The Host Unknown Podcast - Episode 198
Episode Date: July 15, 2024This week in InfoSec (10:28)10th July 1999 - Cult of the Dead Cow (cDc) member DilDog debuted the program Back Orifice 2000 (BO2k) at DEF CON 7. It was the successor to Back Orifice, released by cDc... a year prior. DilDog proclaimed it "a remote administration tool for corporate America".https://twitter.com/todayininfosec/status/18111336060159836809th July 1981 - The game that launched two of the most famous characters in video game history is released for sale. Donkey Kong was created by Nintendo, a Japanese playing card and toy company turned fledgling video game developer, who was trying to create a hit game for the North American market. Unable at the time to acquire a license to create a video game based on the Popeye character, Nintendo decides to create a game mirroring the characteristics and rivalry of Popeye and Bluto. Donkey Kong is named after the game’s villain, a pet gorilla gone rogue. The game’s hero is originally called Jumpman, but is retroactively renamed Mario once the game becomes popular and Nintendo decides to use the character in future games.Due to the similarity between Donkey Kong and King Kong, Universal Studios sued Nintendo claiming Donkey Kong violated their trademark. Kong, however, is common Japanese slang for gorilla. The lawsuit was ruled in favor of Nintendo. The success of Donkey Kong helped Nintendo become one of the dominant companies in the video game market. Rant of the Week (15:55)Palestinians say Microsoft unfairly closing their accountsPalestinians living abroad have accused Microsoft of closing their email accounts without warning - cutting them off from crucial online services.They say it has left them unable to access bank accounts and job offers - and stopped them using Skype, which Microsoft owns, to contact relatives in war-torn Gaza.Microsoft says they violated its terms of service - a claim they dispute. Billy Big Balls of the Week (27:39)Scalpers Work With Hackers to Liberate Ticketmaster's ‘Non-Transferable’ TicketsA lawsuit filed in California by concert giant AXS has revealed a legal and technological battle between ticket scalpers and platforms like Ticketmaster and AXS, in which scalpers have figured out how to extract “untransferable” tickets from their accounts by generating entry barcodes on parallel infrastructure that the scalpers control and which can then be sold and transferred to customers.By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removing the anti-scalping restrictions put on the tickets by Ticketmaster and AXS. 'Gay furry hackers' breach conservative US think tank behind Project 2025A collective of self-described "gay furry hackers" have released 2GB of data lifted from the Heritage Foundation, the conservative think-tank behind Project 2025 - a set of proposals that would bring the USA closer to being an authoritarian state.The hacktivist group, known as SiegedSec, has been running a campaign it calls "OpTransRights," targeting (mostly government) websites to disrupt efforts to enact or enforce anti-trans and anti-abortion laws. Industry News (33:26)10 Billion Passwords Leaked on Hacking ForumCrypto Thefts Double to $1.4 Billion, TRM Labs FindsRussia Blocks VPN Services in Information CrackdownTicketmaster Extortion Continues, Threat Actor Claims New Ticket LeakCyber-Attack on Evolve Bank Exposed Data of 7.6 Million CustomersMost Security Pros Admit Shadow SaaS and AI UseRussian Media Uses AI-Powered Software to Spread DisinformationSmishing Triad Targets India with Fraud SurgeFraud Campaign Targets Russians with Fake Olympics Tickets Tweet of the Week (41:18)https://x.com/dennishegstad/status/1810044171765645568 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
So, who was best man at Graeme's wedding?
Had to have been Mr Langford, surely.
No, no, no, he had a very small wedding apparently.
It was literally like the two of them and their kids and that was it.
Wow.
I was snubbed, snubbed I was.
Did you at least send him the neck massager that we got?
Yes, that we got yes
that we got
that we got
god
I'm still waiting
for the money
from you two
if you say
it's from us
sorry the jingle's
playing I can't hear you
sorry
what
you're breaking up
you're listening
to the host
unknown podcast You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us.
And welcome, welcome one and all to episode 198.
202!
Of the Host Unknown Podcast.
Welcome one and all.
