The Host Unknown Podcast - Episode 205 The Stone Cold Episode
Episode Date: October 14, 2024This week in InfoSec (08:29)With content liberated from the “today in infosec” twitter account and further afield10th October 1995: Netscape introduced the "Netscape Bugs Bounty", a program rewa...rding users who report "bugs" in the beta versions of its recently announced Netscape Navigator 2.0 web browser.Navigator was the dominant browser from 1995-1998, when it was overtaken by Internet Explorer.https://twitter.com/todayininfosec/status/18444662777185566838th October 2008: University student David Kernell was arraigned. He compromised the Yahoo! email account of US vice presidential candidate Sarah Palin, using public info to reset her password, posting her emails to 4chan. He was later found guilty and died from MS complications in 2018.https://twitter.com/todayininfosec/status/1843619068302983592 Rant of the Week (20:24) Cards Against Humanity campaigns to encourage voting, expose personal data abuseUp to $100 for planning to vote and a public smear – how is this not illegal?The troublemakers behind the party game Cards Against Humanity have launched a campaign demonstrating how easy it is to buy sensitive personal data about American voters, while simultaneously encouraging those Americans to plan how to cast a vote in the upcoming presidential election.The "Cards Against Humanity Pays You to Give a Shit" campaign uses US citizens' personal data obtained from a broker to identify whether individuals voted in the 2020 US presidential election and how they lean politically. Those who didn't vote are asked to put info into the website, promise to vote in the upcoming election, make a voting plan, "and publicly post 'Donald Trump is a human toilet'" in exchange for up to $100. Billy Big Balls of the Week (28:42)FBI created a cryptocurrency so it could watch it being abusedThe FBI created its own cryptocurrency so it could watch suspected fraudsters use it – an idea that worked so well it produced arrests in three countriesNews of the Feds' currency, an Ethereum-based instrument named NexFundAI, appeared in a Wednesday Department of Justice announcement that eighteen individuals have been charged "for widespread fraud and manipulation in the cryptocurrency markets."The Feds allege some of the fraud involved "wash trades" – transactions conducted solely to increase the volume of trades in a security or other asset. Rising volumes of trades are often seen as an indicator that a stock is of increasing interest as it has good growth prospects – a signal that can see prices rise. But wash trades are often conducted by related entities, or even the same entity, to create a false market signal – an arrangement also known as "pump and dump." Industry News (34:36) New EU Body to Centralize Complaints Against Facebook, TikTok, YouTubeNew Generation of Malicious QR Codes Uncovered by ResearchersApple’s iPhone Mirroring Flaw Exposes Employee Privacy RisksFormer RAC Employees Get Suspended Sentence for Data TheftInternet Archive Breached, 31 Million Records ExposedMarriott Agrees $52m Settlement for Massive Data BreachEU Adopts Cyber Resilience Act for Connected DevicesOver 10m Conversations Exposed in AI Call Center HackDisinformation Campaign Targets Moldova Ahead of EU Referendum Tweet of the Week (45:07)https://twitter.com/JackRhysider/status/1844502566799085769 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
recruiter and he goes, he's got this CV and he went to the bottom and he
highlighted the empty space and someone had put a whole bunch of keywords in
there to get through the applicant tracking system. Yeah.
It gets through the thing, but it's all in white font. Yeah.
And so he, so he was kind of like making up his mind saying, Oh,
this guy's just trying to trick to get, and he missed the point.
Like loads of people are trying to point out in his comments,
like the fact that he reached you, show you, so his approach is working.
You've clearly got these scans in place
that are trying to look for these keywords
and now you're complaining that someone's bypassed
the thing by putting in keywords.
It's just ridiculous.
So I actually create a section at the end.
I'll stop hiding it.
I actually write applicant tracking system keywords
and put it as a section at the end.
Very good.
Very good.
Very good. Can you share the notes?
You know, just for us.
Do you know what, Tom?
Your last CV looked remarkably
like my format. That was
uncanny. I told you.
It's not my CV, it's my summary.
And I told you when I read yours, I'm
stealing this. To be fair,
you did. You're a gentleman. So that makes it
okay. That makes it okay. That makes
it okay. It's like, I mean try telling that to, what is it, Sting or something. I'm stealing
your song, I'm sampling it, okay. Well to be fair, didn't P Diddy do that and ended
up having to pay in royalties to this day? He did a lot of things didn't he? To this
day, about two grand a day. Which is about what he spent on baby
oil as well. Yeah I know. Baby oil executives around the world are in a tailspin.
Hello, hello, hello. Good morning, good afternoon, good evening and welcome, welcome one and all to episode
209 of the most unknown podcast.
You've got used to the drum roll now, have you?
I have now, yeah.
Now I'm used to it, yeah.
I need to change it up just to try and catch you off guard every time.
It only takes Andy four episodes to get used to everything, hence his lag in what episode
number it is.
That's right.
Well, no, he's ahead.
