The Host Unknown Podcast - Episode 194
Episode Date: June 3, 2024This week in InfoSec (07:29)With content liberated from the “today in infosec” twitter account and further afield28th May: 2014: LulzSec hacker Hector Monsegur, known as Sabu, was sentenced and ...released the same day on time served for his role in a slew of high-profile cyberattacks. He had served 7 months in prison after his arrest.https://x.com/todayininfosec/status/179522873073588665025th May 2018: The General Data Protection Regulation (GDPR) in the European Union (EU) to strengthen and unify data protection became effective - just over 2 years after it was adopted by the EU.https://twitter.com/todayininfosec/status/1794461551534936503 Rant of the Week (18:34)Bing outage shows just how little competition Google search really hasBing, Microsoft's search engine platform, went down in the very early morning 23rd May. That meant that searches from Microsoft's Edge browsers that had yet to change their default providers didn't work. It also meant that services relying on Bing's search API—Microsoft's own Copilot, ChatGPT search, Yahoo, Ecosia, and DuckDuckGo—similarly failed.If dismay about AI's hallucinations, power draw, or pizza recipes concern you—along with perhaps broader Google issues involving privacy, tracking, news, SEO, or monopoly power—most of your other major options were brought down by a single API outage this morning. Moving past that kind of single point of vulnerability will take some work, both by the industry and by you, the person wondering if there's a real alternative. Billy Big Balls of the Week (26:56)IT worker sued over ‘vengeful’ cyber harassment of policeman who issued a jaywalking ticketIn an ongoing civil lawsuit, an IT worker is accused of launching a "destructive cyber campaign of hate and revenge" against a police officer and his family after being issued a ticket for jaywalking. Industry News (34:44)Check Point Urges VPN Configuration Review Amid Attack SpikeCourtroom Recording Software Vulnerable to Backdoor AttacksNew North Korean Hacking Group Identified by MicrosoftInternet Archive Disrupted by Sustained and “Mean” DDoS AttackAdvance Fee Fraud Targets Colleges With Free Piano OffersUS-Led Operation Takes Down World’s Largest BotnetFirst American Reveals Data Breach Impacting 44,000 IndividualsEuropol-Led Operation Endgame Hits Botnet, Ransomware NetworksBBC Pension Scheme Breached, Exposing Employee Data Tweet of the Week (47.14)https://twitter.com/DebugPrivilege/status/1795823939631067165 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Crikey, Andy sounds really loud on his keyboard today.
He's got one of those clacky keyboards now, hasn't he?
We finally converted him to the clacky side.
Problem is, though, he's got to build it first, doesn't he?
Yeah, he's got to build it.
Which just isn't going to happen. You know what he's like with Lego.
It'll be ready by Christmas, trust me.
Andy's one of those people,
he actually loves the sound of loud keyboards as long as it's his keyboard
and his fingers doing the tap dancing on it.
He will inflict it on those he hates.
There's no doubt about that.
You're listening to the Host Unknown Podcast Hello, hello, hello, good morning, good afternoon, good evening
From wherever you are joining us
And welcome, welcome one and all to episode 194
And 198
Of the Host Unknown Podcast
Well, it's nearly going to be
Well, we're going to have two 200th episodes, aren't we?
We're going to have yours, Andy, and then we're going to have the real one.
But yeah, we're nearly at 200 episodes.
And then like 42 episodes later, I'll have my 200th episode as well.
42, my 142, my heart. 142.
Oh, dear.
So, gentlemen, how have we been this week?
We had a rare alignment of the planets,
otherwise known as Jav, Andy and Tom, in the same place.
We did.
It was, yeah, it was emotional.
Yeah.
And Andy was late.
I have you say, I have you know, Andy was the last one at our dinner and Tom was the last one joining the podcast today.
So, like, I think apologies are in order, gentlemen.
So we can actually still see Jav sitting in the restaurant now with his laptop open.
He never actually left.
Yeah, that's right.
He wasn't first on Wednesday for dinner dinner either let me just say that but when he walked in i did say the fuck did you
get here so quickly and i told you i would have got there quickly so i got on my bike and i started
heading out and because earlier in the day we'd been talking about meeting on Edgeware Road,
I started heading towards Edgeware Road.
And about 10, 15 minutes into my ride, I'm like humming along inside my helmet,
like as I'm riding.
And I'm like, I'm going in the complete wrong direction, aren't I?
And then it was like a massive U-shaped, It was just like, you know, not very good.
But I would have been there first had I not made that mistake.
You quite possibly would have, actually, in fairness.
