The Host Unknown Podcast - Episode 23 - TGIF
Episode Date: September 11, 2020Lest we forget. It is a scant 12 months since Host Unknown released this onto their unsuspecting public:Lost all the MoneyTweet of the Weekhttps://twitter.com/happygeek/status/1302582251159519233?s=20...Billy Big Balls of the Weekhttps://www.bbc.co.uk/news/world-africa-54051424Industry Newshttps://www.infosecurity-magazine.com/news/incidents-third-ico-reports/https://www.infosecurity-magazine.com/news/credit-skimmer-1500/https://www.infosecurity-magazine.com/news/ransomware-2020-election/https://www.infosecurity-magazine.com/news/bsides-london-44con-cancel-2020/https://www.infosecurity-magazine.com/news/smbs-invest-budget-firewall/https://www.infosecurity-magazine.com/news/businesses-insider-breaches/https://www.infosecurity-magazine.com/news/threatconnect-nehemiah-quantifier/Rant of the WeekEntitlement and job searches.no notes supplied... Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
September 11th,
lest we forget.
It's an important date in our history.
Very important day.
Yeah, I remember being at Heathrow Airport
when the news came through.
Yeah.
Host Unknown had released another smash hit
called Lost All The Money.
Yeah, indeed.
It was, well, it was a breakthrough, actually.
Yes, we had.
Shit, we're going to have to do that again.
I didn't know if I closed YouTube, it was going to stop.
And also when I pressed...
You cut it off before we got to the chorus
yeah I know
but that's the way the mind fills in the gap
the people
they will continue it
in their mind
ah screw it let's just get cracking
you're listening to the host unknown podcast
you You're listening to the Host Unknown Podcast. episode 23. Thank God it's Friday. Do you know, I was talking to Graham Cluley, friend of the show the other day,
and he said most podcasts finish
after the seventh episode.
That's the biggest drop-off.
He said he was quite impressed
that we had managed to continue it.
Well, we've been running for five years.
Well, exactly.
Longer than smashing security.
He also said that he listens to the podcast on Friday nights to help him sleep.
So not quite sure how to take that, but there you go.
But thank you for your patronage, Graham. We appreciate it.
Jav, how are you, sir?
Fantastic. Thank you very much.
Yeah, I understand you've been putting the steps in this week for a work thing.
Yeah, so work, it's like a health kickoff in September.
So Monday to Friday, if you want, you join a team of four colleagues and you record your steps every day.
And they are like, try to hit 10 000 a day and yeah you know something like this
i i read it and i think oh it's a challenge who can do the most steps so i've been getting in
like 20 25 000 steps a day wow that's not bad for somebody who drives a desk yeah and then are you
uh are you attaching it to a dog or something i don don't have a dog. No, no. I've in the office in the back. I've moved the treadmill in front of the TV.
So every morning I've been getting up around between five and half five and hopping on the treadmill, putting on Netflix and just just going.
I don't run. Yeah, I'm not a runner, i just like brisk walk for for a couple of hours
so i i normally hit what i used to hit in a day i hit in the first couple of hours in the morning
and one of the one of the guys in our company he works for hr and he's one of those crazy people
that runs marathons and stuff like that and on monday he posted numbers. It was like 42,000 and something.
Bloody hell.
And you know when you just, a little bit of you dies inside?
And then I was like, no, sod this.
So you have paid?
Sorry?
In a day, 42,000 in a day?
He'd done 42,000 in a day.
He went for a long run in the morning,
like a 10, 20 mile run or something.
And also bear in mind,
a good day at a security conference
is about 20 to 25,000.
Yeah.
Not me.
That's why you're loyal.
That's how I ended up in one of your talks.
By not putting the steps in, I know.
That's why Andy loved going to America,
because he could get one of those segways to go around.
Yeah, that's right.
No, he gets one of those handicapped scooters.
So what I ended up doing yesterday, I was like,
I can't let anyone get more steps.
I mean, take all the glory.
So I got on the treadmill, and i got on the treadmill and i stayed
on the treadmill for as long as i could done a bit of work anytime there was a call during the
day i wasn't turning on my video i was just like jogging on the spot or whatever and then at the
end of the day after i put the kids to bed about half nine ten i'd done another couple of hours
and i broke his record i I got about 43,000 steps in yesterday.
Jeez.
Well, that's... So, I mean, a friend of mine had a serious injury.
And he's overweight anyway.
So let's say he had a bit of a...
Well, it's not...
He has a drinking problem.
Just full stop.
He loves the booze.
And he loves eating as well as a result of that
booze but uh he had a serious leg injury and had to do a whole load of exercise for insurance
purposes um and he had to wear a tracker uh oh yeah because in singapore but what he did
he um gave it to his uh 15 year old boy um who boy, who then wore it at school when he played football,
when he was doing basketball and all that sort of stuff.
So the activity, obviously the medical staff were very impressed
with his keeping up his exercise regime,
but they couldn't explain why he wasn't losing weight.
Yeah, exactly.
So the advantage was his insurance paid for
everything the disadvantage was that he was still chronically obese and hasn't actually got any
better whatsoever pretty much kind of a cell phone there really but it well so just to let you know
his sort of mindset he um he was actually contemplating having his leg amputated.
Just because it was easier?
Yeah, so for the insurance as well.
So he would have received a decent payout from the insurers.
Wow.
If he had his leg amputated.
He was thinking how many vodka tonics that would get him.
Yeah, plus it would have caused him to lose some weight as well.