So surely he's like, you know, it's us who are trying to catch up. I foresaw this coming. Yeah, it's right. Well, no, he's ahead. So surely he's like, you know, it's us. I foresaw this coming.
Yeah, it's okay.
Yeah. And he's on so much acid at the moment. He's, he's living in the future.
That was a joke by the way, Andy's employers. So welcome gents, welcome.
I hope you've had good weeks. Jav, how have you been?
I've been good. I've been good. It's been a busy week. My company had their No Before Conference,
No Before KB4Con in London this week. It was the first time in person.
It's normally in Florida, isn't it?
Yeah, that's Big KB4Con, that's the mini one.
Oh, this is the mini one?
This is EMEA, so it's the first time.
Well, to be fair, I don't think there would have wanted to be in Florida this week.
Well, no, not this week.
Not this week.
So as I was, all the people that flew over
for the conference were so glad
because their partners and kids were at home,
like trying to deal with the hurricane themselves.
They're like, I'm sorry, love, I have to go for work.
Yeah.
Sorry, I'll bring you and the family with me,
but you know, work. Yeah. Sorry, I'll bring you and the family with me, but you know, work, work.
But it was really good.
I had some good talks.
I had Jeff White, a friend of the show, as the keynote.
And he was brilliant, as always.
If you've seen him before, you know what I'm talking about.
If you haven't, go see him whenever he's speaking.
And you'll know that approximately three years ago,
our podcast was voted more entertaining than the Lazarus Heist podcast.
Yeah. I'm not saying he's a better speaker than me.
I'm just saying he's very entertaining.
And also, when you say entertaining, I can't imagine the Lazarus Heist was full of laughs.
To be fair.
Yeah, true, true. It was factual, it was very polished, it was very well done.
It was educational, all of that. Everything that this podcast isn't.
Yes.
Different audiences, right?
We appeal to a very niche audience within a niche within a niche.
Yeah, primarily people who work for Kent County Council.
Yes, yes, yes. Speaking of Kent.
Very good. Andy, how are you?
Yeah, not too bad, can't complain. I did try looking up flights to Florida. Unfortunately,
they were cancelled. I was thinking maybe I could get out there and get some cheap deals.
A little bit of a mileage run, but no, it wasn't going to happen. It was very difficult.
Is Beirut not on your list at the moment?
Things took a turn for the worse in Beirut, I tell tell you. Looks like I've got in and out just in time. Oh what, were all the Airbnbs
unavailable or something? Yeah well, do you know what, there's actually a lot of reads
available. It's the Ubers from the airport to wherever you want to go.
They're not hanging around the airport for some reason. No, can't imagine'm not sure why so pricing all of that yeah don't they have any of
those Hilux Toyota trucks yeah give you a discount if you operate the guns on
the back yeah that's how you book them now is you know do you want big guns or little guns? Oh dear we're talking a big
guns Thomas how are you sir? I'm Thomas ooh I'm either in trouble or someone who
likes me today. Yeah I'm very good thank you very good just glad the weekend is
here you know it's been a long week. Finally here. Don't know why it's been
quite such a long week but yeah very good I'm trying to think what's been
happening we've done budgets so that was fun this is this is I've had submit a
budget this week for April next year the next guy no for next year that guy yeah
but you won't be there we know I won't, but I just said six months in advance seems a little bit excessive, isn't
it?
No, not if you're planning properly.
No.
So, are you one of those people who are now signing off five-year contracts with companies
just for a little... when you leave, there's a little, like, you know, brown envelope
push of your letterbox.
Yeah, exactly.
But he's got the whole plan to say,
oh, this will be delivered, and as long as you do this,
this will be delivered.
If it's not done, I mean, it's not my fault.
I actually told, I've been telling members of the team,
like, if you need something signed off,
just give it to me right now.
I'll sign anything right now.
And also they've got what, three to five months tops that they can blame you for stuff after
you've gone.
Yeah, exactly.
Beyond that it's...
Yeah, yeah, and then they're on their own.
They really are.
Yeah, exactly.
You know, that personal email address I've given them, it goes nowhere.
In fact, Jav, if you wouldn't mind responding to them...
Look, man, you change jobs so often, I'm struggling to keep up with all the email addresses I have
to monitor.
Look, just because you've been loyal for the last what, six years?
Yeah, nearly, five and a half, yeah.
Five and a half, wow.
I am a loyal kind of person, that's all I can say.
All I can say is, you want loyalty get a dog.
A job is for life not just Christmas. Shush I'm Korean. So talking of dogs shall we see
what we've got coming up for you this week. This week in IfySec is a creepy crawly story
of bugs as old as time. Rant of Week is evidence of party games' darker side.
Billy Big Balls is pumping and dumping.
Industry News is the latest and greatest news stories
from around the world.
And Tweet of the Week asks,
how secure does your diary need to be?
So, let's move on to our favorite part of the show,
shall we? It's the part of the show shall we?
