The Host Unknown Podcast - Episode 202 - The Dog Eating Episode
Episode Date: September 16, 2024This week in InfoSec (11:25)With content liberated from the “today in infosec” twitter account and further afield12th September 2014: Stephane Chazelas contacted Bash maintainer Chet Ramey about... a vulnerability he dubbed "Bashdoor", which later becoming known as Shellshock. It was publicly disclosed 12 days later.Shellshock was kind of a big deal - and the vuln had been in Bash for 25 years!https://x.com/todayininfosec/status/1834293229472416242 9th September 2001: Mark Curphey started OWASP (the Open Web Application Security Project). In 2023 it was renamed the Open Worldwide Application Security Project.https://x.com/todayininfosec/status/1833191889790480500 Rant of the Week (16:33)WhatsApp's 'View Once' could be 'View Whenever' due to a flawA popular privacy feature in WhatsApp is "completely broken and can be trivially bypassed," according to developers at cryptowallet startup Zengo.According to cofounder Tal Be'ery, his team was building a web interface when they discovered a flaw in WhatsApp's View Once. While the feature was supposed to be limited to platforms where the necessary controls could be enforced, such as mobile clients, the WhatsApp API server didn't properly enforce it.The server would still send these messages to other platforms, but they couldn't be viewed - unless someone fiddled with the code."The View [O]nce media messages are technically the same as regular media messages, only with the “view once” flag set," the technical explanation states."Which means it’s the virtual equivalent of putting a note on the picture that says 'don’t look.' All that is required for attackers to circumvent it, is merely to set this flag to false and the media become regular and can be downloaded, forwarded and shared." Billy Big Balls of the Week (27:10)Australia’s government spent the week boxing Big TechThe fun started on Monday when prime minister Anthony Albanese announced his intention to introduce a minimum age for social media, with a preference for the services to be off limits until kids turn 16."I want kids to have a childhood," the PM urged. "I want them off their devices … I want them to have real experiences with real people."Albanese promised legislation to enact the rule will be tabled before Australia's next election, due by 2025. Opposition leader Peter Dutton broadly supported the proposal, which is pitched at parents who are tired of having to protect their kids online. Industry news (34:34)DoJ Distributes $18.5m to Western Union Fraud VictimsPoland's Supreme Court Blocks Pegasus Spyware ProbeUK Recognizes Data Centers as Critical National InfrastructureMastercard Acquires Global Threat Intelligence Firm Recorded Future for $2.65bnTfL Confirms Customer Data Breach, 17-Year-Old Suspect ArrestedIrish Data Protection Regulator to Investigate Google AIMicrosoft Vows to Prevent Future CrowdStrike-Like OutagesRecord $65m Settlement for Hacked Patient PhotosMalicious Actors Spreading False US Voter Registration Breach Claims Tweet of the Week (41:57)https://x.com/MikeTalonNYC/status/1834311262563377553 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Sorry, hang on, let me just close these browser tabs.
There we go, that's done.
That's a pretty groovy entrance, was it from like a 70s cop show or something?
I think so, it does sound like it, doesn't it?
Yeah, yeah.
I think it's one of the built-in ones here on Riverside, I'm not sure.
Starsky and Hutch, maybe, I'm thinking.
Yeah, could be.
Could be.
Or, um...
Oh, what...
Rosemary in Time?
That's another cop drama, wasn't it?
Cagney and Lacey?
Cagney and Lacey.
There we go.
Wow.
Sapphires?
You'll find that was Cagey and Lace-Ups.
Cagey.
Oh, dear.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us and welcome.
Welcome one and all, welcome dear listener, welcome the two of you to episode 206.
Oh sorry, hang on, I was going to do this as well, wasn't I?
Sorry, 206.
Look at that timing, secret of great podcasting
timing
every single time
just like 5 episodes apart
it's like one of you is like the
internet explorer
of the podcast world
yeah that would be me
I remember when internet explorer 3 came out
and I was getting really excited about what it could do
years ago this was Internet Explorer 3.
I remember IE4 came on a CD on the front of magazines.
I had to download this over dial-up.
Oh, that's why I got the CD on the front of a magazine.
Yeah, well, yeah, that was back then.
Yeah, I agree.
I was on my mother's phone bill at the time.