Yeah.
I saw something on Twitter the other day.
I think it was a comedian.
He's a one-legged comedian.
He's had his leg amputated and he's on stage.
Obviously, he's got crutches rather than just hopping around all the time.
And he was saying that because he's American,
his health insurance company were concerned about his BMI
because he was chronically underweight for his height.
And it didn't matter that it was also on record
that he'd had a leg amputated.
He was still, according to them, chronically underweight.
And they actually sent a specialist round to it to his house to talk to him about it you know because for the whole insurancy
and even the specialist said so why do you think uh you you're chronically on you know you're you're
um chronically underweight and he said i'm looking at this person, can you not see that I'm missing a large chunk of my body here?
But the computer says no.
Exactly.
Anyway, talking to a computer saying no.
Andy, how have you been this week?
What's the link there?
I have no idea.
You don't question these things.
You just think.
Just let everyone else think there's some sort of inside joke where it makes sense. I have no idea. Okay. You don't question these things. You just think, oh.
Just let everyone else think there's some sort of inside joke where it makes sense, right?
The joke is so inside, it only makes sense in Tom's head.
That's it.
I thought that's what an inside joke meant.
Oh, dear.
Yeah, not too bad.
I can't complain.
Just talking of uh all that
exercise i was taking the uh my dog for a walk last night and um i saw my neighbor uh speed
walking down the road that's where you kind of pump your fists in front of you yeah exactly so
this was honestly like the uh the I thought that was a joke.
I thought, you know, it's like this thing you saw on TV, like with people, elbows high, sort of swinging in front as well.
And I saw this guy out the corner of my eye on the other side of the road walking down.
And I realised it's my next door neighbour.
He's constantly checking his watch. I'm guessing it's a pulse or something.
But yeah, it just went straight past. he wanted to hit 44 000 steps probably yeah but uh yeah it was funny like you know not that i speak to him often anyway but uh no i certainly didn't speak to him last night
either sounded like he was you know punching an invisible person in front of him are you
are you going to join him, Andy?
Not a speed walker.
I'll be honest, Jav. I'm built for comfort, not speed walk.
It reminds me of this old episode of Malcolm in the Middle.
And the dad, what's his name?
Heisenberg.
Brian Cranston.
Brian Cranston, yeah.
He gets into speed walk.
And it just escalates where he starts walking,
then he gets more competitive. And then by the end, he's got those,
those streamlined helmets and he's got the whole Lycra outfit.
Oh, that's right. Yeah. I do remember that one. Yeah.
And there's one time he speed walks fast and he can't, and he,
and he films him and in slow motion, he says, aha, every third step,
he actually takes both feet off the ground. So it's like,
I think that's one of the rules of speed walking. So unlike running yeah one of your feet has to be on the ground at all times no both uh
yeah that's right that's right yeah so um because walking is a um an olympic sport isn't it it is
yeah they all run walk like they've got cramps in their stomach yeah yeah and like their hips
are dislocated yeah yeah it's very bizarre. Wait, what?
It's an Olympic sport, did you say?
Yeah, have you never seen it?
It's like at the, whatever, it's over long distance.
It's a walk thing.
No.
It's quite slow, you know, compared to, you know,
watching Usain Bolt, for instance.
Do you know, Usain Bolt, I think it's something like the last 15 people who've broken the 100-metre sprint record,
14 of them at some point in their careers
have been banned for drug-taking,
as in
performance
enhancing drugs
only one of them hasn't
but that's the same Bolt
he's the only one who's not had
any kind of
score
against him
so he's either very, very clean or, you know,
almost Lance Armstrong.
Yeah.
Lance Armstrong clever.
Well, not so clever in the end.
Ah, well, anyway.
So what have we got for you this week?
Let's see what the show notes say we've got.
Well, unsurprisingly, in first spot,
we've got a tweet of the week.
Billy Big Ball's rant of the week.
Will we have a little people today, Jav?
To be decided.
To be seen.
Let's not ruin the surprise.
Let's keep hanging on to the end,
because I know that's the only reason they joined the show.
Indeed.
Indeed.
So that'll be a no then.
So fine.
No problems.
But, oh, talking about this, your Billy Big Balls last week,
Jav about the person who went into the shop and pretended to be a cashier.
Yeah. That reminded me of two stories.
It reminds me of one and my mother told me about another one. Um,
so the one my mother told me about was like in the sort of seventies or eighties.
Um,
these two guys walked into Harrods
during their sort of New Year sale period
or something like that when it was really, really busy.
They walked in there with a till, a shopping till,
found a spare space, set up,
and basically took money from everybody.
It was a cash-only thing.
Took money for everybody for all the stuff they were buying,
and then at the end of the day walked out genius and um and the other one the one that i was reminded of was uh
bristol zoo um and bristol zoo you know there's not much parking around it etc and there's a there's
a like a strip of sort of dead land as it were that that's for about 20 years had been used as parking and as a an old boy used to
walk around and you know take your money give you a ticket to put in the window etc and this went on
for a couple of decades um it was quite close to outside the zoo and then one day he just didn't
turn up and people were going to the zoo and saying look we tried to pay for parking but the
guy who normally takes money isn't there anymore.
And they went, oh, well, he's not one of ours. We'll look into it.
So they phoned the council and said, where's your man?
And they said, we haven't got a man. We thought it was yours.
It turns out this boy had just been taking money for the last 20 years to park on this land that was owned by, you know, someone, but not him.
