The Host Unknown Podcast - Episode 19 - Fuck off You Big Lamp, The It's Too Hot Episode
Episode Date: August 14, 2020Technical issues abound, and the boys nearly miss this episode. It started slow, but we warmed up by the end. TRIGGER WARNING: Jimmy SavilleIn this episode:Tweet of the WeekHamptons He-Hooker for Hir...e Hoses High Class Hussieshttps://twitter.com/jaimeprimak/status/1292653091582615552?s=21 Billy Big BallsHealthcare Hissy-Fit Highlights His Holier-than-though Haughtiness   Rant of the WeekPhone Provider Pisses off Parent of Premium Pioneerhttps://twitter.com/mikko/status/1291718787507662849 The Little PeopleJust kidding, Jav let us down again. Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
losing Andy's probably not a bad idea I mean we might lose a whole lot of technical problems that
we've had as well yeah do you know what you guys have been trying to you know you can't do it on
your own this this is a problem this is my show you know you can't go solo we're not recording
you don't need to put on an act for us yeah we are recording recording. It's 35 minutes in
and we've only just managed to start
recording.
I think last night's electrical storms
have caused a few problems with
our computers. All three of us.
Mostly
Andy's though, I think.
Mostly Andy's, yeah.
Or is it just Andy? Maybe the electrical storm
did something to
andy did he have to get the bolts on his neck replaced you're listening to the host unknown
podcast hello hello good morning good afternoon good evening, and welcome to episode 19, I think it is.
The fuck off your big lamp, it's too hot episode.
So, folks, gentlemen, how are we?
Oh my God. Oh my God. I mean, it's just been raining all morning, and I think it's hotter as a result, or certainly more humid anyway.
But, oh, I am melting here, absolutely melting.
Honestly, typical white boy, honestly.
Normally, if it wasn't for lockdown, you'd be in, like, Spain or something
on the beach saying, oh, I love a good tan, I love the heat.
It's always raining back home, and now you're like, oh, it's too hot, I'm melting.
No, come on, mate, you've seen me.
I'm definitely built for winter. You are, oh, it's too hot. I'm melting. No, come on, mate. You've seen me. I'm definitely built for winter.
You are, yeah.
Let's face it.
And I think Andy's built for Game of Thrones winter.
I've never seen the show, so.
Oh, right.
Well, that's fallen flat.
God damn, eh?
Popular references just dying there on their arse.
So, Jav, how are you, sir?
Well, fat people are harder to kidnap you know
i am a kidnap resistant for uh travel that i do in uh african countries yeah but they feed you
for longer if you crash land on a deserted island yeah i know but you get um you get high cholesterol as a result Jeff how are you? I'm very good I'm very good uh I've got some great feedback this week so
I'm quite happy I was speaking to friend of the show Graham Cluley a couple of days ago
friend of the show yeah and he said that he was listening to our podcast one morning while making breakfast for his uh son in the kitchen he had it
on and his son goes to him dad what are you listening to and he goes oh it's just this
podcast that these other guys do and what have you goes well they sound like they're actually
having a lot of fun oh little does he know how scripted the fun is you can't script fun you can't script fun
well i think i think your show notes would say differently and
i mean there's a line in here there is a line in here that i'm after
i have to read out in sort of faux shock and upset. Why am I being short-changed
on the stories this week? Now, remember that phrase, folks, because you may hear it later
on. Andy, how are you, sir?
I'm not doing too bad. I know, I I know you've been travelling about quite a lot for work in recent weeks,
but I'm actually going to be travelling for the first time next week,
as we have a client coming on site to perform an audit in a very short time.
Have you not been getting in and about and meeting with people?
yeah have you not been uh getting in about a meeting with people um not well only face to face with my lawyer but apart from that i just had it in my head
that you were out and about meeting people no no i don't think so not that i recall jesus
no wonder you got no work i've got work that's just it i haven't got time to go meeting people you know
and i had to see my lawyer about signing a contract with somebody so
i say my lawyer he's a friend of mine who um who very kindly looks at the old contract for me he's
an absolute so you're one of those people that uh use of expert time as a favour, right?
Oh, absolutely.
It's a total quid pro quo.
I mean, I helped his company through Cyber Essentials and didn't charge him.
So, you know, I think it's, you know, there is a quid pro quo there.
But nonetheless, he's an absolute star and a gent.
I don't know if you're listening, Ian.
And thank you very much for your help.
So there's your little 15 seconds of fame mate
and is he interested in sponsoring the show
just out of interest? Do you know what
I'll ask him I'm wondering
if ICJD Limited
would be interested in sponsoring the show
in fact
Ian this could be you
Host Unknown Sponsored by
ICJD LimitedJ Delimited.
Ian.
Doing our part for the small businesses.
Oh, dear.
How are you doing this week, Tom?
So you're travelling next week.
Where are you going?
Quite far away, actually.
I'm off to the distant land of Nottingham.
So when you say travelling, you just sort of mean for you,
it's just a little sojourn up the road.
Really?
It is.
Yeah.
I'm actually,
uh,
not even leaving until the day I'm supposed to be there.
Um,
just,
I really can't be asked to stay in a hotel the night before.
No,
no,
that's a lot of surfaces for you to wipe down.
