
It's one of the reasons why it's such a poor country. Well, exactly that.
Surely they knew what...
Yeah.
I mean, what?
Well, I mean, it must be cheap because they're saying like well you know hiring a north korean to do some development work may be cheap and
efficient um you know and also you may get unintended side effects such as malware and
you know sort of backdoors in the code that they're writing but um it also uh yeah means you're probably contributing to to you know foreign
currency slush fund for uh yeah activities maybe legal and illegal whilst violating sanctions
domestically um it's it's why we have sanctions it's why we do this stuff
yeah it's much yeah still cheap cheap developers out there um but i think there
was um oh it was just last year wasn't it in about october time where we actually read how
u.s and south korean authorities released guidance on how to avoid hiring north korean agents
um do you remember that came out because people were accidentally you know doing remote work and stuff like that um because you know all that money they make is is being used
to finance north korea's nuclear and missile development apparently so yeah yeah i mean the
warning signs address yeah you know i mean you've got that for starters right and then other warning
signs uh they say include a unnatural or non-proficient use
of the Japanese language,
dodgy use of IP addresses
and names used not matching names for payment.
I mean, these are some things
that you think a HR department may look at.
But yeah, but fair play.
I mean, do you know what?
These two guys, they set up their business
and they thought, do you know what?
I've got a great idea. You know, we can bid for all this work. We'll win it at a reasonable price.
We can get the work done really cheap because we're offloading it to our neighbours who are prepared to work for pit ends.
And, you know, we're probably not contributing much to these nuclear launch programmes.
I can think of the two sentences that that happened
while those two were in a room which was the first one was fuck it and the second one was
what's the worst that could happen yeah exactly
and i think they just found out yeah it's uh the um uh what someone else has said you know one of the other uh giveaway signs
is that uh unavailability to attend a drugs test or in-person meetings
so sorry i'm north korea or yeah can you can you bring the pot to this fence
just hit the north part of South Korea
and I'll see if I can hit it from my side
oh my god
that's incredible
wow
is this incompetence
I don't know
or just thinking
it's so ballsy they can't fail.
I'm in absolute confusion at this.
Sometimes you just...
They could say, we don't discriminate.
We don't see nations.
We just see talented developers.
I mean, as they got arrested for it, did they say, huh, racist much?
Yeah, exactly.
Oh, man, that's bizarre.
Utterly bizarre.
That should be the bizarre Billy Big Balls of the week this week.
Thank you, Andy.
Billy Big Balls of the week.
Thank you, Andy.
Billy Big Balls of the Week.
You're listening to the award-winning Host Unknown podcast.
It's better than tinnitus.
Okay, I think I need to check the dictionary definition of random.
Because that's twice now. It's played the same one in a row who knows it's a random possibility it's a random possibility yeah um if only we had
time to do it right now because talking of which what time is it andy it's that time of the show
where we head over to our new sources over at the infosec pa newswire who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News.
UK blames China for 2021 hack targeting millions of voters' data.
Industry News.
of voters' data.
Industry news.
Fake OZNPIC deals on the rise as experts warn of phishing scams.
Industry news.
Portugal forces Sam Altman's
WorldCoin to stop collecting
biometric data.
Industry news.
Only 5% of boards have cybersecurity expertise, despite financial benefits.
Industry news.
UK law enforces arrest 400 in major fraud crackdown.
Industry news.
Chinese hackers target Asian entities in espionage campaign.
Industry news. Chinese hackers target Asian entities in espionage campaign Industry News NHS Trust confirms clinical data leaked by recognised ransomware group
Industry News
US Treasury urges financial sector to address AI cybersecurity threats
Industry News
CISA launches new cyber incident reporting rules
for US defence contractors.
Industry news.
And that was this week's...
Industry news.
Huge if true.
Huge.
Huge if true.
What's Ozempic?
So I'm just clicking.
It's the weight loss drug that celebrities have been using that yeah yeah yeah it's originally for diet you know it's how all
these things become popular it's originally for diabetics right um to help manage um well
originally for i think insulin response yeah but then it actually it turns out it suppresses
appetite and so um people
you know stop eating but then celeb started using it and then there's a massive uh shortage last
year where they had to um like actual diabetics that needed it for medical reasons couldn't get
it because people were buying it for sort of vanity reasons so the the uk government had to
put out a thing saying there's no off-label prescribing allowed at the moment um
but yeah it's i mean i've seen you know i actually thought i would love to give this stuff a try you
know when it came out it just sounded so good to be true um but then like the more you read into it
like the amount of people that just say it's not worth it like you know they just oh they have
awful experiences on it um yeah and some people still you know
no suffering the side affection when they did it and it's one of these things you've got to
keep doing it ongoing um so you know you're signing up for for this ongoing but um yeah
made big by uh i think even um musk uh elon musk used it for weight loss as well yeah but yeah one of the big celebs so like
anything as soon as um as soon as something becomes popular and in the zeitgeist criminals
are going to jump in on it and try and profit from it effectively well exactly i mean all we're
looking at here is just phishing scams right it's not it's just a different topic different subject header yeah exactly it's
not viagra anymore it's ozempic yeah exactly um i did like and i think this was uh clearly done by
their pr department the nhs uh nhs trust that confirms clinical data was leaked by recognized
ransomware groups so you know they haven't been hacked by a little like, you know, a little crappy group. This is a recognised ransomware group.