It's the part of the show that we like to call...
This Week in Infosec
It is that part of the show where we take a trip down Infosec memory lane with
content liberated from the TodayInInfosec Twitter account and our
first story today takes us back a mere 29 years to the 10th of October 1995
when Netscape introduced the Netscape Bugs Bounty.
And there's that delay we're talking about.
Cheers for that Tom.
So Netscape introduced the Netscape Bugs Bounty,
a program rewarding users who reported bugs
in the beta versions of its recently announced
Netscape Navigator 2.0 web browser.
And if you recall, Navigator was the dominant browser
from 1995 to 1998,
just when it was overtaken by Internet Explorer.
But we talk about bug bounties.
We do know some people who are well associated
with bug bounties, and they all came in the late noughties,
sort of 2005 onwards. Did you know that Netscape
had it a mere 10 years before anyone else?
No idea.
Yeah, so Netscape, they actually announced that significant security bugs would qualify
for a cash prize and all those others who reported serious bugs would be eligible to
win a choice of items from the Netscape general store
I can't imagine the
Cornucopia of wonderful goods that were available on the general
Mouse mat would be well up there
In the old days mouse mats were the thing they were they were really popular weren't they mouse?
Yeah, don't know why they were.
I reckon you know it would be tough choice between a Mouse Mac or a pen, maybe a mug,
uh maybe even a travel mug although I don't think they were invented in the 90s. No they didn't have
those things back then. You know but uh probably a poorly made t-shirt. A CD with the Linux distro on it yeah yeah yeah or like you know
you're speaking of mouse mats they were so essential because otherwise your
mouse ball will get so dirty then you'd have to like take it out more frequently
and clean it all out did you have one of those little you know mice cleaner
things no it's like a rough ball on the end of a stick
and you take the mouse's ball out, as it were,
you put this in and run it around
and it would clean all the lint off the rollers.
It was really, really clever.
No, no.
So you didn't have to kind of like pick at it
with your fingernail or a knife or whatever.
Yeah, I had a little pin dedicated for that.
It was my, the lint cleaning pin.
It was a long one.
I had a mouse cleaning ball.
I mean, what can I say?
Damn, you really took it seriously.
I just like, unscrewed it, like rolled it about my hand.
Give it a good old blow.
Well, the ball itself was quite easy to clean.
It's the rollers inside that was the problem.
For anybody under the age of 35, you have no idea what we're talking about. The ball itself was quite easy to clean. It's the rollers inside that was the problem.
For anybody under the age of 35,
you have no idea what we're talking about.
You have no idea how good you have it.
And then when people started switching to optical mice,
but you still had your pattern mouse mat,
and your mouse would jump all over the place.
Yeah, that's right.
Man, the struggle was real. Speaking of people under 35, I was in a CISO roundtable
yesterday.
There's some execs there and whatever.
We were talking about that.
Someone was talking about a feature.
And Microsoft, you couldn't centrally push it out.
Every user had to do it individually
on their own machine or something.
And I said, oh, it's a bit like the Y2K.
You need a consultant going around putting a floppy in every machine and walking and
then there was silence for a few seconds and then one of the guys he burst out
laughing goes I do that a lot as well I'll make these references and realize
everyone's too young to get them. Oh man they're gonna start telling you that they don't know what ghost in a machine means.
Right, come on. Defragging. General hardware orientated system transfer, was that? I think
it was that. Oh it actually stood for something. It stood for something, yeah. Did you not know this?
No, we had a like, we had a crack copy of Ghost to image and see through.
I think most people had a cracked copy of Ghost.
Oh no, this was corporate use.
Yeah, oh yeah, I know, I know, absolutely.
I think most companies did.
Ghost was genius, absolutely genius.
It really was, really useful.
So I'll just say one story from within the team.
We had these four Panasonic Toughbooks
in the whole of EMEA.
We had standard IBMs everywhere, apart from four people
had these Panasonic Toughbooks.
Then it got down to two working Panasonic Toughbooks.
And the two guys are both senior people.
So one of them, we had to reimagine this machine.
And we're like, OK, there's my colleague that did this.
And he was like, right, we'll go to this other guy,
this director, and say, can we borrow your machine?
We're going to image it.
And then we'll clean up all the account stuff
and repersonalize it with him.
And he was like, so anyway, we had this dud tough book
and this fully working tough book.
You already know where it's going.
And so kick it off, like two seconds, boom, done.
And it's like, that was quick.
And so we now have two Doug Panasonic Toughbooks.
He literally imaged it the wrong way.
And he had to go back and tell this guy
that he'd lost everything.
But he somehow came out of it with this guy apologizing for not
backing up his files yeah like he'd been there we've all been there and it's like this director
came out going yeah i'm sorry it's my fault how the hell did you spin that and make that his
fault it's like we've just completely destroyed this guy's machine that is genius i deleted I deleted somebody's entire mailbox by accident because it was someone called Richard's surname
beginning with E and there was two of them and I just selected the wrong one.
