The Host Unknown Podcast - Episode 203 - The Too Soon Episode
Episode Date: September 24, 2024This week in InfoSec (10:44)With content liberated from the “today in infosec” twitter account and further afield18th September 2001: The Nimda worm was released. Utilising 5 different infection... vectors, it became the most widespread virus/worm after only 22 minutes.https://twitter.com/todayininfosec/status/1836495262409175187 17th September 2014: Apple announced that the iOS 8 operating system (used on iPhone and iPad) would be architected to prevent it from being technically feasible for the company to extract data from customer devices. A day later Google made a similar announcement pertaining to Android.With iOS 8 Update, Apple Will No Longer Provide User Data to Policehttps://twitter.com/todayininfosec/status/1836071319030374437 Rant of the Week (17:50)No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedomBuried beneath the endless feeds and attention-grabbing videos of the modern internet is a network of data harvesting and sale that's perhaps far more vast than most people realise, and it desperately needs regulation. That's the conclusion the FTC made after spending nearly four years poring over internal data from nine major social media and video streaming corporations in the US.These internet behemoths are collecting vast amounts of data, both on and off their services, and the handling of such data is "woefully inadequate," particularly around data belonging to children and teenagers, the FTC said. Billy Big Balls of the Week (28:06)LinkedIn started harvesting people's posts for training AI without asking for opt-inLinkedIn started harvesting user-generated content to train its AI without asking for permission, angering netizens.Microsoft’s self-help network on Wednesday published a "trust and safety" update in which senior veep and general counsel Blake Lawit revealed LinkedIn's use of people's posts and other data for both training and using its generative AI features.In doing so, he said the site's privacy policy had been updated. We note this policy links to an FAQ that was updated sometime last week also confirming the automatic collecting of posts for training – meaning it appears LinkedIn started gathering up content for its AI models, and opting in users, well before Lawit’s post and the updated privacy policy advised of the changes today. Industry News (35:07) Over Half of Breached UK Firms Pay RansomICO Acts Against Sky Betting and Gaming Over CookiesAT&T Agrees $13m FCC Settlement Over Cloud Data BreachEuropol Taskforce Disrupts Global Criminal Network Through Supply Chain AttackGoogle Street View Images Used For Extortion Scams8000 Claimants Sue Outsourcing Giant Capita Over 2023 Data BreachWestern Agencies Warn Risk from Chinese-Controlled BotnetGoing for Gold: HSBC Approves Quantum-Safe Technology for Tokenized BullionsCybersecurity Skills Gap Leaves Cloud Environments Vulnerable Tweet of the Week (42:39)https://twitter.com/ProfWoodward/status/1837084678836171089 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
And then she goes like, are you a throuple?
I honestly didn't know how to react to that.
I know, right? Do we really look that close?
I don't know. I don't know.
Is it because we were holding hands or we went to the toilet together?
Possibly. Well, I wasn't holding your hand.
But that's a perfectly normal thing to do.
Yeah, exactly.
It doesn't make you a throuple.
We do also have matching glasses too.
Yeah, yeah.
And then, like, you know, so that's why I just blurted out,
oh, it's like we're a reverse Oreo.
Well, that is exactly how you explained it, right?
And then you had to explain it.
We kept calling Tom Pappy as well.
That probably had something to do with it.
Pappy?
That's daddy to you.
You're listening to the Host Unknown Podcast.
Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are joining us. And welcome, welcome one and all to episode...
203!
Ah! 207! 207!
Yes! Yes!
He finally admitted it.
I can't believe it.
The drum roll threw me off.
The fact that I just opened my cookies,
I was about to take a bite,
I had to wait for a drum roll.
My poor primitive hamster brain just failed
and just looked at the number of the episode on the sheet.
You just...
You just looked at the number of the episode on the sheet rather than just looking at the number of the episode on the sheet. You just... You just looked at the number of the episode on the sheet
rather than just looking at the number
and adding four out of pure spite.
You just harassed him like...
You played him like she played Trump in the debate.
Oh, man.
Right, let's do it again.
Cut all this. Let's re-record.
No, no, we're on. We are on.
And, yes, we're checking that Tom has pressed record and we definitely did.
Oh, dear. How are we, gents?
We saw each other this week.
In fact, I saw Andy twice as much as I saw you, Javin, in reality,
because you weren't even at the conference on Tuesday.
No, I wasn't. I was busy doing real work on Tuesday.
