The Host Unknown Podcast - Episode 28 - The World's Number One Podcast
Episode Date: October 16, 2020All your regular Host Unknown goodness, proof we really are part of your five a day. This Week in InfoSec10th October 1990: The case of black hat hacker Kevin Poulsen aired on Unsolved Mysteries, 7... years after he went on the run. https://apnews.com/article/5998a45685b94e569c76c1908497d320https://twitter.com/todayininfosec/status/1314988791153790978?s=2014th October 2003: Microsoft launched its first Patch Tuesday, its program to release security updates the second Tuesday each month.https://twitter.com/todayininfosec/status/1316542893079834625?s=20 Tweet of the Weekhttps://www.huffingtonpost.co.uk/entry/government-branded-ad-telling-a-ballet-dancer-to-retrain-slammed-for-lack-of-respect-for-the-arts_uk_5f841a6ec5b62f97bac5140a?ncid=APPLENEWS00001&guccounter=1https://twitter.com/AnneVosser/status/1315419252783034368?s=20 Billy Big Balls of the Week(Not sure where we’re going with this one) Industry NewsGlobal Privacy Control Launched to Offer Users Greater Internet TrustGov-Linked “Fatima” Cybersecurity Career Advert Removed After BacklashHackney Hacked as Council Investigates AttackSecurity Serious Unsung Heroes Awards Winners AnnouncedRansomware Victims Struggle to Recover, Hire and Spend on Threat PreventionGovernment CIOs Praised for Pandemic Response, Better Collaboration Required Jav didn’t win a security serious award - boohooBut Jav did make another list, and it’s not the kind he’s usually on… https://onalytica.com/blog/posts/whos-who-in-cybersecurity/ Rant of the Weekhttps://www.independent.co.uk/life-style/scarlett-london-instagram-death-threats-blogger-twitter-viral-a8520311.htmlA London-based blogger has revealed that she received death threats after a tweet mocking one of her Instagram posts went viral.Scarlett Dixon, 24, posted a picture on Instagram of herself sitting in bed drinking a cup of tea.The blogger, who has 45,600 followers on the photo- and video-sharing social network under her blog name, Scarlett London, added that the picture was a sponsored post in collaboration with Listerine. The Little PeopleMagda de Jager Host Unknown at a Conference Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Anyway, shall we get on with it before we run out of time?
We've wasted so much time already.
Yeah, thanks, Tom.
I mean, you know what?
If you weren't so busy going on other people's podcasts
until midnight, then maybe you'd be on your own podcast on time.
Yeah, but what can I say?
I like listening to Carole and Graham's dulcet tones.
And somebody had to turn up and...
But somebody had to turn up and wave the flag for Host Unknown.
I mean, come on.
Yeah, the Host Unknown flag,
not the white surrender monkey flag that you took along.
White surrender...
I don't think we can go with that.
You're listening to the Host Unknown podcast. with that. Hello, hello, hello. Good morning, good afternoon, good evening from wherever you are.
This is episode, oh wow, 28. We're slowly catching up with Smashing Securities 200.
Let's hope they don't do anything for the next six to 12 years
and we might actually catch up with them.
Slowly catching up in numbers, but definitely longer running.
Yes, absolutely.
I did point this out to them last night.
I did point this out to them last night,
and they unfairly pointed out the short hiatus of roughly five to six years in
between episodes one and two but um but yeah definitely longer we spend a lot of time reflecting
on uh what we've done and sort of determine if it was the right direction for us yeah creatively
yeah exactly we put the listeners you listeners uh first and foremost and we don't want to just
toss out any old crap week after week
just for the sake of doing a podcast or for us chatting amongst ourselves.
What we do, we do for you.
We want to find the best articles, the best stories, the best commentary,
and you're welcome.
Yeah, exactly, exactly.
Although, you know, the quality of their guests is going up in the next few weeks.
Why, I haven't seen the invite sorry i'm just checking my inbox now just uh yeah see exactly let me see uh what's my email address
uh the other one at gmail.com let's see no nothing in here the other one that's right yeah yeah yeah i'm on there next week of the week after i can't
remember which you know i'll um i'll get the 15 minute reminder and uh text that you'll be uh 30
minutes late yeah exactly i'll phone it in like usual you know and it will still be like a shining beacon amongst i'm not going to
say it but everything else so you made their uh live show last night and yes yeah uh i think a
few people have pointed out uh some branding that you were doing some uh sort of covert advertising um for a swedish company
and i don't know if this was a product placement intentionally or it's just your life i thought
tl2 was a was a british company yeah it's more the uh the ikea um sort of product product placement
you had going on in your place.
I don't think people realise you're actually a massive fan of Ikea, aren't you?
It's not just a – you're not paid to do it.
You actually do a lot.
No, I like it.
I like it.
You've got to be careful with the stuff you buy, obviously.
You know, not everything is created equally in the Ikea factory.
Like the meatballs. Yeah, like the meatballs yeah like meatballs yeah they're
awesome um but also having just moved into the new place i and during lockdown there weren't
many places where you could furnish an entire flat in an afternoon um which is what I did. I hired a very big van,
bullied my son into helping me
and went and increased their profits fourfold
in that particular shop that we went to.
You bought two portions of meatballs, right?
Yes.
They did say that I'd spent the most money they'd ever seen
since they opened after the lockdown in this particular branch,
which was in Cardiff.
So in fairness, most they'd seen was probably about five quid.
This is such, you know, Tom is such a sucker for these things.
Like they must see him.