I saw him on the other side of the office looking around going what the fuck, what's
going on because his mailbox just went.
So I went and told him something's gone on, something's happened with the CD, I've just
got an alert, what I'll do is I'll restore
from tape, don't worry, we'll restore it.
Thank you, oh thank you so much, really appreciate that.
You only have lost what you've done in the last
sort of three or four hours, oh that's not a problem at all,
oh thank you.
So, oh my God.
Well at least you didn't do a jav where you just like
delete all the logs and then raise an incident
or something happened. And then you just delete all the logs and then raise an incident or something to happen.
And then suggest we should secure the logs so they're not deleted in the future.
Exactly.
It's the only way people learn.
It's the only way people learn.
You've always been an educator, haven't you Jav?
I know.
I've just been an unconventional educator.
Andy and I just bow in your greatness when it comes to truly fucking things up.
No, no, no. There's this one guy.
And then spinning it.
I tell you, this one guy, you think you messed up, Tom. He spent two and a half years at
the bank putting in place a global identity access management solution. It cost millions,
went over budget, but he was so
arrogant and no one liked him. And when he put in place first week what happened
is that he messed up it so badly the architecture. If there was an NDA in
London that left and you deleted his account, it looked for any NDA in Malaysia, Singapore, USA, anywhere.
Oh, you've now been fired.
Kicked them off the delete the account, kicked them off, revoke all their access, everything.
But unlike Tom, he could not spin that into a positive.
And he was out the door very quickly. Cost reduction. Yeah. Efficiencies.
Yeah. Alas our second story takes us back a mere 16 years, something a bit more recent.
When on the 8th of October 2008 university student David Kernel was arraigned. He had compromised the Yahoo
email account of US vice presidential candidate Sarah Palin using public
information to reset her password and posting her emails to 4chan. So if you
remember this guy, if you remember how Sarah Palin got hacked, Yahoo used to
ask literally, you know, if you want to reset Palin got hacked, Yahoo used to ask literally you
know if you want to reset your password change your email address you know
recovery account what is your date of birth what is your dog's name and this
guy literally went on to a Wikipedia page looked at her birthday and then saw
she had a dog called you know whatever it was Fido and just reset the details
no it wasn't this one this was this one. I mean we talk about the
crazy candidates they've got these days. They weren't actually that better when you go back
16 years. When you actually look at these things it's like yeah we've always been bad.
They weren't that bad but honestly it varies in comparison. You go watch speeches of George Bush jr. Now, and he actually seems like a certified genius. He sounds safe
Yeah, yeah, he does. That's the worst part. I see here that
David canal he he he was found guilty and he died from MS complications in 2018
However, there was a story about having to patch, it's that one.
Oh dear. Oh dear. Oh dear.
Too soon?
Wow.
All right, thank you Andy. That was this week's... This week in Info Search. is right for you. Always read the label, never double dose on episodes. Side effects may include nausea, eye rolling
and involuntary swearing in anger.
Now I'm not going to try and not take this personally
but Andy's just walked out.
He just wrapped his mug and walked out.
He obviously doesn't want to listen to the Rant of the Week.
So, well, who knows?
What can we talk about Andy?
We both know he's got nothing to add to this section
or any of the sections after.
Let's face it, this and the next section
is really just you and me, isn't it?
It is.
This is like the title fight.
This is the real, like, essence.
This is the trailer stuff.
This is the stuff that, like, you know,
pulls the whole podcast together.
This is Stone Cold Steve Austin and Vince McMahon
face to face, right?
Wow, I cannot believe
you made that reference.
Did you just see what I did there?
Oh man, okay Vince, I bow down to you.
Austin 314.
No, my God, stop.
Stop on your head.
No, it's not 14.
And that's the way it is, cos Stone Cold says so.
Oh, no. No, just stop, you jabroni.
Is it wrong? Is it like talking to your parents about sex?
It's like you trying to explain TikTok.
It's the sound the clock makes. Listen up! Rant of the week.
It sounds a motherf***ing rage.
I can't believe Andy missed that.
He'll have to catch it when he walks the dog later and listens to the recording.
So rant of the week this week.
This is about, do you know of a game called Cards Against Humanity?
Oh yeah, brilliant. So this is about, do you know of a game called Cards Against Humanity?
Oh yeah, brilliant.
It's a party game for awful people, is the way it describes itself.
It's a card game.
I'm just saying, but if you've got a 14-year-old boy and a 12-year-old girl
and you're playing it with mum and dad, it can get awkward very very quickly and I can say so from experience.
I mean, me and the kids were laughing, I have to say. Wife was not so happy at the time.