I don't think you can hear me, Andy, can you?
I don't think you can.
Do you know what?
It did drop out for a minute.
It dropped out for a minute.
I can hear you.
Oh, my God.
I've got to do a shitload of editing now.
Outright state.
Don't worry.
No one's going to notice.
If I do drop, I won't be back.
Yeah, that's right. Especially
after the 35 minutes
of trying to get on in the first place.
Make him drop.
That's right, kick.
User has been kicked. What?
Yes, that's right.
So I should
tell you folks up front, I've got a signed for package.
It's been delivered before 1 p.m.
It's now 10 o'clock, 10 past 10 on Friday morning.
It's going to be delivered by 1 p.m.
So I can guarantee it's going to be here in the next 50 minutes without doubt.
So if I suddenly disappear, I haven't dropped.
I've just gone to the front door.
Or you could have dropped.
Or I could have dropped or i could have dropped yeah but you know um but then the listeners won't know that because they won't
have an episode to listen to yes so we need we need to think contingency yeah we do we do so
blimey hasn't it been hot this week jeez that's um that's all i can think of. I lost all of Wednesday because it was just too hot.
I could not work at all. I had the fan going. I've spent a fortune on buying new fans for the place because I just, you know, you go from one room to another.
It just seems like you're moving from one wet room to another. It's not pleasant at all.
You know, if the fan's like a pedestal fan or something,
you can pick it up, unplug it, carry it to the other room,
plug it back in again.
I know, it's such a gnaws, isn't it?
So I bought two more fans.
Such a see-saw.
Still like just trying to solve every problem with technology.
What do we need?
Let's just throw three more fans at it.
I think they'll sort it out.
Oh, dear me.
It's so true.
So true.
So what have we got for you this week?
Well, it will come as no surprise to anybody.
We have Tweets of the Week, Billy Big Balls,
and a Rant of the Week.
Those I can guarantee.
Little people?
I don't know.
I mean, you know, Jav's not been, I think he's, what,
got a hit rate of maybe 40% so far.
You know, I hit someone up for the little people two weeks ago,
and they were off one week, and then they replied to me,
and they said, oh, I'll get you something this week.
And I will let you know later in the show.
Well, I'm pretty sure we don't, but there you go.
So, yes, I think we should march straight on into our first feature,
which as I'm very...
Are you trying to look for the button? I'm looking for the button,
yeah, can you tell?
I'm trying to sort of make it seem like it's a
seamless experience, but
you know, behind the scenes, here I
am looking desperately
for the button to tell you that it is now time
for Tweet of the Week.
Maybe you don't need a seamless experience.
Maybe you need a seam experience.
And if you're a seam provider out there, you can sponsor our show.
Nice.
Nice.
I like the leap.
I like the leap.
I mean, it's a big leap, but nice.
Nice.
Anyway, I hope you thought that that particular jingle was worth it
because I thought the timing on that was perfect.
So much so that I'm going to do that again.
So we're going to line up Andy for this week's
Tweet of the Week.
And it will be no surprise that it is not InfoSec related at all.
that it is not InfoSec related at all.
I think you dropped for a little bit there, Andy.
I'm really not sure, but go on.
Excellent.
Okay, well, we can fix this in post, right?
I've got a busy day today. I haven't got much time to spend on this.
This week's tweet of the week is no surprise
it is not infosec related at all um and this is from someone called jamie premack um and it was
a tweet which tickled my sense of humor uh so this uh lady posted uh she's got a friend who lives in
the hamptons and her 20 year old son's been living
with them since uh i guess the start of the pandemic um and so she says he's a junior going
back to school and she was cleaning his room and found a large box of cash um and that cash is to the tune of $100,000. Now, if you have a kid and you find $100,000 in their bedroom in cash,
you know, what are your first thoughts going to be?
So naturally, she thought, you know, oh, my God, it must be drugs.
He must have...
Maybe it's drugs.
Maybe he's stolen it.
But no.
So this kid's dad actually forced him to tell
the truth as to you know how he came across the money or else you know they're going to call the
police and turn it in so he confessed that in april he struck up a conversation with this uh
richer older woman at a local sandwich shop and um you know they're talking about whether or not
you know he had been tested and you you know, for COVID and stuff.
Has he been peddling sandwiches?
Negative.
Well, that's a lot of sandwiches to get 100 grand, I tell you.
But to get to the point of the story, he was basically a gigolo for all these rich older ladies across the Hamptons.
You know, he was COVID free.
the ladies across the hamptons um you know he was covid free um and so from april to august he was uh going around for five thousand dollars a time and um you know ensuring these ladies were
not lonely um you know during a lockdown and um fair play yeah so i mean you say it's covid free
i don't know what he might what else he might have come out with
At the end of it though
Well yeah I mean
You've got to balance this up you know
Occupational hazards
Well that's fair play
It's like elder care isn't it
Elder care
It is
It's providing a service
Well exactly that.
And I think this is where a lot of the debate has come from,
saying that, you know, it's disgraceful.
You know, a lot of people are saying that fair play to the young man.
I can't tell if he's 20 or 22.
But, you know, people sort of stigmatize in the whole sex work angle.
But, you know, it's all consensual.