Hey, I was being paid.
Yeah, I suppose.
And I'm currently eating cookies that I took from that conference.
Ah!
The best kind of cookies.
Yeah, exactly.
Ones you don't need to pay for.
Stolen ones.
Yeah.
Absolutely.
So what were you doing this week, Jav?
Well, I have been busy as well.
There's been, like, events and conferences.
I was just up in Leeds yesterday, actually.
Went up in the morning for an event, came back.
And I don't know if I told...
You went up to Leeds for half a day?
Well, most of the day.
Yeah, I left at 5am.
Oof. I love the nondescript nature of like what you're
justifying as work events these events i had to go lots of events all the events no one's better
at events than i am exactly thank you for summarizing it everyone says so they said they
said to me with tears in their eyes. And they were like
crowds as far as the eye could see.
Huge crowds.
Not even Stephen Bonner
pulled a crowd like that back in his heydays.
Oh dear.
And that Dan Cuthbert guy,
he buses people in.
Yeah.
In Springfield,
they're eating the dogs.
That's not going away.
That's officially in the soundboard now.
Yeah.
But, no, yesterday's event, it was one of our partners,
which is around the corner from where our Leeds office is,
known before Leeds office is, is a company called AQL,
and they're a telecoms company.
And they built the data centre.
called AQL and they're a telecoms company and they built the data center they bought an old like 250 year old church called Salem Church and it's a listed building so they can't do much to
it but inside the main sort of like hall which like you know they've got seats all the way around
and there used to be just like a I suppose a hole in the ground where you can look down into the
basement and there's like little barriers that go all the way around.
And what they've done, they've put the data centre, well, part of the data centre is underneath there.
And they've put a glass, clear glass floor on.
In the crypts, basically.
Yeah.
And you stand on the, well, they've got like these little panels on top of the glass.
They move it depending on where they want to build the stage, so to speak.
And you stand on there and you give the presentation to everyone around you,
like a coliseum almost.
Nice!
And you look down and you can see the blinky lights of a data centre.
It was a very, very cool venue.
That sounds awesome.
It was.
I mean, compared to all these things we have at the Excel,
it's the complete opposite.
You know, the soul-sucking baron of any life Excel.
The aesthetic.
Yeah.
And even better, all the servers are cooled using holy water.
Yeah.
For that extra chill.
Yes.
Amazing uptime, as long as you're a believer.
Yeah, that's right.
OK, we're going to have the morning mass for server uptime.
But, yeah, no, that was good.
And then, obviously, the night before, all three of us went,
thank you, Andy, again, for treating us to an excellent evening of comedy.
Yes.
And it wasn't just reading through your past performance reviews.
No.
Oh, you've been waiting for that one.
In fact, that's probably why you bought the tickets, just for that.
Yeah.
Andy is that petty, yes.
I love the fact that I bought those tickets 7th of June, 2003.
And then it was like two weeks ago, Jav was like,
do we have to do it on that night or can we move it?
And then the day of, and the day of, guys, I'm going to be late.
Well, OK, in my defence, when I asked if it was movable,
at that time you hadn't told us what it was.
We had no idea it was a comedy show.
You just put something in our calendar and said, keep it free.
In terms of Andy, he also said, keep this day free.
But Tom also took the whole day off.
He didn't know what time it was.
He was saying a few weeks ago, oh, what time are we meeting you?
I can be in town at 9am or something.
I did think it was going to be something else, but it wasn't.
No, that's still to come.
That's 18 months away, that one.
Yeah, that's right.
For which Jav will still be 10 minutes late.
Yes.
No, for that I will make an extra effort,
be there 10 minutes early.
Because watching this crash in slow motion is the best thing in life.
When it's not your own, of course.
Yes, yes, indeed.
And talking of crashing in real time, Andy, how are you?
I'm not too bad. I certainly won't be crashing after eating those cookies.
I did actually
eat like a
200 gram
lint
chocolate
bear
just prior to that
so I've got a bit of that
sugar
love those
yeah
I think it's the texture
as well as the
yeah
it's like a milky
very smooth
velvety texture
isn't it
yeah
and you get nice little
thick bits
compared to
you know
other thin bits as well yeah normally on the rabbits it's kind of around the ears around the ears yes
exactly you know the ears and the base yeah that's uh you always said that you like the bear
sort of thing it was like you know i like a bear yeah yeah but uh talking of bears, Tom, how are you?
Yes.