But yeah, it's a card game, word based game and you basically have to try and make up the worst possible scenarios. If you know what it is, you know what I mean. If you don't know what it is,
go and look it up. But Cards Against Humanity is a very, how can I put it, they're very
politically involved. They do like to get engaged with the zeitgeist, they often have card packs that come out that are very relevant to the
time etc and they also do engage in politics. They also have a big beef against Elon Musk so
if nothing else they've got that going for them. So what they've found out is that they've actually launched a campaign based on this,
but they've basically found out how easy it is to simply buy sensitive personal data about American voters.
But what they have done, and the rant is not about Cards Against Humanity,
but more about how easy it is to just buy personal sensitive data.
But what they've managed to do is turn that around into encouraging Americans to plan
how to cast votes in the US, because as we know, the US voting system knocks people out. voter rolls just before the vote. Things like that. It's happened in Georgia, Texas, Florida,
all the counties you'd expect, states you'd expect. So they have come up with this Cards
Against Humanity Pays You To Give A Shit campaign, which is a snappy title and
very much in line with the Cards Against Humanity branding.
And they use US citizens' personal data obtained from a broker to identify whether individuals
voted in the 2020 US presidential election and how they lean politically. I mean just the mere
fact that they can identify this from publicly available records or not even publicly but from
you know records that exist that they have to purchase which outright have you been to America?
Yeah. Have you seen people's cars where they I know. They don't make any way to hide
which way they politically lean. Yes but that's them opting into something. Yeah. If you think
like the Data Protection Act, that is like your political opinion is sensitive, like protected
sensitive data. It's protected data. You could sue people if they if they ignored that. Anyway,
so those who didn't vote are asked to put information into the website, promise to vote
in the upcoming election and make a voting plan. And here's the kicker, here's the really good thing.
And publicly post, Donald Trump is a human toilet. And if they do all of this,
Trump is a human toilet and if they do all of this Cards Against Humanity will give them $100
Totally worth it and the thing is you can't get sued for saying that because it's true. Yeah. Right, wasn't there like some Russian, yeah, like who did actually use him as a...
Allegedly. According to British intelligence that was the case, right? I'm just asking questions here.
Yeah, yeah, and giving the answers all in one.
But, so the rant here is it takes the maker of a card game to really underscore how poor
the data protection is in the US, in a country that really needs it the most.
In a country where being open about your political alliances on either side of the table can
actually result in violence against you. And yet this data is available at a cost, but
probably not a huge cost. I think there's only one side that initiates
the violence. Oh yeah possibly yes I mean I think you're probably right I think it's heavily weighted
to the right. What? No there's extreme lefties they're the ones that cause all the trouble. This woke brigade.
The crisis actors.
Exactly.
The ones who want these stupid European human rights.
I know, I know.
I mean, we Brexited for a reason, to get further away from those pesky European human rights.
Brexit means Brexit, dag-nabit.
Yeah. Well, I know what Brexit means is you can get
Apple intelligence on your phone.
Oh, yeah.
Well, it's coming in December, isn't it?
Yeah.
Although if you change your language to US on your phone
and get the latest beta, you can get it now.
Jesus.
Did not realize that.
And I don't install beta on the...
Do you not?
No.
I do install the betas, not the alphas.
What about the sigmas?
What the sigma?
That's really far down the alphabet.
I really don't get what you're complaining about, what you're ranting about.
Oh really?
Yes it's an issue, but it's a known issue.
It's been around for ages.
You're like, just remove the safety labels and let the problem take care of itself.
Oh I agree with that.
Yeah.
Take the safety labels off bottles of bleach and two years later allow people to vote. Welcome to the Tide Pod Challenge!
You know what, you do that but it's just like you don't even need to pay a broker, you just
need to create a Facebook game like Cambridge Analytica did. Which Avenger are you? Take this
personality quiz.
OK, they're a left leaning idiot, they're a right leaning idiot.
Red Skull, Captain America, who's your favourite?
Yeah, exactly.
Did Thanos have a point?
Are there too many immigrants in the country?
Yeah, yeah. Should Wakanda be sealed back off?
Oh dear. Anyway, so that's my story of how it takes the maker of a popular card game to highlight real political and systemic issues in America at the moment?
Weak Tom, weak. I expected better. out when you don't shake properly. In a niche of our own, you're listening to the award-winning
Host Unknown podcast.
I've got to say, I'm really looking forward to when Andy listens to the bit that he walked
out on. Right, Jav, over to you. It's time for... Billy Balls After Meats
Yes so this is a big Billy Ball move by the FBI and what they did is that they created their own cryptocurrency so that it could watch suspected fraudsters use it.
And this worked well. This worked so well that it produced arrests in three countries. So this
was an Ethereum-based instrument named Next Fund AI. I think they should have gone for something like, you know, federated Bitcoin
industries or something
Something a bit more obvious. Yeah
That would have been hilarious. That would have been hilarious
It's like that delivery van that sits outside the house with like flowers by Irene on it
Yes, flowers by Irene on it. Yes. A satellite dish on her head.
This is exactly that.
