The Host Unknown Podcast - Episode 38 - Oh No He's Back
Episode Date: January 15, 2021The boys are back in town. Jav's return has also reduced the average age of this podcast by roughly twenty years. The good news though is that we not only have a full program, but also new jingles too...!This week in InfosecLiberated from the “today in infosec” twitter account:16th January 2007: Jeffrey Goodin became the first person convicted under the US CAN-SPAM Act. He sent emails pretending to be AOL's billing department. He could have faced...wait for it...wait for it...101 years in prison! Instead, he was sentenced to 70 months. https://www.nytimes.com/2007/01/17/technology/17spam.htmlhttps://www.lawdonut.co.uk/business/marketing-and-selling/marketing-and-advertising/your-email-marketing-and-anti-spam-lawhttps://twitter.com/todayininfosec/status/121796248290962636812th January 1984: The first issue of 2600 was mailed to several dozen people. At the time, it was a 3 page monthly newsletter. 2600: The Hacker Quarterly is still published today.https://en.wikipedia.org/wiki/2600:_The_Hacker_Quarterlyhttps://twitter.com/todayininfosec/status/1216431003721293825?s=20 Rant of the WeekTech companies have grown a pair of balls in Trump’s last days in office. Host Unknown remembers.Twitter, Facebook, Snapchat, Shopify are just some of the companies finally taking a stand. AirBnB have cancelled reservations in DC during the week of Biden’s inaugurationhttps://www.independent.co.uk/voices/trump-ban-facebook-twitter-parler-first-amendment-b1785631.html Tweet of the WeekWhatsApp clarifies it’s not giving all your data to Facebook after surge in Signal and Telegram usersThe company is trying to contain fallout over a privacy policy update“We want to be clear that the policy update does not affect the privacy of your messages with friends or family in any way. Instead, this update includes changes related to messaging a business on WhatsApp, which is optional, and provides further transparency about how we collect and use data,” the company writes on the new FAQ page.https://www.theverge.com/2021/1/12/22226792/whatsapp-privacy-policy-response-signal-telegram-controversy-clarificationhttps://twitter.com/nickstatt/status/1349029486734565380 Industry NewsCEO Refutes Reports of Involvement in SolarWinds CampaignRyuk Ransomware Attackers Have Made $150mJav: Emotet Tops Malware Charts in December After RebootHigh Court Rules Against Government Bulk HackingOver 100,000 UN Employee Records Accessed by ResearchersUS Announces Controversial State Department Cyber-BureauChinese Startup Leaks Social Profiles of 214 Million UsersNew Malware Implant Discovered as Part of SolarWinds AttackNew Zealand Central Bank Breach Hit Other CompaniesHealthcare Hit by 187 Million Monthly Web App Attacks in 2020Microsoft Fixes Windows Defender Zero-Day BugMimecast Cert Abused to Target Inboxes in “Sophisticated” AttackEuropean Regulator: #COVID19 Vaccine Data Leaked OnlineCISA Warns of Cloud Attacks Exploiting Poor Cyber-HygieneRing Rolls-Out End-to-End Encryption to Bolster Privacy Javvad’s Weekly StoriesVulnerable Database Exposed UN Employees' DataWill the National Cyber Force make the UK safer? Industry respondsUnited Nations suffers potential data breachBest practices for building a security culture programFive Key Cybersecurity Themes from 2020 Billy Big BallsDark Market taken offlineDarkMarket, the world's largest illegal marketplace on the dark web, has been taken offline in an international operation involving Germany, Australia, Denmark, Moldova, Ukraine, the United Kingdom (the National Crime Agency), and the USA (DEA, FBI, and IRS). Europol supported the takedown with specialist operational analysis and coordinated the cross-gender collaborative effort of the Host Unknown countries involved.DarkMarket in figures:almost 500 000 users;more than 2 400 sellers; over 320 000 transactions;more than 4 650 bitcoin and 12 800 monero transferred. At the current rate, this corresponds to a sum of more than €140 million. The vendors on the marketplace mainly traded all kinds of drugs and sold counterfeit money, stolen or counterfeit credit card details, anonymous SIM cards and malware.https://gizmodo.com/the-internets-biggest-darknet-just-got-taken-down-1846044148https://www.europol.europa.eu/newsroom/news/darkmarket-worlds-largest-illegal-dark-web-marketplace-taken-down Will we have a Little people today?No Sticky Pickle of the weekImagine the year is 2009 and you’re sitting at home eating your lunch over your laptop as you always do and you spill your drink.Laptop stops working due to the spillage, you salvage the parts you can and over time you forget about them and they get thrown out with the household rubbish.Thinking nothing of it, you hear that this particular thing you threw out is now worth money. Over time, you watch it’s value increase phenomenally. You attempt to follow the trail and realise that what you threw out is sitting in the council landfill site.There are no guarantees that you’ll find it but you know in your heart it’s in there and if you can rummage through the landfill, you are sure you can find it.What would you do in this situation?https://www.bbc.co.uk/news/uk-wales-55658942 Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
Can we get a refund on 2021 yet?