Welcome gentlemen. 202! I think episode for me on this podcast yes only next week and then I will be off for about three
or four weeks on my big summer
vacation where are you going
USA
USA you go for a month
yeah about three and a half weeks
taking the whole family with me
what well you could you know there is a thing
called the internet you could still join in every Friday
lunchtime your time
yeah no I don't think so I mean you pretty much turn up Well, you know, there is a thing called the internet. You can still join in every Friday lunchtime your time.
Yeah, no, I don't think so.
I mean, you pretty much turn up at Friday lunchtime anyway, right?
So there's no difference.
Yeah, yeah, yeah, exactly.
Oh, wow.
Wow, so the whole family, how many states are you going to?
I don't know what the states... Or is it just Florida?
Are you house hunting in Florida?
Is that what it is?
No, no, no, no, no, no.
So I've got... It's New York, Washington, Norfolk, Virginia,
because I've got a conference at the Sands Conference.
I'm speaking there.
So I'm slipping that in between my travels.
Oh, well, that's one flight paid for.
No, no, it's not.
No, it's actually paying for the entire trip because it's a business expense.
And then, yeah, a couple of weeks in florida after that nice nice nice we're gonna see you on one of those big airboats shooting
alligators hell yeah i'm gonna get me a gator yeah i'll bring you both back some some alligator
skin boots and belts and ties
and everything that works yeah baby
they might be riddled with bullet holes because i might have been
get too excited with the guns but you know
it's the thought that counts especially a rifle not an uzi nah go big or go home talk about big andy how are you hey i'm not doing too bad i do
do i did listen back to last week's podcast and i was very clearly distracted uh for which i
apologize i had a lot of work to get done during last week's podcast as you know um and this that
was literally the only break i had in the day uh just which you
didn't fully take which i well you know you can't i'm just too efficient right it's you know it's
probably work work above everything else you know me yeah i'm a yeah i'm a hard worker um no but
this week it's been uh yeah it's been busy but it's been good. And you know what? Last night, I actually went to a spin class.
What?
A what?
It was a spin class where you literally go in a room with 39 other people.
So there's 40 people in a room.
So 39 women and you.
Probably 37 women and me and two other guys.
Yeah, and it's actually hard work.
It is.
I did not give it the credit.
I did not respect it.
I did not give it its due respect until I actually got there and did it.
No, I actually went with one of the people I work with and got in there,
and it was a lot harder than i suspected but a great fun
the instructor was very good he's very supportive very uh passionate like all good vibes yeah so
you're but uh you're on an adrenaline and cortisone high at the moment uh no because uh when i was
walking my dog this morning i was like you know do you know what? My legs aren't working.
I will not be going back to that class.
I said I'd give it a try,
but I will not be going back.
It's crazy.
It's crazy.
You're right.
These things look so easy.
Like, oh, they're just on a stationary bicycle or something.
And then you go there and know it is the furthest thing from a stationary activity that you could ever imagine and you know
what was even more embarrassing is that on the back of the bike they have um weights um they're
two kilo weight oh yeah right so either cindy crawford oh my god yeah and you know this front
he says you know does anyone need to swap their weights or anything and i'm thinking
like what am i going to do with two kilos i mean i carry more than that in my pocket
anyway so like halfway through you sort of you cycle gently because you're clipped in like your
feet you're actually clipped onto the bikes it's not like you know you get off and stretch
uh so they do like a little sort of break in in the middle and uh you pick up the weights that
attach to the back of the um bike and you're supposed to just do, like, reps, like lift them up.
And I'm like, well, you know, this is like four kilos total.
It's been nothing.
But the way he does it, you come halfway up.
You have to break it up.
You can't just go straight up, straight down.
Well, blow me down if that didn't wear me out.
I was like, oh, my God, I cannot lift these weights.
And it had, like, yeah everyone else all these other
women like hardcore like you know pouncing it like you know cycling super fast lifting these
weights and i'm like oh my god these weights aren't going up what is going on uh so i was
suitably humbled uh last night great great so morning, your legs aren't working and probably your arms aren't working?
Well, so my arms recovered relatively quickly
because it wasn't difficult.
Well, it used to be that kind of competitive task, right?
Yeah, more in different directions, though, right?
But no, it's the fact that you couldn't just go straight up and down.