So on Wednesday, well, last Wednesday, depending, it could be like four Wednesdays ago, depending
on when Tom gets around to editing and posting this.
But the DOJ announced that 18 individuals have been charged for widespread fraud and
manipulation in the cryptocurrency markets. So the feds alleged that some of the fraud
involved wash trades and these wash trades are those transactions that are solely created to
increase the volume of trades in the security or other asset.
So basically, pump and dump scams, like inflate the value, pump it up,
and then dump it.
Bit like Andy's dating history.
Oh, that's cold, man.
Stone cold.
Oh, dear.
Not again, Tom.
I think you're looking in the mirror here Jeff.
Look, there's only so long you can have a beep run on a podcast right? There's only
so long we can do that. Anyway, go on. But that was it. I think it's an amazingly Billy Big Ball's move. You just create your own cryptocurrency, watch the criminals use it,
and then go and arrest them and probably make a ton of money off the gas transactions in the process, I suppose.
Gas fees.
Do you know what?
I just can't believe people are still falling for crypto, like new crypto and just investing. I know, I know. There's a new one that's come on recently as well. What's that?
The host unknown coin.
Pepe the Frog is the... Sorry, what?
The host unknown coin. It's going to the moon people.
Yes.
But the logo is the Pepe the Frog logo that's just come out as well.
But yeah that's just a whole like right-wing people just buy into that.
They'll see that and say yeah I need to be part of that. Yeah that's why the
Host Unknown coin will have Graham Cluley's face on it. Yes, yes.
Apparently I read a LinkedIn post today by Graham. He's been in New York
keynote in a conference. So that little push that he made to get more money, it
seems to be working, which is good. But he had all of his smashing security
stickers taken off him at security when he came into the country.
Oh, how come?
I have no idea. So it's either a complete lie just for clicks,
or it just totally underscores my point in the last section.
Which is?
There's something so very wrong with America.
No, they probably thought, like, what,
you're trying to smash security?
Is that what you're trying to do?
You'd hate the TSA.
This is hate speech.
Let's take it off you maybe
yeah if you had those buddy at the TSA actually he came through for us yes
finally that money was well spent I'm glad you saved the money that smashing
security gave us to give to that specific by the way by next week I
should have a 200 light smashing security stickers. So where would we go?
We just got to get the Sharpie onto them to write host unknown on top.
Like we once did at the Rant Conference, do you remember?
We stopped, it was KPOG wasn't it?
Or Deloitte?
We did Deloitte.
All of them, all of them.
Every vendor that was there, we'd put our stickers over their logos and on their branding stuff.
Often while they watched us. Yes. Yes. Some of them weren't too happy.
Anyway, but this one, I agree with you on this one, Jav.
This is a classic Billy Big Balls because the criminals are the ones that get it and the good guys,
albeit the FBA, are the ones that actually
won out on this, but I agree.
Wow.
Wow.
You heard it here first.
Billy Big Balls of the Week.
If you work hard, research stories with diligence and deliver well edited, award winning studio
quality content for high paying sponsors, then you too can be usurped by three idiots
who know how to think on their feet.
You're listening to the award winning host unknown podcast.
Let's get to it.
Andy, what time is it?
It is that time of the show where we head over to our news sources over at the InfoSec
PA Newswire who have been very busy bringing us the latest and greatest security news from
around the globe.
Industry News
New EU body to centralise complaints against Facebook, TikTok, YouTube.
Industry News
New generation of malicious QR codes uncovered by researchers.
Industry News
Apple's iPhone mirror floor exposes employee privacy risks.
Industry News
Former RAC employees get suspended sentence for data theft.
IN THE STREAM NEWS
Internet archive breached. 31 million records exposed.
IN THE STREAM NEWS
Marriott agrees $52 million settlement for massive data breach.
IN THE STREAM NEWS
EU adopts Cyber Resilience Act for connected devices. settlement for massive data breach. In the stream news,
EU Adopt Cyber Resilience Act for Connected Devices.
In the stream news,
over 10 million conversations exposed in AI call center hack.
In the stream news,
disinformation campaign targets Moldova ahead of EU referendum.
In the stream news. And that was this week's. Moldova ahead of EU referendum. sort of adjust the scale of something because it's a bit like inflation, you know, so you
have to adjust the scale because the numbers just get so big you have to sort of scale
it back. So what was once huge is now back to being small. When are we going to do it
with data breaches? This is a massive data breach, but 31, you know, but it probably isn't that massive anymore compared to some of the other ones we've seen.
So surely it's soon going to become just a data breach.
Yeah, but that doesn't get clicks on the website.
True. True. Spoken like a true capitalist. Yeah. No, it's like, you know,
Sean Michael, six foot three, 205 pounds.
Yeah, five, ten, a buck fifty. Cross-eyed hillbilly.
You know, but that won't sell tickets.
Oh, no.