Like these big brands like Ikea and apple they just rub their hands they say
oh here he comes he'll buy anything off us let's just break this in tell me you're not gonna buy
a home pod mini come on they look awesome i was gonna ask if you'd already ordered one
uh you can't order them yet november 23rd i think it is but But I've put my email address in for the reminder.
Of course.
And do you have a new iPhone 12 on order?
Again, you can't order the Max until the 22nd or 23rd of November.
But I've got my email in because otherwise, yes, I would have.
But I've priced it out.
I know which one I'm getting.
So I know which, you know, i've almost got the expense claim ready for the host unknown um
finance um office uh otherwise known as andy um so yes ready to go you know this reminds me once
on top gear um they started off the show and Clarkson was like, people often write and complain to us that we don't feature enough affordable cars.
And then the camera pans back.
So here it is, the most affordable Lamborghini there is.
And this is how I feel listening to you, Tom.
It's like, you know, there's the average person, how they're living out in the world.
And then there's Tom like, yes, I've ordered the iPod,
the HomePod mini and the new iPhone and the iPhone and this and that.
Look,
I, I can,
I can only imagine all the little people have an iPhone SE,
you know,
I mean,
it's a perfectly good phone.
It's good value.
Why would you not go for that?
It's,
you know,
it runs the same operating system,
you know,
maybe it doesn't have LiDAR,
but you know runs the same operating system you know maybe it doesn't have lidar but you know
anyway what have we got today um let's see what we're gonna do this week in infosec
uh we've got a tweet of the week billy big balls the rant of the week we may we may even have uh
little people don't count as well that's uh yeah exactly maybe uh maybe we should
just ask them if they've got an iphone se and be done with it because then they might actually
record a yes or a no and send it in rather rather than some you know three minute diatribe but um
um yes so we've got quite a lot now little um surprise for us and for everybody else. We've got the show notes. Andy has not put names against each topic.
So anything could happen in the next half hour in the words of Troy Tempest.
It's going to be interesting, to say the least.
This is as ad lib as you get, right?
You've got all the material.
We just don't know who's going to say it.
Exactly. Exactly, exactly.
It always reminds me of the, what is it, in 22 Drum Street
where the guy's watching them do improv and he's coming out
with all these bad ideas and he talks to them afterwards.
He says, why don't you guys practice beforehand?
It would make it so much better.
why don't you guys practice beforehand?
It would make it so much better.
I think had you joined, you know, sort of 30, 45 minutes earlier,
we would have had time to have a look through what we've got.
So as it is, everyone's loaded up and we're just rolling because Jaz's probably got another podcast to go to straight after this
where he lifts the show notes and then discusses the same topics on that show.
And having personally witnessed that and played a part in it,
I can attest that that really is the case.
And you can also attest to how efficient it makes it.
Well, basically all it is is Eric bitching at you that it's too early
in the morning and why the hell are we doing this?
And then the moment record is pressed, he kind of puts on a big smile
and then it's all professional again.
And then as soon as it stops again, it's like,
oh, I'm off for bloody breakfast.
So it's quite an interesting dynamic.
It's like when you imagine sort of like newsreaders who are sat next
to each other all day, you know, reading the news and then who are sat next to each other all day,
reading the news, and then just don't talk to each other
or hate each other off air.
That's exactly – that is the Cron Show.
Eric – the what? The J Cron Show?
The Jarek Show.
Jarek Show, that's the one.
I'm thinking of Anchorman when you're talking about that dynamic.
Yes, yes.
Yeah, that's exactly what I was thinking as well.
Yeah, 60% of the time it works every time.
So, all right, shall we move straight on to...
This week in InfoSec.
Such a great jingle.
I don't know why they complained.
It's got nothing.
It bears no resemblance whatsoever.
So, you know, I don't know.
You need new solicitors, Smash Security.
Anyway, Andy.
Okay, so this week there was a wealth of things that have happened in the InfoSec world throughout the years.
Starting in 97, a guy called Dan Moschuk, a.k.a. T-Freak, published Smurf, since it had already been widely circulated.
And this was perhaps probably one of the first DDoS tools as we know it today. You're probably still finding lots of books.
Smurf attacks are still listed as common things you should be knowing about.
Nasty little bastards.
Nasty little bastards.
Gargamel, all that.
He's not a Smurf.
No, but he hates them.
I'm saying that that's you.
But we're not going to go into that dynamic about how there's like one girl Smurf or those other Smurfs.
And that whole show was weird from start to finish.
Written by a man.
Yes.
And I will also give, you know, pay respects to Sean Harris, who in 2014 this week uh passed away uh age 46 after a long illness
and uh she's obviously well known for her certification exam guide uh which i think at
least 50 of all ci double sps will have a copy of yeah she was she was a bit marmite i think people
people either you know absolutely adored her or thought that she was a bit of a charlatan.
But, you know...
That's just security, isn't it?
Everyone hates everyone.
I think you're absolutely right.
God knows what people think of us.
Our listenership figures tell us what people think of us.
But, yeah, that was tragic, to say the least.
Yeah.
And also another notable mention is this week in 2000,
so 20 years ago, a couple of respectable people
by the names of Whitfield Diffie and Martin Hellman
were awarded the 26th Annual Marconi International Fellowship Award
for their invention and activism in the cause of privacy
rights. So Mr. Diffie and Mr. Hellman are probably known throughout the security industry. And if
they aren't, then what are you doing with your lives? But they weren't the stories I was going
with. This was just so much content this week uh it was hard i was starting
to worry i had the wrong show notes i was seriously i was scrolling up and down seeing
have we done this i didn't this isn't last week so and he just remembers all these facts he just
rolls them off yeah so this is uh all liberated from the uh today in infosec twitter account
um you know giving credit where it's due uh but the stories i went with were uh 10th of october 1990 a mere 30 years ago uh it was the
case of black hack hatter yeah the mad hatter kevin polson um aired on Unsold Mysteries, which is a US program. And this was seven years after he went on the run.
