The Host Unknown Podcast - Episode 196 - The Nuclear Option Episode
Episode Date: July 1, 2024This Week in InfoSec (12:30)With content liberated from the “today in infosec” twitter account and further afield24th June 1987: The movie Spaceballs was released. With a budget of $23 million, i...t grossed $38 million at the box office in North America. Though 37 years have passed, the secret code scene remains a reminder of why security is hard.Watch the secret code scene from Spaceballs and weep. Or laugh. Or both. Has much changed when it comes to password security since the movie was released 37 years ago today?The 64 second scene: https:///youtu.be/a6iW-8xPw3khttps://x.com/todayininfosec/status/1805302016451002501 27th June 2011: Anonymous released its first cache from Operation AntiSec, information from a US anti-cyberterrorism program.https://x.com/todayininfosec/status/1806302186487345226 Rant of the Week (18:15)Korean telco allegedly infected its P2P users with malwareA South Korean media outlet has alleged that local telco KT deliberately infected some customers with malware due to their excessive use of peer-to-peer (P2P) downloading tools.The number of infected users of “web hard drives” – the South Korean term for the online storage services that allow uploading and sharing of content – has reportedly reached 600,000. Billy Big Balls of the Week (26:33)Crypto scammers circle back, pose as lawyers, steal an extra $10M in truly devious planThe FBI says in just 12 months, scumbags stole circa $10 million from victims of crypto scams after posing as helpful lawyers offering to recover their lost tokens.Between February 2023-2024, scammers were kicking US victims while they were already down, preying on their financial vulnerability to defraud them for a second time in what must be seen as a new low, even for that particular breed of dirtball.It's the latest update from the FBI's Internet Crime Complaint Center (IC3) on the ongoing issue which was first publicized in August last year. Industry News (34:24)US Bans Kaspersky Over Alleged Kremlin LinksSellafield Pleads Guilty to Historic Cybersecurity OffensesPolish Prosecutors Step Up Probe into Pegasus Spyware OperationCredential Stuffing Attack Hits 72,000 Levi’s AccountsGoogle's Naptime Framework to Boost Vulnerability Research with AIFake Law Firms Con Victims of Crypto Scams, Warns FBIIT Leaders Split on Using GenAI For CybersecurityMajority of Critical Open Source Projects Contain Memory Unsafe CodeCISOs Reveal Firms Prioritize Savings Over Long-Term Security Tweet of the Week (43:08) https://twitter.com/StuAlanBecker/status/1806137799248359443Comments: https://twitter.com/derJamesJackson/status/1806307954586538205 Alternate TotW: https://twitter.com/susisnyder/status/1806222280382406836 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
so I was actually hoping to come back
to Graham not you two clowns
I was expecting like the regular presenter
instead of two other guests
two other guests how dare you
how dare you
but for Jav yeah that's fine
how dare you put Tom
onto the pedestal of a guest
I actually think I have the most appearances on my show
well if it's your show
then I should hope you would have the most
appearances on your show
in which case Andy
play the jingle
go on Andy
oh here we go
well played sir well played Go on, Andy. Oh, here we go. Well played, sir. Well played.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening, and welcome.
Welcome once again to episode 196.
200!
Of the Tom Langford Podcast. Sorry, Host Unknown Podcast. episode 196 200 of the podcast sorry host unknown podcast uh welcome one and all um yes we're not quite at the bicentennial episode yet uh despite just hit the bicentennial episode
but uh i have to say do you know what given given the couple of weeks we've had off and a few weeks you had up before
that and all that sort of thing,
it,
it won't surprise me if we announce episode 200 as our final episode or
something like that.
Do you know what I mean?
It's like,
well,
it seemed to be sputtering to a halt.
No,
this is like downloading like one of those files.
It starts off really quickly.
And then the last five percent
really just slows down oh good old napster yeah
oh anyway gentlemen how are we jav how has your week been
it's been good it's been good you know like speaking of being guests on the show and everything
like that i was at infosec and uh jake, you know, Jake, a friend of the show,
works at ESET.
He's like an evangelist.
One of me.
You know, cool guy.
One of your people.
One of my people.
He comes over to me and goes like, yeah, have you ever been on Smashing Security?
And I said, you know, not since being a vendor.
And he goes, that's exactly the answer.
Thank you.
Thank you.
Because he goes, I've never been invited on it.
So after InfoSec, I sent Graham and Carole a message and I copied in Jake.