And then when he made his money, he just upped and left.
Genius.
Genius.
So that's, I think they call that chaotic neutral, don't they?
Yeah.
Yeah.
Do you remember that program called The Real Hustle?
Yes.
Yeah, also some fantastic things they do.
I remember one where they pitched up in a shopping centre
at Christmas time and did a gift wrapping service.
And you literally just turned up.
It was free gift wrapping.
That was the thing.
So you turned up, you left your presents,
given a ticket, told to come back in a couple of hours.
And all they were doing was just opening the presents see what they were and then
taking out all the good stuff then just disappeared
people going back with ipad boxes full of bricks and stuff yeah
classic yeah so sometimes the ballsier is the the more people fall for it yeah well that's it
it's because people just aren't expecting it. Yeah. Well, that's it.
It's because people just aren't expecting it.
They're not looking at it.
You think it's so ridiculous, why would anyone try it?
Yeah.
Yeah, exactly.
Exactly.
Anyway, shall we move on?
Let's do it. I think we shall.
Let's move on to this week's...
Tweet of the Week.
Smooth.
I thought so.
And you know what?
I said that to Graham
earlier this week.
I said, hey, the jingles
are getting much smoother.
And there was this
awkward silence at the end.
And then he laughed and said,
anyway, let's talk about...
Yeah, thanks, Graham.
I, you know, I was feeling good about myself until then and then
then the anxiety hit home but hey so hopefully i'll keep up to scratch this week although
so far it's um it's signs are not put uh looking good anyway tweet of the week
uh this is me so there was um a tweet i think it was late last week actually but
um uh or was it early this week i can't even remember anymore i think it was this week uh
oh no that's right it was sunday this week yeah yeah it actually came out on sunday that's right
uh and it was a forbes article talking about the stan army or the bts basically the bts fans the k-pop the south korean
pop fans who um kind of have self-identified uh as a um a power for good as it were they've they
they they're they're massive fans of,
and I don't even know the names of these bands,
but you know,
the Korean pop bands,
BTS,
I think is one of them,
massive fans and they get together online and they,
these pop stars,
they also have,
you know,
to celebrate their birthday.
So what,
for instance,
one of them's had a birthday recently,
built a web, web page um collect money for charitable causes and stuff like that so
but they're they're they're known for basically loving k-pop being fanatical about it and for
sort of working together for good causes and all that sort of stuff but also in a virtual world globally and um um the article
by davy winder was basically saying should we be concerned about the stan army as they're known
um named after uh eminem song stan you know as the fanatical fan uh although i think stan army is a little bit of a
derogatory term to them but i you know i don't know anyway so we were asked for media quotes so
as jav knows you know you get these things and you get given like 12 hours to reply to when i was
asked to you know should should um you know is the stan army a risk to a risk for cyber security? Should we be concerned about it?
And so I supplied about 17 paragraphs and had one quote in the entire thing.
But as we all know, that's how it goes.
Tom, you realize he asked you for a quote.
He didn't ask you to write the article for him.
No.
He actually asked four different questions, I think.
So I just replied to those four different questions.
Anyway, he thanked me.
He said it was useful.
And, yeah, so I said that basically any large group of people we need to be,
you know, that can sort of mobilize remotely or virtually, whichever way you want to look at it.
We should be cautious of because, you know, even if they are well-intentioned themselves,
the fact that they may be, you know, egged on by either a member of the band unintentionally,
so maybe they lost a sponsor or something like that, or even they could be, you know,
their actions could be hijacked be you know their their um
actions could be hijacked you know for malicious purposes so somebody could pretend to be
one of these you know uh pop stars and and ask the fans to do something like doxing someone or
you know um ddos in them or or whatever um and so you know like every threat out there we have to we have to be aware of it and we you know we need so, you know, like every threat out there, we have to we have to be
aware of it. And we, you know, we need to be, you know, know who's going out there. And let's face
it, that's where, you know, Anonymous started from. I think it was originally against the
Church of Scientology was, you know, they felt that they they were church Scientology were being dicks about something
you know
suing far too many people
etc and so
they started to attack them
so they ostensibly came about
for a, in inverted commas
good cause but then went
on to, you know
they built the LOIC tools
you know the low orbit ion cannon, DDoS tool, et cetera.
And as a result, got hundreds, possibly thousands globally,
but, you know, a bunch of people arrested around the world.
And we're talking, you know, middle-aged people,
housewives, professionals, students, everybody,
People, housewives, professionals, students, everybody arrested for actually committing a crime of attacking companies, you know, DDoSing and all that sort of stuff.
And so, you know, from what were ostensibly non-malicious starts, it could easily be turned into something that becomes quite malicious. And, you know,
there's no different, no different from that. There's no difference to the Stan army. What really surprised me though, was the number of responses to the article from members of the Stan
army, basically saying, we're not going to be manipulated. We know who we are. We are a nice bunch of people.
So one, I was surprised that they read an article in Forbes, you know, based on cybersecurity. And
two, I thought it was interesting that probably 75% of it disagreed entirely and said that we
would never be manipulated. You know, we're just a force for good, you know, if nothing else.
And then a small proportion of people said that they actually enjoyed the article.
So I thought it was a really interesting insight into how, you know,
what we should be looking at from a risk perspective.