And this one I like because Kevin Poulsen was probably one of the first people I read about when I was getting into this industry.
I read a great book called The Watchman, The Twisted Life and Times of Kevin Poulsen.
And the story that really sort of caught my imagination was the fact that there
was this radio phone in um and you could win a porsche if you were the 102nd caller uh into this
phone in show um and basically he took over all the phone lines uh so he made sure he was all of
the coolest which was just fantastic.
Yeah.
And so that really, I think it was, you know, sort of late 90s.
I read this and I was like, wow, this guy is amazing.
Would that, under those existing laws and such, would that be illegal?
Because I'm sure it didn't say anything in the terms and conditions that you can't be all of the coolest.
No, I think they got him on like communications violations, you know, those things.
But he spent five years in prison.
And came out and drove his Porsche away.
But when he got out, he was banned from using computers
for a further three years.
Do you know what makes me laugh about that is that nowadays
you couldn't even operate a microwave.
Oh, no.
It's so difficult.
In that case.
I mean, think about your life tom you can't
oh my god turn on the lights you couldn't close the blinds in your room you wouldn't be able to
get his uh washing out the machine it's stuck there three years you'd come back to rancid
but uh kevin polson was one of the first uh i think uh you know sort of notorious hackers
that actually went professional you know got a professional job you know along with the likes of
kevin mitnick um you know and and there was that trend for a while after the dot-com era where
they were sort of hiring ex-hackers you know convicted people which to me was always a strange
one because you know they're the ones that got caught. They're not the smartest ones. They're the
ones that got caught. Yeah, but the smartest ones are the ones that say, oh, I didn't get caught.
Well, prove it. You know, prove that you're as good as you are then, you know, or even who the
hell are you? Get out of my office. Kevin, come over here, please, because at least we know what you can do.
If you think about it, it's cheaper and easier than going out
and getting a degree and a certification.
Yeah, yeah, it is.
It is.
And it doesn't take as long.
Exactly.
You know, you're out in three to five and you've got the equivalent
of a doctorate.
Yeah.
Yeah, good career tips here for anyone that's getting into InfoSec.
Do you know what?
Now I know why Dr. Jessica Barker didn't ask us for tips on how to get
into the cybersecurity industry for a book.
I'm not sure.
I was confused before, but now I know.
Do you know what?
We could probably release a companion guide.
If we use the same name, people search for it on Amazon.
Dr. Barker's book is sold out, so that hour will be there available.
Absolutely.
It's a quick win.
I was really surprised at how well my CISSP companion guide sold.
How many did you sell or give away or whatever oh you know i
was only selling them for like 99 pence oh yeah i know and um there was a few hundred that went on
i got like yeah i got two checks from amazon over the uh over over the time it was available
because i've taken it down now because it's not the current version and but yeah i've got two checks off like 60 each so 100 well you know what from 99p
ebooks that's uh that's not bad going yeah that's literally a few hundred so yeah yeah but i mean
with ebooks you just share them don't you it you? It's not a fact that people actually pay for this.
Anyway, not encouraging that behavior at all.
Obviously, if you like it, pay for it.
If you like it, pay for it.
Yeah.
Going on to Sean Fanning, wasn't it?
The whole Napster thing.
You know, the argument was you let people play the music,
see if they like it then
they go out and buy it which i honestly is a model i agree with because there's nothing wrong
i was trying i was trying to explain to uh my kids actually the other day about how dvds um and the
the companies that released them you know all of the all of the film studios that released them
screwed themselves as regards to piracy
because they region lock stuff.
And if there's one way of guaranteeing that, you know,
somebody will try and steal your material is by making it available
to your neighbours and not to you, you know, one country versus another.
And so, of course, people are going to, you know,
do what they can to watch the show that everybody else is raving about or watch the film.
So I think Blu-rays did it a little bit more, were a little bit more relaxed.
I think they had far fewer regions and it was a bit more equitable.
But now we're digital, obviously, you know, apart from very sort of, you know, local services. But things like Apple TV and Netflix and all that sort of you know local um local services but things you know apple tv and netflix and all
that sort of thing there's it's a far more equitable um um playing field yeah although
we're still not perfect no stay with netflix there are still some yeah regional you know where so you
might need to subscribe to a dns service that um yeah yeah but that that's down to licensing and
things like that rather than studios yeah it's a studio saying no we want to milk this for five
years not for one year you know and milk it as it goes around the globe so it's it's born out of you
know legal necessity rather than cynical money grabbing yeah ibing. Yeah, I mean, in 1999, I paid a ridiculous amount of money,
probably near on 500 quid for a multi-region DVD player
because it used to be cheaper to buy DVDs from Amazon.com
and hope you didn't get stung by customs.
Yeah, yeah, yeah. Yeah, absolutely.
Absolutely.
I bought software for my computer so I could play the multi-region ones.
Wow.
I've never done anything like that.
No, but it's true.
It's funny. I remember reading an article a few years ago about musicians
on that very topic, and I think between about 80% to 95%
of their actual income
comes from touring.
Less than 5% comes from actual streaming or sales of their music.
Yeah.
But probably 90% of a studio's income comes from sales of music.
And who is it that controls the sale of music?
Yeah, exactly.