I was much younger than you.
Actually, actually, Tom's still on his mother's phone bill at the time. I was much younger than you. Actually, actually, Tom's still on his mother's phone bill, if you find out.
Oh, dear.
So talking about sponging off people and all around them.
Jav, how are you?
Why are you calling me a sponging off people around me?
Do I look like king charles to you
that's true you don't sponge off anybody because we've seen your savings account so
yeah you're definitely self-supporting
well maybe i just don't spend any of my own money because i'm sponging off other people
anyway how's your week been this has been a good week to sponge off
others in the in the sense that i had uh i had two conferences back to about wednesday and thursday
one was in london so i left the house in the morning went into london for the conference
where i was given coffee and croissants and what have you for breakfast and then i was given lunch
there then i hopped on a train paid for by work to go up to Manchester
to stay in a hotel.
And the next day there was another conference there
where I was fed and watered and everything for the duration.
So, yeah, it was busy, but it was good.
It was in Man United Football Stadium, Old Trafford,
which I have no vested interest in any football teams.
But what I do find, and as someone that's never really been,
I think I went to one football match once in my life,
but that was like a friendly pre-season.
The logistics are really amazing, like how they manage to,
how they design everything, how they get the players the away team
the the the home team everyone in and out and everything and how they manage them all and
the mind games they play on the visiting teams is always like interesting to see how they build
that all out so like with the the changing rooms being you know cold and uh dank and damp and you know small mirrors yeah exactly give them
a smaller changing room not enough pegs to hang the kits on that sort of stuff yeah yeah those
days are long but it's not like the old days man but uh it's brilliant though still it's like yeah
they just meet the the fifa regulations as to yeah... Yeah, exactly. Just barely. They do
not exceed by any stretch
of the imagination. No, no.
Which I think is great.
But, you know, speaking of not exceeding
by any stretch of the imagination,
Andy, how's your week been? Oh, very good.
I like it. It's been up and
down, really. I started
the week in Sweden and then
I went toland for a funeral
yeah sorry to hear about that that's never good no but uh one we're lucky we got some good weather
as the uh the the undertaker told me that he had held off the rain until two in the afternoon so
could we hurry it along um yeah um i think i was a bit exposed in the church
not knowing the
Irish words for
certain things, it's been a very long time
since I was there
or even just any of the words
generally
the priest was kind of shooting me a couple of dirty looks
got some of the bombastic
side eye but yeah obviously had a great feast The priest was kind of shooting me a couple of dirty looks. Got some of the bombastic side-eye.
But yeah, obviously had a great feast and a fair few drinks.
A good sending off, was it?
A good send off, it was indeed.
It was my aunt, she was 92, just shy of her 93rd birthday in November.
But no, it was good to see family, haven't seen for a while,
and catch up on all the
drama did you say we must catch up before you know before too long because it's only ever at
funerals that we see each other we say this at every funeral yeah exactly yeah well it's been
too long it's been too long yeah it's kind of sad. Yeah, it's kind of sad because it's like, oh, you know, we have to do a wedding,
but then we realise that we're at that age
where everyone's either already married
or not going to get married,
so we're looking at their kids to get married.
My grandad had a suit, his posh suit he used to wear,
and he said every time he put it on,
he'd just go in the inside pocket
and pull out the order of service
from the last funeral he wore it at
every time you know oh man you should just get a bit stitched on the inside of his suit like just
open up the jacket a bit like see yeah no no what the standard order so yeah exactly exactly
oh dear but talking of uh anticipating funerals tom how was your week
uh well you know that my life is over as we know it uh because as
i've said i think for the last few weeks taking my my daughter to university tomorrow so uh do
you know what it's been it's been although you know work's been fairly uneventful and stuff like
that um but yeah i've been feeling anxious all day today, really, you know, without wishing to bring a downer.
Not that we could go much more down than a funeral, but not wishing to bring a downer.
But I've just been feeling really anxious all day.
And I've realised I'm starting to get a little bit emotional in my old age about this sort of thing.
So, yeah, it's a bit weird.
Oh, about university?