And then it opened up to some of the cybersecurity folks,
but only after, at least in my realms,
but only after I sort of tweeted about this response,
who basically said, very often we don't care about attribution and who it comes from. We just
care about the threat. And that is really what it comes down to. So I don't know. I just found it a
really interesting week reading through all of these comments. In fact, it was probably
one of the biggest responses
i've had to anything on twitter uh that's had my name attached to it so it was quite a fascinating
insight yeah yeah the thing is that this thing is is not unique uh like like you rightly said it's
been around for a while uh i think the two things that come to mind is one is like
people can still be
with the best intentions and
not be manipulated but that's the whole thing
about manipulation you don't actually
know that you're being manipulated when you're being
manipulated it's normally after the fact
that you look back and think ah yeah
all those warning signs were there he was
Kaiser Soze
yeah yeah exactly
aside from that what's really uh perhaps
deserves more attention is when you have uh not naming any names but you would have certain world
leaders who have access to social media and then they start hurling accusations towards people
and groups or what have you and then they mobilize mobilize a very, very different kind of response.
And that's really, really dangerous.
It was interesting.
One of the commenters said, you know,
why is cybersecurity professionals worried about, you know, us?
We're not going to do anything wrong, et cetera.
Why aren't you talking more about Donald Trump
and, you know, the power he wields over social media?
And so I actually, that was the one, the only one I replied to.
And I said, that's because the orange buffoon is already in our risk models.
You know, so, but yeah, it's very true.
That's a secondary screening for Mr. Langford.
Yeah.
If only we had listeners of that, you know, who were able to influence things at that level
oh dear so yes that uh was uh this week's tweet of the week
that sounded more like a rant of the week but but go on, I'll give you that.
It's a tweet of the week.
Yeah, but... It originated from a tweet, I guess.
It originated from a tweet,
and I think I've had the rant of the week forever.
Because I think even when I'm just passionate about something,
it just sounds like I'm ranting.
Yeah.
That Brian Blessed voice of yours, Tom.
Two arms going live!
And anyway, Andy had Rant of the Week this week.
Yeah.
Every one of Tom's ex-girlfriends.
He gets very ranty when he gets passionate.
Every one of my ex-girlfriends?
Yeah.
Don't say that just yet.
Yeah.
Nothing's been finalised yet.
Oh, dear.
So, oh, I know what we can listen into now.
You're listening to the Host Unknown Podcast.
More fun than a security vendor's briefing.
I tell you what, I'm glad that's in the show notes.
I'd have forgotten to play that otherwise.
What show notes?
Hold on, you guys have notes?
Yeah, we're not naturally this bad I tell you what
Andy and Tom take the piss out of Jav
and Jav pretends to laugh
Oh, so you have got the show notes.
Oh, dear.
As if it was that scripted.
Oh, dear.
Right, I tell you what, let's move straight on now to you, Jav,
and this week's...
Billy Big Balls of the Week.
See whether he actually read his own story this week.
Hold on, give me 30 seconds.
So this ties into what you were saying earlier in the show, Tom,
about how these scams take place and they are affected
because people just don't expect it.
Like, how could anyone be so ballsy to set up like a fake till in a shop or a free gift wrapping service?
And this is along the same lines.
It's two Nigerian men.
Wow, what a cliche there.
Have been arrested for allegedly scamming a German state.
So the German state wanted to buy some PPE,
and they were looking at this Dutch website, a Dutch provider.
And what these two Nigerian gentlemen done,
they cloned the website of the Dutch company.
That's all the details that are there.
So I assume they picked a lookalike domain or something, what have you.
And they took the order off for about two million pounds for PPE and they got a runner.
And after a few weeks, the Germans are sitting down saying, hey, our PPE hasn't arrived.
hey, our PPP hasn't arrived.
Maybe we should go check.
And so one of the German state employees,
he got on a plane or whatever,
went over to the company and said,
hey, look at this.
We placed this order.
You haven't delivered yet.
And they're like, well, we've never heard of you before. We've never done business with you.
So that kicked off an investigation.
And the two suspects were arrested in Lagos.
Lagos.
Lagos.
Lagos, Lagos, Lagos.
Yeah, it's not in Denmark.
No, no.
It's in Nigeria.
Yeah.
So I thought it was so, I mean, it's so ballsy.
Like you just take a website, you clone it and say, yes,
we'll take your payments. But also I'm really surprised in the Germans who were buying that.
They didn't do their diligence.
They didn't do any due diligence.
that they didn't do their diligence they didn't do any duty i mean it's not like you're ordering a raspberry pie from a from a or back at kickstart that's like 30 quid or something you're
you're spending two million pounds you want to kind of like maybe get on the phone call
phone with someone maybe do some review checks uh check their their reviews on glass door all
that kind of stuff but but yeah so
they just went oh this looks like the website yeah okay yeah just put in your credit card details
there two million pounds off you go and then wonder why why your ppe hasn't arrived so it does
i it seems to me i reckon knowing what it was like certainly in the early days of the pandemic
and stuff and you couldn't get anything from anywhere.
They were just happy they found a site that would sell them stuff.
Or they thought would sell them stuff.
Do you know what I mean?
They thought,
Oh my God,
if we haven't got this stuff,
we're completely screwed.
And,
you know,
and,
and this is,
and then they were screwed.
Yeah.
Yeah.
And this is what all the scammers are relying on.
Whenever there's a scam like this or what have you,
they're either trying to entice you with something that's your greed
or your desperation or love or money.
It's all these emotional triggers that they're trying to find
which one will work best in this scenario.
And you're right.