You know know there's
some rich people getting something out of it there's someone earning money getting something
out of this um you know they're all adults it's not like he's uh you know people in position of
authority over him no that's right you know i mean what would you do if you if you had a start
in life with an extra a hundred grand of cash,
how would your life be different?
And not to mention like,
you know how when you see a new security startup and they'll be like,
here are the three founders and combined,
they have got a hundred years of experience.
You know,
that's how they position it. Isn't it?
In the industry.
Here we go.
And he's ended up with like 10,000 years of experience
at the ripe age of 22 years.
Okay, so if he's charging five grand a pop, that's a maximum of 20
and 10,000 years of experience.
So these ladies are each 500 years old?
They might as well be, I'm pretty sure.
I know it's the Hamptons, but is it some kind of witchy cabal?
I don't know.
God, we told you a million times not to exaggerate on this show.
It just diminishes our reputation and our integrity here.
So what happened?
Did he keep the money?
I mean, I hope so because that's how you start up Facebook at university,
isn't it, with that kind of seed money?
Sorry, the Facebook.
It worked.
I mean, I never actually followed it through.
Yeah, I never followed it through to the end,
but I'm happy that
he's made some money. And that's
why you'd never get £100,000.
I actually read it through to the end, and
I think his parents forced
him to return the money.
What? You're kidding.
No, his parents forced him to
return the money.
So now it's even worse.
Now it's like he'd done it for free.
Well, that really is excellent.
That's harsh.
Yeah, that is.
I don't know.
I mean, telling him, sitting him down and saying, look, son, this is not exactly a career option.
Although he only needs to do it for a few years
and he'd be set for life at that kind of rate but but nonetheless you know sort of sitting down and talking about you know
well whatever ethical or moral dilemmas they they they might have in their own tiny minds but
but um but telling them to give the money back i mean so so there's an episode of friends and i
think they i think it was friends and they found a briefcase with the one where ross
banged an older lady was that the one no no no i think i think they found like a briefcase with
50 grand in it or something oh right and one of them this is a long time ago my memory might be
failing well it was friends yeah and uh they go like well you've got to give it back you got it
he goes no no he goes like okay so you went into booth. Okay, this is how you know it's an old.
And there's a dollar change in the change part of the phone booth
or on the floor.
He goes, would you take it?
He goes, yeah, it's just a dollar.
I'd take it.
Guess what?
Just think that we walked down 50,000 phone booths.
Yeah.
And this is it.
I mean,
I think if,
if he was just going and say,
spending time with a lonely older person,
just to like,
how you doing?
Maybe cleaning their house a bit,
clean the pool,
just spending some time with them doing bingo or playing a quiz game.
And you'd be like,
Oh,
what a charming young person.
He cares for the elderly and he gets like $10 an hour.
Instead, he's just taken that to a more premium level
and all of a sudden people are outraged.
A slightly more personal level.
Yeah.
Yeah.
By the way, I mean, Host Unknown does not endorse prostitution,
male or female or otherwise.
But, you know, I think that being said, I think it's...
It's not prostitution.
It's a moral...
That's just...
That's just what?
It's adult fun.
It's consenting adults having fun.
That's all it is.
Okay, we'll ask the question of our audience.
Graham, you're probably listening with your son.
If you went into your son's room and you found 100 grand in there,
what would your position be?
So bear in mind, he's 20.
This kid was 20-odd.
The ladies were in their 50s, as I read down.
If the ladies are in their 50s, that's not even that old either.
You know, it's not like they're being...
Well, no, obviously they're young for you, Tom.
Their mental faculties are not...
You know, it's not like they're in their 80s
and not really quite sure what's going on
and handing the nice gentleman over who's, you know,
been doing a puppet show for them uh from his trousers
they know exactly what they want exactly exactly so uh very difficult wow we move into murky moral
waters on host unknown i tell you we we we ask the hard questions yeah let's get back to some
info section just to yeah show it Anyway, that was this week's...
Tweet of the Week.
In the InfoSec territory, that one.
Oh, I see what you did there.
I see what you did there.
My goodness.
I don't know.
I don't know.
So I'm going to...
Where is the Hamptons anyway?
And can you move there easily?
Yeah, you'll know that these ladies are going for the younger gentleman, Tom.
Unless you're planning on pimping someone out.
I think you're not the target market.
That's true.
That's true.
I'd have to get my wide-brimmed hat.
So, ladies of the Hampton, if you want to sponsor this podcast
we will ship over Andrew Agnes to you
he's young and full of energy
and always smiles
no matter what you do to him
whether he likes it or not
oh dear me
so yes
we had a poor InfoSec record last week.
So hopefully we will get a little bit better this week.
So, yeah. Should we move straight on to the Billy Big Balls?
Yes.
I think that would be a good idea. And this one's me as well, actually.
So me, it's time for this one's me as well actually so um me it's time for this week's
billy big balls of the week
i think i'm getting better at these jingles don't you definitely getting better definitely yeah
it's it's only taken 19 episodes but i'm definitely getting better anyway uh this week um now it was on
linkedin that lovely den of iniquity where um you get all sorts of people saying all sorts of stupid
things in fact do any of you follow or do either of you follow Twitter's The State of LinkedIn? No. No.