And I said, look, hey, how about, you know, you have a evangelist advocate episode.
I said, we don't mind how many other people you invite on who are like vendors but just do it as a as a freebie as a community service thing as like you know just
to see how the conversation goes i said all the alternative is and i and i wasn't making a threat
or anything but i said like you know maybe jake and i can start off like a cracking security or something like that you know the jms get together the problem is
and uh the problem did you receive a priceless back yeah exactly and i was going to say and
and the problem is is it's not like smashing security has not been ripped off before so
it's they're kind of used to it. Who's ripped him off before?
I don't know, but I do remember when he was last on the show,
which wasn't that long ago.
A couple of weeks, I think, wasn't it?
He was muttering during one of the jingles for some reason.
Weird.
Yeah.
Well, he's a weird old person.
You know what he needs.
He needs a good woman in his life.
I'm not going there because I know he's found a good woman.
Well, I'm still trying to find a Labrador and White Stick.
He's found a woman.
The good part is TBD.
In the beginning, they're all good.
I think we're going down the wrong track here. Oh, Tom Langford's met her.
It's gone through the Tom Langford.
So, ladies and gentlemen,
if you found a partner
in your life and you're not sure whether
they're the one for you, reach out to
Tom Langford's vetting service.
He will take one look at them and let you know
whether they're good or not.
I'm very thorough.
Oh, dear.
Oh, dear.
Speaking of thorough.
Andy, how are you?
Well, busy, right?
It's always busy.
But I'm trying to think.
It feels like it's been a while and it has been a while
because i was in el mexico yeah um and then you were on the toilet and i got i got severe food
poisoning to the point where i had to call a doctor um that's how bad it was. And last time I went to the doctor was a long, long time ago.
I tend to just use Google and self-diagnose
and then sort out my own medicine these days
because it's quicker, cheaper.
But yeah, no, this one, I had to call the doctor.
I first did one of those video doctors.
So my company provides those sort of, you know,
doctor on hand type services to AXA.
Was his name Max?
Did the video call and the guys?
Yes, exactly.
No, Dr. Nick Riviera or something.
Yeah.
But he said, yeah, he was talking to me.
Yeah, he goes, you need to go in and actually get physically seen to.
And I called the doctor's surgery
and the expectation to say, like, you know.
Hooray!
And I said, like, you know, it's going to...
I think it is going to take forever. And they said,
OK, come in now.
We need to see you.
And then, yeah.
Yeah, just severe food
poisoning that left me dehydrated.
Good thing you received a care package. I and then do you know what a strange guy turned up on my uh but you know the funny
thing i was actually going into work even though i was ill because um you know i ain't i ain't um
i've got that work ethic right so i was going into the office every day and even like one of
my colleagues just saying uh i don't think you should be here because you know i was going into the office every day and even like one of my colleagues just saying
i don't think you should be here because you know i was frequently leaving my desk
and um i actually bought a big bag of marshmallows from across the road right because i was just
craving food and i've got like medicinal qualities for diarrhea yeah yeah. Indeed, indeed.
But when I got back after buying them,
I just felt nauseous and I couldn't eat them.
So I stuck them in my locker, right?
And this was on the Wednesday night.
And I was like, okay, I'm going to eat them tomorrow because I was just craving them.
And then on the Thursday, I couldn't go in.
Like, literally, Thursday was the day I had to go to the doctors
because it had been going on since the previous Friday.
And so on the Thursday, I was like, OK, I can't go into the office.
Knowing full well there's this nice bag of marshmallows
waiting for me in the office, right?
So I was gutted about that.
And then Friday, I don't tend to go into the office anyway.
And lo and behold, Friday evening,
a delivery driver turns up at my door,
courier with his helmet on open the door and a care package arrives with lots of palau treats in them with a big bag of marshmallows as well
it's like the universe said i got you fam i know you've had a tough week appreciate the work you
do anyway i got you you know and
eat these and you'll be seeing them again in about half an hour exactly it was like yeah
this will provide you with 20 minutes of satisfaction enjoy it while it lasts i hope
you tipped your delivery driver well actually i can't tell the difference between these delivery driver uber deliveroo like
you know whatever they were but uh i did have those sort of cold sweats um when my wife came
down to say hello and uh you know i realized the delivery driver was someone that may know a thing
or two about me and i'm thinking okay well you know i don't like these worlds mixing so i don't
want you know any so and then my daughter came down to say hello as well and i'm like okay this delivery driver better not to say you know
he needs to be careful about what stories he asks about here there's a definite spoiler and in case
you hadn't figured out yeah in case you hadn't figured it out jav was that delivery driver um
yeah no before so he's having to moonlight he was enjoying like he had that
that uh sort of well i would say shit eating grin on his face knowing full well that my life
was in his hands whilst he was there in my house with my wife and daughter i know it felt like one
of the scenes out of those mafia shows or something. You know where there's an undercover cop, undercover drug dealer,
and they meet and they're trying to be pleasant to each other
and their families are around.