Yeah, well, you know, I'm always the first choice, let's face it.
Yes, yeah, very good.
You had a good night out on Wednesday.
Was up in London on Tuesday for the conference, which was fun.
Good to see you, Andy, although you did bail quite early.
I bailed after lunch. You did. No promises past eating basically you you you were there like about 50 of everyone else there for the free
lunch and gone um to be fair i did arrive early enough for breakfast as well
um so that was good and then uh yeah then i was back up in l yesterday again to pick up my son,
coming back from university, load the car with all of his stuff.
Lots of plastic bags were used, as you can imagine.
Did he have to leave anything behind?
No, no, nothing at all, thankfully.
Despite my threats, he managed to get it all sorted, so that was good.
So, yes, lost one and gained one this last seven days. thankfully uh despite my threats he managed to get it all sorted so that was good so so yes uh
lost one and gained one this this last seven days um not quite sure if that's how it's supposed to
work but we shall see so on balance you're even yes have you ever considered moving closer to
london given that you spent you spent half your week there and like you know uh well yes because
that's why the house
is on the market now you know we're gonna be moving at some point don't know where and i'll
be going to reading more often so probably i probably won't go all the way into london but
probably a little bit okay pro tip based on your employment history don't invest too heavily in
reading don't move close to where you're currently working employment history. Don't invest too heavily in the Reading.
Don't move close to where you're currently working.
Don't move to where the ball is.
We need to move to where the ball will be.
Yeah, yeah.
Move two years later when they have to give you full notice, right?
Oh, dear.
And talking of cynical bastards, the two of you, shall we see what we've got coming up for you this week?
This week in InfoSec shows that we didn't always have a clever name for viruses.
Rant of the Week is a report from the school of the bleeding obvious, my favourite school.
Bleepick Balls is an example of companies just not giving a toss because there are no consequences.
Industry News is the latest and greatest security news stories from around the world.
And Tweets of the Week addresses a new fear which was recently unlocked.
So let's move on, shall we, to our favourite part of the show.
It's the part of the show that we like to call...
This week in Infosec.
It is that part of the show where we take a trip down Infosec memory lane with content
liberated from the Today in Infosec Twitter account. And our first story takes us back a
near 23 years to the 18th of September 2001 when the Nymda worm was released. Utilising five
different infection vectors it became the most widespread virus after only 22 minutes. And this was a significant moment in cyber security history
because back in September 2001, when Nimda burst onto the scene and became like one of the fastest
spreading computer worms ever seen at the time, what made it stand out was the multiple methods
of infection that it used to spread. So it sent itself to people via email attachments.
So if someone opened that attachment, the computer got infected.
Also infected websites, so you could get drive-by download
just by visiting a compromised site.
You know, your system would be infected.
It looked for shared folders on networks to also spread to other computers.
And it also altered files on infected machines to keep spreading.
And so because it had used so many ways to propagate it's called widespread disruption very quickly with computers slowing down crashing or just becoming vulnerable to further attacks
now i can't help but notice notice the date being a week after a fairly significant event
yes were the two related related? Did the virus leverage
the news of...
No, so you're talking about that
significant event, clearly, obviously,
September 11th, 2001,
when Fulham came back
from 3-1 down to beat
Spurs at White Hart Lane.
Yes, that's exactly it.
Yes, clearly, yeah.
That's exactly it.
Yeah, the twin towers of Ledley King and Sol Campbell at the back
collapsed in defence.
I'm sorry, this is one of Ricey's jokes.
On September 11th, 2002, he's half American.
He sent this email to the office and he said,
lest we forget.
And then he said, you know,
he went through this whole thing
about as a fulham fan that's what he uh went on um but look come on right it's been 23 years guys
if we can't joke about it now right you know too soon too soon exactly just a few weeks ago it was
like hashtag never forget so i don't know does that does that cancel the hashtag too soon that's
what i'm wondering about yeah Yeah. Oh, yeah.
And to be fair, Americans do go to Ireland and order an Irish car bomb in pubs.
Yeah.
Well, yes, this is true.
You know, one thing that actually on Nimda, which unlike Tom, I don't think it was poorly named.
I think it was a clever name.
It was just admin spelt backwards.
Right.