You've got to check it out.
This is like a curated, is it just guessing by the name?
It's a curated list of the best of or something, is it?
Yeah, it's a curated list of basically those fucking idiots on LinkedIn who like to post all sorts.
So it's everything from morning schedule, 0430 hours, got up,
had a juice drink, went for my regular jog whilst doing, you know,
Sudokus in my head, had a cold shower,
made a shot of Caribbean espresso, freshly ground coffee,
you know, that sort of thing you know so they curate those and it's
it's they yeah they do like to um basically there are some pompous arses out there on linkedin
um if you want another pompous twitter account to follow it's called vc brags
yeah oh yeah i'm sure it's a very similar thing.
It's very similar.
It's all these venture capitalists, like, you know, big funders
and all the stuff that they come out with.
It's amazing.
Yeah, it's so, they have all the self-awareness
of a dog licking its balls in public.
It is absolutely stunning, the things you can hear.
Anyway, so on LinkedIn, not that I'm suggesting
this particular gentleman has that level of self-awareness,
but on LinkedIn, a chap called Taylor Lehman,
in response to someone talking about cold calling
and emails and stuff and how they're hit. Someone from Netflix talking about cold calling and emails and stuff.
Someone from Netflix talking about it.
Oh, that's right.
Yeah, Netflix.
God, I wish they would stop with the autoplaying of their videos
or their shows on the app.
Really annoying.
Anyway, so I'm going to read this out because I think it warrants
the full attention. So he says, Taylor Lehman, he's the CISO at a US company called Athena Health,
where actually a good friend of mine works. So if you are listening, I'm not going to say your name,
but just in case you get singled out for this, I'm sure you wouldn't be. He says,
I'm sure you wouldn't be. He says, funny, I am literally not kidding. I have an alpha TI feed about, oh, sorry, my glasses are a bit crappy, about to be released called Taylor's List.
It's basically comprised of any vendor who doesn't respect basic email decency or uses tactics like
cold calling. In addition to the feed, we're engineering an
Outlook rule plugins that filters out the nonsense and integrations into major VoIP platforms
that automate call blocking. Yep, not kidding. So it's a pretty bold, almost a big bold statement there.
But that's fine.
You know, if you want to give people who are trying to earn a living a particularly hard time rather than just ignoring them, that's absolutely fine.
The problem is his company or the company he works for, Athena Health, is currently
hiring for what boils down to cold callers.
Lead generation specialists, right?
I think that's exactly what it is.
Andrew, you're going to have to use a bigger font on your show notes.
I can't deal with this.
Not without my readers on.
Anyway, yeah, the name of the title
is basically it's organic sales development, something, something, something. It's ridiculous.
But you look at the job description, it boils down to these people are going to be cold calling folks
and sending emails to people through LinkedIn, et cetera, et cetera, all to sell healthcare
at the end of the day. This is is athena health and we all know
what a shit show that is in the us at the moment but nonetheless you know it is it is the current
status of of how you get health let's just because i can zoom in on my screen here are the three
bullet points under job responsibilities oh perfect thank you articulate athena's health Oh, perfect. Thank you. Articulate Athena's Health value to potential prospects via various outlets, including phone and online. Leverage internal and external resources to generate new leads while tracking all outreach in Salesforce. And number three, develop and implement new and creative outreach strategies to help penetrate market.
and creative outreach strategies to help penetrate market.
So that means, you know, calling people up and telling them some shaggy dog story,
you know, to get them in.
But someone did come to the rescue here, Josh Adelman.
And this is all in the public forum on LinkedIn.
It says, it must be nice to float through life with no idea how your salary is being paid for, which is very true.
Which is very true.
I love that.
I love that.
And it's, you know, in fact, I think it was last year at RSA, Jav,
you and I, you recorded a little segment with me,
and we were talking about how people at conferences always give vendors a hard time, you know, about how they're hard selling and all that, you know, their parties, to take their swag, to,
do you know what I mean? To, to, to read the white papers that they sponsor, to go to the events that
they sponsor, all that sort of, to go to RSA, to meet people, you know, to meet their friends and
colleagues and network, et cetera, which at the end of the day is paid for by sponsors as well as,
you know, personal contributions as well. I agree. It's a ticketed event, but, you know, but people are very, very happy to basically shit
on these people and yet also very happy to take what benefits them.
Now, I don't personally like cold calling.
I get a huge amount of this stuff on LinkedIn every day. If I have another person
who asks me if I want to take my CISM exam or something like that, I just get very upset.
But it's a bit like they're a necessary evil. For every 100 emails they send out like that or
messages, they might get one back and that's fine.
They get the response they need, et cetera.
And someone gets the service they need.
Brilliant.
But in the sense that you don't feed the trolls, don't feed the salespeople that are sending you these messages and they will stop or hit the unsubscribe button.
and they will stop or hit the unsubscribe button or don't put your email address in to download a particular white paper
that is of particular interest to you,
thinking you can get somebody's hard-earned research for free
and for nothing at all.
So there's got to be a quid pro quo on anything.
So, yeah, Billy Big Balls, maybe, closer to a rant, maybe.
But, you know, I do think this guy is trying to show,
he's shown some big balls by putting this out there.