Exactly. So it's weird and actually um tying it back to a security loose security um securosis the the analyst firm
the independent analyst firm by um with uh mike rothman and uh adrian lane oh adrian's actually
left now but um uh rich Mogul and what have you,
all of their research is published for free. And that's kind of like what they quote,
that's how they make their money. They do all their research for free, they publish it on their
blog, you don't need to register, you don't need to download it, you can just get all the
information for free. And then when they do speaking gigs or training courses or they do uh vendor inquiries or research for them they
charge for that yeah which i think is a fantastic model and and i really wish more analyst firms
would adopt a similar ish model because otherwise you have all this great research that no one
never actually gets to see the light of day yeah yeah very true
very true anyway andy yeah oh right we're gonna we're gonna continue we're actually gonna move
on from october 1990 okay let's take it uh forward a few years to um october 2003
uh when microsoft launched its first patch Tuesday,
which is a program to release security updates the second Tuesday of every month,
which still continues to this date.
Do you know what?
Isn't that incredible?
Because that's not that long ago, but actually,
it was only really when the internet was really, really starting to kick off, as it were.
Yeah, a very well-known process now.
I think a lot of companies build their maintenance program around Patch Tuesday if they've got big Microsoft environments.
Patches used to come on the cover of magazines.
Oh, good times.
On floppy disks.
Yeah, I remember when Internet Explorer 4 came out
on the front of a magazine,
you know, and this was the game changer that sort of blew Mozilla out the water.
Yeah.
Well, I remember IE3 coming out, and that was a game changer in and of itself.
And I remember, you know, getting excited.
I had some friends around.
We were doing a LAN party.
I was like, whoa, I'm just going to download IE3 um you know a land party and it's like whoa so i'm just gonna download um ie3 you know you know and it's like what dude what's it yeah but look at those icons they move
the blink tag is supported yeah exactly
exactly oh my goodness but but yeah it's it's's funny. The pervasiveness of the internet has only really been in the last sort of 15, maybe 20 years. Whereas before that, it was very piecemeal. Yeah, absolutely. And absolutely not taken for granted at all.
Whereas nowadays, and certainly after the last six to nine months, it's such an essential utility.
Yeah.
I mean, even people like us would not be able to be so bored that we would actually end up doing a podcast every week and making it available to everybody to listen to.
every week and making it available to everybody to listen to.
So actually it's not always a good thing, but what I think is incredible is the speed at which it has become
considered an essential utility of modern life.
Absolutely.
So yeah, so this week in InfoSec, two stories,
Kevin Poulsen and Patch Tuesday. absolutely so yeah so this week in info set two stories kevin polson and patch tuesday
this week in info
actually hitting the button on that um on that jingle reminded me last night of graham struggling
with his his jingle his doorbell uh jingle on the on jingle on his live stream.
He couldn't get the timing right at all.
Oh, I laughed.
See, it's not so easy.
Not so easy.
Not so easy when you edit, right?
Yeah, very.
Exactly.
Exactly.
Oh, dear.
Oh, that was good.
Do you know what?
I think this is probably, this week in InfoSec,
it's probably my favourite part of the show at the moment.
Maybe we should put it to the end
so that people might listen all the way to the end.
What were you going to say, Jav?
I like it as well because Andy does all the work.
He tells all the stories.
We just have to sit back and take credit
for being on the podcast with him.
Sit back and take jabs.
I'll say this is a time that you read what you're supposed to be doing, right?
That's right.
Yeah, I see he's put his name on something already.
No, I haven't.
Andy did.
Oh, okay.
That was left in there from last week then.
No, no.
That is my story, though.
That is my story.
All right, then. All right. In which case, let's move straight on to...
Tweet of the Week.
This week's Tweet of the Week is a snafu by the HM government.
Well, or was it?
Anyway, there was a poster that caused much controversy in the cyber world and outside of the cyber world because of Fatima.
A ballerina was pictured tying up her ballet shoes.
And the caption next to it was Fatima's next job could be in cyber in brackets she just doesn't know it yet
and this is all part of a government campaign called rethink reskill reboot uh which um
caused quite the the uproar uh so people were out uh saying things like this ad is a disgrace the
total risk the total lack of respect for the arts by this dreadful government has to stop.
Talk about also crushing young performers' dreams. Rethink, reskill, reboot. How dare they?
So there was that. There was lots of comments about people saying how it was tone deaf, how it was ignorant, what have you.
it was tone deaf, how it was ignorant, what have you.
Even the government minister for the Department of the DCMIS,
whatever, Culture, Media and Sport or whatever, he came out.
DCMS.
DCMS, he came out and he actually tweeted, he said,
this is not a government ad.
This is done by one of our partners. That old chestnut it was a the old intern guy the old excuse well this this was this was for internal
use only and we rejected it at the time but somebody leaked it a junior member of staff
yeah exactly it's a parody one um but anyway, so even they want to distance it.
And you know what?
In many ways, I think it's not really such a bad ad.
I mean, I think it is tone deaf.
I do think that it's not framed properly.
Actually, someone else tweeted out that this is actually part of a broader campaign.
And there are actually like half a dozen of these ads made up with people
from different backgrounds so there's engineers and they're saying hey your job could be in so
you know so whatever so it's not that uh people in in security uh they just need an excuse on
on the twitter security security the security mob they just need anything just just a little
bit of like it's just like you know there's
that one you know there's always that one kid in class you just like if you sit behind them
you flick their ear they're like get up and turn around and then the teacher like throws them out
for being disruptive and and that's like a powder keg yeah just excuse. I did like, so this one, you know, we sent around the group chat
and I remember Tom's first response.