But, you know, again, I'd understand it if it was an individual
who's not literate, who just goes online and buys something.
But when you're a State Department,
it seems like a very emotion-based decision for especially a German state.
Yeah, they obviously bypassed all their usual processes
to do this urgent
purchase.
Probably because they had
to. They couldn't get it anywhere else.
You know, or
even, and you don't know,
but maybe this was, you know,
2 million is just a drop in the ocean
for this particular state. I don't know.
It does sound like a lot of money, but... i mean someone's gonna you know question this you know oh of course
and it's taxpayer money at the end of the day as well yeah that makes it even worse but but yeah i
i can see i remember um in the early days of of the lockdown lying awake at night wondering how the hell I'm going to get pasta and toilet
paper and, you know, hand sanitizer because everywhere was sold out and scouring Amazon
for stuff and ended up buying, you know, 20 bottles of sanitizer because that's all I could
get through this particular supplier on Amazon and 10 kilo bags of pasta that never arrived,
but I did get my money back.
Do you know what I mean?
You just think, oh my God, I'll take anything at the moment.
So you can understand the emotion, but as you rightly say,
this is a hell of a lot more than 15 quid for 10 bags of pasta.
And you would expect a little bit more rigour, you know,
with taxpayers' money, you know, money that isn't yours at the end of the day.
Yeah.
And is for the protection of the people who are paying you
to protect you, you know.
So it's unsurprising but disappointing yeah and this is why um you know
you have these processes that you follow um yeah time to stress um you know you continue to to
follow that process you know it's a well-documented path with the right controls in place it's um
i'm doing um a webinar next week and um or webinars um I think I've got five to do next week.
And one of them is on the psychological,
not,
well,
not just the impacts,
but the psychological processes that,
that needs or should be implemented during incident response.
You know,
it's all very,
it's all very good looking at,
you know,
having a framework, having a playbook or, or whatever else you like to call it and, you know, whatever
degree you agree or disagree with, you know, how, um, uh, how specific that should be. But
actually you should also have, um, have it clearly documented who's looking out for signs of stress who's controlling
helping to sort of control the emotion in the room who's looking out for the you know mental
and physical well-being of those involved in you know long you know long-term response plans and
all that sort of thing absolutely you know without wishing to you know sell this thing specifically it um it's a
it's a panel i'm hosting it does it sounds to be really interesting that's one of the ones i'm
specifically looking forward to no that that's absolutely right i remember reading about an
incident years and years ago like about a bank that um its main office had a fire but they had
backup offices in place and they had like a hot hot recovery and everything
and within like and the whole building was pretty much burnt out and they managed to relocate
everyone and whatever you and they were like good we got that there but none of the staff wanted to
work because they were so traumatized from having yeah it's from a burning building yeah it's right
that's right they did
they did did they at least hand out sort of baby wipes to get the soot off exactly yeah i don't i
don't know but it's it wasn't just for the day it's it's a long-term thing i mean some yeah just
yeah you know especially if they they maybe they've been injured or they've seen a colleague
get seriously injured or burn or something and you know i don't know maybe even die um or they feel
guilty about throwing colleagues behind them as they escaped yeah yeah or or or leaving or not
stubbing out the cigarettes and yeah yeah it's so true i mean you, you know, these are, you know, you, you try and mechanize a process as much as possible.
And yet you completely forget the,
uh,
you know,
the organic part of the,
of,
of the equation.
So,
yeah.
Thank you very much,
Jav.
That,
uh,
was this week's
Billy Big Balls of the Week. was this week's... A little bit of a gap on that one.
Yeah.
There was, but you two went quiet
and I panicked and realised I had to say something.
You can't have dead air on you.
Fill that space, fill that space.
I know.
You know like radio stations have that automatic,
you know, when it's dead, it automatically plays a song.
Oh, really?
Yeah, so this is, you know, in case there's a technical problem
or, you know, it's happened a couple of times on radio stations
where songs just started playing,
but it's because there's too much of a pause
between anyone saying anything
like this you mean
yeah exactly
I shall
implement that system straight away
and we will have
that song playing whenever
you guys just
probably about 35 times an episode right
yeah exactly
it's going to take a lot of bloody editing
i'll just quickly add that scam um you know this cloning a business which uh dad just mentioned
i did read something earlier today about a um lady who had her instagram business phone
um in august like the last the last what really business yeah they um she had like a soap business
or a beauty product business and people set up the exact same thing um with an extra o at the
end but you know where it says co uh you know the end of it little soap code or something it hadn't
yeah um and so i think she was running a competition or something. And so what they did, they basically cloned this page
and started contacting all of her followers
or everyone that commented to win this competition saying,
right, congratulations, you've won.
Send us your details.
I don't know what the end result of what they were looking for was,
but it was just a great, it's just so easy to clone stuff now.
But isn't that interesting because Instagram, like Facebook, et cetera,
it's an open platform, and if you do run that competition
or something over an open platform like that,
you can see exactly who your customers are.
Yeah.
Whereas traditional websites or something like
that or you know email in or click here to to enter etc the the the non-technical attacker
wouldn't be able to leverage the people who had responded yeah it's so but it's about driving traffic um yeah instagram you're likely to see
it's that horrible facebook algorithm where you know it shows up in your feed if one of your
friends has interacted with it or something you know yeah yeah it's it's a it's a double-edged
sword you know if you're not careful everybody can see who's who's buying from you and therefore who your customers are yeah yeah but that's how you get sponsors apparently so apparently so so who who's do you
remember what this soap company was called little soap coat little soap coat well if you're listening
little soap coat this could be you host unknown sponsored by insert name here Host Unknown Sponsored by Insert Namia
You said it had an X-Pro at the end
Yes
The fake guys did
It sucks
You shouldn't laugh because
They're but for the grace of God
Insert whomever you
How would you feel If there was a hoostunknown.tv or something?