Let's not make a scene in front of the kids now.
It would be a shame if something happened to all this stuff.
But your family is lovely, surprisingly. Like,'m knowing you i don't know why they put up
with you but they are very very nice it was it was really nice to meet him after it's because
i don't know the truth jeff that's it yeah well it's all right we we just keep that story going
they don't need to know anything but uh talking to people living a lie, Tom, how are you doing?
I'm very good.
Living a lie?
I don't know.
Possibly telling myself.
No, I don't know.
I can't.
Insert joke here.
Telling yourself that you're good enough.
Yes.
Twice in 10 minutes with a shower in between is good enough.
But yeah, not bad.
And it is normal.
Yeah, it's perfectly normal.
Perfectly normal.
And it should be that colour.
But I'm very good.
I'm very good.
I'm going to be shooting a wedding tomorrow,
so good to get out in this heat and carry about 20.
That's a British version of shooting a wedding,
not an American version of shooting a wedding not an american version yes yeah just
for clarity for clarity yeah because otherwise it goes down as conspiracy yeah yeah that's fair
and it wouldn't happen they were all crisis actors anyway but um uh so yeah that's going to be fun
um was it a dance competition for my daughters uh my daughters my daughter a couple of weeks ago and i i was
encouraged to go on stage and dad dance because it was happened to be father's day and i think
you've all seen the video evidence of that so uh i well i'm sorry is all i can say i am sorry
i don't know why you called it a dad dance it just looked like a dance to me but you know
I think it looked like a dance to all three of us in fairness we are of that age where
we can only dance in one way um apart from the guy who actually decided to lie down and do the worm
right next to me it was quite embarrassing really although he
did get up and have to stretch and then ask for some ibuprofen afterwards but uh um you know he
said he could only do it once um but but uh yeah that was quite good fun so yeah it's it's it's
been it's been interesting but i can't believe we've been off for two weeks two weeks we've uh
uh we've been it feels like longer. I know.
Exactly.
Exactly.
But talking of disappointing gaps in our memory,
shall we see what we've got coming up for you this week?
This week in InfoSec,
reminisces about what we considered a silly password 37, precisely, years ago. Rant of the week is a tough move from an ISP.
Billy Big Balls is a perfectly executed double dip. Industry news is the latest and greatest
security news stories from around the world. And tweet of the week briefly looks at why
coups just ain't what they used to be.
Okay so let's move on to our favourite part of the show.
It's the part of the show that we like to call...
This Week in InfoSec.
It is that part of the show where we take a trip down InfoSec memory lane
with content liberated from the Today on InfoSec Twitter account and further afield.
And today, our first story takes us back a mere 37 years to the 24th of June 1987,
when the movie Space balls was released and with a budget of 23 million dollars
it grossed 38 million dollars at the box office in north america alone and those 37 years 37 years
and although 37 years have passed the secret code scene remains a reminder of why security is hard
and if you don't know what i'm talking about if you watch that scene and there's a link in the
show notes the 64 second clip um when you watch it you'll either weep or laugh or both and you
have to ask has much changed today when it comes to password security?
Nothing's changed.
If you haven't seen it, and a cheap plug right here,
if you go to one of my socials, you'll see I posted a video interview with Brian Honan from this year's InfoSec.
And I asked him the same questions that I asked him 14 years ago,
the very first time that I met him.
And I had a video interview of that.
So I spliced both the interviews together and nothing's changed at all.
His answers were, I didn't tell him beforehand,
I'm going to ask you the same questions or anything.
And he couldn't even remember what he said the first time.
But his answers were almost identical.
Nothing changes.
It's all the scam.