But I think it's exposing his Billy Big Balls more than actually
celebrating them, in my humble opinion.
Did I stretch that analogy far enough?
Hit the jingle, Tom.
Hit the jingle.
Hit the jingle.
Okay, and that was this week's...
Billy Big Balls of the Week.
Yeah, close enough.
That didn't mean close enough.
That was good.
Spot on.
I didn't get close enough.
That was good.
Spot on.
Shall we go on to see what our industry PA newswire Stig has been doing?
I tell you, it's like you're just thinking these words and they're coming out naturally.
There's no reading.
Hold on, let me look at the show notes.
Wait, hold on.
Let me make this sound casual.
Andy, Tom, how reliable source are at the InfoSec.
He's very busy bringing us the latest and greatest security news
from around the globe.
Why don't we see what they have to say?
Indeed.
Do you know, some say about our InfoSec Stig, some say,
and I'm trying to think of something really bizarre to say about him,
you know, because I watched an episode of Old Top Gear the other day
and I thought we need to do some of that for our InfoSec Stig.
If they can talk about weird stuff about their Stig,
we should do the same about ours.
So what weird facts could we say about our InfoSec Stig?
He supports a crap football team.
Some say InfoSec Stig supports a terrible football team,
but he still pays for a season ticket.
Wow.
That is literally the definition of supporting a crap football team.
There's no part about it.
Oh, dear.
I think we should
probably cut our
losses on this one.
Andy, get your
script writing out.
We need to do some
more of those next week.
All right.
Let's move on
to this week's
Industry News.
Capital One fined 80 million for 2019 breach. Industry News. Capital One fined
£80 million for 2019 breach.
Industry News.
MCSE offers seven question
guidance on cyber insurance.
Industry News.
British MSPs
apply for government furlough scheme.
Industry News.
Incident response exercises
not taken seriously.
Industry news.
They'll fill it in, don't they?
Phishing tactic targets Verizon users' credentials.
Industry news.
Why am I being shortchanged on the stories this week?
Industry news.
And that was this week's...
Industry News.
Wow. Huge if true.
Huge.
I tell you, that last story is the
one that got me.
We, um...
I did give a trigger warning for that phrase.
Absolutely should sync this episode.
But secondly,
obviously there are a couple of
other topics which we haven't discussed yet um the first one being uh the ncc um crest
training materials which were made available online if you recall that
yes yes yeah just to bring it back to the info set. Well, for research purposes, I believe you're allowed to download them.
Because they're on a public forum, right?
They were.
They've been removed since, but copies have been out and about.
But asking for a friend, if, for instance,
said friend had downloaded them or been sent a copy by another friend could they you know use them
without fear of retribution i think as long as you're not reselling them uh and in theory uh you
know from what i understand you could probably ask a friend of the show gav holt who uh who wrote some
of the materials according to the um gavin holt there's a name I haven't heard for a while,
not since I read some particular materials the other day.
But Gavin Holt, if you're listening for end of the show,
how are you, sir?
How are you?
You're not still working for NCC, are you?
Blimey.
Well, he's probably got abandonment issues after when he first joined InfoSec.
He had a mentor who was going to stand with him
through uh through his first ever speech at his first ever talk besides london and um i mean i
mean actual show day his mentor like just fucked off to infosec and left him really yeah
that is outrageous that is so low, honestly. That's appalling.
The only circumstance I could think of that was acceptable was if said mentor had an already pre-established appointment,
such as, for instance, being on a panel or something like that, that they couldn't avoid without seeming unprofessional.
But outside of that kind of circumstance, that's appalling.
So it's clear that the mentor is more interested in furthering their own sort of like image
as opposed to helping someone new in the industry for which they signed up to do.
Well, I mean, that's one way of looking at it.
But, you know, said mentor would also have spent many, many hours in the previous weeks working with Gavin to help him
on his journey to becoming a public speaker and had explained the circumstances. And Gavin,
you know, may well have been extremely happy with that. Just saying.
You know, I'm going to see if Gavin can be our little person for next week.
We can get his side of the story.
Have you met Gav?
He's not a little person.
I know.
Well, no, I'm going to ask him.
Okay.
Well, I mean, he's got 20 minutes to come on and do it now.
That would be fun.
I would be impressed, Jav, if in the next 10 minutes
you could get him online here to do a Little People Live.
You know that's not going to happen.
What, you mean you'd fail in such a simple task?
It's because I don't have any of his contact details.
I can't remember what his Twitter handle is either.
Gab.Holt at nccgroup.co.uk.
I don't know.
Is that PI?
Have I just openly shared some PI with, I don't know, 107 people?
Oh, dear. Right. So actually perhaps there is a company that could do with a bit of a boost to their image right now. You know, said company who we were just
talking about maybe. And so if said company that Gav Holt may or may not still
work for, I don't know, is listening
this could be you
NCC Group
NCC Group
you don't lose documents
yeah so it's not.com it's.trust
nccgroup.trust is the email address for Gav.
Seriously,.trust?
What is.trust?
Well, this used to be their email address.
They may have switched it.
I mean, it's been a while since I've actually...
I'm just looking through my emails now,
since I last emailed him at work.
It's been about four years, uh, truthfully.