So I'm looking at the next generation of malicious QR codes
uncovered by researchers. Did anyone actually fall for the next generation of malicious QR codes uncovered by researchers.
Did anyone actually fall for the previous generation
of QR codes?
Like I never understood this.
And like I know people say it's a big thing
and I see it like everywhere.
They say, oh, QR code, you've got to be careful
with QR codes.
Who is falling for QR codes via email?
Via email?
Yeah, you've got to be dumb for that.
The problem is when they replace them in public spaces. you know where you go to a car park and it says
Yeah, that's the classic one the car park and stuff but that's from an email. That's not corporate problem. Yeah, that's not corporate problem
But yeah this evening here like the example is
Fire email quishing baracuda networks. Oh, wow.
An email filter company is now talking about the dangers
of something coming in via email.
Stop the presses.
Hold on.
Yeah, I don't think it's a big thing.
I think it's either out in the public where someone's put
their sticker over an existing sticker,
or I read about some people now getting penalty charge
notices through the post.
So it's a letter you get sent with a QR code,
and it scan this to pay your penalty notice or something.
And there's no website address given, URL given.
It's just a QR code. you can see like maybe one in
couple of hundred might fall for that but I don't think it's a huge certainly the more
vulnerable people.
Yeah.
Oh my gosh.
I've got a fine.
I've got to pay.
Yeah.
Yeah.
But that's not a corporate problem necessarily.
You know what I mean?
It's yeah. corporate problem necessarily. You know what I mean?
I'm trying to see. So new EU body to centralise complaints against the giants of the internet.
We just need to know what the website is so we can put our complaints in.
Yeah, it's r-slash-smashing-security.
It's actually appealcentre.eu. I was joking. So who's looking that up now?
I'm just clicking on it now. Oh you didn't click on a link did you? Oh yeah and you know what the
best thing was it was actually a bit.ly link as well. It wasn't even like, I didn't even expand the full. I'll just click straight through.
Send me the QR code for it, please.
Will do.
On its way.
Slow week.
Did you see that iPhone mirroring flaw?
I did see this.
I didn't understand it.
I mean, like I saw the headline,
I didn't understand it.
I've got the iPhone mirroring and I've used it
Of course you do. It's not that useful yet. I've got to say. Oh, it's a fun little toy to mess around with but
I don't know what the floor is
Maybe if I click on the link. I think it's just that when you share your screen people can see what apps you've got installed
So like when you're sharing you when you're presenting stuff at work like your Grindr app goes off
got installed so like when you're sharing you when you're presenting stuff at work like your Grindr app goes off he's not really working he's
that's just a schoolboy mistake come on call me when you have something like
Samsung Dex available on the iPhone Samsung oh yeah I wouldn't even know what that was
Dex, it's one of the best features that Samsung has.
Literally, you plug your phone into
or you connect it wirelessly to your TV or a monitor
and you get a desktop experience from your phone.
It's all rearranged.
It's literally like a Windows desktop.
You use your external keyboard and mouse
and it's smooth.
So there's many times when I've been traveling, I just plug my phone into the hotel TV and like everything's smooth. So many times when I've been traveling I just plug my phone into the hotel
TV and everything's there. It's just like a desktop. It's very good.
So you plug your personal device into an unsecured piece of hardware in a strange location. Is
that what Samsung teaches you? Absolutely. I mean, don't tell me you've never plugged your devices
into strange places abroad, Mr. Hague.
Those films aren't going to play themselves, you know?
What happened to just casting, like we did in the old days?
No, you can cast.
Your decks can work wireless.
It depends on the brand of the TV
and whether it's new enough or not.
So whether it's a Samsung?
Whether it's a smart TV.
A Samsung, a smart TV.
A Samsung, yeah, exactly.
Well, I'm glad we got to the bottom of that consumer issue when it comes to iPhone mirroring.
What you didn't, what wasn't covered this week in the news and I was
a bit disappointed because it was a big story. So the government demanded people to register chickens
on their, if they own chickens, to put it on a website. And so what people started doing is they started buying
whenever they bought a roast chicken from Tesco they'd go onto the website to register I've got a chicken and it's it's crashed the site
isn't it yeah yeah I mean this is good intentions that have gone awry because
in fairness they're trying to make sure that there's a basically track and
trace for bird flu to all intents and purposes they just want to make sure that there's a basically track and trace for bird flu
to all intents and purposes they just want to make sure that you know the 15
or 12 birds you've got in the back garden chickens Andy are just you know
like so my birds are in the basement okay scrap that take that out I wrote it off. Okay, scrap that, take that out. I said it without thinking, just like, you know.
But yeah, they want to track it for bird flu and stuff like that.
But I think it's hilarious that the British public have started to register their roast
chicken.
Yeah.