Or are we past the 14-day return period?
Oh, please, that joke is so 2020.
Like Perfect Vision?
No, that was last year.
You're listening to the Host Unknown Podcast.
Hello, hello, hello, good morning, good afternoon, good evening, and welcome from wherever you are.
The Host Unknown Podcast is back to what one may describe as normal, but certainly back to some kind of normality,
as we welcome back Mr Malik from his extended Christmas break.
How are you, Mr Malik?
Yeah, good, thanks. Thanks.
I saw you, you went ahead last week and you violated the one rule I said,
don't have an old white guy to replace me.
No, no, no. You said the oldest, whitest guy. No, you said the white guy to replace me and what no no the oldest whitest guy
you said the white guy not not the old it was so we thought we were right by
you know it's not age demographics by adding 72 year old graham clewley
that's all right i can't stay mad at gramps for long so Gramps Cluley
oh that is his new name from now on
that is his new name from now on
nice, nice, we love you Gramps
oh dear
so it's good to have you back Jav
thank you, we're hoping that you won't
be crashing as many jingles as,
uh,
Graham did.
The amount of editing Tom said he had to do last week was,
so do you know what,
there was one part,
right,
where I was trying to do,
um,
I was talking about tweet of the week,
uh,
not,
uh,
you know,
this week in InfoSec and,
uh,
Graham took a delivery.
Yeah.
And no one else could hear it,
right?
It completely threw me.
So there's all this background noise of whatever was going on.
Chatting away.
Yeah, I completely lost my train of thought.
But when it came out on the published episode,
it turned out that Tom actually muted Graham's sound for that entire component.
So it sounds like I'm just sitting there staring out the window,
just not knowing what I'm talking about, as per usual.
Well, you know, I didn't want to disappoint the listeners with actually having a reason for it.
But had anyone heard the original, they would have heard the ridiculous amount of background
noise going on. It was a little bit off-putting, I have to say. Well, I even sent you a message
saying, dude, just mute him. Yeah, I know. I should have. I didn't even think about it.
Didn't even think about it. Anyway, Andy, how are you?
Not too bad. Just had the week off to...
Yeah.
Yeah, I didn't take a break over Christmas.
We got the notes during daylight hours this week, I think.
Yeah, and a day early as well. How about that for preparation?
Not that you were around anyway. It sounds like you've been pretty busy this week.
Yeah, yeah. It's been a full-on week.
We've got some new induction training and stuff like that.
So, you know, I'm working for a living now, don't you know?
Sexual harassment training, like, high on the list today.
Tom, this is mandatory.
I don't need training on sexual harassment.
I invented sexual harassment.
I did wonder why I had to take it four times in a row.
Oh, dear.
So, dear listeners, we're recording this almost an hour late
because Andy's having difficulties with his microphones now.
So he can connect to Zencastr fine and has done multiple times,
but now his microphone's screwed up.
So as I said to Javad as we were waiting, as soon as this COVID thing is over,
I am going to Andy's house.
I'm putting on my overalls, my boiler suit.
And I am sorting out his network.
You know, when Corole was on the show,
and I was also having some technical difficulties there,
and I think she mentioned something about,
oh, you know, do you need a new laptop,
or you should get a new laptop.
And I think people think I'm poor,
or just have some real sort of, you know,
second world problems going on.
Stuff just generally is not working.
I've got new laptops.
I've got new microphones.
I've got new headsets.
I've got everything.
And stuff just is not working.
Apart from the ability to make it work.
Apart from the ability.
I think I'm transcending into management, Tom.
I think I'm like where you were.
No, if you were like going down the Tom management route,
you'd upgrade everything to Apple kit, new Apple kit,
and then it would work anyway.
Yeah, exactly.