But, yeah, it was very good.
It was very good to see you both.
Lots to catch up on, as always.
I've got a couple of gorgeous photos of you two.
Oh.
Oh, you did?
I know you didn't send the ones that I i took of you yeah the ones i took of you
yeah it wasn't that great yeah you know you've got to know how to handle you know i mean i did
the best with what i did the best with what i could fit in the frame it was like yeah there's
only so much the camera can do you were only so much you can fix in post tom you were focused on the person behind
me on the other table let's be honest that's where your focus don't blame me that you can't
handle such a such a feat of engineering as my camera which is worth about six months of your
mortgage no doubt about that.
Trust me, Jesus, I felt the weight of that thing.
We did the old Top Trumps, though, didn't we?
We did play Top Trumps with who had the most credit card debt.
Yes, we did.
We did.
We worked out that if we combined our debt,
Jav could pay it all off for us and still have tens
of thousands left over exactly it's uh it pays to work for vendors i have four young kids i need to
leave them something in my will which is probably sooner than i thought. Oh, yeah, because of your HbA1c, which for the viewers is your blood sugar levels.
Diabetes.
Diabetes.
I saw my doctor the next day because they called me up and said, like, you need to come and see us about your results.
Immediately.
Whoa.
What are you doing answering?
You should be dead. I thought I was going to speak about your results. Immediately. Whoa. Do not pass that. What are you doing answering? You should be dead.
I thought I was going to speak to your wife.
Sorry,
widow.
Oh,
yeah,
it felt a bit like that.
So,
yeah,
no,
that suddenly,
since in the last few months,
has spiked horrendously.
It's gone up.
So even the GP was a bit like, he opened the results.
He's like, oh my God.
So he's like, well.
Even I was a bit surprised.
You were pre-diabetic.
Mine are up there as well.
He said like, yeah.
He was like, oh, you were pre-diabetic before
and we're a bit on the fence.
He goes, there's no doubt about it now.
You are well and truly diabetic.
You fully committed.
Yeah.
You've had the courage of
your convictions and then he humored me he said you know it's reversible you just need to change
your diet and everything it basically well done eat nothing and run the marathon a day
be quentin taylor no i cannot just give me the metin. So you both had a good laugh about that.
Yeah, we did.
Well, more you, Andy, because you take the Trump approach to sugar levels, don't you?
Which is, you know, the less you test, the less chances there are of you getting a high blood sugar test result.
Exactly.
That is actually fact that is it is logic
it is actual fact yeah yeah yeah and and and now andy's actually been buying these
red laser beams from aliexpress and if you shine it on you it just negates all the effects of sugar
anyway so and just drink a bit of bleach every now and then. That clears your throat. Or what's that? The Invectamirtis?
Whatever it was called.
Ivermectin.
Yeah, the stuff they give to animals for worms in their stomach or something.
Yeah, the deworming stuff, which is also good for COVID
if you happen to support an orange orangutan.
If it's good enough for Joe Rogan, it's good enough for me.
That's all I can say.
Exactly.
Another orangutan of a person.
Oh, dear.
Well, talking of the courage of our convictions,
just like Trump,
shall we find out what we've got coming up on the show today?
This week in InfoSec takes a look back
at one of the greatest regulations in the world.
Rant of the week is a reminder that we're all Google's bitch, mostly.
Billy Big Balls is a lesson on why you don't upset the crazy cybersec guy.
Industry News is the latest and greatest security news stories from around the world.
And Tweets of the Week is an example of time saving.
So let's move on, shall we, to our favourite part of the show.
It's the part of the show that we like to call...
This Week in InfoSec.
It is that part of the show where we take a trip down InfoSec memory lane with content liberated from the Today in InfoSec Twitter account and further afield.
2014, when LulzSec hacker Hector Monsegur, known as Sabu the Snitch, was sentenced and released the same day on time served for his role in a slew of high-profile cyber attacks.
At this point, he had served seven months in prison after his arrest. Sabu was a prominent hacker and a key member of the hacking group LulzSec, who conducted high-profile cyber attacks on organisations such as Sony Pictures, PBS, the CIA and Fox.com.
He was arrested by the FBI in June 2011 and he agreed to cooperate with law enforcement.
And so that cooperation actually led to multiple arrests within LulzSec and Anonymous
and helped prevent over 300 cyber attacks and it came around to may 2014 when he was sentenced to
time served having spent seven months in jail just before his release on bail and the court
recognized his extensive cooperation as a significant factor in the leniency of his sentence calling his assistance extraordinarily
valuable and highly successful but after his release he has distanced himself from hacking
and has continued to work in the cyber security field do you think the guys at lolsec still have
him on their christmas card list but you know what, Tom? I think about how quickly they flip
Sabu. Imagine how quickly they'll flip Jav
if they ever take him on us.