Yeah, maybe we can steal all their viewers.
Yeah, that's right.
We could steal both of theirs and double ours.
And also, viewers of a podcast?
Not sure that works.
No, no. But your mum will be like, Tom, you podcast, not sure that works. No, no.
But your mum will be like, Tom, you sounded very different on the podcast.
Yeah, that's right.
That's right.
I'll rock up there one evening.
There'll be a stranger there.
Oh, hello.
Have you met my son, Tom?
Oh, dear.
Anyway, Andy,
what do we know? What's coming
up next? So, this
week, we have
a veritable
buffet of
just the biggest
variety of the latest and greatest
security news. From our
reliable sources over at the InfoSec,
VA Newswire has been very busy.
Go on, go on.
Just bringing us the latest and greatest stories from around the globe.
Fantastic. It's not word for word, so I'm not going to shoot you.
Yeah, I didn't actually have the show notes open at that point.
I was going to say, you went off script there,
and I was thinking, what the hell's going on here?
This is not how we do things.
I don't know.
I'm back, I'm back.
I don't know.
We mechanise this as much as possible,
but it's the organics that always screw up.
This is just turnkey.
Literally, any of us can be replaced.
Yeah, exactly. It reminds me of the oscar awards you know when you have these actors who've been in loads of films
that get paid millions of films and when they go up to announce the next awards they're reading
the autocue and they're really struggling and they're screwed yeah that's right it's well isn't
that what pretty much happened
At the Oscars a couple of years ago
When they read out the wrong winner
I don't remember that
Yeah, there was the wrong
Yeah, I remember it
Oh God, also happened on the
Eurovision Song Contest nominations
As well as Oracle
Anyway, so PA
Newswire, Busy, Greatest
Security News Globe, blah, blah, blah.
It's time for this week's
Industry News.
Cybersecurity incidents
account for a third of ICO
reports in 2020.
Industry
News.
Credit card skimmer hits over 1,500 websites
Industry News
Ransomware could be a major threat to 2020 election
Industry News
Besides London and 44Con cancelled 2020 conferences
Industry News Cancel 2020 conferences. Industry news.
SMBs invest in cybersecurity budget and firewall technology.
Industry news.
Businesses fear insider-enabled data breaches.
Industry news.
ThreatConnect acquires Nemea security to add risk qualifier. Industry News.
And that was this week's...
Industry News.
Wow, I thought that list wasn't going to end today.
Jeez.
That was a...
Yeah, I think someone's taking their feedback on board.
I was going to say, InfoSec Stig has taken on board.
It's taken to heart our feedback.
I think their boss must have listened to our plea last week
and slapped them around a bit.
Metaphorically speaking.
Yeah, or maybe not.
Maybe that's all it took.
Well, from a distance of two metres and in a group of no more than six.
Exactly.
Yeah, sad news
about the B-Sides.
B-Sides and 44 Con.
So it would have been B-Sides 10th year,
I believe. That's right.
10th year anniversary.
And 44 Con, that would be
something like the 7th or 8th, isn't it?
Yeah, shame.
Yeah, but unsurprising.
I know B-Sides Deli, for instance, which is my other favourite one,
has cancelled, although they're running a virtual event now.
Okay.
They put it back to November just in case they could squeeze it in,
but couldn't change it in the end.
So, yeah, they're doing a virtual one.
But, yeah, it's very disappointing.
And I must admit, I kind of applaud the organisers of both 44 Con and B-Sides for not going on and doing a virtual conference,
because sometimes conferences are known for their networking and stuff like that.
Yeah. I understand why B-Sides Delhi didn't do it because this would only be their fourth one. I think they're sort of still finding their legs in that sense.
And I think it's important to maintain it.
But certainly B-Sides London and 44Con are that much more established.
And possibly they can afford to not run something this year as well.
Well, yeah, because also what it is, like you said,
especially like the these conferences there's the big attraction is the networking area in the center and they yeah they couldn't have had that this year no secondly you need to have like um
temperature checks at the door and you you have to reduce the capacity to half so that you can spread people out.
And so it's basically,
you have to sit in the track and you have to sit in there all day and it just
wouldn't be a good experience for,
I mean,
I think just even getting people in through the door would have taken like a
good few hours.
Yeah.
And also let's face it,
you just don't know what's happening.
So like from Monday,
six people or less,
right. Yeah like from Monday, six people or less, right?
Yeah.
You know, you could have put in all of this effort and then a week before you could have just had, you know,
everything cancelled, you know,
and that's a huge amount of effort and money,
which for a, you know, a charity,
ostensibly a charity or a nonprofit, is problematic at best.
I know.
I'm really gutted, though, because this year I got accepted to three international conferences and I had to do them all virtually.
One was in Colombia, one was in Singapore, and one was just on Monday.
It was in Cairo in Egypt.
So I'm like, I could have been traveling the world, living the high life, posting my Instagram photos, making people jealous.
But no, I had to do them all from my pajamas at home.
Yeah. Yeah. I got I when I moved into the new place, I decided to organize all of my old lanyards because I keep all the lanyards from conferences over the last 10 years.