Well, about, you know, saying goodbye to my daughter as she goes
off to london you know it's uh this is your youngest isn't it yeah youngest exactly yeah
exactly weird in the nest yeah i know i know i it's and it's uh yeah very odd and like i said
i've been fine about it you know obviously i've been harping on about it but i've been fine but
yeah just today i've been feeling grumpy And a bit anxious
That sort of weird feeling in your chest
Like you think there's something wrong
But you can't work out what it is
So yes, she's going to be the death of me
Could be an angina
It could be
Hopefully, yeah
Because that would be easier to deal with
To be honest with you
Oh dear, and talking Hopefully, yeah. I mean, because that would be easier to deal with, to be honest with you.
Oh, dear.
And talking... Oh, sorry.
Does it feel the same way as before you get off on stage
to do a talk?
Well, I don't feel like that anymore.
I know, but I used to.
And funny enough, we were joking about that earlier this week
in the chats.
But yes, it does feel like that.
A little bit of an
impending sense of doom it absolutely does i'll tell you what happened yesterday at the conference
i was at um i was due to so all the talks were only 15 minute slots so it was quite nice it was
like so i liked it and there's the speaker before me so i went up to the stage to the av guy got my
mic and everything and i just
how coincident i just said to him could i just see the slides that you got for me and like just to
you know see what i'd sent them like three months ago and forgotten about yeah and they had the
wrong slide deck it was like someone there was a mix-up somewhere. Either I or someone else had sent them the wrong slide deck.
And, you know, that was a real, like, Code Brown moment.
Oh, my God.
Did you have a spare copy in the cloud or anything?
I had my laptop with me, so I quickly ran, got it,
USB, copied it over, plugged it in just in time.
Thank goodness for being able to bypass usb restrictions
i was gonna say that's and i and that's something i only had fixed like a couple of months back
because i was at a conference where because the annual renewal hadn't gone through yeah um my usbs
were locked down but i said like this is the exact reason why i need it because when i go to a
conference sometimes things mess up oh my goodness it's like when I go to a conference, sometimes things mess up.
Oh, my goodness.
It's like when it happened to me where I've sent them, you know, in PowerPoint and I use the latest version of PowerPoint on my Mac and it's very compatible, etc.
And they've got like a version of PowerPoint from, you know, two or three versions ago or a couple of years ago.
And it screws up the formatting entirely and they don't have what is a
a widely downloaded font in the new version in their version and that and oh it's just
horrendous that happened to me uh besides exeter just recently although i was a last minute
edition because their keynote didn't turn up uh because he was off sick and so I jumped in so it's kind of a little bit more understandable but but
yeah I looked at your heart sinks when you look at the thing oh my god I can't
do this I swear this was looking better when I created it yeah that's right
that's right it's I'm not as incompetent as this deck makes me look out to be.
Anyways, talking of incompetence, forthcoming or otherwise,
shall we see what we've got coming up this week?
This week in InfoSec shows that you're always running a vulnerability.
Rant of the week is a politically insensitive wiretap.
Billy Big Balls is an
example of governments taking on big tech. Interesting news is the latest and greatest
security news stories from around the world. And tweet of the week is all about the points.
So let's move on to our favourite part of the show, shall we? It's the part of the show, shall we? It's the part of the show that we like to call...
This week in Infosec.
It is that part of the show where we take a trip down Infosec memory lane with content liberated from the today in Infosec Twitter account and further afield. And today, our first story takes us back a mere 10 years
when Stefan Ciazelas contacted bash maintainer Chet Ramey
about a vulnerability he dubbed Bashdoor,
which later became known as Shellshock.
It was publicly disclosed 12 days later.
And Shellshock was kind of a big deal
because the vulnerability had been in Bash since its inception
on the 9th of August, 25 years before that.
But that was 10 years ago?
Apparently so.
They had a logo and everything for that one, didn't they?
They did.
It was good times back then.
It was almost like masking badges.
Ten years.
If you'd asked me, I would have said five.
Yeah.
Because Shellshock and Heartbleed, they both had the big logos and everything.
So Heartbleed was like ten years ago as well?
No.
Yeah, I don't know it it was very close is this where
you're going to find out there's probably like 15 years between the two yeah i'll probably only
have to wait a week and it'll be in next week's one right yeah 2014 no 2014 oh my god if you've
just joined us this is the old men wondering wondering how they got so old so quickly.