You know, this is clearly a sophisticated attack.
This isn't just 14 year old little Timmy from his bedroom.
Exactly. This is 13 year old Ivan, who's part of a bigger organisation.
Mind you, the NHS are all about their announcements this week
because they also announced that you don't have to eat an Easter egg all in one go.
Who knew?
Rubbish.
Yeah.
That is.
Yeah.
I'm not sure that's clinically correct.
No.
Yeah, I think that they just need to up their game i think that they need to try harder yeah they need to try harder in fact i also saw
improvise adapt overcome yeah exactly i also saw that uh the uk's Nigel Farage decided to push back against that as he found it, the advice patronising.
And with a picture of him with his infamous, well, one could only call it a shit eating grin,
holding up a half eaten Easter egg saying he's going to basically stuff his face this Sunday, even if it ruins his dinner.
He's going to basically stuff his face this Sunday, even if it ruins his dinner.
So, yes, some sage and sound advice there from the man who engineered Brexit for the UK.
And the fact that he can't eat a whole Easter egg and then follow it with his dinner just shows what a weak man he is.
Yeah, exactly. Just shows him up shows him up uh another uk one china blaming china for the 2021 hack uh of voter data i mean it does feel
like you know all of these announcements it's like what week is it it's the first week of the month
oh it's china then what week is it second week of the month it's russia yeah what week is it third
week do you know what worries me about this china one yeah this the thing that worries me about the china one is i think that the
uk government's getting ready to um sort of follow in uh the u.s footsteps in terms of uh suppressing
tiktok and sort of like figuring out a way to yeah you know tell people it's no good for us look at what china does look
at this chinese app it's i genuinely think right the government are worried because
tiktok allows information to to spread yes rife yeah um yeah and there's obviously a lot of gen z
and younger people very left-leaning uh very different politics to the people that are in
power at the moment and i don't think there's any more misinformation on TikTok
than there is on any other social media platform.
You just have to look at Facebook, right?
You really do just have to look at Facebook.
And it just tells you everything you need to know about the state of our nation
and the state of our world, for that matter.
TikTok is not the source of this.
But then again, we do have a general election in a few months don't we well exactly which is why they want to stop that uh stop people from talking anyone that's not
conservative likely to vote conservative i mean there's all these things right you know there's
even talks about how they um i think you know know, they wanted to do it for October originally
because then that means a lot of students won't be registered
at their new address in time,
so they wouldn't be eligible to vote and all these type of things.
There's all these conspiracy theories about why October benefits the...
I mean, yeah, why not call it now?
Do you know?
Other than the fact they're going to lose for sure. They're going to lose regardless. Yeah, why not call it now? Do you know? Other than the fact they're going to lose for sure.
They're going to lose regardless.
Yeah, exactly.
But if it's October, just go home and go home again.
Cost of a train journey, which I know is expensive,
but then again, so is having tourism again.
But go home and vote in where your home is, if you see what I mean.
I think it's something to do with where you're registered, though, isn't it?
That's the problem.
Well, you're registered...
You can only vote where you're paying tax.
You're registered where you live until you register otherwise, right?
What it means is you can't...
Yeah, but then most people move in September or August, September time.
Yeah, so let's just say somebody moves from, I don't know, Birmingham to London, right?
They're still registered in Birmingham.
They might need to re-register for London.
What it means is they can't vote in the London general election.
They have to go back to their registered address.
Yes.
And that's what they're banking on, is that people won't go back.
They're lazy.
Yeah.
Yeah.
Well, they're students.
Right.
Yeah. yeah yeah yeah well they're students right yeah well actually that's purely a personal recollection of when i was a student in fairness um from what i've seen so far uh students these days are
anything but what else have we got let's do one more shall we oh uh oh only five percent of boards have cyber security expertise despite
financial benefits do you know i'm still shocked by by stats like this um there is so much talent
out there that could provide you know boards context and et cetera on this,
but it is still not seen as a priority.
But are we any worse off than some other departments,
like marketing, for example?
How many marketing execs sit on the board?
Marketing is probably pretty well represented on boards.
Really?
Yeah.
I don't know.
I'm just speculating.
I'm just thinking.
No, fair enough.
You're always going to have finance.
You've always got a CFO up there, don't you?
Yeah, you've always got finance and the business people, right?