This is why we turned on disappearing messages.
It was. Everything would just be
hearsay.
You know what I mean?
Sustained.
Just like out of nowhere
sucker punched me
for no reason
with the grass knuckles on
well you know
when you see something
you just
you can relate
you think
damn man
that could easily happen
yeah exactly
you just saw
an overweight brown guy
in Sabu
and you thought
oh here we go
with the racism again
I like how on Thursday you're trying to get the waiter to
to join in with your casual racism as well that was yeah no no no tell me folks who are listening
we're at dinner i'm sitting on one side of the table tom and and you're sitting on the opposite side it feels to me like either good
cop bad cop or my manager and hr in a meeting at the same time anyway the waiter who is
iranian or something yeah he comes over and he says are you two twins now because you laughed and what i mean he said it's smiling it doesn't
make it any less racist he implied that just because you're both white and bald you look
exactly the same so i what i was trying to do was jump to your defense and try to point out
the error of his statement say like oh yeah all these white people look the same to me, too.
See, that's what I was saying.
I was not trying to get him on board with casual racism.
I was trying to open his eyes and say to him, this is not how you behave, sir.
You see, Andy, you got this wrong.
You see, I'm on Jav's side here.
Oh, right.
OK, my bad.
I misread the situation.
I'm first in line for getting my credit cards paid off.
Oh, man, jokes on you. He already has you listed with my account numbers anyway.
He does. He does, actually.
That was your own fault for taking too long to respond to a message one time,
so I filled in the details for you.
Knowing full well banks don't actually check their name on the account,
they just make sure it's rootable.
Yeah, exactly.
Oh, dear.
Alas, our second story takes us back a mere six years
to the General Data Protection Regulation in the European Union.
Sorry, six years to when?
To strengthen and unify.
Sorry, it was when the GDPR was actually launched.
It became into effect in the EU.
25th of May...
2018. There you go. Oh, did I not say that? No. Oh I said a mere six years ago I
thought you could have done the maths on that one. I just need to know where to put the calculator
sounds in that's all. Oh okay gosh yeah so it's just over two years after it was adopted by the EU. So since its implementation in 2018, the GDPR has had several notable successes, debatable.
Increased accountability for data breaches.
GDPR has led to substantial fines for companies that fail to protect you to use the data. For example, in 2019, British Airways was fined
£183 million for a data breach
that compromised personal data
of 500,000 customers.
And similarly, Marriott International
faced a £99 million fine
for data breach
affecting 339 million guests.
But no, British Airways
did not pay the £183 million fine.
It was reduced to £20 million after bartering with the ICO.
And similarly, Marriott did not pay £99 million.
They managed to barter theirs down to £18.4 million.
What is it, Elliot?
Those charges aren't as good as BAs.
No.
Yeah, I think that's correct.
Well, having said that, if Mar Marriott, like top tier points,
it's probably not as worth as much as gold status on BA.
True.
You know, the...
True, yeah.
Chipping away, chipping away.
But yeah, they used several factors.
Where does the money go?
ICO Christmas party, isn't it?
That's what I thought.
But it's GDPR.
Ah, do you know what?
Stephen Bonner. That's how they got him yeah yeah they couldn't yeah like you don't hire people of that stature without yeah
yeah exactly he's got a lot of ferrero rocher to buy to throw at people isn't he so that's
probably what that's all about yeah um but yeah no when they negotiate they use the uh economic uh impact of covid to
sort of state that you know they're basically uh pleading poverty um you know and i think they
timed it quite well because not not many people knew what was going on during the pandemic so
i think yeah ba was october 2020 and in fact mario also october 2020 so coming off the back
of the pandemic
they sort of
used market
conditions
and the economic
impact of COVID
from long COVID
yes
exactly
financially
exactly
I've still got that
no
no I just think
you like sleeping
a lot
right
thank you Andy
for this week's...
This week in InfoSoul.
You're listening to the award-winning
Host Unknown podcast.
Like a real security podcast,
but lighter.
Right.
Yes, well, award-winning.
We're not up for anything next wednesday are we nothing at all
which is no but that well yes and no i mean yeah we deliberately stepped away from it to give other
people a chance right you mean we forgot to nominate ourselves yeah no no that's not what
happened we we're equal opportunists i mean like there are some people
that are happy to be working in the industry since they were coding the first antivirus
for doctors or something and they want to win awards year after year whether they
even remember where they are or what they mean or anything. And I think that's a bit sad, really,
to be so desperate for a piece of plastic for validation.