Um,
uh,
but yeah,
he got married and changed his name.
Yeah.
But they,
they switched their,
um,
uh,
email addresses to.com.
Uh,
I don't know,
maybe like a year ago.
Uh,
so they change them every year.
So this year it's.trust and next year it's,
I don't know,
.org.
It's like the rotating passwords every 90 days they have to change the domain name.
It's what tax purpose is, isn't it?
So get off these unsubscribe lists, you know, when you get spammed.
Oh, dear.
Right, Jav, I can hear you rapidly typing in the background.
Let me go on mute then.
You best not, because you're on next.
He's gone on mute.
I can't believe it.
All right, let's put him on the spot here.
Okay, so Jav, over to you now.
Sorry, what?
Over to you now for this week's...
Rant of the Week.
Hold on, let me just read what Andy's written for me
to be my rant of the week.
You can't script this amount of fun.
No, no, no.
See, this is where Cooley Jr. is right on the money.
Absolutely. I'm out of here. I quit Jr. is right on the money. Absolutely.
I'm out of here.
I quit.
You guys are just killing all my delivery.
If you hold on a little bit longer, Andy, you'll be out anyway
because, you know, your computer will probably lock you out again.
So this is actually based on a tweet by Vess on security.
So I'll just read through the...
The show notes?
The show notes, yeah.
And it literally has the link to the tweet in it.
And we'll pretend that we haven't heard it before as well,
how's that?
Stop.
No, for our listeners, not for you two.
I speak for more people than just you two.
There's Graham, there's his son, there's probably some,
there's Tom's mum.
All of these people need to know what we're talking about here.
Yeah, they all need to know.
Okay, so Vess said his mum got a monthly bill
from a mobile phone provider but can't open it
because it was zip file protected with a password so vest was like oh
that's a common trick scammers send malware like this to bypass email gateway scanners
so mum's like take a look so i do email headers look perfectly okay it really does look it like
it came from the mobile provider is this some new trick? The message is correctly by name,
maybe they got the detail from somewhere, you know, what have you. The password is my date of
birth, so year, month, day. Okay, that's not hard to find either, but, you know, it might be a super
targeted attack. You know, you can see the archive and there's a
PDF file within there, so taking
all precautions, I opened the PDF
file within a virtual machine
with no internet
connection,
and it actually is the
monthly phone bill.
It's not an attack.
Oh my God. Is this like a
new scheme are they putting in place?
I have no idea.
I have no idea.
But this is a rant because this kind of thing annoys me in the sense that what's the point in telling people, oh, these are the tricks that scammers use,
and then the actual legit providers adopt
those very same tactics. It's like banks, they will send you a reminder every now and then and
say, oh, never click on any links, never disclose anything. And if you want to read our privacy
policy, click on this link over here. Yeah, that's right.
It's just so counterproductive. It's no wonder that people really, really struggle to differentiate
between what's legit and what's not.
It's a bit like another thing that grinds my gears when you get a call
from your bank saying, hey, we're calling from the fraud department
because there's been some unusual activity,
and then they try to get you to validate to them that you are the account holder.
It's like, hey, you're calling me. You proved to me that you are the account holder hey you're calling me you prove to me that
you're actually the bank um yeah you tell me my my uh account number and address and then maybe
i'll believe you yeah exactly or send me you know send me a message to say hey look at the number on
the back of your card phone that one up and you know we'll talk to you about some fraud and there's so many better
ways to go about it but i think this is why people get so confused and it's it's it feels like such
an uphill battle because there's so much conflicting advice out there and and it's just
annoying as hell i mean i i mean i work for a security awareness provider, and I'm before the world's best and most loved security awareness
and training provider out there in the world.
Ranked number one, a leader in the Gartner Magic Quadrant.
Were you guys involved in some dubious activities this week, weren't you?
Oh, that's right.
Yeah, we heard about this early this week.
Some very dodgy marketing activities going on there.
Yeah, registering competitors, brand jacking.
Basically brand jacking, weren't you?
You know, attacking a smaller company, you know,
who's not really a threat to you.
And there you are just, you know, brazenly.
Getting derailed.
Okay, you want to run
here's a rant yeah it worked andy a company
a kind of like lookalike domain registered by somebody and redirected to know before and this
is a small company i had never even heard of it prior to this. No, I hadn't. And their owner, CEO, founder, instead of like calling us up maybe to say, hey, know before, do you know that?
Are you aware of this?
Why have you done this?
This isn't right.
They took the most sensible course of action, which is what every teenager would do these days.
Go on LinkedIn and rant and ramble about how no before I engaged in
unethical practices and this, that, the other. And so like our CEO, our CISO, our chief evangelist,
everyone's commenting on this saying, hey, you should have called us. It's definitely not us.
We absolutely don't condone this whatsoever. That post stayed up for a couple of days,
and then he took it down. And then yesterday, he put up another post saying, yeah, you know,
it wasn't known before. They're working with us to help us try and figure out who done it,
and, you know, it's not them. But, you know, again, because it's social media, people jump
on it. So as soon as the first post was posted, it's like, yes, I never liked those people anyway.
Oh, they're fuckers.
They're this, they're that.
You know, it's just this is just the nature of social media.