Where did the time go?
But 10 years ago.
Heartbleed was 10 years ago.
Jeez.
I know.
Crazy. But there are lots of other things that happened this week in InfoSec over the years.
But the one that I had to stick in was from the 9th of September 2001, a mere 23 years ago,
when Mark Kirby started OWASP, the Open Web Application Security Project,
because I missed the memo where in 2023 it was renamed the Open Worldwide Application Security Project.
Really?
Those were the exact words I was about to use.
I did not get that memo.
No, I did not realise that.
I mean, it makes sense, but...
Yeah, open worldwide, not open web these days.
Yeah, because they're talking about a whole bunch of stuff now, aren't they?
Yeah, I mean, it makes sense, but it's just, you know,
you've got to share this stuff, right?
Yeah, exactly.
You've got to put a bulletin out there. You've got to do a, you know, it makes sense, but you've got to share this stuff, right? Yeah, exactly. You've got to put a bulletin out there.
You've got to send to all, not just people in the know.
Yeah, exactly.
Speak to Stefan Ciazella.
He knows how to market changes.
Good Lord.
But you know what?
I get what they're trying to do,
but I think there's a certain charm
in retaining the original name,
even if it doesn't apply.
Because, you know how, like,
because that's, A, it's normal,
it becomes ingrained in everyone's, like,
shortcuts and memories.
And secondly, it doesn't really matter
what the origins were.
It just becomes, like, folklore. It's like, why is the origins were it just becomes like folklore it's
like why is the save icon on words shaped like a floppy drive the floppy drive yeah which most
kids have never used or why do we call it hanging up the phone when no one hangs up a phone physically
i think it's the same thing so you know from from that perspective i think they should have kept it as the open web.
Or just renamed the organisation OWASP, if you see what I mean.
Just remove the full names because that's what everybody calls it anyway.
Yeah.
Isn't that what ISC2 did?
Yeah. They stopped calling themselves IISSCC or whatever that stood for.
Yes, that's right.
And it became ISC2 and now they're just ISC, aren't they? ISC2. ISC for Yes that's right and it became ISC squared And now they're just ISC aren't they
ISC2
ISC2 that's right
That's how it's officially pronounced now
Which is just ridiculous
It is just
It doesn't make sense it doesn't work
But you know they've got branding guidelines
And internal memos and stuff
Like pushed out to everyone
Do not refer to us as probably cost hundreds of
thousands for a pointless exercise that's yours and other people's annual maintenance fees gone
towards rebranding something for no value whatsoever and if you've just joined us this
is the old men shouting and waving their fists at the moon podcast of things that annoy us.
Brilliant.
Thank you very much, Andy, for this week's...
This week in InfoSoul.
In Springfield, they're eating the dogs
sorry i don't know where that one came from hang on let me let me uh
the host unknown podcast orally delivering the warm and fuzzy feeling you get when you pee yourself
you know i was thinking that even once andy leaves the podcast or for whatever reason
we'll still call this the host unknown podcast that's how tied i am to the branding
what when this even when the sole founder leaves even when the unknown member leaves yeah yeah we're not just going to call
ourselves the host podcast no no or the known post the known hosts or the podcast yeah that's
ridiculous okay let's move on to uh oh god I'm completely lost now
listen up
rant of the week
it's time for
mother f***ing
rage
so my rant of the week
this week
is about my favourite
company
guess who
says
oh I've just asked
the two of you
while you're both eating something you can literally
see us both eating and you decide to ask a question or if we both got our mouths full
if you two want to stuff your faces in the middle of the podcast
i am gonna you're gonna be found out is all I can say. Anyway, shall we start that again?
Go on.
I thought you loved the sound of your voice so much,
there's no way you're going to involve us in this.
I figured we had a good five minutes while you go off on a rant.
I just like to keep you on your toes, you know.
So, yeah, this week's rant of the week is about my favourite company.
Can you guess who it is, guys?
You're still eating, Andy.
Even with that much notice, you're still eating.
What's the name of that company that does the old folks' homes?
Is it that one?
Churchill Retirement Homes?
No.
Yes, yes.
No.
No.
OK.
We know it's got to be Meta.