He says, listening to you on his new Apple AirPods Max,
which did give me a bit of trouble to begin with
because it kept on intelligently connecting to my Mac and then to my iPad as I'm trying
to get the jingles to work off the iPad.
Oh, it was a bit annoying.
Switch off the Bluetooth on the iPad. Well, it was a bit annoying. Switch off the Bluetooth on the iPad.
Well, it's all sorted now.
I'm not touching anything.
And I'm certainly not taking tech advice from you.
Anyway, anyway, moving on.
What have we got coming up today? Our regular features.
This week in InfoSec, tweet of the week, Billy Big Balls, Rant of the week
Industry news
We may even have a little people
Or we may have
An alternative segment that we are
Creating to make up
For Jav's incompetence on getting
The little people everywhere
It's not my incompetence, it's the little people's incompetence
For getting me stuff
And this is why they're little people.
And this is why they're forever remaining little people.
This is true.
This is very true.
But nonetheless, it's much funnier to say it's due to your incompetence.
We've also got some new jingles.
I have got a whole suite of new jingles in front of me which I'm not familiar with so anything could happen
including
the dreaded pause between
me saying something in the jingle
coming up as I'm looking for the damn thing
so yeah I'm
looking forward to it in fact we've got so many
you won't even hear them all this week
we're going to spread the joy a little bit
so
so we can thank Andy for that.
So if you love them, let us know.
And if you hate them, we'll be posting Andy's postal address
at the end of the show.
Get me on Reddit.
Get me on Reddit.
Yeah, get you on Reddit on r slash Smashing Security.
Exactly.
Right, shall we move straight on?
We're doing...
Well, let's move straight on to this.
This week in InfoSec.
Fantastic.
So we did have a lot of new jingles,
but this was not one of them because you just cannot improve on that jingle, I'm afraid.
So this is the part of the show where we take a little stroll down memory lane.
And I'm going to start this week by taking us back to 16th of January 2007.
And this is the story that Jeffrey Gooden became the first person convicted under the U.S. Can Spam Act, where he actually sent emails pretending to be AOL's billing department.
And the maximum penalty for what he did could have actually been 101 years in prison.
But instead, he actually only got 70 months um so if you think well we're like 13 14 years
uh since spam has actually been illegal um which is that's made a difference yeah exactly uh you
know as you look at it but it did uh take me back to the time when i was working at a previous
company um it was a startup and a friend of the show chris rice uh used to send newsletters
um or spam uh from you know with a pearl script from his machine uh and we're talking you know
like 2004 2005 i think um and at the time you know we joked that he was like spam cops most
wanted person uh because you know there's no return address there's not literally whatever
email list he had he'd just blast it leave his machine running overnight um and there used to
be a company called spam house uh which i don't know if you recall spam house as in like the
german spelling yes h-a-u-s at the yeah yeah yeah yeah so one time um i mean once we had actually
gone professional we stopped sending them from Rice's actual desktop,
we were using servers in the data center for it.
Oh, this was the actual business?
This was business that we were sending.
Yeah, yeah.
Right, right, right.
But back then it was about brand awareness and contact.
It counted.
If you had an email address, it counted.
It was valid.
And so Spam House, they used to call us out a lot for this type of stuff.
And one time, and this is like how just unprofessional, I guess,
how, you know, you could contact people at abuse at their domain
back in the day.
And so this one, they traced some of our emails from a domain called
India.domainname.com.
And then they did this whole blog post about how we weren't even based in India
and we were trying to throw people off the scent thinking that we were above the law
and no one in the UK would come to us.
And, you know, they traced our IP address to London, all this kind of crap.
This whole sort of dishonesty story.
But the thing was, we'd actually just called that environment India.domainname.com.
And that's what the reverse DNS looks like.
But, you know, they just created this whole story about how, you know, dishonest we've been.
And it was just funny to, you know, go back and forth and just tell them how wrong they got it.
Did you debunk it?
We did tell them they were a bunch of clowns, you know, because we were quite mature then.
You know, really sort of escalated, you know, the whole thing, catch us if you can type thing.
But, you know, we used to, obviously, we'd subscribe to professional services for, you know, anti-spam as well.
And, you know, we'd work with our marketing department to see which variations of newsletters would actually trigger the spam rules, you know, from these commercial filters.
It was quite, you know, InfoSec working with, you know, marketing in a productive business manner.