So we don't need that.
We just know how good we are.
I don't know why, but that reminds me
that Cluley's going to be there on Wednesday as well,
with a bit of luck.
Oh, Graham. Graham.
It'll be nice to see him.
Yeah, yeah, he's a charming float. Charming guy.
Indeed.
And talking of charm and, well, more charm, it's time for...
Listen up!
Rant of the Week.
It's time for Mother F***ing Rage.
So I'm sure that all of you listening,
and especially the two of you on the other side of my monitor,
were completely aware that Bing, which is Microsoft's search engine, not that chat from friends,
went down and was unavailable in the very early morning of the 23rd of May. And if that's the very early morning in US time,
that's probably like midday UK time, so prime time, right?
Along with perhaps broader, sorry, sorry,
that meant that searches from Microsoft Edge browser
that hadn't changed their default search engines didn't work. And because Bing also serves a whole bunch of other organisations
through its Bing search API, like ChatGPT, Yahoo, Ecosia, DuckDuckGo, etc.,
all of them failed as well.
So I know all of you on the uh on the
23rd of may were just like what i can't search i can't find anything exactly what can we do
what can we do what could we possibly do um so obviously um you know since none of us use google
because none of us trust google with their privacy issues, tracking, SEO, the fact
that they're a monopoly power, etc. Virtually all of our other options were bought down by this
single API outage that morning. So where's the rant in this? Well, the rant is twofold. One,
it's like it just goes to show what kind of a monopoly Google has on the search engine.
Right. Given that, frankly, nobody knew that the search failed on the 23rd of May.
Nobody knew at all. And if they did realise that something was wrong, they just immediately just then flicked to Google and just carried on their working day like nothing had ever happened.
And the second part is, of course, this massive monopoly that Google has.
And whilst it may be, you know, subjectively considered the best search engine, the most complete, etc. It does so at the cost of your data, your privacy, and all of the tracking
mechanisms that it puts in place, and the billions of dollars of revenue that it brings in from
advertisers who are reaping that data that you're basically handing over for your free service to them so it just it just beggars belief that
google is such a monopoly that when every other virtually every other google web
search engine goes down nobody noticed and it does go to show quite how much of a monopoly that is and really how much bad news that is
and the fact that these alternatives have got no foothold in the market except through
well i'm not even sure if they're in second place are there as a search engine bing
but except through bing which uh relies on a single api to serve all its users. So I'm quite vexed by this, to borrow a quote from Jav.
I just find this, frankly, incredible.
I mean, do you two use Google?
So I am familiar with Google.
However, obviously, as I'm one of the younger generation amongst us,
you know, I consider myself Gen Z, you know, between the three of us. I will say, and so I
actually saw this the other day, someone actually, a video came up in my For You page, which is a
TikTok thing, Tom. But it was actually a middle-aged person, much like yourself, saying that they had their mind blown with people that they dealt with
who actually used TikTok for search instead of Google.
Yeah, and I was just Googling in the background here,
and so I have actually found, I think, where this came from.
And it was a study that was done that 40% gen z used tiktok instead of google to search
um holy moly that i would never have even thought of you know it is actually really useful it's far
better than using youtube or google in certain cases so um it's there but also i personally have found myself turning to chat gpt to ask it
questions as opposed to google a lot lately and it actually is not a bad thing at all
but you just need to give it the right part doesn't it
it does yeah yeah but it's it's yeah it's just the way you can talk to it, though. Yeah. And sort of tell it to, you know...
Like you used to talk to your house staff, Tom.
I mean, what I think, though, is that...
What I think, though, is, you know,
you're getting riled up for no reason.
We don't need you to get stents put in, yeah?
Not yet.
But what we saw a few days ago, or last week actually,
we probably spoke about it,
when because Google has bought the data from Reddit,
now the search results are turning so bad.
Google has shot themselves.
They not just shot, they took a massive machete
and they hacked off a portion of their foot already.
And I think it's just a matter of time.
It's brass on the Titanic.
It's all going down.
You know, chill out.
It does make me think, just merely based on what you said there, Andy,
about, you know, Gen Zers, et cetera, using TikTok,
does make me think,
is Google going to become the Friends Reunited of the future?
Where literally everybody's moving,
there is going to be a big move away
from an organisation like Google
and their search functionality
or their search business,
which funds much of the rest of the business,
is just going to diminish massively.