It is. It is It is
It's all about meta, Facebook
And this is WhatsApp
And as you may or may not know
There is a feature in WhatsApp
A popular privacy feature in WhatsApp
That has been completely broken
And can be trivially bypassed, according to developers at
a crypto wallet startup, Zengo. I mean, I'm already suspicious of their claims because they're
a crypto wallet startup. I mean, at least two of those three words are dodgy straight away.
two of those three words are dodgy straight away. So according to their co-founder, Ty Berry,
they were building a web interface that was going to interact with WhatsApp using their API.
And they found a flaw in their WhatsApp's view once feature. So what this feature is, is if you want to send, say, I don't know, your two friends in a podcast, a picture or, you know,
a naked picture of yourself, just because you can, right? But you just want to make sure that
they don't, you know, forward it onto their friends or the media or family, etc.
So you mark it as view once.
And so when you open up the picture, you can view it for a period of time.
And then as soon as you close it, it's gone.
You cannot see the image again.
But, you know, there are ways and means around it.
One of the members of said podcast may have shown me that actually you can get around it because you you either take a picture of it with another camera, you know, or something like that. Right. But it can allow you to.
The only reason I can think of using it is for sending, you know, unsolicited, you dick-dick pics or something like that. But nonetheless,
it is technically a privacy feature that allows the sender to restrict how an image they send
is used, etc. And great. That sounds brilliant if that's what you want to do. And this is a feature of said WhatsApp that you can do this.
So when you send it, you feel fairly secure, you know, notwithstanding the other weaknesses that might be in play,
but you feel fairly secure in the fact that it won't be used again.
However, what they found was that when using the WhatsApp API, all that happens is the server, is the WhatsApp server,
the meta servers, all they do is they keep the image and then just flag the image as view once.
They don't actually remove it or secure it or whatever. It's just flagged as view once. It's the equivalent,
as they say, of putting a note on the picture that says, don't look, which, well, for a start,
is going to make you want to look. And all that is required for attackers to circumvent it is to merely set this flag to false, i.e. you can look, and the media
becomes regular and can be downloaded, forwarded and shared. Now, meta is not short of a bob or two.
I can't imagine that they didn't realise that this is how it works, i.e. that all they've done is put a tag on it. I
cannot believe that they did not test it and realise that actually, if you were just to change
the flag, it could be downloaded. And so they're marketing a privacy feature that is not private,
not truly private, and is open for abuse and attack by nefarious third parties.
And this is like three years in the making. And what, you know, they said that they've
notified WhatsApp about the issue two weeks ago via Meta's bug bounty program.
about the issue two weeks ago via Meta's bug bounty program.
And a spokesman had confirmed that the program had been logged and was being investigated, and that's it.
But as we know, that means the square root of bugger all in these words
because it's probably not really in WhatsApp's interest to overhaul their code
or it's going to get stuck in a queue somewhere or
something like that uh because it's not a feature that they can either monetize or whatever so
uh yeah shame on your whatsapp for advertising a privacy feature implementing a privacy feature
and then screwing up said implementation of privacy feature no you're wrong well yes obviously so this is another example of using
trying to use technology to fix what isn't a technology problem fundamentally
if you don't trust the person you're sending your dick pic, to not send it on or share it or take a copy.
Don't send it to them.
That's the fix to this.
You can't keep adding technology on top of this.
No, no, no, no, no, no.
No, no.
If they did not have a feature that enabled this,
then they probably wouldn't send it.
But they have enabled a feature, advertised said feature,
implemented it and said, you can send a picture for view once,
and then it can no longer be viewed, downloaded, or forwarded.
And for the most case, that works.
They were just trying to copy.
Meta's always been about what features are popular in other platforms,
like Snapchat or something, and let's copy them as quickly and cheaply as possible.
Yeah, so basically they're very poor implementers of code.
As you alluded to in the beginning,
you cannot think of any reason for this
other than people sending dodgy photos to each other.
Yeah, but that's just because my mind's in the gutter.
I mean, there may actually be valid uses for it.
If you're a Tory MP, you'd probably use it to share, like,
state secrets or something like that.
Yeah, yeah.
Or pictures with you with a plastic bag on your head
with an orange in your mouth and a budgie flying around inside it.
Yeah, something like that.
But I don't...
Honestly, I think it's...