One thing you can guarantee about marketing is that they're very good at marketing themselves as well
yeah so that's why i think brand management yeah exactly that's why i think they probably are
uh represented fairly well but i couldn't i couldn't say for for certain but yeah it just
does surprise me that as it says despite the obvious financial benefits there is not a push to get more you know
cyber security folks onto boards or if there is they don't come knocking at my door
i think the problem is they're just snowflakes and you know the rest of the board don't want to
yeah security people are snowflakes well and also security people don't
know how to talk to the board which is the subject of virtually every other talk at the rsa conference
this year probably and every year for the last 15 yes exactly exactly in fact i did one called
playing the game of thrones just you know trying to pick up on the zeitgeist at the
time of game of thrones yeah but i hadn't seen game of the game of thrones at the time you did
that talk yeah yeah what why is that funny why why are people laughing yeah i did one i was talking
something about building relationships and i had uh the pictures of cersei and uh what's
what's his face her brother so anyway all right that was this week's industry news
in 2021 you voted us the most entertaining cybersecurity content amongst our peers.
In 2022, you crowned us the best cybersecurity podcast in Europe.
You are listening to the double award winning host unknown podcast.
How do you like them apples?
Well, thank God that was random.
Right.
Okay.
Let's, why don't we take this home now with this week's
Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
Who's doing this?
Why don't you take us home, Tom?
Okay.
So there's this, it's a perfect tweet because it's a picture
um but the picture is of of the guy who's in the public park with a table uh in front of him with
a big poster that says you know well whatever you want it to say with change steve crowder's
changed my mind yeah steve crowder is that who it is? Yeah. Who's Steve Crow? American Canadian conservative podcaster.
Ah.
So the original, like back in the day, the original one, this was 2018,
he sat outside Texas Christian University with a sign that said,
male privilege is a myth.
And that's the original.
Ah.
And he just changed my mind.
And he posted that and then people took it.
And he's been memed ever since.
Very good.
So the actual, on the poster on the front, it says,
fishing exercises are worthless and have no training value.
And the tweet says, technical controls or GTFO?
Get the flip out.
And this is a tweet from Mick Douglas, Better Safety Net.
And he says, while fish click rates are easy to measure, they don't improve security.
And most users take away from these are that the security team is the enemy.
Which depends.
As every good consultant says,
I think in many, many cases this is true, right?
Because it is just used as a hammer,
not as much as anything else.
But if they're run well...
More stick than carrot.
They can be...
Yeah, they can be a very good carrot. It's just that they're often used... More stick than carrot. They can be... Yeah, they can be a very good carrot.
It's just that they're often used as a stick too much.
Yeah.
And also, why can't we have fuss?
Well, exactly.
I was going to say, as someone else said,
you can't implement technical controls over personal email.
So training should extend beyond work accounts
because employees getting compromised via a personal email can jump an air gap. Yeah. So training should extend beyond work accounts because, you know,
employees getting compromised via a personal email can jump an air gap.
Yeah.
You know, particularly if it's blackmail or something like that.
Yeah, that's right.
That's right.
Yeah, that, what is it, those emails that you get that's saying,
basically, trust me, I'm a hacker.
I've seen you masturbating furiously to your favourite adult websites
unless you pay this money.
Click here and pay this money.
It cost me like three grand a month to keep up with those ones.
They've got photos of me and everything.
I seem to get like five or six a day for some reason.
I'm not sure why.
Although they don't like the response, publish and be damned.
Oh, I actually send them more pictures, like, yeah,
PZ's up-to-date pictures.
You probably didn't get my best angle.
Here's a HD camera shot.
And they're saying, look, please, all right,
I won't blackmail if you just stop sending me these pictures.
There's only so much I'm able to say.
Please, how much do you want?
Yeah.
How the hell did we manage to turn a very valid point around to just,
well, frankly, masturbation.
But there you go, and dick pics.
Anyway, that was this week's
well we have tumbled into the end of the show thank you so much andy for your uh time wit
wisdom honesty charisma and just general all-round presence for today's show damn i'm so egg-cited uh i just can't hide it
oh my god hang on i've got another one i've got another one hang on hang on hang on um um oh god it was a uh we're gonna
shellabrate this easter shellabra absolutely absolutely we could i hope your eggs are all
they're cracked up to be and we could even resurrect a few of the jingles for next time
hey you're so extra on this show
you're you're going chocolate i'm going religion yeah
oh dear excellent anyway thank you very much andy
and thank you stay secure my friends stay secure you've been listening to the host unknown
podcast if you enjoyed what you heard comment and subscribe if you hated it please leave your
best insults on our reddit channel worst episode ever r slash smashing security Right, so the challenge is to get this out
before the next day off.
Whee!
Won't be too long, hopefully.
No, exactly.
Yeah, well, I'm just thinking, when's the next...
Are you doing any shooting this weekend?
Like, you got wedding or...
No, no, no.
Anything?
Photography plans?
Okay, cool.
No.
Certainly not wedding anyway.