Or maybe Google just goes more right-wing as it gets older
and the others go more left-wing.
Maybe Elon Musk buys Google as well.
Jesus, can you imagine? Crikey. that'd be awful yeah so i think like google's
been going down here for a while lots of people have been complaining about the ui how it promotes
these sponsored ads above everything else it's harder than what it used to be to figure out
you know what's a legit ad what's a sponsored ad what's's like some malware? Yeah. Every product they've nearly launched has killed.
They've killed themselves.
That really annoys me.
Yeah.
You know, it's just like this is where products go to die.
And, you know, it's just like been going down.
I think what it is is that there's a fundamental shift and Google's not caught up.
They're still trying to sellds in a day of digital music
they they're they're still so reliant on ads as their primary source of business and i think
facebook is the same or like those ads brought in 80 billion last quarter they brought in 80
billion last quarter but it's a bad quarter it's not it's not bad cds cd selling business to be in
no but it's it they got to change at some point in the future or there'll be the blockbuster this
is why everyone's so shit scared of tiktok because people if people are using tiktok for this search
if creators are turning to to tiktok to upload their content if if it becomes a more user-friendly thing that's why they're all throwing
you know as much dirt at tiktok as they can that's why they're lobbying all their governors and stuff
to you know play the china link and uh i don't know whether i shared it with you andy or whether
you shared it with me or whatever but there was someone talking about instagram and there was a video that this lady saw
and it's kind of oh yeah domestic so it's some issue between the the the partner to a couple
and for her instagram was bubbling up all the ones that supported the woman
in her case and she said to her partner say would you look at this and when he saw it on his profile
it bubbled up all the all the to the top the comments that were supporting the man's perspective
they're feeding you comments they're feeding you the comments to make you believe this is what the
world view is like and um this is instagram meta yeah but this is an Instagram meta.
Yeah.
But this is in real time.
This wasn't like five days later.
This was like sitting next to each other.
At the time. They both had different comments.
Yeah.
Wow.
Well, on that very depressing note,
that was this week's...
Rant of the Week.
You're listening to the award-winning host unknown podcast it's better than tinnitus so i will just add before you jump into the next section um labor and lib dems are
absolutely killing it on tiktok they've only recently launched their accounts ahead of the election campaign,
and they are absolutely killing it with the memes.
Really?
Yeah, they are properly dissing Rishi and the Conservatives.
It's not difficult, is it?
It's good bands.
It's not difficult.
No.
I mean, half material rights itself, but yeah.
Well, exactly.
Exactly.
Right. OK, J. Exactly. Right.
Okay, Jav.
Let's very quickly move on, shall we, to...
Bit Offs After Each.
Yeah, so after that depressing Bit Offs story that you've shared,
and we tried to spice up, me and Andy,
but, you know, you you done absolutely abysmal.
You were the two that brought it down.
The,
I'll give you the biggest,
big balls of the week.
And,
uh,
this story yells power to the people,
fear the nerds and hashtag ACAB.
Um,
so an it worker is sued over vengeful cyber harassment of a policeman who issued him a jaywalking ticket.
So the stakes don't get higher than that. If you talk about gang violence with like, you know, fully automatic machine guns, shootouts for 20 minutes, you know, this is just as close to that as you're going to get.
He'd be getting respect in prison, basically.
Yeah, yeah, absolutely.
He would have his prison trousers done up properly at the waist with a belt.
Yes, yes.
So there's an IT worker at a hospital hospital his name is john christopher spatterfor and you know
serial like you know assassins and like serial killers they always have these kinds of name
it's a john christopher spatterfor like the spatterfor is just like bolted on like john
christopher would have been a perfectly normal name, but John Christopher Spatterfore. Anyway, he worked for a community
hospital at Fresno. And the saga began on October 25th, 2019, a mere five years ago.
Four and a half.
Four and a half slash five.
So he was issued a ticket for jaywalking,
and that's probably one of the most American things
you can have, a ticket for jaywalking.
So the police body cam footage showed, like, you know,
the person getting upset, as understandably, whenever you get a ticket, you get upset.
And then vaguely threatening questions focus on the officer's home address and whether he had children.
And then he also allegedly asked the policeman if he was aware that many officers die of suicide.
So, you know, this is the kind of guy that putin would
hire on the spot that sounds like the type of thing you normally hear in a russian accent isn't
it exactly uh over the following weeks the police officer identified only as john doe
watch out what a pussy didn't even want to give his real name out to the public
honestly these are the kinds of people give up a badge and a gun and they'll shoot any black man Doe. What a pussy. Didn't even want to give his real name out to the public. Honestly,
these are the kinds of people. Give them a badge and a gun and they'll shoot any black man on site.