And there is one thing that was uh quite i
don't know how you did that effect in the video where like because i did watch it you put it side
by side right you know when you were yeah it's flicking between like the past and the present
and the past um but in the present one it was quite clever how sort of brian you made brian
thinner and you had made yourself a bit fatter whereas in the past it was the other way around it was i don't know what effect you did to do that but it was pretty clever to say
exactly the same thing it was very impressive it's very impressive maybe he was wearing you
know what i have smaller clothes i'm just putting on weight so that you can put your
backs out lowering my grave okay okay? That's all.
God, we've got to carry you all the way to the end, have we?
Yes.
No, we're just going to burn him.
He's not getting buried, man.
At arm's length.
Yeah, you're
not going to know, though. You're not going to be here.
You know.
That's a nice topic to get into, isn't it?
On a Friday.
Our second.
We're going to be in trouble with someone somewhere for that.
Our second story takes us back a mere 13 years,
something a bit closer to current day.
13 years, something a bit closer to current day
when the
27th of June 2011
Anonymous released its first
cache from Operation Antisec
information from
a US anti-cyberterrorism
program. And do you guys remember Anonymous
and their sort of Operation
Antisec? Yeah, they were big back in the day.
Yeah, so they released
they had obtained and released Cyber Terrorism Defence Initiative Sentinel Programme,
which was an initiative designed to provide anti-cyber terrorism tactics for workers in public safety,
law enforcement, state and local government and public utilities,
all administered by the US Department of Homeland Security and the Federal Emergency Management Agency to educate technical personnel in cyber terrorism response and prevention.
It included like, you know, available hacking resources, counter hacking tools, all this kind of stuff.
was sort of where sentiment started to turn on um sort of anonymous and anti-sec because they were basically just causing trouble for the sake of it and the irony was that the original anti-sec
manifesto back in 2001 was all about the irresponsibility of full disclosure um and that
same manifesto was actually reposted when image shack was compromised eight years prior to this um because the manifesto
criticized the security industry in air quotes for um using full disclosure to develop scare tactics
to convince people into security um and so yeah it's quite uh quite funny and basically they're
saying obscure personal data before you publish, you are considerably worse than those you're attempting to shame. Wise words, wise words. Indeed. Well, also, they realise if you obscure the data,
you could sell it on for a profit later. So why give it away for free?
This week in InfoServe.
In 2021, you voted us the most entertaining cybersecurity content amongst our peers.
In 2022, you crowned us the best
cybersecurity podcast in Europe.
You are listening to the double award winning
Host Unknown podcast.
How do you like them apples and in 2024 you completely ignored us it's outrageous and talking about outrageous let's
move on to listen up rent of the week it's time to mother rage okay so we all know what P2P is, right?
Peer-to-peer file sharing.
And it's where you get a whole bunch of users who have got,
let's say you've got a bunch of files,
maybe illegal movies, maybe completely valid files,
but you want to share them amongst a large number of people.
So you join a P2P site,
and it effectively makes your computer a server as well as an endpoint that receives files. And you can download
files from everybody all at once and parts of files from one person and parts of files from
another person, etc. So it's like a crowd sharing of file shares, effectively.
Very, very effective.
In many cases, somewhat dubious when it comes to a legal perspective,
but also can be quite heavy on bandwidth,
because, of course, you are creating multiple connections
and downloading large files
on a constant basis. And so as an ISP, you know, the provider of said internet services to
the homes of people, this can become quite problematic. Now, gents, put yourself in the
shoes of an ISP. If you've got a bunch of people who are carrying out certain activity on your Internet that they're paying for,
and it's affecting the quality of service and the bandwidth that's available to all of your users as a whole,
what would you do to try and address that?
Cost of doing business.
Yeah.
I would stop my ludicrous claims off you will get fiber to your
door with like 100 meg up and down and whatever speeds or what have you i would just say no we
just can't handle it well we'll offer you something that might work some of the time
or or you could as opposed to lie you could filter that traffic and perhaps reduce the amount of bandwidth that it could use.
Because you could, you know, say any traffic.
Throttling. I hate ISPs that throttle traffic.
Only specific traffic, though. Only that specific type of traffic.
Well, who defines what that traffic is then?
Well, so if I like to play online games and that's using up a lot of bandwidth and like, you know, there's five friends all banding together
and then my provider decides that I deserve to be throttled
because other people on my road want to stream
the latest episode of Love Island or something.
I mean, how's that fair?
What is this, Korea?
Yes, funnily enough, it is Korea.