I put it up and said, for fuck's sake, it says could, not should.
It neither denigrates the arts or demands that all ballerinas retrain.
It just shows what could happen.
Yeah, absolutely.
I stand by that. You had no time for this article at all did you
no i actually it pissed me off what you know this is this is insulting to the arts oh it's
insulting to cyber we're great over here you know at least we get three square meals a day
you know we have to starve ourselves to get on stage, you know.
And I've got all my toenails.
I did see the other.
I can't imagine an ex-ballerina would be any more diva-ish than many people in InfoSec.
Yeah, absolutely.
But here's the thing.
I mean, it's a difficult situation at the moment people are
just waiting it's you know waiting for somebody to touch the to light the blue touch paper and
stuff and they're just waiting to explode at something and frankly the government has
completely arsed up this entire response to the pandemic and all that so people are angry
but i think this is the wrong target you The government is basically saying, look, life is changing.
There is not going to be, for the foreseeable future,
opportunities for people in the arts to make a living out of the arts
because, quite simply, people won't be able to come
and watch your shows or whatever.
All that sort of, you know,
personal, social contact and, you know, large gatherings, et cetera. Maybe you should consider
looking at something else. And by the way, cyber, which allegedly has a skill shortage,
but let's not even go there. You know, cyber is a good place to look at, you know, and this was
actually in support of the security industry across the board,
all of them talking about cyber security. And then it's all, you know, offensive, you know,
this is offensive to the arts. It's like, no, no, it's not. This is purely a potentially slightly
tone deaf, but factually correct situation of if you want to eat, if you want to pay your rent,
you may want to look at
different career options man you're such a bean counter you sound like just like the tory
government when you say that uh maybe a better tory government well not this tory don't you dare
like me when i say tory government i'm thinking of margaret thatcher anyway um oh bless her oh ding dong anyway
i think what what i saw this video posted by someone who is a ballerina and she it was a lot
i think maybe andy you shared it um but she actually says about how hard it is to to become
one and how long she studied for the sacrifices that she accrued and everything
and you know what people who work in these arts it is very much a passion project for them it's
a passion they want to go they want to be performing and what have you and I think like
you know obviously times are tough and you know you don't know when there's going to be money
there but I think you know just simply saying oh throw that away and retraining this cyber thing which again it's not an easy thing to do you don't just some one day walk in and say hey
i'm a i'm a technical person or i'm a security expert or i can now configure all your databases
walking into the high street cyber security recruitment office exactly exactly so so that's
something that takes a long time and it it's a completely different sort of like direction from what they invested in.
So I think what the government should have done is like saying, hey, if you're in the arts and you're not making money anymore because like all of these are shut down,
here are some alternative things to look at to consider that actually are supported by things that you're already trained in or you're already passionate in, as opposed to saying,
hey, we read a report that there are like 5 billion vacancies.
They would never have got all those words on the poster.
They couldn't.
But that's the, you know, there are many ways to go around it.
How many aspiring actors work in restaurants?
Yeah.
It's a common gag, isn it yeah yeah exactly work in those restaurants where they know the directors and and writers frequent
and they work in they work in restaurants that pay them no if you go i mean the reason they all
move to uh la and they they work in those restaurants is because they know these are
the areas where like directors and writers and other actors are going to frequent and they they work in those restaurants is because they know these are the areas where like directors and writers and other actors are going to frequent and then they get paid and they get
facetime with them as well so it's everything for them is about an audition they really put
their heart and souls into these things yeah absolutely but they still get paid they still
become skilled um you know waiters and waitresses they They still become skilled in the service industry
because the service industry strives on constant supply of workforce
and all that sort of thing.
But it's exactly the same principle.
I bet you most ballerinas of any description potentially also have other jobs
as well because, frankly, not everybody can be in Swan Lake.
Yeah.
Anyway, I mean...
You completely lost me with that analogy.
Swan Lake, it's a ballet.
It's like assuming that podcasters don't get paid enough from sponsorship
and therefore they have other jobs during the week.
Well, potentially. I know I do. I'd like to get paid to podcast. enough from sponsorship and therefore they have other jobs during the week well potentially i know
i do yeah i'd like to get paid to podcast i'd like to get paid for spouting this maybe now's a good
time to ring uh to to remind people how they can yeah my next job could be in podcast and i just
don't know it yet yes ring play the jingle talk play the jingle oh which one oh well first we need
to play out and then we need to play the jingle. Oh, yeah, play out.
Yes.
What was it?
Oh, yeah, this is
Tweets of the Week.
There's also a tweet
on the book.
Tweets of the Week.
You're listening to
the Host Unknown podcast.
More fun than a
security vendor's briefing.
As soon as I pressed play, I realised it should have been the sponsor one.
Yes.
This is live podcasting, people.
Hey, it's dangerous, folks. None of this pre-recorded rubbish, like other podcasts might do.
We are by the seat of our pants here.
So, yes, if you would like to pay me and Jav and Andy to do this every week,
this could be you.
Host Unknown.
Sponsored by Swan Lake Media.
Thanks, Fatima.
Oh, dear me.
Oh, for goodness sake.
Is that? Fatima. Oh, dear me. Oh, for goodness sake.
At which point did that save the magic words that I'm not about to say again?
Do you call your device Fatima?
Yeah, apparently so.
Oh, wait until you hear what my device calls me.
Oh, wait until you hear what my device calls me. Oh, dear.
I mean, I think it is really interesting.
And I know that we kind of take sort of, well, make light of it
and then get very passionate about it.
But it is a difficult area to get right, something like this.