You literally had to go half up half down
half up half down half but doing it to the beat as well and like you know you know you are your
own man you didn't have to listen to him yeah exactly well do you know he was actually saying
that a lot is that you know go at a pace that's comfortable for you but then it's like keep to
the beat one two it's also the social pressure when you're
surrounded by everyone who seems to be able to do this without breaking a sweat i know it really
was like that the first three minutes i was dripping with sweat and the way the the light
sort of flashed it so every time it flashed on my head it was like you know clearly glistening
um yeah it wasn't until like you know the 30 minute markening. Yeah, it wasn't until, like, you know, the 30-minute mark that women started
tying their hair back.
You know what I mean?
And there's me, like, almost dead.
I just wanted to get out of there, to be honest.
It was quite embarrassing.
Damn, damn.
But talking of embarrassing, Tom, how are you doing?
Yes, very good, very good.
I'm just trying to think what I've done
I finished another
Lego model over
over the
weekend
last weekend
that was good fun
the June Ornithopter
it's brilliant
that was
it was good
I'm trying to think
if I've done
anything else
of any interest
oh I deliberately
missed the football
on Wednesday
what
yeah I was
I was watching watched the film.
It was far more interesting.
No, no.
No film could have been more interesting than the game on Wednesday.
He had everything in it.
I didn't need to watch it.
I didn't need to watch it.
I got all the scores from the guy upstairs.
I knew exactly when they scored and exactly when we scored.
Oh, now it's we scored.
Yeah, but come on.
Just because I don't like the football,
I don't like the sport where everybody runs around pretending not to be hurt.
It's still England, right?
That's fine, but I just don't watch it.
I find it quite a dull sport
to watch you know I'll tell you what I I'm with you with the theatrics and I it frustrates me so
for a longest time I mean I don't really watch club football or the you know the premier league
or anything but ever since my kids my two boys they started playing fifa on the playstation and they got to
know all the players yeah they're really into football and as a social activity it is brilliant
especially my youngest he's like so funny he's like jumps up he's only seven he's like
you idiot you should pass to you should pass to walker and foot forward to sucker and he should
cross it on and harry kane he calls harry kane a donkey i don't know where he learned that from but he's like come on donkey score it's
like you're such a donkey oh that's brilliant well i mean you know each to their own right it's it's
certainly not my game obviously there are plenty you know there's one or two other people who do
enjoy football obviously but what a great way to um you way to spend time with your kids, though, is to
enjoy something,
a joint activity like that.
Yeah. It's a shame it's football,
but you've got to take your small
wins where you can.
A bit like England, really.
So, talking of small wins,
shall we see what we've got
coming up for you this week?
This week in InfoSec talks about the gorilla in the room.
Rant of the week is asking whose side is Microsoft on?
Bully Big Balls is about furry scalpers.
Industry News brings the latest and greatest security news stories from around the globe.
And Tweet of the Week is irony epitomised.
So let's move on to our favourite part of the show, shall we?
It's time for...
This Week in InfoSec.
It is that part of the show where we take a trip down InfoSec memory lane
with content liberated from the Today in InfoSec Twitter account and further afield.
And today our first story takes us back a mere 25 years to the 10th of July 1999 when Cult of the Dead Cow member Dildog debuted the program Back Orifice 2000 at DEFCON 7.
And this was the successor to Back Orifice,
released by CDC a year prior,
where Dildog proclaimed it a remote administration tool
for corporate America.
And these were good signs.
I was there in Vegas 25 years ago when this was released, believe it or not.
Were you in the room when he announced it?
I was in the room when he announced it.
The place was rammed.
It was absolutely rammed.
It was...
Wow.
Yeah, it was good.
This was before they sold out, obviously, you know, went too commercial.
But I mean, even then, the crowds were huge.
But you could literally turn up on the day and you queued up to get your tickets on the day, right?
But I do then remember coming back and there were lots of people that were sort of actually genuinely installing this on their networks and using it as a remote administration
tool um you know just unbelievably and it took about i don't know it must be about six months
i think before mcafee started blocking because everyone used
mcafee back then in the corporate right um before mcafee started actually recognizing it as a virus
and actually blocking it but you know even to the original back office um you know you'd simply
deploy it and just eject people's cd trays that was almost exclusively what it was used for yeah
did they hand out floppy disks for you to take copies away with you?