Not exactly creative. No. But, you know needs who needs to be creative when you're effective but i remember i was at a bank
at that time and we got hit and we were in security operations and we were on 24 hour
sort of we we didn't all have laptops or remote working capabilities so we had to go in the office
we physically had to be there for 20 and we were told very little we were just told check these ids logs and check the incident
queue and i and to this day none of us knew what exactly we were meant to be looking for
or what have you but now it becomes clear if you've seen the movie the other guys will ferrell
messes up he shoots his gun in the office so they take his gun off him give him a wooden gun then he messes up again and the chief
takes away his wooden gun and they give him a whistle and he goes if you're in trouble blow
the whistle and a real officer will come and help you with a real gun and i think that's the moment
that we realized we were that will ferrell character because it was basically like when
someone who's actually investigating needs an admin password,
give them the admin password for whichever server they're on.
Brilliant.
As the IT team, your job is to log on the professionals
to the systems they need to get to.
Love it.
Alas, our second story takes us back a mere 10 years to the 17th of September 2014,
when Apple announced that the iOS 8 operating system used on iPhones and iPad
would be architected to prevent it from being technically feasible
for the company to extract data from customer devices.
And obviously, always following suit, a day later,
Google made made similar announcement
pertaining to android but apple had made this change regarding user privacy and so with the
release of ios 8 it introduced this advanced encryption for all data stored on iphones and
ipads and basically what that meant was all your photos messages emails contacts uh were so so now protected so securely that even apple can
access them without your personal four digit code at the time it was um and so yeah that was a big
deal because even if law enforcement presented apple with a warrant they wouldn't be able to
provide that access to um data in your device and still haven't have they they've and still
haven't no they've actually doubled down data over well yeah i haven't, have they? And still haven't, no. They've actually doubled down. They've never actually handed any data over.
Well, yeah, I don't know whether they never have.
Well, not based on unlock this device.
Yeah, they've never unlocked a device.
Yeah, yeah, yeah.
Honestly, Google made a better joke than Matt Rife.
Like, you know, we too will, like, you know,
not allow anyone to extract data from Android.
It's like during the Iraq war.
What was it?
Comical Alley?
Comical Alley.
Yeah.
We have full control of the air.
Buildings exploding behind him.
American tanks trundling past.
Yeah.
He was offered a gig or something in America, wasn't he?
He was offered a hosting gig
based on his performances.
Offered to run for president, is that it?
Yeah, exactly.
The press secretary for the president?
You know, the one that comes to all the press meetings?
Probably, yeah.
OK, thank you, Andy. That was This Week's...
This Week in InfoSoul. Thanks. Right, just a, sorry, point of correction. the award-winning Host Unknown podcast.
Right, just a, sorry, point of correction.
It was actually, the game was actually played at Craven Cottage and Fulham came from 2-0 down to win 3-2,
just for the sake of accuracy.
Well, before a listener phones in and complains.
Before someone complains, I've given incorrect information, yeah.
listener phones in and complains before someone complains i've given incorrect information yeah on which note it's now time for
now we all know that most large technology companies gather a lot of data about us, right?
That's fairly well known.
Well, the Register has actually uncovered some research
carried out by the FTC, the Americans FTC,
who have spent nearly four years pouring over the internal data
from nine major social media and video streaming corporations in the US.
And this does include, I'm afraid to say, TikTok, my friends.
What?
Yes, exactly.
But beneath, buried deep beneath all of these endless videos
on the modern internet and endless attention-grabbing content
is effectively a huge network of data harvesting mechanisms
that is perhaps even bigger than most people think.
These behemoths are collecting vast amounts of data, and not just the vast
amounts of data that you thought you knew, but even more of it, both on and off their services.
And according to the FTC, these tech companies' handling of such data is woefully inadequate,
of such data is woefully inadequate, particularly around data belonging to children and teenagers.
Because as we know, the Americans do love to say, won't somebody think of the children?
Whereas the Australians will actually do something about it, or at least propose to do something about it, as we discussed last week. So they looked at Amazon, youtube x snap uh bite dance discord reddit and
whatsapp uh they were all asked in the in late 2020 to provide the ftc with answers to questions
regarding their data collection and use and they've uh they came up with a 129 page report um which doesn't break things down
by company unsurprisingly um and all of not all the recommendations the ft said applied to every
single platform however these are pretty pretty serious issues especially and this is coming from
america which has got some of the
loosest laws on some of this stuff right you know i mean you only need to go to well what i was going
to say even india but india has got some tight stuff going on now but um and i think part of
the problem is of course that us is doing it more state by state rather than federal laws um but they the um you know the the ftc said it was
so worried about how the web giants treated teenagers whose data is no longer covered under
copper the children's online privacy protection rule um as the enforcement ages ends at age 13. But they should still be treated as special class.