So it's difficult times, but folks, just
chill out a bit.
Not everything
is about you or targeted
at you, but there you go. I don't know.
Let's move on then to
this week's
Billy Big Balls
of the Week.
Who's
doing this one? Toss a coin, Tom, you or me. Alright, who's doing this one?
Toss a coin, Tom.
You or me.
All right, I'll do it.
I won.
It was heads.
So, we should be cautious with this one since the show notes say
not sure where we're going with this one.
This is that needed time before the show starts where we can actually talk through i knew i should have got out of bed earlier um but it excuse me but it is
interesting there was a um a poster i don't know what you call it an image that was sent out by a
company called product board who i have no idea who they do, but if you're interested in sponsoring Product Board,
let us know. And it says, The Dangerous Animals of Product Management. And it's got hippo, wolf,
rhino, and zebra. And basically what it does is it talks about the different styles of management,
the different styles of management, effectively.
So the hippo, for instance, is the highest paid person's opinion,
which is basically whoever's in charge, their opinion counts all the way through. The wolf is working on the latest fires, just purely firefighting,
and is not looking forward strategically at all.
The rhino, really hearing name only, just there to collect a paycheck,
know the feeling well.
And zebra, zero evidence, but really arrogant.
But the thing was, the three of us immediately identified who we were
with absolute clarity absolute clarity so jav why don't you go first no no no i'm not gonna go there
all right i'll tell everybody which one you identified with it you know you might i
can be a far more you know harsher than you might be but take it so zero evidence and really but
really arrogant so zebras think they know it all but rely on their instinct rather than any actual
evidence the stave off the zebras in your midst.
Make sure that you've got data to back up your decisions.
Actually, being on this podcast, I think I'm more Tiger.
And that's not on here, but I saw it in the comments,
and I thought Tiger stands for the irritated guy eager to revolt.
Otherwise known as the arsehole.
Then you wonder why that guy's irritated.
Yeah, that's right.
So go on, Andy.
Which one were you?
I believe,
straight away I thought,
wolf.
Always working on the latest fire.
Yes.
Constantly.
Constantly. All we get in the
messages is like oh god i've got this to do oh no now this has happened oh no
i i don't want to give that to my team that's not fair so i'll do it
oh dear and i think we all uh agree tom that um uh yeah without a doubt you're a hippo i thought i was a rhino yeah no there's uh i think i refer to both you guys as rhinos with
everyone else but um to appease uh you know to avoid the arguments i'll just say you're a hippo
highest paid person's opinion
and yet the irony being i am not the highest paid person out of this trio at the moment.
Definitely not.
No, I thought Rhino.
I like to phone it in.
No, I think it's called delegation so that other people
can make me look good.
But, yeah, it was funny how we just immediately jumped
on the right animals each time. It was funny how we just immediately jumped on the right animals each time.
It was good fun.
And we'll put this in the show notes and see if you can identify yourself from it.
Or if you're not in a management position, identify your manager in this.
Because actually, it does talk about things you can do that will help nullify these particularly irritating traits of management.
So no infosec in there whatsoever.
But it was really, really funny and interesting to find out.
And that was this week's Billy Big Balls of the Week.
Because all animals have big balls.
Fantastic.
Well, you know what time I think it is coming up?
Oh, really?
Yeah, so I know that our reliable sources over at the InfoSec PA Newswire
have been very busy bringing us the latest and greatest security news
from around the globe.
Industry news.
Global privacy control launched to offer users greater internet trust.
Industry news.
Gov-linked Fatima cybersecurity career advert removed after backlash.
Industry news.
Hackney hacked as council investigates attack by Fatima.
Industry news.
Security Series Unsung Heroes Awards winners announced.
Industry News.
Ransomware victims struggle to recover, hire and spend on threat prevention.
Industry News.
Government CIOs praise for pandemic response.
Better collaboration required with Fatima.
Industry news.
And that was this week's...
Industry news.
You can't add in words at the end
because then that screws up my timing.
Huge if true.
Huge if true.
Huge if true.
So we've already covered one of them,
one of these stories, the Fatima story.
I think Fatima's going to enter into the vernacular from now on
as the cyber security trained ballerina.
But, yeah, anything else?
Oh, Security Serious, Unsung Heroes.
Let's skip over that one.
We are previous winners of that award.
Absolutely. United we stand and achieve things. We are previous winners of that award.
Obviously, you know, united we stand and achieve things.
But I believe Jav was nominated. Individually failed.
Exactly, yeah.
He went on his own on this one.
He was nominated and didn't win, I understand.
That's what you get for nominating yourself, Jav.
Well, no, I didn't nominate myself.
One of my many fans nominated me.
And I was really pleased that I didn't win because for once, you know,
I can put to bed once and for all these rumors that you guys horribly spread
that the only reason I win is because me or my company is sponsoring these awards.
And Novo4 was sponsoring these awards.
And I didn't win.
So proof once and for all, it is impartial.
It is fair.
Now, next year, I will gladly, willingly accept all the awards
are thrown at me.
Did you not see the memo from the company firing you?
No, they don't send out memos.
If you can't even win an award and sponsor, then you're out.
Well, you say I didn't win that, but I did make another list.
Oh, so what's this one?
This is, what, OnlyFans who's in Cyberspace?
What?
No, no, no, no, no, no.
This company called Analytica.
Analytica.
So you get the name right of the company that's putting you on a list
yeah i know i know it's normally like easy that normally companies that put me on the
list have three letter acronyms and what yeah hm border yeah i think that is
but they uh they put up a paper on who's who in cyber security and i saw it today because my my twitter was flooded
with with mentions on it um but there's a there's a page where they've got uh professional influencers
and social amplifiers and i'm in the top 10 on there so you have to you have to register to
download this list i can forward you the PDF. Oh, please.