No, it was all CDs.
And I can't remember
if it was this one
or the previous one,
but there was a whole batch of them
that actually had a virus on them
accidentally.
There was.
And I can't remember
if it was this one
or the previous year.
I get confused.
I used to drink a lot in those days.
Ironically enough, I didn't at those days but you know what i must have been uh well clearly it was 25 years ago i must have been what seven
years old exactly vegas when you're seven years old well it's actually true i think in 99 they
must have defcon 7 would have been the alexander park hotel
um because it was one of the only non-gambling hotels i think well so people under 21 could
attend um if i recall correctly i do get my years mixed up um but it is either that or six i forget
but alas i said one time i stayed in Vegas, I stayed at a non-gambling hotel.
Okay.
Yeah, not much.
I'm not even a gambler.
Did you also have a dry bar?
No.
But alas, our second story takes us back a mere 43 years
to the 9th of July 1981 and this is to the game that launched two of the
most famous characters in video game history when it was released for sale and Donkey Kong was
created by Nintendo a Japanese playing card and toy company, fledging video game developer who was
trying to create a hit game for the North American market. So unable to acquire a license to create a
video game based on the Popeye character, Nintendo decided to create a game mirroring the characteristics
and rivalry of Popeye and Bluto. And so Donkey Kong, who was named after the game's villain,
eye and blue toe um and so donkey kong who's named after the game villain was a pet gorilla gone rogue and the game's hero was originally called jump man but then is retroactively
renamed to mario once the game became popular and nintendo decided to use a character in future games
so just a mere 43 years ago yeah and so funny enough that due to the similarity
between Donkey Kong and King Kong,
when it was released, Universal Studios actually sued Nintendo
claiming that Donkey Kong violated their trademark.
No way.
Yeah, but it turns out that Kong is actually
a common Japanese slang for gorilla.
So the lawsuit was ruled in favour of Nintendo.
And Donkey is a common name for...
Who is it? Lionel Messi? No, Kane.
I don't know.
There's two football names, I've just...
There are only two I know.
Excellent. Thank you.
This week in InfoSort. Excellent. Thank you. dangerously you're in good company with the award-winning host unknown podcast all right let's move on shall we it is time for
listen up rent of the week it sounds a mother rage uh there's a choice of two here, but I thought I'd take the serious one,
which is, well,
it's going to be a bit challenging
to get all serious about this.
So the headline is,
Palestinians say Microsoft
is unfairly closing their accounts.
So as we know,
there's a little,
a little, well,
what do we call it?
A conflict between Israel and Gaza at the moment. It's not
great. And communications, as we know, is really key during times like this, especially if you're
trying to get in contact with families and loved ones and friends, etc., who are living in
effectively a war zone. Now, we're not going to touch on the politics of
this as such but nonetheless it's fair to say Gaza is a war zone, it is under siege and there is a
vast amount of chaos and destruction going on there. So for many Palestinians who live abroad and or who were out of the country when the conflict started,
it's imperative that they can can make calls and that they can get through to to their loved ones.
And one of the key ways that they have found that is very resilient and successful in doing this, is using Skype, Microsoft Skype.
Now, literally until this week, I thought Skype had gone.
But apparently, no, you can still buy Skype.
I thought it was all Teams now, but there you go.
But you can buy, you can pay for a Skype service, which allows you to call internationally,
allows you to call real phone numbers, etc.
And a number of Palestinians, significant numbers of Palestinians, are using this service in order to call their loved ones.
Because it allows them to call actual phone numbers from Skype.
It allows it to do it very cheaply.
And it still also connects even when the internet in Gaza is cut off.
So it allows them to call mobile numbers, etc.
Incredibly important for people to find out what's going on with their friends and family.
However, a large number of expat Palestinians have had their Skype and entire Microsoft accounts suspended.
The whole account?
The whole account. Not just Skype, the whole account?
No, the whole account.
The whole account, which includes, you know, their Hotmail accounts, for instance,
which includes their Hotmail accounts, for instance,
includes their Hotmail accounts, which their Skype is connected to.