But, you know, bit of accountability. And no, I'm just John Doe. I just like doing my job.
Allegedly.
Anyway, he believed Spatterfall was trying to break into his personal emails,
Xfinity account. He received 13 or so password reset emails he got barrage of emails calls
text messages from all manner of companies which allegedly Spatterfore registered the office
details making false inquiries about luxury car purchases and solar panel fittings
and he contacted apparently thousands of companies that and that contact attempts persisted up until the complaint was filed.
Also, apparently someone close to his home was trying to break into his Wi-Fi.
There were three false police reports filed, including one claiming to be from his sister-in-law, claiming there's issues of domestic violence.
I mean, the list goes on and on.
This is basically, if you go on Reddit and you ask the question like,
oh, someone issued me a jaywalking ticket, what can I do?
If you go to r slash pro revenge.
Yeah, exactly, exactly.
So, you know, this is like all the answers.
He didn't just take the top one.
He used it as a list.
All the answers. He didn't just take the top one.
He used it as a list.
So the defendant was arrested on November 21st
while driving within a mile of the Doe family household.
The complaint says a black bag in the passenger side footwell
contained an unregistered revolver handgun
for which he had no license to
carry a subsequent search of property also found drugs and uh you know what have you um so you know
but the the the the hospital the chcc where he works is also being sued by the plaintiffs mainly
due to allegations of negligence and a failure to curb spatter force actions
sooner uh they say they allege that chcc exactly they allege that they should have been aware of
his actions since he was so open about it in the workforce and uh stars online activities were
monitored but you know this but you know what the the drugs being found at his house in a search that's like
the police equivalent of all these like cyber attacks that go on exactly this is like classic
cop pro revenge 101 it's like this is what do we have here an unlicensed gun in your car you know
yeah yeah exactly so do they have any actual evidence that it was him that was doing this cyberstalking?
No, none whatsoever.
And I hope the court throws it out for lack of evidence.
But whoever might have carried out this attack, and I'm not saying it's John Christopher Spatterfore,
whoever did that work has balls of steel.
That's all I can say.
Whoever did that work has balls of steel.
That's all I can say.
I do not condone, unlike you, Jav,
I do not condone any kind of cyberstalking.
I'm not condoning anything.
I don't condone it at all.
But it seems whilst there is a likelihood that it is this person,
until they have actual evidence,
how can they arrest him?
How can they hold him or charge him for any of this?
So it says it's been a pre-trial discovery conference on june 7th so next week next saturday um however
it has been put on hold as he has been referred for um mental health diversion program mental
health diversion i mean the dude lost his job of 17 years for what? For signing someone up to some, like, solar panels.
Allegedly.
Allegedly.
I mean, it's, you know, it is what it is, but Big Balls.
That sounds weird.
Hey, Kev.
Yeah.
Weird.
Billy Big Balls of the Week.
Billy Big Balls of the Week.
This is the award-winning Host Unknown podcast.
Guaranteed to be a solid 5 out of 10 at least once a month.
Or twice.
Your money back.
And you can take that to the bank.
I mean, the other part to bear in mind as well is who's got time for that shit?
I mean, that takes a lot of time and effort and dedication, right?
But talking of time, Andy, what time is it?
It is that time of the show where we head over to our news sources over at the InfoTech PA Newswire who have been very busy bringing us the latest and greatest security news from around the globe.
Industry News. bringing us the latest and greatest security news from around the globe. New North Korean hacking group identified by Microsoft Industry News
Internet archive disrupted by sustained and mean DDoS attack
Industry News
Advanced fee fraud targets colleges with free piano offers
Industry News US-led operation takes down world's largest botnet.
Industry News
First American reveals data breach impacting 44,000 individuals.
Industry News
Europol-led operation Endgame hits botnet. Ransomware networks. Industry News. Europol-led Operation Endgame hits botnet.
Ransomware networks.
Industry News.
BBC pension scheme breached, exposing employee data.
Industry News.
And that was this week's...
Industry News.
Huge if true. Huge if true. Huge if true.
Huge if true.
I just want to see what this mean DDoS attack is.
I'm glad you're clicking on that,
because surely all DDoS attacks are a little bit mean anyway, right?
Well, exactly.
I'm just thinking, like,
someone really got their feelings hurt on this one, didn't they?
Yeah.
Are you sure it wasn't a cop?