It would be even better. What they should do is update
the website. Is your chicken alive? Is it from Tesco, Sainsbury's? They should actually
embrace this. They should. But this is the DEFRA website, the department of whatever.
website, the department of whatever. You're right, this is like, so if you have less than 50 chickens, you have to register them if you're in-house. So if you've got a budgie
or a parrot, then they don't need to be registered because they are fully housed indoors, no
access to open air, so they can't spread or catch the bird flu.
But any poultry that you have outdoors
does have to be registered.
So I think people are just following the law.
Well, no, because if they're taking it from Tesco's
home in the car to the kitchen and putting it in the oven,
it doesn't have access to the outdoors.
But if you're barbecuing it, that I think-
But what if you go in a convertible? What if you send it back in a convertible and put it in the passenger seat?
Do you know what? I mean this is true. This is very true.
Yeah I think it's like you know...
We're asking the serious questions here.
We are. We are.
I feel a nomination coming.
Yes. We are, we are. I feel a nomination coming.
We're getting back to our best, boys. If we could just be asked to nominate ourselves,
because no one else will.
All right, let's move on, shall we?
That was this week's. 30% nostalgic, 30% ranty, 30% ballsy and 30% terrible at maths. You're listening to the
award-winning Post Unknown Podcast.
Right, Andy, why don't you take us home this week with this week's Tweet of
the Week. And we always play that one twice. Tweet of the Week. And this week's Tweet of
the Week comes from Jack Ricida of the Darknet Diaries podcast and friend of
the show but I will actually take you back so he is quote tweeting something
else and for the life of me I cannot remember whether we talked about it here or not but it are you familiar
with notebook LM the Google notebook LM so essentially you can get your notes
and lots of students are using this it's absolutely fantastic you can get your
notes plug it into this language model and and what it can do, it will summarize all your notes,
put them in the easiest playback format,
but it also creates a podcast from your notes,
and it's almost like two people talking to each other.
It's really good, you know, seeing examples of this,
because if you've got all these notes,
you want to listen to it instead of rereading them.
Absolutely fantastic.
It's sort of ask questions, and know the other person answers and some of the
voices are actually pretty good. I'll be honest, I like when I saw a couple of them I actually
thought they were a real podcast but all AI generated. So this thing, Notebook LM, you upload
all your stuff into it. So Jack Rositis, he's quote tweeted Olivia Moore and she's posted her
TikTok and she's sort of saying well look people are uploading their diary entries into
notebook Lm to get this outsiders perspective of their life. So the AI will analyze everything
that goes into it and do that. And Jack Rositis is basically saying no no no no no do not give AI your private diary
especially Google
We've already seen an AI site breached where users prompts were leaked in the breach data
Nobody is going to keep your data safe except you
And I think that is very good advice, but also Google does not need more information on you.
No, but we need the information that Google can provide.
I would love to just throw in my random thoughts and listen to a podcast of my life.
It's like brilliant, just imagine it.
Have it narrating your life as you go through it.
Yes, yes. Imagine it like you know, I mean no narrating your life as you go through it
Yes, and then like you'd see like does does Google think I'm the villain in the story or the main character?
Or am I just an NPC?
Does he entered the post unknown podcast why do I have to keep doing this with these losers? He thinks to himself.
That's it. That's it. I mean, okay.
How is this different from people posting on live journal,
live journal, or am I the asshole on Reddit where they're quote unquote anonymous,
but they just say, Oh, I just done this and this and this. Am this am I the you know it's people are love sharing their stuff and they love getting
feedback different generations though isn't it
it is younger generation do love just sharing everything yeah on the on the
on the webcast I was doing yesterday we're talking about you know different a
younger generation I anybody born before we were. After. After. Yeah after not before.
God almighty. After you before me. Yeah. Yes. Knowing me knowing you. But our attitudes to
privacy and security are very very different because they're natives. You know we're the
digital immigrants they're the digital natives.
Yeah, I don't know. I consider myself a native.
No, I think you're a well-established immigrant.
I wasn't born in the 1900s like you guys.
Robbish.
Oh dear. Excellent. Thank you Andy for this week's...
Excellent, thank you Andy for this week's...
Well, we have come barrelling into the end of the show. Gentlemen, thank you so much for your time. Jav, thank you for your wit, wisdom, charm, charisma. What else can I add in today?
That beautiful smile, that comb-over you've got to cover that balding
spot on the back of your head. It's a thing of beauty. Thank you, Jev.
You're doing so well there. So well. So well.
Andy, thank you.
Stay secure, my friends.
Stay secure my friends. Stay secure
You've been listening to the host unknown podcast if you enjoyed what you heard comment and subscribe
If you hated it, please leave your best insults on our reddit channel
R slash smashing security
Ten dollar cab ride from the from the eyebrows to the top of that hairline.
The uber can do it for eight. Whereas Andy, you and I, we need a season ticket. I'll just embrace it. Exactly., there's no point in it. Exactly.
And then we can rebrand this as the three tits
or something like that.
What, a total recall, that's what you call it.
Yeah.
Total recall, oh, brilliant.
I like it.