And they've had their accounts suspended for basically violating the terms of service,
but Microsoft have not stated exactly what terms of the service have been violated and have been told that there is no appeal and there's no ability to get this back.
What this has done is that people, therefore the Palestinians living in foreign countries,
have lost, in some cases, up to 15 years of their email.
lost, in some cases, up to 15 years of their email. They've been unable to access bank accounts,
online accounts, job offers, any kind of important communication because their email address is effectively dead. They're not allowed to, you know, you can only change account details when you've got access to your original account, right?
So this is causing not only huge amounts of inconvenience locally,
but a huge amount of, well, despair, really,
as they're not even able to now contact their families.
as they're not even able to now contact their families.
So they all think they've been effectively tarred with the same brush when it comes to they think they were wrongly thought to have ties to Hamas,
who Israel is claiming to fight and is designated as a terrorist organisation
by many countries.
But all of them obviously deny that they've got any of these links.
They're civilians. They've got no political backgrounds.
Just want to check on our families.
Microsoft are not responding when they asked if they were suspected they had ties to Hamas.
suspect if they had ties to Hamas.
It said that spokesman said that it did not block calls or ban users based on calling region or destination.
But blocking in Skype can occur in response to suspected fraudulent activity.
But it does seem to be a little bit, and this is all at face value, obviously.
This is an evolving story that I'm sure we'll hear, that will fill out even more.
But I'm sure more will come out here, but it does seem that this is very much just targeted at Palestinians
who are just trying to contact homes.
And the fact that it's cutting off entire email addresses seems draconian at the very least.
Now, this is not just, you know, coming from someone who has been summarily banned without
cause for, without giving any reason and without any avenue for appeal from TikTok after a week.
That was frustrating enough to be banned from your entire email account that you've been using for most of your adult life
and now effectively cut off from your family in a war-torn district must be absolutely, well, just awful, dreadful.
So I think Microsoft needs to step up here
and be a little bit more clear,
at least to the individuals,
exactly what terms of service they violated here.
Because to be cut off without any kind of reason
and being left in the dark here
is just going to cause a huge amount of emotional damage here.
So, yeah, Microsoft, do better is all I can say.
So, I kind of agree with your rant.
I think you're just way too subdued in it, though.
So rather than Microsoft
do better, I'd say like, fuck you, Microsoft. You're messing with individuals here and their
livelihoods potentially. And like you said, their contact with their loved ones. Now,
I understand when conflict happens, you can do stuff at a government level or what have you.
So, you know, if the US doesn't like russia they can ban kaspersky and
i'm not saying that's right but it's done at a nation level at a government level or what have
you but when you're just like because someone might be living in america who's got a great
granddad who lives in russia and they want to call them and because of that you now suddenly put them
on the on the communist list and you effectively ban them from everything and anything.
That is just like going back to like literally like those Cold War days and what have you.
Just anyone you suspect who might have even been sympathetic towards, you know, or because they've got relatives and what have you.
And the fact that this just goes to show how much disproportionate power we've handed over to a few mega tech corps in the world.
And they can do literally anything.
And this is that point where we're at where one click, two clicks, and boom, that's it.
You're gone.
Your whole online identity can be removed.
You can effectively be gagged.
Your bank account's frozen and
all sorts of thing and there's no due process around this i mean i would understand if law
enforcement had gone to microsoft or someone you know in the us no that's the point well again yeah
they need to be better they need to like you know be more transparent about it as to what the
process is and what's my point because we don't know the full story here yeah but we don't we need to but in like i'm not saying it's right or anything but it's a free
service right microsoft the term no this is a subscription service the skype part is yeah but
your actual hotmail account and all of that that's all free right i mean but i would be annoyed
because obviously if you're still using a hotmail in this day and age it's a very old account right and so there's a lot of stuff in
there yeah um but mike like to say that they need to come clean and and say you know why they're
doing it it's uh well they do i think i think you you know everything is tied to an email account
these days you know everything you sign up for you know, everything is tied to an email account these days.
You know, everything. You sign up for your garden waste collection, it's through an email.
You want to log into your email, you know, you want any account and you forgot the password.
You want to log on to your email, it's an email.