And by the way, guys, I don't think you've got the point of
of this style of you know interaction here just you're being deliberately argumentative is not
really how it worked you'd think after nearly 200 episodes you'd have got this by now but
but no no i dear listener i'm i'm so sorry anyway um so what a South Korean telco company called KT has been accused of is not throttling, not blocking these downloads or anything that what they have been accused of doing is infecting the customers that are using these p2p sites with malware so if you're if they
consider you to be an excessive user they are in they are basically sending down to your one
one man's one man's malware is another man's host-based throttling service.
Why is this not a Billy Big Balls?
This is like the ISP is injecting malware into illegal downloads.
So the people that are using it.
This is true.
Look, I mean, Andy, this is what I expect from Jav, not from you.
Okay, how is this?
But anyway.
So let me ask you one thing, Tom, yeah?
You buy a car and the government builds motorways
with a 70 mile per hour limit.
And then you go on the said motorway
and then suddenly it's like oh because of congestion we're reducing it to 50 and if you're
caught doing 70 in that 50 zone you get a ticket and points on your license is that fair
same thing right here same thing too much congestion on the motorway so we're penalizing the people that
are trying to go too fast i'm on side with the isp here very good move one of the worst analogies
for something like this i've ever come up with it's the perfect analogy too much traffic on the
information highway i don't know why but look, listeners, I tell you what, just click on the link.
You'll work out what it is that's going on.
They downloaded malware.
It's hiding files, and therefore the P2P sharers can't find the files they want.
can't find the files they want.
My rant on this is the fact that an organisation is deliberately infecting their customers with malware,
which I think is absolutely outrageous.
It's appalling.
If a criminal infected you with malware,
that would be seen as a criminal act.
This is genius.
This is better than throttling because when you throttle someone
all of their services get degraded you're not degrading their internet at all you're just
stopping that one service by just hiding certain files across that p2p service to others so everyone
looks at you thinks you're just a leecher you're not sharing anything and that's it i think this is such a clever out-of-the-box solution it's not malware it's
you stop calling it malware it's host-based service 600 000 users
host-based um next gen throttling that's what it is it's actuallygen throttling.
That's what it is.
It's actually targeted throttling.
It is.
You don't need to impose this blanket ban across everyone.
It's just targeted.
I'm reading this now.
An investigation has uncovered an entire team at KT
dedicated to detecting and interfering with the file transfers.
With some workers assigned to malware development,
others distribution and operation, and others wiretapping.
This is like, they actually have a department with various teams.
What happened to the cost of doing business?
I think they found a good way of dealing with it.
You're just joining in. I'm actually, I'm kind of dealing with it you're just joining in
I'm actually I'm kind of impressed I'll be honest I'm impressed Javad is not the one to follow Andy
really isn't the this is the Palo Alto of throttling it's next gen service it is like app level it is smart it is the future and i think you could take this to
silicon valley vcs will invest in it and imagine this being on your corporate network where you
can throttle certain services of certain users at certain times i i think we've got a winner. If someone needs an advisor
on that board, I'm in.
Let's take this
to the moon. I'll help you write the pitch deck.
Alright, that was this week's
rant of the week.
This is the podcast
the King listens to.
Although he won't admit it.
Oh, God.
Do you know what?
Whatever.
Whatever.
Here's the next bit.
Do whatever you want with it.
The Littles of the Reach.
I won't say defeated and despondent, Tom.
It's all right.
You win none, you lose them them all but it's okay that's
the nature of life so this is an amazing billy big balls I mean this is like should just be the
billy big balls show like because this is like one big big balls after the other so there are
these scammers who trick people out of cryptocurrency.
So crypto scammers are out there everywhere.
You probably see loads of those ads endorsed by the likes of Elon Musk
or some Hollywood celeb or something like that.
But I saw one the other day with Russell Brand as the face on it,
and I thought, yes, that makes perfect sense.
Oh, dear God.
So Russell Brand heading up a crypto thing?
Well, he was the face on the advert, so he was promoting.
He's got quite a cult following.
Yes.
Fuck.
Tom is clearly living in his bubble.
Listeners, if you could see his face right now,
it is like meme-worthy.
What's he called?
A salty coin.
how it is like meme-worthy.
So... What's it called?
A salty coin?
I don't know what it's called.
Allegedly.