So bottom line is the FTC,
a, you know, an organisation in a country
that has not really paid much attention to this
and who has produced,
the country has produced such behemoths
that these applications are used throughout the world,
is now concerned that because there hasn't been enough regulation and because they've basically let companies uh self-regulate is now concerned that things are a little out of hand
this seems to me well both the bleeding obvious and also just a little bit too late, right?
I mean, we've been going on about it the last four years
about how much these companies get away with these things.
And that's just us from the outside looking in,
let alone the FTC specifically investigating these nine companies.
alone, the FTC specifically investigating these nine companies.
So I'm as annoyed at the FTC as I am at these tech giants,
that this is only really coming to light.
There's a quote here, America's hands-off approach has produced an enormous ecosystem of data extraction
and targeting that takes place largely out of view
to its consumers. That was from the FTC Bureau of Consumer Protection director Samuel Levine.
This is in the preface. While there have been isolated instances of firms taking pro-privacy
action, these continue to be the exceptions that prove the rule so
shocking shocking all around but also bleeding obvious and uh well you heard it here first folks
probably about four years ago at least so basically as long as the uh the company's got a privacy
policy it says it's going to steal all your data we're good yeah that's what self-regulation does
right that's exactly what we're going to tell people we're going to steal all your data we're good yeah that's what self-regulation does right
that's exactly what we're going to tell people we're going to do with their data and yeah do
you remember subprime a lot of the mortgages were self-certified mortgages weren't they
yeah so you know there's no precedence ever for anything going wrong with self-certifying
or what have you but um you know it, it is very little, very late.
The dam's leaking and now the FTC are coming out like, here's a bit of sticky tape that should patch it up.
But you can also see how powerful these organisations have got.
Like, you know, companies like Meta, last election, they were called, you know, Zuckerberg was called into Congress and he was questioned about, or well, him or his representative about, you know, how they, how didn't they know these were Russian ads?
Oh, we don't collect that data.
Really?
You couldn't tell?
You don't collect that data.
There's someone paying in rubles from wherever.
From Moscow.
St. Petersburg.
Yeah, exactly.
It was just like really, really poor.
But even now you see Musk, he can tweet all sorts of things,
disinformation, blatant lies.
And, you know, the government is really,
it seems really powerless to counteract anything like that.
I think just the laws are just not there.
And now I think it is really too late because
the technology is so indiscriminate it's just like you flood the lands and then you're like oh but we
didn't mean to flood the children or the women or the people that couldn't swim it was like you know
it's just yeah so what's interesting the ftc have got an infographic on their website to sort of explain how the social
media companies collect data from a variety of sources um and so this is what you know everyone
does so it's direct inputs from users so all the data they put into it passively gathered
information so like your ip address what devices you're using that sort of engagement with the
social media and any sort of video streaming that happens on there, users' use of other products or services provided by the corporate affiliate.
So this is other apps or, you know, things that you buy that they put the tracking on to say,
oh, your account, you know, use this.
Social media and video streaming services connections with other platforms.
So it's not just they know that you're using theirs.
They know when you're using other people's.
Inferred information from algorithms, data analytics, or artificial intelligence.
So stuff that fills the gaps.
Yeah.
On top of that, they then got the advertising tracking technology
and data from the advertisers and or data brokers
who, one, have to pay to use a platform,
and two, have to give them the data that they gather as well.
It is just insane the amount of data these people have.
It is. It is.
And every now and then people show examples of this.
Like Amazon, if you buy one of those small scales to measure cooking,
and it starts recommending you stuff to basically create your own meth lab at home.
Yeah.
Because that's what people buy they've had to inject bad data
into it because it got too creepy didn't it yeah yeah on the other hand specific on the other hand
some of the stuff is really good so there's been loads of reports of people where their smart watch
or something has indicated that hey you're on target to have a heart attack or a stroke before they've actually had physical symptoms of it.
So there is some good in the technology.
But, just in counterpoint,
you don't need to know people's browsing habits
to determine when they're going to have a heart attack.
That can be done just with the heart rate data.
Unless the browsing habit goes to certain websites at a certain time
and then there's an increase in heart rate and cortisol levels
and endorphins and all that sort of thing.
But you're absolutely right.