Yeah, I know, I know. And like, well...
and uh uh uh well i mean if this was you know 15 years ago for instance when email just was not as prevalent having an email closed was would be a big inconvenience at best now it's almost life
changing yeah exactly exactly and like the story i, covers this, like people have applied for jobs.
Now they can't get, you know, in touch with them. They've got a profile set up on their, you know, Facebook or their other social media.
It's all tied to an email. Everything. It's just I mean, Andy should know more than anything.
He's got so many accounts out there that he can't log on to because he's forgotten the password and he doesn't have the email account either now for it and you know i don't have the email account that yeah and there's
actually a couple of identities and really solid clean identities which are all tied to a domain
that i gave up um you have the recovery address to those domain and all these identities that
like yahoo accounts funny enough hotmail accounts um all Hotmail accounts. I know the passwords, and it tells me, yes, it's a password,
but you have to verify.
And one goes to a pay-as-you-go number I no longer have,
and the other option is the email address, which I don't have.
So it's, hey, what are you going to do?
Lost those accounts.
And the third one is an ex-of-kin who you're no longer on speaking terms with.
So that's, yeah no i do understand
that frustration obviously i'm not sitting in a war-torn country so i can't empathize you know
to that level it's this this i think i've got minor inconveniences that's the part of this
that really you know i think sort of hurts the most is there is real human suffering at the end of it. And I think it's, you know, Microsoft is being,
is insulated from that
and is frankly not joining the dots.
But anyway, that was
Rant of the Week.
We're not lazy when it comes to researching stories.
Nope.
We're just energy efficient. Like and subscribe to the host unknown podcast for more esg adjacent tips
right jav over to you
all right so after tom uh as usual brings us down i'm going to lift us all up not with one but two billy big balls of the week um so uh oh my god i can see on the screen uh listeners it's like
andy's and tom are both like one of them pointing at their watch, the other one's doing the speed it up motion, so I would
not take a long time on
these. Okay.
Scalpers work with
hackers to liberate,
liberate, I say, Ticketmaster's
non-transferable tickets.
Billy Big Balls
of the week.
No, that was not the end of my
Billy Big Balls.
Oh, for guys that think that...
I just had to. I just had to.
Yeah. No, you didn't have to.
You know, it's like, we're already short on time.
But anyway.
So there's a technical battle and a legal one
going on between ticket scalpers
and platforms like
Ticketmaster and AXS, in which the hackers have figured out how to extract untransferable tickets
from their accounts and generating entry barcodes on parallel infrastructure that the scalpers
control and which can be sold and transferred to customers. So they reverse engineered how Ticketmaster
and make their electronic tickets
and how to regenerate it.
So this is really great
because it's like a classic hacker story.
It's not that they're robbing Ticketmaster.
It's like people have bought the tickets
and now they can't resell them or they have to go through a ticket master platform and pay another
whatever 20 30 for for that privilege so you know if if i've bought a ticket and i want to say oh i
can't go tom here you go you take it it's like why should i have to pay 20 for that um exactly it's like so i like it because it's
like one of those you know defcon early defcon day stories where like hey stick it to the man
and uh you know so highlighting putting a spotlight on poor business practices that
ticketmaster are known for as well. They're known for adding service charge, convenience charge,
printing charge, e-ticket charge, blah, blah, blah. Exactly, exactly. So that was that. I thought
that was really, really cute. And the second story, which I'll jump onto quickly, is another
story of sticking it to the man in more ways than one as gay furry hackers breach the conservative
u.s think tank behind project 2025 um so it's the heritage foundation and they
have plans which um like Donald Trump favour,
and their plans include sweeping reforms to consolidate executive power,
reinforce Christian values across the government and society,
and removing funding for climate change.
The Heritage Foundation is a staunchly conservative view of many items.
It's against abortion, LGBT rights and funding for Ukraine, while also rejecting the scientific consensus on climate change.
You know, so the gay, furry hackers, they thought, well, we're not having that.
And they've released two gigabytes of data lifted
from the heritage foundation and a set of proposals that would bring the usa closer to
being an authoritarian state and again i thought this was a really like you know have you read the
transcripts between the hackers and some of the representatives from project 2025 i'm i'm i'm efficient in my
story so no they're vile as in the the hackers are like hey you know this is what we've done
and this is why i've done it and and the um the people they're talking with the executives they're
talking with one of them says well we're going to take you down so you're going to get ass-raped in jail this time next year
and blah, blah, blah.