Anyway, the FBI says that in the last 12 months,
scumbags stole about 10 million dollars not in crypto scams but in a double dip kind of scam
because they first scammed people and then they went back to them saying hello we're lawyers
and we can help you recover funds that are lost in crypto scams so so what they knew the who the victims were because
they were the they they were the the attackers and and then they went down and um you know they
they went circling back to them saying we can can help you. And people gave them money and they'd done a runner again.
So, you know, it was like, you know, you can only just think that.
So this is you supporting the fact that people are robbing your house twice
and you're applauding the genius of the robbers of going in twice and stealing not only your your
old tv but your new tv that that you just got replaced on the insurance yes yes and then coming
in again and posing as police officers saying we need to see this for evidence because we think
we've caught the criminals and we need to like, you know,
and then you saying, yeah,
take my absolutely brand new TV as well.
My new, new TV,
which I think they'll probably circle around again
and do it if it's anything,
if their past history is anything to go for.
I mean, I'm not condoning this behavior.
I think it's extremely ballsy to revisit the scene
of the crime i am absolutely sure do not do not mistake my my uh lack of empathy as endorsement
for the victims your lack of empathy and moral turpitude. Yeah.
So there was a company called Webiverse.
What?
Stop using big words.
I need a service to throttle these big words from coming out,
streaming down the internet that I don't understand.
You've got a service that does that.
It's called a little brain.
Come on.
Now you're talking about something that's extremely hard work.
But, you know, so there's like, you know,
loads of companies that have been caught for it.
Some of them have been really elaborate. So even some crypto firms were caught up in it because they involved overseas face-to-face meetings uh in beautiful european
hotels so um you know it's like for some victims it was just some social engineering and some funds
uh and um you know others have been sharing their stories.
So all these victims are banded together on sharing their stories on a Telegram channel,
which I wouldn't be surprised if the criminals set up and managed themselves.
It's almost like that's their version of like an NPS survey, isn't it?
See what they could do better next time.
That's it but some say the organization have um drugged victims and driven others to the point of suicide is suicide
and numerous numerous people were robbed of millions and i think what that is it's a it's a reminder I'm not saying it's okay what I was gonna say
is that it's a stark reminder of how actual like physical criminals are operating in the cyber
crime world and so those tactics will bleed over whenever it's convenient or whenever it's
necessary so be careful.
These aren't just like, you know, little kids in basements that, you know,
you might think that they are.
A lot of these are very well, well, now they're very well funded
after pulling off a few scams.
But, you know, they have the money and the resources to do a lot of things.
Yeah.
And if you are a victim of one of these crimes,
I am a very successful private detective
in tracking down these law firms
who do that for a small retainer,
a reasonable retainer.
We know that cybercrime actually funds
physical crime for decades now.
Yeah, but knowing something
and actually hearing victims speak in first-hand accounts
oh if you want to read the telegram channel i've got it here oh really cool
please do share admin andy admin yeah oh dear this is turning out to be quite a depressing show it's
you it's great what's you depressed about this is brilliant this is so entertaining
have you never watched like breaking bad and be entertained or know, a mafia show or something. As opposed to people actually hurting themselves as a result of this.
I don't know.
People get hurt every day.
Just because I'm smiling, it doesn't mean I'm not hurting on the inside, Tom.
Oh, we know you're hurting on the inside.
Hurt people hurt people.
Billy Big Balls
of the week
I'm still smarting
from the rant
of the week
this is the award winning host unknown
podcast guaranteed to be a
solid 5 out of 10 at
least once a month or Or twice your money back.
And you can take that to the bank.
Alright Andy, what time is it?
It is that time of the show where we head over to our news sources
over at the InfoSec PA Newswire who have been very busy
bringing us the latest and greatest security news from around the globe.
Industry News
US bans Kaspersky over alleged
Kremlin links. Industry
News
Stellarfield pleads
guilty to historic cyber security
offences. Industry News
Polish prosecutors step up probe into Pegasus spyware Industry news. Industry news.
Industry news.
Industry news. Industry news.
Fake law firms con victims of crypto scams warns FBI.
Industry news.
IT leaders split on using Gen AI for cyber security.
Industry news.
Gen AI for cyber security.
Industry news.
Majority of critical open source projects contain memory unsafe code.
Industry news.
CISOs reveal firms prioritise savings over long term security.
Industry news.
And that was this week's Industry News
Huge if true
Huge if true
I think that Kaspersky
thing, that's an old one
I mean, I thought the US banned
Kaspersky a long time ago
Well, they banned them from government a long time ago
but what this new ban is, it's for everyone, even if you're a commercial user.