It's just such a cesspool of like horribleness.
And, you know, we even had like, you know, some customers call up saying, hey, what is this all about?
I think there's one or two potential deals that were that were, you know, put on hold or canceled because they were like, hey, we're not sure we want to do business with an unethical company like yours.
So that's like eroded trust that you're never going to win back, really, because people make up their minds very quickly when they see something like that so it is pitchforks literally pitchforks and and you know what that
doesn't reflect well on any party it's it's the the party that that you know and and i feel for
them that someone registered a look-alike domain and pointed it to know before i feel for them that
that's not a pleasant situation to be in but but you know to go out and and and make accusations like that because people out there they just want
to grab their popcorn and have a good time they don't care about what the truth is you know vendor
bashing is is like you know the third favorite hobby of um every security professional out there. After seal bashing and, I don't know, baby eating.
And visiting the, I've forgotten the name.
The Hamptons.
The Hamptons, that's it, yes.
Don't worry, Jav, I've got your back when it comes to off-the-cuff jokes.
Thank you.
I tell you what, Andy, I think we hit a raw nerve there, don't we?
We did.
I was just drilling for that nerve just to see whether we could get it going.
We managed to get it.
The artistry in that drilling was, I mean, it was something to be honoured.
I hate you guys.
I really hate you guys.
I'm just looking at Jav.
See, then Graham's going to get the impression,
oh, Jav's a really angry young man,
isn't he?
He is really,
he doesn't come across like that when you meet him,
but he's really like.
Let me know when he's stopped,
Andy.
I'm just looking at Jav's waveform.
It's like,
oh my God,
I'm going to have to,
you know,
put the volume down on this one again.
That mirrors my heart palpitations at the moment.
But I think,
I do think you,
in all seriousness,
you have,
I think it's a really good point.
And it goes back to,
you know,
those LinkedIn comments,
right.
Where people just post without thinking and the state of LinkedIn,
you know,
stuff,
which again,
check out that,
that,
that,
that,
that Twitter account.
But yeah, when I first read that, my initial thought was,
blimey, I didn't think KnowBefore would do something like that.
But I also thought, why is he telling us in LinkedIn?
Why is he not talking to, you know, the leadership of KnowBe4?
Why is he, you know, what possible, what's the best outcome this guy's looking for?
But you know what, my first thought was, why didn't he just register that other domain?
Because it was literally his domain without a hyphen you know
and obviously if you're going to have a hyphenated domain you need to get the one without a hyphen as
well this is just you know brand management 101 like whether you're a startup or not don't tell
me you can't afford 12 to register a domain you know i'm just not buying that at all well you have
to do it early on as well because i was talking to a company yesterday and they're pushing out into australia and they've got a dot co.uk domain um and they
were looking at getting a dot au not a problem um but also because it's international to get a dot
com for their particular um domain name which is now4,000 that they might have to share that.
Whereas if they registered it when nobody wanted it at all,
you know, years ago or before somebody, you know,
went through some register and said, oh, there's a company there
with a.co.uk.
I think I'll, you know, spend 12 quid and speculate,
get in the.com and then I can sell it for whatever I want.
So it's kind of like you
got to do it up front you know um even as a startup even just a couple of them do you know
just a dot co.uk and a dot com a simple one like that would would help right you mean like if we'd
got hosts unknown.com uh that wasn't available actually that was not available well it's
available for sale if you go to it now there's a phone number there yeah it wasn't available actually that was not available well it's available for sale if you
go to it now there's a phone number there yeah yeah it wasn't at the silly money silly money
um do you remember the old uh scams back in the domain registry association of america
or something dra where they would send uh they would look on the who is registry for the main
send renewals yeah and they'll send renewals and people would just pay them like we used to get them at our company a lot as well and they'd sort of come across my desk saying like
you know do we need to pay this and it'd be like no it's a scam um but around the same time we had
this um you know we're receiving emails saying hey look you know your domain's available uh you
know someone's registered your domain in such and such a country but we can get it for you
um yeah this is the price um however if you
actually you know it seems like it was it wasn't outrageous price but it was like man what a pain
like you know if you want to get this this name for this country we should you know pay these guys
um but if you actually checked they didn't even own the domain at the time you know what they
were actually doing was just looking at brokering what they weren't even like i mean the domains were actually available to register um god so they were just speculating that someone's gonna say
you know no someone's not gonna check uh and they were gonna say oh actually we want to get this
um you know because someone else is uh applying to have it as a copyright or applying to trade
market in another country that will cause us problems um so you know that one's like brokering
but without actually any upfront costs you know not actually having someone own it in the first
place how many domain names does your company have andy because it's you know global company
well as you know that obviously with a lot of brands this did come up in conversation this
week we have just under 40 000 domain names uh's a lot of 12 that's a lot of 12 don't get
me wrong uh and you know i'm not saying everyone has to do that but you know as you know we are
a large global company and um you know we acquire a lot of companies as well which each come with
their own brands that we have to support so so you kind of exponentially grow then as well so
yeah for sure but it's you know but even just taking it back to the
the basics you know you'd have your company name company name with a misspelling um and then
potentially a company name sucks.com as well which used to be a common thing people started doing in
the early noughties to uh you know just to protect the brand a bit more. Yeah, yeah, yeah.