So I got like 10 hooks on the back of the door and you know one for each year and you can really spot 2020 and all the others i must have
15 20 on them you know apart from maybe the first few years where maybe i've got
you know seven or eight something like that 2020's got two you know it's just and that was
january and february basically um it's really noticeable you know um porn hub every now and
then releases some stats off their viewership what's that site yeah it, it's on Twitter. I saw the... And do you remember a year or two ago in Hawaii,
there was the erroneous...
Oh, the missile warning system.
Missile warning.
Oh, yeah, yeah, yeah.
And so they released their stats,
and there's like normal stats, normal, normal, normal.
And then when the missile notification goes out,
their viewership drops down to like maybe one person
in the whole island.
Yeah. notification goes out, their viewership drops down to maybe one person in the whole island. That one person was committed
to that
particular activity right
there. Maybe they didn't
see their text, they were just too busy.
If I'm going to die, I'm going to
die with my best friend in my hand.
And then as soon as it came out that it's a fake it massively
spiked up again that will correlate perfectly with your lanyard collection yeah but unless uh
you know there's um just to you know bring the whole tone down as Jeff brought it on to Pornhub. And, you know, that one guy that's committed, you know, the Japanese word,
you know, I don't know how to pronounce it, you know, correctly,
but it's like Kenjaten or something, which basically means, like, post-nut clarity.
And it's like the initial translation is wise man time.
Wise man time!
Before you make any important decisions,
you need to have this clarity.
And who's to say that this guy wasn't the smartest man
out of everyone on that island?
And thinking, right, I need to make some very important decisions
in a very short space of time.
Let me go to my old faithful playlist.
Or he might have them, you know, categorised by time.
So he's got his sub 30 second playlist and then he's, you know.
Let's move on. Let's move on.
Yeah, let's move on. Sorry, mum.
Let's move on.
Let's move on.
Yeah, let's move on.
Sorry, mum.
Oh, dear.
Right.
So, yeah, that was the industry news.
That was very good.
I enjoyed that.
And thank you, Infosexdig. We do like a little bit of a lot of content.
And we applaud your commitment to your craft very very good
um okay so let's move on what have we got now uh oh we've got the sponsor jingle sponsored well
we've already done that yeah we sponsor yeah exactly exactly Or it could be sponsored by Pornhub.co.
I don't know what they would be hijacking.
I'm not sure.
Yeah, here we go.
Let's go on to this week's...
Rant of the Week.
Oh, so this one's me this week, isn't it?
Yeah.
Do divide out the content fairly.
So, I mean mean this is a
controversial one um but fortunately i'm not really active on social media so i don't care
uh i'm not likely to see the fallout from there but i'm not going to name and shame anyone i'm
not going to pick on anyone in particular um and even as i thought about this week's rant of the
week i was thinking you know that uh simpsons episode where Principal Skinner, he's sitting there and he's like, am I out of touch?
He's like, no, it's the kids who are out of touch.
Yeah.
That does spring to my mind as I think about this.
But there seems to be a growing trend of people either posting, you know, I've seen on LinkedIn.
I have seen on Twitter. It's probably on other social media sites of people who basically slag off companies, you know, where they didn't get jobs at.
You know, so someone applies for a job. They didn't get it.
Oh, yeah.
They go and slag off the company and say oh this company was asking for
such and such it's ridiculous they don't know what they're looking for as if the fact that you didn't
get hired is um you know totally down to the company uh now you know as a hiring manager
myself this does concern me is that um you know either me or my company could be misrepresented and trialled in the kangaroo court
of social media
purely because one person
with a lot of followers didn't get...
Are you reading this off a script again, Andy?
No.
You can see the show notes that I've got.
Yeah.
I have nothing here, yeah.
Tom, let the man
finish.
I was really engrossed in what he was saying there.
It's when he said kangaroo court of public opinion,
I thought, bloody hell, he's done some research on this.
I'll be honest, I use that saying a lot of work
when it comes to brand reputation.
So, you know, I can see the circuit will you say anything we type here
no i will no so anyway to get back to the point um i don't know when this started happening and
i don't know whether it is because i'm out of touch or because uh uh you know it's a growing
trend but obviously the more followers you have the more support you get um yeah and you know there are some very smart people no doubt about it um but to me they come
across as um volatile um you know and they would be an absolute nightmare to manage uh you know
you can imagine yeah having to um you know either criticize their work or um you know point out
something that doesn't quite tally with what you're after.
You know, the way it goes on Twitter, I had this boss
who was trying to, you know, suppress my freedom of opinion
or something like that, you know, and it's just a horrible situation.
I think it comes across really bad for those people
who actually just go public with all these things
and, you know, sort of call out companies.
actually just go public with all these things and you know sort of call out companies um yeah purely because they didn't get the job you know there are many reasons why you may not
be suitable for a role yeah um and to instantly think that you know you're entitled to that job
um and if you don't get it it's the flaw of the hiring manager.
It concerns me, really.
The fact that you're even willing to publicly say that probably tells me that they made the right choice.
Yes, exactly.
And I have seen another sort of slant on it
where people sort of say,
hey, the choice is like a real first intro
owing to you know something discretion or you know uh disagreement my former employer um you know
i'm now available um you know please uh tell me why your company's the right fit for me
you know that's to me you know it comes across as arrogance you know i'm all for assertiveness and
you know more power to you and self self-belief but um yeah but that should come across in the
interview it should yeah and also you know also what do you bring to the table uh you know it's
a two-way street it's not just about what exactly it's it's a bit it's a bit like um
this might be stretching the analogy a bit but it's a bit like, this might be stretching the analogy a bit, but it's a bit like people going to shops and demanding to be served
when actually, legally, you're not going in,
you don't have a right to be served in a shop.