Butt-h hurt internet archive disrupted
by sustained and mean ddos attack uh why are they going after the wayback machine what is the issue
with that well because they're mean well because they contain stuff that people would probably not
want on the internet anymore well yeah might be a reputation one of those reputation
services trying to get something yeah the old white white glove uh negative reputation scrubbing
services yeah contact me for a discount code host unknowns exclusive if you see oh yeah host unknown 15 for 15 off um so this oh no this is
so this isn't related actually i thought it was something have you guys seen that video this week
of the guy who was supposed to attend a court hearing for driving without a license and he
dials in from his car whilst driving driving While driving. Not just in his car.
What?
Actually driving his car.
And saying he's driving his car.
Are you driving?
And he's...
He's like, yeah, I'm just driving.
Absolutely hilarious.
Oh, man.
You can see the look...
That is this week's Billy Big Balls.
Yeah.
But you can see the thoughts going through the judge's head,
like, is he here for driving without a licence?
And he's dialling in from his car while driving.
It took him, like, 30 seconds to process it all.
Is it?
Absolutely hilarious.
Oh, man.
So who wants a free piano lesson?
I have absolutely
no idea what this is about
it's obviously work
because the fraudsters have gotten
currently over $900,000 in transactions
what
damn we're in the wrong business
man
I know
we need to get our stripy jumpers and
swag bags
see isn't the first clue
the fact that
you have to pay for stuff
with bitcoin
I know right
I know
well yeah
but I don't know
struggling musicians
probably like
everything's expensive
lessons are expensive
pianos are expensive
well these are colleges right
in these deceptive students
fraudsters offer a free piano often citing personal circumstances like a family member's
death respondents are then directed to a fake shipping company also controlled by the scammer
which demands payment for delivery before sending the piano. I mean, come on.
That's not a bad shout, actually.
I mean, the scammers accept payments through various methods, including
Zelle, Cash App, PayPal,
Apple Pay, and
cryptocurrency. Additionally,
they attempt to gather personal information
such as names, addresses, phone numbers.
Wowzer.
If people want to give money away to someone
and not have anything in return,
they should consider sponsoring the Host Unknown podcast.
Yeah.
This is true.
Yeah.
Instead of paying for shipping on a non-existent piano,
pay for sponsorship of a virtually non-existent podcast.
What else you got let's do one more shall we
yeah uh bbc pension scheme breached exposing employee data uh exactly as it says um and you can already guess BBC has apologised for the breach
takes the incident extremely seriously
data copied does not
contain any financial information
usernames or passwords
and has not impacted the scheme's
operations as the data
files involved were copies
oh
I just saw this the checkpoint urges vpn configuration review
so okay yeah this is blowing up and lo and behold outdated vpns with password only authentication
whoever thought unpacked software and poor credentials what could ever be an initial
vector into an organization and certainly today nowadays most corporates they rarely have v8 vpns
i mean they're on the whole it's it's just all through um you know zero trust styley, you know, secure app to app tunnels, right?
So you're a CISO, Tom.
And serious question, what benefit does a VPN actually provide?
And I'm not talking about you can watch Netflix in different countries,
shows like that aren't available there.
That's exactly why corporates roll it out to employees.
Yeah. So when they're travelling, they can watch.
The one thing I'd say is that it can
control access to certain corporate applications.
From outside the organisation, so you can have a remote workforce and only have them connect
through certified devices and connections etc not connect through the hotel
business center computer while you're on holiday that That's primarily, it's about control.
So you can do that with endpoint
verification. You can have a
certificate on your
laptop. So you don't need a
VPN for that.
It depends if the transport method
is still secure. You can have a certificate, that's just
the authentication piece. That's not the secure
transport.
But what's really insecure these days on on the internet everything's tls
well this is my point exactly whatever it's it's rare nowadays though that you need a vpn because
everything is you know encrypted in transit or end-to-end encrypted but you're also assuming
that you're only using websites on the VPN.
Yeah, exactly.
There are some things...
Legacy environments.
Yeah. So I think that the use case
is a lot smaller than what
the VPN market makes it out to be.
That's my thing.
It's a diminishing market.
It's a diminishing market.
And if you're in the market for a VPN,
try NordVPN.
The discount code, hostunknown10.
Oh, actually, I was at a conference in Frankfurt last week or the week before, and I got speaking to NordPass because it's part.
Is that the guy that built Nord?
Yeah.
No, it's the same company that does NordVPN.
They have NordPass, which is a password manager.
Oh, I've not heard of that one.
So I said to him, like, neither had I.