It's horrific.
It's absolutely vile.
Good Christian values.
Good Christian values, exactly.
So did the gay furry hacker saying,
why are you threatening me with a good time?
Well, precisely, for a start.
But interestingly, the hackers in this instance
maintain the moral high ground, believe it or not.
Easily believable with that.
With the Republicans, yeah.
Yeah, exactly.
I mean, Trump's had, what, four wives?
He's got three different baby mums or whatever.
It's like good Christian values, right?
That's it.
That they want to restore to America.
USA.
USA.
Oh, dear me.
Billy Big Balls of the week
30% nostalgic
30% ranty
30% ballsy
and 30% terrible at maths.
You're listening to the award-winning
Post Unknown Podcast.
Well, since we're running out of it, Andy, what time is it?
It is that time of the show where we take,
no, where we head over to our news sources
over at the InfoSec PA Newswire,
who have been very busy bringing us the latest
and greatest security news from around the globe.
You had two jobs, Andy. Two jobs.
Industry news.
Ten billion passwords leaked on hacking forum.
Industry news.
Crypto theft doubled to $1.4 billion.
TRM Labs finds.
Industry news.
Russia blocks VPN services in information crackdown.
Industry news.
Ticketmaster extortion continues.
Threat actor claims new ticket leak.
Industry news.
Cyber attack on Evolve Bank exposed data of 7.6 million customers.
Industry news.
Most security pros admit Shadow, SAAS and AI use.
Industry news.
Russian media uses AI-powered software to spread disinformation.
Industry news.
Smishing triad targets India with forged surge.
Industry news.
Fraud campaign targets Russians with fake Olympic tickets.
Industry news.
And that was this week's...
Industry news. Huge if true.
Huge if true.
Huge.
Jeff, how do you pronounce S-A-A-S again?
Do you want to just like...
You know what?
I was looking at that and I was just thinking in my mind.
So first I was looking at it and I was thinking S-A-A-S.
And then I thought, oh, you know, sass,
like if you pronounce it how it's spelled, S-A-S,
it's like sass, which actually in Urdu or Hindi
means mother-in-law.
So...
All of this went through your head in the split second
before you before you
yeah exactly the word enunciated it that's right oh dear so uh this is a story that actually almost
three quarters of cyber security professionals have used unsanctioned apps including ai in the
past year and back orifice and back orifice. And back orifice.
But you know what?
It's most acknowledged data loss,
lack of visibility and control in data breaches
as a top risk of using unauthorised tools,
but they continue to use them.
Well, yeah, because we're professionals.
We know what we're doing.
Indeed.
Yeah, those rules are for everyone else, not us.
Yeah, not those stupid users who haven't got a clue what they're
doing you know what go back 20 years the same arguments were being used oh no they're using
google oh no you're using the world wide web well do you remember there used to be a google desktop
app uh google search so it would index everything on your desktop and you could find files and stuff
that was fantastic that was i used to use Lookout, which was for Outlook specifically.
That was before Outlook would run an index and a search capability.
Okay.
It was a great little app called Lookout.
Did that attach onto the side of your Rolodex?
Yeah, it was a little small man.
He used to fit through and look at things
and every time i had a calendar appointment he used to go bingley bongley beep it's time for
it's a scan all the business cards or was it more like mr tom bingley bingley
no no i wasn't racist that's how you used to roll that's how you used to roll
uh i the you know the russians banning the vpn services and
information crackdown which is fine i'm shocked they haven't done that already but i know right
but then apple have been criticized because they've been facilitating they've blocked
all vpn services in russia from their app stores so apple have got a form of doing this haven't
they when the go i think the
the saudi government ban like threaten them with something because like they want to be in the
market right they want yeah yeah rich russians to buy their iphone so um i think you know apple
apple looking at purely as a financial decision not i thought so many companies pulled out of
russia completely i thought apple was one of them, but obviously not.
Well, didn't we do a story about how all these car manufacturers had pulled out of the market, but then almost one of their neighbours,
like Belarus, sales to Belarus has shot through the roof.