While the issue is true,
like they could do a better job or a good job
of actually implementing the feature,
I think the real issue here is like why are people,
so many people, especially young people,
sending these kinds of images?
This is like saying, you know,
if you don't want your naked pictures online,
don't send them out.
But the fact is people want to share these.
That's exactly what I'm saying.
It's not lying.
That's exactly what I'm saying.
Yeah, but people want to do this because they're in certain types of relationships
and want it to be done in a safe and secure for both parties way.
See, I just use it for like ransom notes so they can't share the evidence with the uh
there you go there's another use case yeah you know and and you know and if andy said
since sen said ransom note and it gets copied and forwarded on and etc and he's arrested that's not
on him that's on meta exactly that's not what i signed up for sleep at night yeah with his secondary eyelids closed that's how he sleeps at night
rent of the week
in springfield they're eating the dogs the i i don't i'm sorry I don't know what's going on here
there's some interference coming on
with the soundboard and there's all sorts
of crap coming through
you're listening to the
double award winning
host unknown podcast
ok Jav over to you
let's see which criminal you're going to be bigging up this week.
I ain't.
Big Littles of the Week.
Now you'll understand my stance on the previous story.
Because people, especially young people, shouldn uh you know dodgy pictures of themselves
uh especially especially if you're underage because then like lots of people get in trouble
who who maybe were adjacent to to the incident or what have you but the the lawmakers from Down Under have taken notice and they have made the Billy Big Balls move of announcing the intention to reduce a minimum age for social media.
Wow.
With a preference for the services to be off-limits until kids turn 16
how do people prove when they turn 16
they show them a pack of cigarettes they've just bought yeah um i don't well i don't well i guess what it is is you just you just push the the year thing
back to 16 years ago on the website when you go there yeah or when you sign up it says do you
confirm that you're over 16 and you tick the box gotcha fair enough always the most obvious answer yeah yeah but and then the prime minister said
like you know anthony albany's said i want kids to have a childhood i want them off their devices
i want them to have real experiences with real people um and uh you know that the proposal is um pitched at parents who are tired
parents who are tired of having to protect their kids online not as tired as the parents who have
to parent as opposed to giving them an ipad and like shut up and let us enjoy dinner digital
babysitter yeah yeah absolute parents are tired
of having to parent their kids
is what this sounds like.
What's somebody think of the children?
I think
it's such a ridiculous idea
and there's no way of
implementing it. I just think
the sheer audacity of someone
and it's got to be the Australians
who think they've got the
balls big enough to to actually pull this off uh to say yeah i mean like anyone with kids over like
as soon as they hit 12 you can't tell them what to do or not to do i don't think anyone in this
day and age can actually have any level of control that or that level of control over their kids when they're 16.
Try telling them, no, you don't have a phone,
you can't use YouTube,
you can't be playing games online with chat features
and all that kind of stuff.
Not going to happen.
Yeah.
But I applaud the attempt.
Can I just add to that?
Because I don't know if you saw,
the Australian government didn't just stop there.
That was just, it's like a Craig David song.
Like on Monday, you know, he sort of introduced a minimum age for social media.
Catchy, that really scans.
Straight off the tongue, just rolls it right.
Work with me, right.
Give me a beat.
Give me a beat.
So on Wednesday, he has gone after facebook uh again in terms of um
the he's looked back at all the um all the data that ai models have used to be trained he's gone
as far back as 2007 and uh figured out whether they were private or posted by people under the age of 18.
And he's going off to Facebook about that.
And he basically wants some sort of compensation for that, about who owns the content and that type of thing.
And then on Thursday, he did a privacy law update aimed at protecting people's data that's been exposed by breaches.
He's going to make doxing a crime.
And then there's amendments to hate crime laws
that strengthen existing criminal offences,
similar to what the UK have just done about, you know,
throwing people in prison for inciting violence, that type of thing.
And also he's introduced laws that require digital platforms
to explain how they handle misinformation and disinformation on their services and if providers don't agree to a voluntary code the government will create one
for them and make it enforceable well so i mean you know missing the mark on one out of four or
five or whatever it is isn't too bad i mean most of those other ones sound fairly reasonable to me
and then we keep going and fr Friday, he rounds off the week
with an anti-scam plan
that singles out digital platforms.