Let's forward you the PDF.
These who's who reports are created using the Onalitica platform,
which has curated database of over 1 million influencers.
See.
They've just gone to Twitter and just downloaded,
like search the cybersecurity hashtag.
Machine learning, artificially intelligent algorithm on the blockchain.
Looks at people's profiles, looks for the word security and just adds them to a list.
And then they see whose tweets get the most engagement, who talks the most sense, who's
the most loved, you know, all that kind of thing.
So why is Bruce Schneier on there?
Because he is a social amplifier.
It's not just Twitter.
You said most loved and makes the most sense.
So just if you've got that list in front of you, Jeff,
just where did I come in, just out of interest?
You were not on that list.
What?
Yes.
That's outrageous.
A million people.
They curated a million people and i didn't make the list
yeah it's a really long report
yeah i show up on page 3222 but yeah but i'm there i'm there and that's all that matters
so that you're you're on the million and once row on the on the spreadsheet actually you're on the million and once row on the spreadsheet. Actually, you're on the 16,384th column.
But unfortunately.
That's what happened at Security Series.
Of course, that's what happened.
Yeah, that's right.
They did it by rows, not columns, not rows.
There you go.
It's always good to have your name shoved you know put out in um
you know into the into the social media sphere it always helps add uh you know a few followers
and actually get uh get the message out a little bit further so uh good job jav like it yeah thank
you i sent it to my boss immediately with a screenshot and uh you know request for more
money request for more money you're for more money. You're welcome.
You're in the presence of greatness right here.
Yeah.
Who else is on there?
I'm just scrolling down this top 10.
Not very diverse,
if I'm honest.
No,
Brian,
Brian Krebs,
Katie,
Missouri is Chuck Brooks,
Kevin Jackson,
Bob Carver,
Bob Carver,
Joe Peterson.
Diana Kelly.
Interesting.
Lots of great people.
Well, in that case, you know, Onalitica.
Oh, Jesus.
Yeah, I can't pronounce that.
It's a weird one.
That's quite tough, isn't it?
Onalitica, if you're listening.
Host Unknown, sponsored by Onalitica, if you're listening... Host Unknown. Sponsored by...
Onalitica.
Onalitica.
Yeah.
Folks, come sponsor us and let us know what you're called.
Okay, let's move swiftly on to...
Rant of the week
so I guess I'm the last one
to take this
your show notes are so inaccurate
they are
again because you did the rant of the week
last week didn't you
so I didn't
I didn't change
the point of weekly notes
is that it's supposed to be updated
once again I refer to the pre-show
one job
one job okay why don't we go to the little people
because we actually do well i was gonna say yeah we can actually skip straight over this so this
is an old story but it was actually just um just made me think all about infosec community
and and this actually kept so this was about a um a lond London-based blogger,
an influencer on Instagram who started receiving death threats and stuff after someone on Twitter saw her Instagram post
and then took a screenshot and posted it.
And so essentially this girl, Scarlett Dixon, 24 years old,
posted a picture of herself sitting on her bed drinking a cup of tea.
And this guy took a screenshot.
He said, F off.
This is anybody's normal morning.
Instagram is a ridiculous lie factory made to make us all feel inadequate.
And mostly because, you know, on her bed, she's got like these supposed to be supposed to be pancakes and fresh fruit and nice tea and the bedrooms nicely made up and there's balloons and there's
one bottle of Listerine in the background. Um, but you know, when this story went around,
it did remind me of how critical, uh, you know, the security industry can be, uh, you know,
when someone posts something and everyone starts dissecting the story to say it's not true.
But, yeah, I'll let you go through that one in the show notes anyway.
It wasn't really going anywhere.
It was just venting.
Leave that be. As an influencer, I can attest to how dangerous the life is.
I can tell you that death threats are a common thing.
You've had to fold to every single legal threat that's been sent your way, haven't you?
Honestly. Oh oh man.
But I have to say.
You know what, I'm reminded of this Mike Tyson quote, and it is one of my favourite ones,
and it applies to exactly what you just said.
What was it, not guilty?
Social media has got people so used to disrespecting others without having to get punched in the face
for it yeah that's very true that is very true yeah that's very true but but i have to say looking
at this picture the one thing that sticks out is not the bottle of listreen who i presume um
it was quite a placement yeah yeah but because that's fine because who wants to wake up in the
morning with that really bad breath and have a cheeky snog with your partner?
Where are you spitting that, Listerine?
Let's be honest.
I don't care.
That's not my primary concern.
That's a secondary concern.
My issue is with the helium balloons.
I mean, that's weird.
And also, at my age, those helium balloons would be half deflated
and would not be standing up straight in the air like that. that's weird. And also at my age, those helium balloons would be half deflated and,
you know,
would,
would not be standing up straight in the air like that.
So that's the most.
Is this an analogy of something?
First thing in the morning,
most people might experience.
Right,
moving swiftly on.
That was your City This Weeks.
Rant of the week.
There's so many.
You know what?
Actually, this is on a
semi-serious topic, but
you're the oldest person I know, Tom,
by far.
As I'm
in my 40s now,
just hit my 40s,
knees and ankles and everything go but um have you ever tried orthopedic shoes no because you know no no me neither that's what chad's
about to say my uh my doctor suggested them and Oh, my God.
And I was really sceptical, but now I stand corrected.
Do they have Velcro fasteners?
Oh, dear.
Oh, God.