Yeah.
From September, end of September this year.
So, and I think this is why, if you're a listener in the US, be a man or a woman.
And October 1st, install Kaspersky on your machine and see what happens.
October 1st, install Kaspersky on your machine and see what happens.
Will the FBI come knocking on your door, taking you away in cuffs?
I mean, how is this actually going to work?
I don't know.
Well, we'll never find out because they'll have banned TikTok by then,
so we'll never see the video. Yeah, yeah.
We wouldn't get the unedited media.
I know.
I mean, who else is there left that's a credible source
other than Tucker Carlson?
But I thought it was quite clear that Kaspersky
was not connected to the Kremlin at all.
Is there credible evidence to say that he is?
No, there's none.
evidence to say that he is no there's none this is just the the uh u.s government like throwing its weight again around like a playground bully they're they're banning kaspersky and i think
this is they're trying to set precedence for like how they can ban tiktok as well
and uh you know how they like they like they're spying like how they like their violence.
Domestic?
Yes, that's the one.
Oh, right.
Domestic.
Dear me.
No, on a serious note, no.
I mean, that's a terrible joke, Andy.
I don't know why you'd go there.
What were you going to say?
Go on. Regardless. Regardless on how did they like this they like they're
spying how they like they're violent what were you gonna say uh created in house televised like
you know televised televised that's the way but but it's such a bad precedence because like you've got on a weekly basis you have microsoft
google uh you know amazon whatever facebook meta getting caught with their pants down like you know
intruding and spying and what have you and that's all okay but a sudden like slight glimpse or like
slight murmur of like oh he was russian he once walked
down the same street that putin might have walked down that's it let's let's ban it uh tiktok oh my
god it's it's owned by china sir do you have a chinese passport have you ever been in china
you know senator i'm singaporean yeah exactly it's it just doesn't it's just such a thing and
and thing is once it once the tables are turned and what if other companies other countries start
doing this to us-based firms then suddenly you're going to hear like screams of like
this is unfair this is is anti-capitalist
or anti-free market or
what have you.
It's just such a dangerous precedence
I think.
Ballsy move though. Dangerous.
Yeah.
And then this one about
Sellafield pleading guilty to
historic cyber security offences.
So this, Sellafield have the largest, the world's largest stockpile of plutonium.
And basically they ran a shit show of a cybersecurity program with it was claimed to hear that successful intrusions featuring sleeper malware dated back to 2015 and the site had failed to inform regulators for years
about uh subpar security there this is pretty concerning right it's outrageous well i mean
like is plutonium really that that big an issue it's like do we need to protect it i mean like
what are the use cases here?
You just need to put in a DeLorean and you're sorted.
If you don't mind being chased by a VW camper van.
Well, yeah, no, it's easier and safer to take it from Sellafield
than it is from some Libyans, that's all I'm saying.
If movies have taught me anything.
You're not going to get shot in a car park
by nicking it from Sellafield.
No.
I don't know.
You might be.
You might get shot in the Sellafield car park.
What else have we got here?
Our IT leaders split on using GenII for cybersecurity.
Basically, you've got the ones who don't trust anything new
versus the ones who don't want to get left behind.
I think that's a pretty 50-50 split.
That's pretty much exactly that split.
Yeah, that is pretty much it.
So I see Samsung banned the use of chat GPT in 2023
after staff shared private meeting notes with the source code tool, which then later I think became public.
But there are things, you know, so I know we talked a while back about, you know, tools that, you know, can take meeting notes for you and then summarize them, pick out the keyboard action, stuff like that.
That stuff is efficient.
It can save you time.
But it's, you know, don't blame the technology for that type of thing.
It's actually, you know, blame the way it's hosted or, you know, that kind of stuff.
Yeah.
Yeah.
Yeah, that's right.
What's the last one I saw?
the cso's reveal firms prioritize savings over long-term security yeah it's closed on i mean that's pretty obvious right that isn't that always the case though yeah what's the point
in prioritizing long-term security if you've got no money left in the bank like imagine your company
can't they've got they can't pay salaries bank. Like, imagine your company can't...
They can't pay salaries.
They haven't submitted their annual returns on accounts or anything yet.
Hey, we've got great security, everybody.
You've just got an unlimited security budget,
but you don't have to worry about anything else.
Yeah.
Tom, that's how you used to work, wasn't it?