So for people who get scammed
on Facebook Marketplace
and those sort of online platforms,
he wants more done
to protect Australian consumers from scams.
And there are penalties
of up to $33 dollars us dollars that is 50
million australian dollars um as appropriate for breaches of planned requirements to detect and
block scams so they they've gone hard this week yes and you know that they can't be completely
wrong they must be doing something right for Elon Musk to have come out
and labelled Australia's government as fascists.
Yes.
That just means he can't be pushing his Dogecoin investments.
Yeah.
What is he doing these days, honestly?
He has gone so far off into the deep.
Oh, my goodness.
I'm waiting for him to have gone so far right
that he starts becoming left wing.
Yeah, he goes all the way around.
Yeah, exactly.
That only would happen if the world was round.
Oh, this is true, yeah.
If you know it's flat, he'll just keep on going right.
Yeah, that's right.
He's basically like the reverse of the Daytona 500.
Well, just go on, keep turning left.
Keep turning left.
OK, that was this week's...
Billy Big Balls of the Week.
In Springfield, they're eating the dogs.
There's that interference again.
I'm not sure what's going on there.
Sounds very serious.
If you work hard, research stories with diligence and deliver well-edited, award-winning,
studio-quality content for high-paying sponsors.
Then you too can be usurped by three idiots
who know how to think on their feet.
You're listening to the award-winning Host Unknown podcast.
Hopefully we won't get the interference next time we run a jingle.
But talking of time, Andy, what time is it?
It is that time of the show where we head over
to our new sources over the infosec pa newswire who have been very busy bringing us the latest
and greatest security news from around the globe industry news
doj distributes 18.55 million to Western Union fraud victims.
Industry News.
Poland's Supreme Court blocks Pegasus spyware probe.
Industry News.
UK recognises data centres as critical national infrastructure.
Industry News.
Mastercard acquires global threat intelligence firm Recorded Future for $2.65 billion. Industry News. Mastercard acquires global threat intelligence firm Recorded Future for $2.65 billion. Industry
News. TFL confirmed customer data breach. 17-year-old suspect arrested. Industry News. Irish
data protection regulator to investigate Google AI. Industry News. Microsoft vows to prevent future
CrowdStrike-like outages.
Industry news.
Record $65 million
settlement for hacked
patient photos.
Industry news.
Malicious actors spreading
false US voter registration
breach claims.
Industry News.
And that was this week's...
Industry News.
Huge of truth.
Huge.
Huge of truth.
Huge.
Ooh, let's see what we got here.
Microsoft vows to prevent future crowd strike-like outages.
Now, call me a cynic, but I think this is just Microsoft
now going to make it even harder for partners to deploy on their platform.
Absolutely.
You know, just like degrade their services,
and then it's going to be like well if you go defender route
everything's going to have to use defender yep yeah that's oh you heard it here first i wonder
would that be that would be considered anti-competitive though wouldn't it yeah but
that would take years to work i think they've also got a good justification to classify it as an availability protection.
If you consider the air traffic control delays and airlines that had to shut down,
the impact was pretty huge.
And I think they've got good grounds to say,
look, we're the only ones that should be messing with the kernel.
Yeah.
Yeah.
Very true.
Oh, the UK recognised data centers as critical national infrastructure this is a very sensible move i have to say because again you know we i know the
crowd strike thing was not about data centers per se but it does go to show quite how important keeping systems online is in in any kind of modern economy nowadays
and uh yeah it'd be um it'd be interesting to see how they stack up against some of the
requirements of now being in the you know in a in a regulated industry yeah so i um i looked at the
poland supreme court blocks peasus spyware probe,
and I wasn't aware that they were doing a spyware probe.
But a probe was supposed to be conducted by a parliamentary commission,
which is one of the promises of Poland's ruling coalition led by Donald Tusk when he came into power in 2023.
But the fact that the Supreme court has blocked it tells me that
yes they were using pegasus in the country and um probably going far and above what you even
think was happening absolutely yeah yeah very true very true i i also think it's interesting
i think last week when we spoke about the tFL breach and we were talking about how they were very clever with their words
saying we're not aware of the customer data being breached
because they didn't want to trigger any 72 hour clock
They gave the notification, yeah
And now it's like, oh yeah
there was some customer data breached
and we've got a 17-year-old kid.