You don't need to know what you're shopping for.
Unless the people go to certain shopping sites
and put certain things into their baskets
that may cause a rise in heart rate and stress levels and stuff.
So who knows? Who knows?
So my theory is, and you heard this here first,
the way the big companies are going to counteract it
is they're going to say privacy is a concept closely linked to communism.
And therefore, if you support privacy, you're a communist.
You support communism. I think it's going to be privacy is a concept closely linked to the paying of more money to us.
Well, yeah.
That too.
Rant of the Week.
If good security content were bottled like ketchup
this podcast would be
the watery juice
which comes out
when you don't shake properly
in a niche of our own
you're listening
to the award winning
host unknown podcast
alright Jav
let's see what you got.
Now, you might have noticed, Tom, this week,
that I didn't outright disagree with you.
Well, OK, yeah.
Because this story is so closely linked to what you just spoke about.
We could have swapped them around and it would have been the same thing.
We could have, yeah.
So, LinkedIn, the popular social media professional,
or should I say semi-quasi-professional.
The narcissist's posting board. Yes. You don't get up at 4 30 and uh
the 4 a.m club don't don't link me in with them losers 4 30 the day's over well when i say get up
4 30 i mean get up from my yogic trance that i get up from your desk at 4 30 in the morning because you've already been working
for three hours thankfulness charms i only sleep for 15 minutes a night and that's only so i can
have a dream that i can wake up and crush yeah a bunch of tosses so that website yes
so linkedin microsoft owned linkedin by the way. And I think Microsoft, you know, there was this turning point back in the day when Bill Gates issued the security manifesto policy type thing, and they really started, you know, ramping that up.
misstep in in terms of security and how they handle data and the features they've been releasing and you know all the co-pilot stuff and what have you and now it seems to that same mentality seems
to have bleeded over into linkedin and they've started harvesting people's posts for training
ai and what's the big balls of them here well they didn't even ask you if you wanted to opt in um food and you'll have to opt out if
you don't like it so you know talk about making something just like you know what you just don't
care about what regular what's the regular gonna say pay me 30 million okay you know don't do it
again yes of course we won't so i think it's um that's the thing once they've got the data
they're not going to take it out no no how are you going to reverse that it's like you're not
going to unsuck that data back into the you know databases or what have you it's just done um and
you know it's there's a there's a quote in the article which says, it's on the register, it says,
the big tech has mostly used a scrape first, settle lawsuits later, for a pittance later approach, which I think is just so true.
You know, and, you know, people have been reaching out microsoft and they published a trust and safety
update in which senior veep and general counsel blake lawett revealed linkedin's use of people's
posts and other data for both training and using its generative ai features um you know and they're
trying to say oh this thing is like people already have such bad posts on linkedin how are you going
to sell them like oh this ai is going to help you craft bad posts on LinkedIn how are you going to sell them like oh
this AI is going to help you craft better posts you know sell your services more make you it's
just such a a cluster I truly think like we've reached the end of I mean we were already kind
of in decline but now is kind of like we look back in history this is a pivotal point where true writing ended you know we're not going to get any more Hunter S Thompson's or
or Stephen King's dare I say or what have you if this is the route society goes down because people
not not that people won't be able to write it but people just be so used to just ingesting garbage that proper writing will seem alien and i think it's a sad sad
day but a billy big balls move all the same so with this data as i understand it like so they're
saying they're going to use it to help people like make suggestions how people can then craft
their own posts yeah um so i could then say write me a post about security in the style
of javad malik yeah and it would generate like whatever the most because it would come back with
who who no no you will find if you ask that dbt knows very well who i am it may quote you zane javad malik formally of one
direction but it will never say who the the good news however is if you're in the eu uk iceland
norway lichtenstein both of them apparently is too and and Switzerland they're not using their data
because they know
they'll have their asses
handed to them
if they do
strike one for GDPR
woo
yeah
yeah
absolutely
although interestingly
because today is
Apple phone day
so Apple 16's
have been
iPhone 16's
have been delivered
you're waiting for the
doorbell to go?
Yeah, well, it already came.
Of course it did.
But the new Apple AI is not available in the EU
and it will not be for the foreseeable future.
It'll be out in a few months.
That's a Billy Biggles move.
All the marketing literature said, boys move but it will the marketing
literature said oh buy it for the new ai and you bought it and now but it will be in the uk
oh oh because we left the eu because we left the eu we don't want those projections here are the
positives of brexit finally we can get our data scraped like the rest of the world. Exactly. Tom, you can put your Boris Johnson poster back up now.