Yeah, true, very true.
Yeah, so there's ways there.
I don't know.
But I am surprised that Apple are not already,
or weren't previously blocking that stuff.
Yeah.
But they've also blocked VoIP services, by the looks of it.
What, Apple or Russia?
Russia.
Well, yeah, yeah.
Yeah.
Well, because it's harder to intercept, isn't it?
Yeah, but it includes voice messaging on WhatsApp.
What?
Yeah. Yeah.
Yeah, so my brother-in-law, he lives and works in Dubai.
He lives in Sharjah, but he works in Dubai.
But we can't call him on WhatsApp.
There's another app that my wife's downloaded just to speak to him because it's like, I suppose it's got a backdoor to the...
The Saudi government can listen to that one.
Yeah, the UAE government can...
What about things like FaceTime? Could you use FaceTime?
Funny enough, you actually have
to pay extra for FaceTime
in the UAE.
So when I was transiting through Dubai,
I saw an iPhone and it
was cheap.
A couple of hundred quid cheaper than here.
And the guy said,
we were talking, I was like, I'm going to take it because why not? It's cheaper. hundred quid cheaper than here uh and the guy said oh you know uh it would talk to us you know
i'm gonna take it because you know why not it's cheaper uh and he said oh just to check he said
do you ever do you ever use facetime and i said well yeah he said oh that costs extra but you can
only have it if you've got an international passport and i was like what and he said that
by default their their phones don't come with facetime uh they're different models um if you want one with facetime that works wow international that's like if you get if you get
a toyota corolla say for example in the uk it's like crash tested and everything but if you buy
a toyota crow lane like you know pakistan it's like it'll crumble like a like a tin of ghee
like as soon as like you know a strong
strong wind hits it they make them out of kit kat wrappers yeah exactly but um speaking speaking of
that part of the world um how the turns have tabled uh smishing tri targets ind India with fraud surge. So lots of people in India are getting smishing,
like SMS-based phishing.
And they're claiming to be from India Post,
part of India's Ministry of Communications.
But, you know, I thought if anyone knew
would know how to spot them, it would be the Indians.
But clearly not.
It's only going to be a few months before all these Nigerian princes are going to be targeted by all of these attacks.
419 scams.
Watch how the hunter becomes the hunted.
Yes.
Oh dear.
Anything else
or shall we move on?
Let's move it on.
Let's move on indeed.
That was this week's
Industry News.
If good security content
were bottled like ketchup,
this podcast would be
the watery juice
which comes out
when you don't shake properly.
In a niche of our own
you're listening to the award-winning host unknown podcast
all right andy take us home with this week's
tweet of the week we always play that one twice tweet of the week this week's tweet of the week
comes from dennis hestad, who has,
it's a visual tweet, so I shall describe it for you. He has taken a screenshot of the New York
Times. So clearly he saw a headline that he was interested in, so he clicked through it.
Headline simply says, everyone wants your email address. Think twice before sharing it. And when
you click through, it comes up behind a
paywall and it says, thanks for reading the Times. Create your free account or log in to continue
reading. And then it proceeds to ask for your email address. Yes, it's very meta. Well, the good
thing is you could just provide a Hotmail account and then use a Skype call to call Palestine,
and then, you know, you won't get any more spam.
Well, you won't get any more email address either.
Yeah.
Damn me.
Excellent. Thank you. That was this week's...
Well, we have come
barreling into the end of the show
as usual
Gentlemen, thank you very much
for your time today
Jan, thank you very much
for your wit, wisdom
and erudition this week
Yeah, you're welcome
And Andy, thank you
Stay secure, my friends stay secure
you've been listening to the host unknown podcast if you enjoyed what you heard comment and
subscribe if you hated it please leave your best insults on our reddit channel worst episode ever
r slash smashing security if any episode is going to get us cancelled is this one really hey it's you it's all you man
like i stayed well away from anything controversial impersonate you two were the ones that were like
you know ragging on the republic, saying how bad they are and everything
and how they got like non-Christian.
I'm not going to get cancelled for that.
No.
I mean, I think that's like where our three US followers are from.
Well, you should say hello to them when you're in Florida next month.
I will.
Yeah.