But $40,000 times $12,
assuming you don't get a discount or anything,
it's like just... That's about 500 years old, isn't it, Jack?
Excuse me.
It's about just under half a million, which...
Yeah, actually, it's not a lot of money.
Which is not a lot of money for a large...
It's the cost of doing business.
Yeah.
I mean, like, you know, of course, our young lad from the Hamptons could make that money in, like, I mean, like, you know, of course,
our young lad from the Hamptons could make that money in like six months,
but, you know.
That's right.
Perhaps he was saving up to Domain Squad.
That's it.
See, it did have an InfoSec element to it.
Oh, dear.
So, Jeff, thank you.
That, I think, was a double rant of the week.
So perhaps you could do a rant,
rant,
rant of the week.
There you go.
Trying to get really fancy with you.
Just to emphasise that.
It's like me,
I'm like a DJ scratching,
you know,
with that.
That was,
that was,
I tell you, that was class. That was. DJ scratching you know with that that was that was I tell you that was class that was
DJ scratching his balls
more like
yeah
is my camera on
oh no
oh dear me
so yeah
that was
that was
that was a good rant
especially
especially given
we got a good chunk
of your rant in there,
for real, not just from the script.
I mean...
We managed to get the topic you were going to avoid.
Yeah, exactly.
Yeah, it wasn't even in a backup topic, you know, like any news from DEF CON.
Have we got any news from DEF CON?
That was more of a question, really.
I've not really seen it.
I've not heard anything, or at least nothing like what it normally is.
I think the best thing about DEFCON this year
is that there's been no reported instance of harassment.
This is true.
This is true.
And also, no theatrics about anything either.
No.
No one was, like, you know, selling nudes in order to get the ticket
to get to DEFCON either.
Yeah, yeah, yeah, exactly.
I didn't have to pay for a ticket this year.
So didn't make much money last year either.
No.
Oh, dear.
So, yeah, DEFCON, very quiet, very quiet.
And also a bit of a welcome break i have to say
because sometimes the the twitter feed just fills with well to be to be blunt stuff i don't
understand so uh um rather than at the moment stuff i just don't care about but you will
understand it soon enough once you pass your crest exam won't you tom yeah if only i could get my hands on some materials if anybody could send them to me that'd be lovely as long as um as long as it's
legal i i do not accept stolen goods at all they're not they're not stolen it's a backup copy
oh it's a stolen backup off-site-site backup coffee. Off-site.
Yeah.
Yeah, actually, we're helping NCC here by spreading their backups incredibly wide.
There's got to be a system like that available.
Anyway, so I think that brings us to the end.
I can't believe we've been going for like 55 minutes.
I can.
It's felt like four hours, isn't it?
Yeah, Or about,
or about 20 minutes after the edit.
But,
um,
but yeah,
it's,
it's this,
this is just absolutely flown by.
I have to say,
gentlemen,
thank you very much.
I'm not even going to bother asking Jeff if he's got a little people.
It's,
it's pointless.
You know,
forget even,
you know what?
I had a really good one,
but after what you two have done to me today,
I'm not going to release it.
No, I'm not going to release it. No,
I'm going to take a week to calm down.
You're not going to send it to me to play through,
through my little soundboards.
No,
no,
I'm not.
Okay.
Maybe I'm just going to have my own spinoff show next week.
Just called Jab and the Little People.
Jab and the Little People.
Well,
you're going to invite your kids on.
Maybe.
Jab and the Little People. Jab and the Little People sounds like a dodgy invite your kids on. Maybe. That would be more fun than YouTube.
Jav and the Little People sounds like a dodgy 70s kids show.
Well, yeah.
Be careful which direction that one goes.
What?
Well, kids...
Jav and the Little People.
Presenters of TV shows in the past have not fared well.
Not being judged kindly by history.
No, no, that's right.
They were all white, so I'm all right.
Oh, I'm not going, I'm not touching that with a 50-foot barge.
Yeah.
Not a chance.
That's what I said when I was on the Jim will fix it show.
Oh, no, no, no. That's what I said when I was on the Jim will fix it show.
Oh, no, no, no.
That's what you said when you were on the Jim will fix it show.
Ouch.
That's what Jeff said when he was on the show.
I'm just signing off now, so screw you guys.
Thank you to our three listeners.
Don't listen to this show.
Goodbye.
Oh, my God.
Jav, thank you very much indeed for your lovely contributions today.
Appreciate it, sir.
Get lost. Thank you, sir. Get lost.
Thank you,
Andy.
Stay secure,
my friends.
Stay secure.
Host Unknown,
the podcast was written,
performed,
and produced by Andrew Agnes,
Juvad Malikik and Tom Langford.
Copyright 2015.
Or something like that.
Insert legal agreement here as applicable and binding in your country of residence.
We thank you. I've got tears running down my face.
Oh, man.
Like all the kids at the Jimil Fix It show.
Oh, no!
Oh, no.
Please.
Is that your catchphrase now for the next week?
It took me a while to wake up.
I think I prefer
Jav's, that's what she said every
fucking time we say anything. Now it's going
to be Andy's.
Oh no.
We'll fix it. We're not making
that a thing.