Oh, God.
Oh, God.
That was such a... Mind you, talking about...
That was dreadful, Jav, but very funny.
We thought you were serious, because all you've done is complain about how
old you feel recently no actually no i got i got those custom insoles made uh a while ago the ones
that make you look taller no no that's just a byproduct right yeah the white front is like, I look a bit tall. And with my platforms, they actually,
no, they actually have helped a lot with my knees and walking pains that I was getting. So
anyone that's in your late 30s, these are things you need to start thinking about investing in.
Yeah. Don't stop exercising, kids. But talking of knees and age or whatever um i bought a new
car yesterday it's a smart roadster so a little low thing is this like a midlife crisis type
that's exactly what my daughter said she said this is a midlife crisis car dad well i'm afraid
you're out by about five years love but uh um but getting in and out of that thing oh my god when i was uh
younger i used to have a uh little sports car um as all boy racers do with the proper recaro
racing seats as well nice big bucket seats i used to pick up my uncle uh who was obviously a lot
older probably about your age now tom and he used to struggle getting in and out of the car.
And I used to laugh at how much he struggled.
Did he make grunty noises?
He did.
And now the fact that you've actually gone out and deliberately purchased a car like that is hysterical.
I didn't think it was quite so low, I have to say.
I feel like I'm sitting on the road.
I didn't think it was quite so low, I have to say.
I feel like I'm sitting on the road.
Yeah, well, do you know, they kind of give an indication in the name roadster.
That generally indicates a type of car.
I know, but the last time I had a car like that, I was like 20 years younger.
Wow.
So what, in your 40s?
When you had your first midlife crisis.
Oh, dear.
Well, my first early life crisis, whatever you like to call it.
All right.
Well, we are rapidly running out of time.
I think we need to move on to the little people, don't we?
Yes, we've got one.
Do we have a little people?
We do.
We do indeed.
My God. you know what i like we said at the beginning of the show
this is all about quality we don't just want to put out any rubbish out there just to fill time
or just as filler so i i select them very carefully they go through a rigorous like
seven stage interview process before they're actually allowed to to come on this show i'm not
surprised we never have anybody on the little people i was gonna say you know we also get that
broadcast whatsapp message you send out saying does anyone have 90 seconds spare
all right anyway the little people Anyway, this week we have Magda de Jager, who is a good friend of mine.
I've known her for many years.
She was in London a few years ago and then she moved up to Scotland,
possibly at the time of the Scotch referendum.
She probably thought that she'd get a good deal, but she got married.
And she's very active out there in the Scottish cybersecurity team scene, should I say.
And I thought I'd ask her a bit about risk.
Hey, Javad. Always such a pleasure catching up with you, man.
Today, I want to get something
off my chest, man, and it's about risk. Risk management. I am drowning in risk right now.
My whole life is about risk, but that's okay, because I get it, right? I understand that every
moment during your day, from the moment you wake up in the morning to when you go to bed at night,
it's about risk management. When I walk down the stairs in the morning, could I trip and fall? Yeah,
that's a risk. So I hold the handrail. I even use a travel mug with a lid when I get my morning
coffee because I got two cats and a toddler in this house. The risk of burning myself is very
high. But I tell you, this is not the case for everyone. People just do not understand risk
management. I once sat with the cio and we were talking about a
particular problem this person said to me and i i quote this is a direct quote well it hasn't
happened yet so that's clearly not a risk i had to take a moment and think very carefully about
the way so i responded that one and then there's the people who think that all risks should be
controlled well that's not just possible is it it? You can't control everything, which is why a risk appetite is so important. A risk appetite
that actually meshes with the culture of the organization. And from that, you have your
strategy to deploy your resources where they've got the most impact, right? And while we're on
the topic of risk appetite, I was once in a meeting with someone quite well known in the...
Hold on, you're not recording this, are you?
The Little People.
Wow.
Good point for a mate.
Yeah, third point I definitely agree with.
Definitely agree with. Fascinating. Fascinating.
Well, Jav, you've outdone yourself, mate.
I know I have. I know I have I know I have and you know what this is a
great this was a great conversation about risk and like the stairs and I and you know someone
can talk about risk without talking about coconuts and toothbrushes and sharks Tom so yeah Andy
hey do you know what you guys remember it though right
anyway Magda thank you so much much for being part of it.
And Tom will be sending you some Hosts Unknown swag shortly.
What?
Once we get it made.
Yeah, that's right.
That's right.
Do you think we can get some Smashing Security swag and just rebrand it?
Oh, yes.
Do you remember how we co-branded stuff at the rant conference one year yeah we put host unknown stickers on top of other people's sponsored
and branded stuff oh my goodness you should put a link to that video in the show notes because that
that was a fun day out i'll see if i can dig that one out. Well, I think it was a little tiny short clip we did of it as well.
But I'll have a look at it.
I'll have a look at it.
Well, folks, I think we are rapidly pushing against the hour,
if not over the hour already.
Jav, thank you very much, sir.
Not only did you provide much conversation, but also a little people.
So thank you, sir. so thank you sir you're welcome
you're welcome always a pleasure never a chore i lie i lie and andy thank you very much
stay secure my friends stay secure host unknown the podcast was written performed and produced by andrew agnes javad malik and tom
langford copyright 2015 or something like that insert legal agreements here as applicable and
binding in your country of residence. We thank you.
Well, that was a bit of a marathon.
It was. Did we actually congratulate Carole for achieving
200 successful episodes
of Smashing Security?
No.
Carrying that deadweight anchor
it is a w silent in that yeah i was gonna say you left out the w