Yes, that's right.
All is forgiven.
That's right.
And what I'll do is I'll Photoshop in an iPhone into his hand.
Yeah, yeah.
And just put the caption, oven ready.
Oven ready.
On which note?
Billy Big Balls of the Week. Ask your doctor if the Host Unknown podcast is right for you.
Always read the label, never double dose on episodes.
Side effects may include nausea, eye rolling and involuntary swearing in anger.
Right, Andy, let's move on, shall we?
The clock is ticking.
What time is it, Andy?
It is that time of the show where we head over to our news sources over at the InfoSec PN news why who have been very busy bringing us the latest and greatest security news from around the globe
industry news
over half of breached uk firms pay ransom industry news ico acts against sky betting and gaming over cookies. Industry news.
AT&T agrees 13 million FCC settlement over cloud data breach.
Industry news.
Europol task force disrupts global criminal network through supply chain attack.
Industry news.
Google Street View images used for extortion scams.
Industry news. Google Street View images used for extortion scams Industry News
8,000 claimants sue outsourcing giant Capita over 2023 data breach
Industry News
Western agencies warn risk from Chinese-controlled botnet
Industry News
Going for gold! HSBC approves quantum-safe technology for tokenised bullions.
Industry news.
Cyber security skills gap leaves cloud environments vulnerable.
Industry news.
And that was this week's...
Industry news.
Huge if true.
Huge if true.
Going for, going for gold.
That didn't make any sense.
So, Tom, as our resident technical expert,
as I saw you led a workshop about the latest technologies in AI.
I know, right?
So HSBC claims to have successfully trialled
the first application of quantum secure technology
for buying and selling tokenised physical gold um just talk us through what does that mean
well it means you can buy you can buy tokenized not just regular but tokenized gold and it's safe
because it's quantum perfectly clear to me thank you for for that. Next story. Next story.
I'm glad you also did not understand what the hell that was about. No notes.
No notes.
No notes.
Did you know that ISE2 do a cloud security certification?
Yes.
Yeah.
So unrelated completely, there's a story about how there's a shortage of skills gap and cyber training that has led to cloud environments being unsecured.
Interesting.
Yeah, coincidentally, that report is published by IC2, but there's no conflict.
No correlation.
That will be the last story then. I was wondering where the hell you were going with that. No relationship. No correlation. Yeah.
That will be the last story then.
I was wondering where the hell you were going with that.
I'm trying to find... So the Google Street View image is used for extortion scams.
So scammers are using images from Google Street View
to intimidate internet users
oh is this a i know where you live thing yes yes that's exactly what it is um so they said
typically accuse the victim of visiting pornographic websites they then ask for a fee
typically in bitcoin to wipe the evidence um and they're sending images from Street View to say that they do know where they live.
It's a bit like how a few years ago
it became really popular to send people's passwords
from a breach in the email saying,
this is your password, we know this is your password.
We caught you wanking, by the way,
and this is the password you used to do so.
Exactly.
I remember the first time I got that,
I was like, not again.
Yeah. I remember the first time I got that I was like, not again Yeah AT&T
They're paying a pittance
13 million
I mean, they must make that in like
4 hours
They do
They're huge
You know, I worked for AT&T
for a few months after they acquired the previous company
i was at oh that's right and in a call center yeah um and they had their annual sort of like
customer and partner exhibition which was kind of like the size of RSA, almost, but just AT&T, different divisions coming together and maybe InfoSec, not RSA, but it was huge.
And then they took all of us staff, all staff were invited who were there to their celebration day.
And they put us on buses to take us to the Dallas Cowboys Stadium because it's the AT&T Dallas Cowboys Stadium
and because they pretty much own the city there's police escort on motorbikes so no red lights no
nothing went straight there went in apparently I met some really high-profile retired NFL player
who I had no idea but I shared the photo with some of my friends and they were like oh my god I
cannot believe I said who is it?
He goes, imagine if I went and met The Rock and sent you a picture,
and, like, that's how, you know, I said, oh, okay, that level of fame.
And then they had a show put on.
First there was Gwen Stefani, and then there was Imagine Dragons.
What?
Just for staff.
$30 million is not going to work.
No.