Yeah, that's right.
No, it was an extremely...
Highly sophisticated.
Highly sophisticated and advanced attack.
Yeah.
Nation-state-like.
Yeah.
Run by Kevin from his bedroom.
Yeah.
His mother's basement, yeah.
Oh, dear. What where else we got that record 65 million dollar settlement for uh the hacked patient photos yeah we actually covered this um
uh back in 2023 when it actually happened so it was um 135 000 patients of and employees of this Lehigh Valley Health Network,
which is an independent healthcare network based in Pennsylvania,
they got hacked.
They lost the names, addresses, email addresses, dates of birth,
social security numbers, passport information, various medical data,
as well as their nude photos.
Oh, yes, that's right. And so it was the patients that were receiving treatment were photographed in the nude and a lot of them didn't
even know this was happening um so those images were stored on the network um and then subsequently
stolen by hackers 65 million isn't going to cover it though is it it really is 65 so everyone's going to get between
50 and 70 000 um the ones that had their nude photos um depending on how how well their nude
photo was rated yeah exactly yeah so it goes through yeah the thing that gets me is that they
weren't even aware that their photos were taken and I bet they wish they had the view once only flag turned on.
That's right.
I bet they wish they had that flag saying, do not look at this again.
A little post-it note.
Just one on each nit.
I actually read a story once about how some lady was in for a procedure
and she dyed her pubes green
and then she wrote a note above it
saying keep off the grass.
No.
Dear me.
Oh dear.
Right, well, on that lovely note,
let's move on, shall we?
That was this week's
Industry News.
In Springfield, they're eating the dogs.
I don't know what this is.
There's still...
I don't know.
Do you hear that?
Yeah.
Do you guys hear that?
Some whiny, whiny kind of thing going on.
I don't know.
Feeling overloaded with actionable information
fed up receiving well-researched factual security content
ask your doctor if the host unknown podcast is right for you always read the label never
double dose on episodes side effects may include nause, eye rolling and involuntary swearing in anger. Right, Andy, why don't you take us home with the story, well, the tweet of the
week and the story that we all seem to be avoiding in this week's industry news. It's time for
Tweet of the Week. And we always play that one twice. Tweet of the Week. And this week's Tweet of the week. And this week's Tweet of the Week is started by Mike Talon NYC
and finished by Brett underscore sec.
So Mike says, so did MasterCard buy Recorded Future on credit card?
Because the interest is going to kill them unless they pay off the balance really fast.
And Brett replies, clearly they were trying to get those reward points
and needed a big purchase.
I feel so seen. Clearly they were trying to get those reward points and needed a big purchase.
I feel so seen.
Not that I bought, you know, something like Recorded Future recently,
but, you know, oh, if I put it on this card...
We've all been there.
Yes. Oh, yes.
Some of us as recently as last weekend.
What did you get? What did you get? What did you get?
weekend what did you get what did you get no i was looking towards mr sweden for a points run oh dear moving swiftly on
all right folks um we've come barreling into the end of the show uh thank you very much gentlemen for your
your time this week uh jav thank you um for your wisdom and generally well-informed opinions
wow you said something genuinely nice i mean like i don't know whether it was genuine from the heart
but wow that that get
that angina looked at as i'm honestly seriously it's missing with you it wasn't just from the
bottom of my heart it was from the heart of my bottom and andy thank you stay secure my friend
stay secure you've been listening to the host Podcast. If you enjoyed what you heard, comment and subscribe.
If you hated it, please leave your best insults on our Reddit channel.
Worst episode ever.
R slash Smashing Security.
In Springfield, they're eating the dogs.
That was a great debate to watch. god it was a master class in manipulation
she was just puppet master yeah you call it puppet mastering or a master class it was basic level one
puppeteering you don't need to do much it's such a user-friendly interface
it's like an apple of the puppeteering wheel.
Just press a button and it works.
Crowd sizes.
I think she should be, you know,
prosecuted for the equivalent of bear baiting or badger baiting.
I mean, it was just, it was a cruel and unusual, to say the least.
I think it's more like electrocuting fish in a pond or something.
Yeah, going fishing with a hand grenade.
Yeah.