Unlimited security budget?
Yeah.
Those were the good old days, weren't they?
Yeah, well, I mean, they used to tell me it was limited,
but I never heard that.
You know, it was just crack on, Tom.
The CISO had an unlimited budget.
The security department or programme did not have an unlimited budget.
So there was a difference.
That alcohol wasn't buying itself, you know.
Right, let's move on shall we that was this week's industry news
you're listening to the award-winning host unknown podcast it's better than tinnitus.
All right, Andy, why don't you take us home with this week's... Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
This week's Tweet of the Week comes from Stuart Allen Becker,
and it is in reply to Anya Parhamhill, who she posted...
This is after the Bolivian coup, attempted
coup this week, sorry, where
she literally posted straight after
Dear CIA,
your coups don't work anymore.
And Stuart replied
That's because it's a woke
bureaucracy now with a vulgar
sense of entitlement.
And then this actually goes into, there's some
comments in this thread
which just absolutely cracked me up as i was uh reading through it is that coups you know that
i mean coups aren't what they used to be um i can't actually read the comments because i can't
log into twitter uh on this but they were funny on the machine that i could uh log into and uh
read them previously um but as we talked about nuclear
power proof there was actually an alternative tweet of the week which came across this was
michael spagat where suzy snyder highlighted that nato is actually hiring a nuke policy officer
and in the qualifications it's desirable if the candidate has experience of preparing forces for nuclear war and can also use SharePoint?
And Michael's reply was,
do they offer training in the preparation for nuclear war
to people who are only competent in the SharePoint side?
Valid question.
I'm very good at half of this.
Yeah.
Exactly. Just apply for the job. Even if you don't meet all the requirements, I'm very good at half of this. Yeah.
Exactly.
Just apply for the job. Even if you don't meet all the requirements,
apply for the job and see where you can get the guidance.
Yeah.
Wow.
I love that one.
I love the banality of SharePoint.
It's just...
I'm trying to think of a SharePoint interface.
How important is it for them to put it in the job description?
Did the previous people or team or person have everything stored in SharePoint
and then they left and no one knows how to use it?
So they put it as important as...
That's the reality of how things work though, right?
It is.
I mean, how hard is it to put a key into a, you know, two people to put a key in and turn it at the same time?
And that's like any monkey could do that. But SharePoint, that's a different beast altogether.
If they said SharePoint development, that might, might make a little bit of sense because they want to, I don't know,
a little bit of sense because they want to develop a platform that will allow them to prepare for nuclear war in a little bit more of an organized way. But the use of SharePoint is,
can you use a mouse and a keyboard? Do you know how to switch a computer?
Tom, it sounds like you're very qualified for this role.
I think so.
You should apply. I think so.
I should.
I should.
And also, I know where that, you know, nuclear policy,
I know where they can get some plutonium.
There's some plutonium that is easy to acquire.
Easy to acquire is what I meant.
Yeah, absolutely.
Absolutely.
Right, that was this week's...
Gentlemen, we have come to the end of the show.
Thank you so much for your time.
It was a little bit of a bumpy road this week,
but I think we made it just about.
Jav's shaking his head there.
It was smooth. Absolutely perfect, according to him. Smooth. Jav's shaking his head there Smooth
Smooth as the
Balls pop on the back of your head
Jav
Absolutely
No notes as the kids would say
Oh what sorry
The kids say these days
No notes
No notes
No notes
So yes Jav thank you so much
thank you and andy thank you stay secure my friends stay secure
you've been listening to the host unknown podcast if you enjoyed what you heard comment and subscribe
if you hated it please leave your best insults on our reddit channel
r slash smashing security
um jeff what's this uh fidget spinner these tools you're playing with constantly
oh these were like so i was at a company event and these are like some of our giveaways they're
like little plastic spirally things that you can connect together or disconnect and then you just
fiddle around with it but because they're like that spirally thing it reminds me of like you
know those accorded telephones when you're young
and tom will remember in it when he was in his 30s he probably had him like you know the long
stringy thing and you like you start when you're talking on the phone you just start playing with
it and it's like kind of like the original fidget spinner i suppose uh this is one of those fidgety
devices and um just experiencing a bit of nostalgia yeah nostalgia is what it used to be that's the sound you've heard all the way through the show
yes no but but i think tom can filter it out using like kt software developed software
and uh you know no one will have to listen to it like anyone listens to it anyway