So, yeah, so they spend $90 million
per year to have their name
to have the letters AT&T
on the Cowboy Stadium
I mean
having a police escort
through the city
to this thing
I've just got images of
Robocop and Detroit in that
with the corporations owning the police force.
It's not a good look, I don't think.
What are you going to do?
It's a weird...
You go into Dallas and it's kind of like this cultish sort of vibe.
Everyone's like, the works here are always employed.
Steady on, man.
We love our Patriots our patriot friends they've got big fucking guns jeff oh yeah they do they do they're
over there but you know it's like a couple of guys who sales there's a sales team that went
from the uk there and they a few of the guys they were like oh let's go outside seeing one evening
after drink next day so i'm, what did you get up to?
He goes, there was nothing to see.
He goes, the most famous part of Dallas
is the street where JFK got shot.
Ha, ha, ha, ha, ha, ha.
Is it one of those cities where everything closes
at like half past seven?
Yeah, there's loads of really empty buildings
in the city centre as well.
And like one of the locals were telling us,
oh yeah, like this whole bunch of Chinese conglomerates
have like bought a whole bunch of these things
and now they're trying to convince the government
to like block them from buying more,
but they go round and get...
It's a weird thing.
No one... I don't know.
Whether it's true or conspiracy or what.
Wow.
Well, on that note, let's move on, shall we?
That was...
Industry News. and deliver well-edited, award-winning, studio-quality content for high-paying sponsors.
Then you too can be usurped by three idiots who know how to think on their feet.
You're listening to the award-winning Host Unknown podcast.
Right, Andy, why don't you take us home with this week's...
Tweet of the Week.
And we always play that one twice.
Tweet of the Week.
This week's Tweet of the Week comes from Professor Alan Woodward on Twitter.
And he is retweeting an article that your favourite newspaper put into time,
the Mail Online.
They have a giant headline,
The new frontier of terror.
Could our phones be used against us?
As pages and walkie-talkies are turned into bombs experts
reveal whether your smartphone is safe and he simply says why are people still writing this
stuff no your phone is not going to be used as an explosive weapon against you it may be used to
conduct surveillance on you but it cannot be made to explode on command unless it has been booby trapped with explosive yeah i mean i think
the original mail thing was was also retweeted by zoe kleinman who's the bbc technology editor or
certainly one of the main reporters and she said the mail is really going for this the short answer
is no our phones are not going to be turned into bombs
and used against us i mean that doesn't sound like you're going to get clicks saying that there's no
clicks in that you need like you know but it's also what the government would want you to believe
yeah exactly see i reckon we might be giving a bit too much credit to Mossad here. They might have been...
OK, we're right behind you, Geoff.
Like, right, right, right away.
See, I reckon these were cheap batteries
that Samsung disposed of that they couldn't use anymore.
And so this pager company said,
bargain, let's, like, chop them up and put them in our pagers.
And then suddenly, you know.
They're probably from old Boeing Dreamliners.
It could be that as well.
Maybe it's a collaboration.
Yeah, they used to catch fire all the time when they were flying them.
So, yeah.
Do you remember actually when those Samsungs came out and you couldn't take them on a plane you had to check it yeah that's right they literally had a note on the counter didn't
they yeah yeah you cannot bring your samsung um so yeah i'm just looking at a message you sent
earlier today it said sort of like due to an unexpected market shift i'm selling a lot of
apollo pages at a really good price and um you had like a picture of uh like a couple of hundred apollo pager dpc t60 gold 460 470
megahertz yeah they're just like you know it's not illegal to buy and sell stuff on ebay just
to like you know can i just say we did say at the beginning we were not going to touch this with a
12-foot large ball you're right okay yeah so on that note
all right it is uh well it's time to say goodbye we've rattled through it once again
um andy uh no jav sorry i've got this completely the wrong way around got well you made a mistake
at the beginning i'll bookend it with a mistake at my end.
Jav, thank you very much for your wisdom, charm and contributions, as always.
Yeah, you're very welcome.
I'll allow it.
And Andy, thank you.
Stay secure, my friends.
Stay secure.
You've been listening to the host unknown podcast if you enjoyed what
you heard comment and subscribe if you hated it please leave your best insults on our reddit
channel worst episode ever r slash smashing security
i think we've got we it we only said it once
we're going to cut out all the stuff about Mossad
and all that because that stuff is
yeah don't worry Andy
I'll do just that
you'll take care of it
yeah I'll take care of it
don't worry
probably
well it's a bit too early to point fingers I think
no it was Andy who said it