The shop is offering to sell you something.
It's like a subtle distinction that basically means
shops don't have to sell you anything
if they don't want to
and this is that whole, you know when people have the argument about legal tender
yes, yeah
shops don't have to
it's just something they can accept if they choose to
yeah, precisely, and it's a similar thing here
it's not to mean that you have to be beholden
to a company in order to get a job to them,
and you don't have to grovel and all that sort of thing.
But the principle is that the company is offering to employ you.
You're not offering to work for them.
Yeah.
You know, the transaction is, it's a um the the offer of
employment is a one-way transaction as it were um you know it becomes two-way when you accept
that employment um but you know so before you even get that offer to sort of be demanding to know
what they are going to be offering you etc it just seems a little bit
arse about face if you see what i mean to to boil it down into a simpler analogy other than the
convoluted one that tom just imagine imagine a guy sees a girl at a bar and he goes up to her
says hey you know whatever tries to chat her up and she says no and he comes back and what does
he say to all of his friends at the table oh she's a stuck-up bee or whatever this is yeah he's a lesbian yeah exactly all those all those people
that go on these talent shows and they don't get through or dragon's den or apprentice or britain's
got talent and then they walk up they'll know my name in a year. That's the biggest mistake they've ever made. And you'd never hear from them.
Yeah.
Yeah, exactly.
Exactly.
No, I think that's fair play, Andy,
because I think, you know, certainly on social media,
we do end up with a lot of people, you know,
apparently paddling at the shallow end of the gene pool,
you know, and their attitudes.
And as you say, self entitlement.
And just generally speaking, you often hear people really confusing rights to privileges.
You know, people have, people have very few rights in this world.
They have many privileges
um you know you have basic human rights of course all that sort of stuff but everything else is
virtually a privilege and it's a privilege of either skin color of what skin color yeah
potentially uh i was gonna say you know your birth status to say, you know, your birth status, as it were, you know, where where in the social hierarchy you're you're born, which country you're in, what kind of work you live, what city you live in, even, you know, the type of government that's empowering your country at time and all that sort of thing.
Everything is a privilege or most things are a privilege.
You know, so it's it's it's fascinating to see how people really confuse
those two so i think that there's two things just just to i suppose the last point i'm going to make
on this there's two sides to the social media thing one is obviously the people that come out
and make these ludicrous claims but the then there's all the enablers that only hear one side of the story and yeah
really need to hear both sides of stories to figure out what happened or not and you're only
getting one side that my ex-boss was a tyrant and this at the other which they might have been but
you know you can't make it but then everyone's jumping to their defense and you know it's you you
only know this person through social media or maybe you've seen them speak at a conference
but you're maybe not at all maybe not at all but you're not their friends you don't know their ins
and outs you don't know all their what they like to work with but all these enablers jump up and
they're like yes we're sorry and retweeting and shame on that company. And let's cancel that company and all that kind of stuff.
Yeah.
Yeah.
Why do we always get serious in the last 10 minutes?
I don't know.
Because we've run out of, we've run out of funny juice.
It's like.
Yeah, that's right.
That's right.
Yeah.
Andy's notes only have jokes in the first half.
Anyway, thank you Andy for
this week's
rant of the week
I'm not even going to ask if we got a little people
you know maybe what we should do is do
two half hour episodes so we can
stay funny for both
no I guarantee you
the second one will be dreadful.
No, it'll be like
four and a half, two halves.
We just like,
we record a bit,
have a 15 minute break
and then come back.
But leave it recording in between
so that the listeners
can go off for 15 minutes as well.
You know, Tom's mum's
sitting there listening to this thinking,
why do these guys think
they're funny in the first half?
Yeah, I mean, she knows I'm funny, but you two
know, definitely not.
Definitely not. Anyway,
thank you, folks, for
listening. You've seen us through
nearly another hour again.
I remember when we first said this was going to
be like a 12-minute podcast.
I think that's laughable.
Yeah, well, the very first one was, and we got a whole bunch of stuff in.
Yeah, we also used to sit in a room together and record it.
Well, this is true.
Yeah, and it was heavily, heavily edited as well,
whereas I try and do as little as possible.
There's one you're still editing from like four years ago, isn't there?
Four, five.
Anyway, we're waiting for a death in the family first, aren't we?
Yes.
Mr. Daniel, if you're listening.
Anyway, gentlemen, thank you very much indeed for your time this week.
Jive, thank you, sir.
You're welcome.
You're welcome.
Thank you, Andy.
Stay secure, my friends.
Stay secure, my friends. Stay secure.
Host Unknown, the podcast, was written, performed and produced by Andrew Agnes, Javad Malik and Tom Langford.
Copyright 2015, or something like that.
Insert legal agreement here
as applicable and binding
in your country of residence
we thank you
you know you used to say
you hated us at the end of every episode
I think you're warming to us now of every episode jab i think i think you're
warming to us now no i think everyone knows that i hate you i'm just you know it's you know how
they say it's a quiet one so you need to be worried about oh well we've definitely got no
worries about you then yeah yeah yeah now i've stopped voicing my hatred and i just see you on
the inside plotting my revenge