So I was speaking to the guy at the booth i said like
well how are you different he goes well you know being the world's largest vpn like you know
we're powered by the same tech company and technology and expertise and i was like
that doesn't instill a lot of confidence in me but okay carry on no basically considering
everyone's uh being breached oh no i had a look at it and it's,
there wasn't anything compelling in my opinion
that would make me change from any of my existing
three password managers that I already have.
But it's like when you go into a shop,
I don't know, the shop sells books, for instance,
a bookshop, and then they start selling bric-a-brac and flowers and then
they start selling something else and then the next thing you know they're out of business because
basically they're not making any money on the books so they need to diversify and start bringing
in something else but don't want to you know pivot entirely so they start adding other things and it it all just
fails and falls over at the end i can prove you wrong with one word go on cisco
never underestimate the power of a good marketing team. Well, yes.
Yeah, but I mean, come on.
I mean, to Jav's point earlier, it's not sounding convincing.
The backbone of the internet is the CCNA.
The entire credit.
See, they didn't just do the hardware.
They then created this whole education industry to support it.
You had to be CCNA certified in the late 90s.
If you wanted to work in network engineering,
prove that you knew how to write commands in a command line,
prove you could configure that PIX firewall by getting certified.
It was genius. Looking back now you realize how
what geniuses they were do you know they were to tell you how much i know about networking
back in the late 90s i was kitting out a demonstration center and i was i was asked
would you like network equipment from cisco or from this other company and i went with the other company and guess who that other
company was 3m who knows 3m brilliant you know that company known for making network switches
yeah is it those sticky the sticky pads yeah same company yeah same company 3m that's who i bought
well if they're good enough for holding up the cable,
surely they know how to transmit data through the cable.
I mean, what we did get was fibre to the desktop, though, through 3M.
So, you know, in fairness, it did a pretty good job on that front.
Through your Post-it notes?
No, through the switches.
Fuck it up.
On that note.
Industry News.
Industry News.
When listeners leave the Host Unknown podcast
in favour of another security podcast,
they raise the average IQ of both audiences.
You're in good company
with the award-winning Host Unknown
podcast. Right, Andy, why don't you take us home with this week's Tweet of the Week. And we always
play that one twice. Tweet of the Week. And this week's Tweet of the Week is a visual tweet, so
you're going to have to bear with me as I describe it but just to make it simple it's something i'm sure you will be familiar with and it is from
someone called debug privilege on twitter and they have posted a screenshot from obviously an
unknown contact or a new contact and the name pops up as daisy and there is a very attractive
young lady as the profile picture and she says hello
and this person
just replies with just
send me the malware
and that's it
whenever you receive messages
exactly whenever you get these messages
from like attractive strangers
yeah you know
where it's going especially
if you're a bloke, right?
Let's face it.
And it's not going where you wish it was going.
No, no, exactly.
You're a middle-aged man who's, you know,
ripe for a midlife crisis
and then suddenly an extremely attractive woman
texts you or messages you out of the blue
and your first thought is,
hey, ladsads i'm in
it's like that meme isn't it like where we're like um the wife has a go at her husband and
he goes like and he's thinking what does she know i've got like thousands of locals willing to meet
me yeah thousands of hot women want to meet me in the area Excellent, that was this week's
Well, gentlemen, thank you very much
I'm pretty sure we're not going to have a show next week
Because you are both out of the country
Oh, Geoff, where are you going? No, I'm not out of the country. Oh, Geoff, where are you going?
No, I'm not out of the country.
I'm out of town.
Oh, out of town, that's right.
Sorry?
Oh, they may as well be out of the country.
Jesus, that's...
I know.
I mean, he gets five metres away from his desk
and he's like, oh, I can't make it, lads.
Yeah, that's true.
I'm like a professional footballer
where I trip and fall down
and hold my knee on the ground.
Oh, dear.
Well, watch this space.
Well, not watch this space.
If one pops in, you never know.
I may have got Graham and Carole involved, but who knows.
This week's or next week's episode may well be a smashing security episode.
We don't know.
But nonetheless, Jav, thank you so much for this week.
It was lovely to see you again.
And it was even lovelier to see you before Andy.
I thought that was just, well, it just blew my mind, frankly.
I know.
You're welcome.
You're welcome.
And Andy, thank you.
Stay secure, my friends.
Stay secure.
You've been listening to The Host Unknown Podcast.
If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
The worst episode ever.
R slash Smashing Security.
You guys are unbelievable.
Stealing my lines, stealing my jokes, stealing my thunder.
I'm also going to be stealing your money soon.
Tell me more about this password manager you use.