But, yeah, this story did make me uh chuckle as you say not too much has changed since uh you know 2007 or you know since uh
that that first um that that first ruling where i'm sure someone said uh you know i hope this
is a warning to anyone else who uh who decides to engage in spam um But, yeah, a nice one 13, 14-odd years ago about the spam.
The next story I'm going to take us to is jumping straight to 12th of January, 1984.
And this is when the first issue of 2600 was mailed to several dozen people.
And 2600 is a hacking magazine.
You know, it's a three-page monthly newsletter that used to go out.
And it's a bit of a stretch to call it a magazine at three pages.
Well, I mean, this is back in the day.
How small was that typeface?
You know, we weren't sticking images in there.
It was a hackersy. It was a hackersy.
It was a hackersy.
But the best thing is that it is still running today,
not as a monthly one, but the Hacker Quarterly is still out today.
Is that still three pages or is it 12?
Or is it 12 because it's quarterly also? I'll be honest, I do not subscribe to it these days.
I was obsessed back in the day, particularly, obviously, 12 because it's quarterly also i'll be honest i do not subscribe to it uh these days i was
obsessed back in the day um particularly uh obviously you know the reason it was called 2600
um at the time a bit of trivia there for you to recall the reason for that being called 2600
is it to do with the transmission speed 2600 board that was actually the uh frequency that
people used that uh freakers used to
whistle down the... Oh, the Captain Crunch
whistle? Yeah.
Yeah, that's right. 2600
heard. Yeah, and so
2600 is stuck.
You know, synonymous with
freakers and crackers and hackers back in the
day, and still running today.
Whatever happened to freakers and crackers?
It seems like the hackers have evolved into the uh sentient species you never hear about freakers and crackers
anymore well i think uh much like old bbc radio presenters i'm pretty sure captain crunch isn't uh
you know he had a few stories about, yeah,
but there was a group called the phone losers of America.
I think,
remember they used to be around PLA.
They were pretty prominent up until I think the early noughties.
They may still be around.
You know,
I don't know. Maybe they've just all grown up.
It's,
you know,
good idea back then. They grown up. Well, yeah. Things that were a good idea back then are all different now.
They got married.
Yeah, exactly.
Had kids.
Yeah, sorry, guys.
I can't come hacking this weekend.
I've got to...
I've got the kids.
Yeah.
That reminds me of the Beastie Boys when they were touring
in the early 2000s and they'd rock up at hotels with their families and there's these, you know, the Beastie Boys, but rocking up with push chairs and playing beach.
You know what I mean?
In these hotels.
And being the nicest, sweetest people you'd ever meet.
Which they were, of course.
I don't know if you saw that documentary on Apple TV by Spike Lee
about the Beastie Boys.
So, yeah, absolutely lovely people.
Anyway, any more stories, Andy?
No, just the two this week.
I think that's more than enough to get us going for the day.
Okay, you can tell somebody's on a deadline today.
Thank you very much, Andy.
This week in InfoSec.
That's one of the new ones.
That was a bit different, wasn't it?
Yeah, I meant to do this one.
This week in InfoSec.
Much better.
Well, one's really high energy
and the other one's a little bit slower.
So, yeah.
Very good.
Very good.
So, yes, you're going to hear a lot of,
oh, that was a new one today, I think.
Did you just install the new ones
without taking out the old ones?
No, I've got it on a different board
and I'm trying to lay them out in order.
Board equals iPad, right?
Yeah.
I've got them on a different iPad.
Have you bought another iPad just for this?
There was a reason for it, yeah.
I do have two iPads, but the other one is in the living room.
So it's called the living room iPad.
You know, they're wireless.
You can pick them up and take them out.
Full-on desktop replacement.
Yeah.
Leave it in place.
Oh, dear.
Right.
Yeah, very good.
I like that.
I like those stories.
I like those stories.
Shall we move on? Shall we move on to
yes, here we go, this week's
Listen up!
Rant of the Week
It's time for Mother
Rage
Okay
You have to match that energy
to go on with this segment
You can tell it was the youngest one of the group that got these made.
You mean the most immature one as well?
Yeah, that's right.
The one who still thinks that gangster rap is cool.
Whoa.
Come on.
Hey!
Just press those buttons, man.
Just don't ever go to Compton or Long Beach.
I swear, are you one of those gangster rap chapters?
Anyway, start ranting, Jav, and maintain that energy.
and maintain that energy.
So Twitter, Facebook, Snapchat, Spotify, and many others.
Shopify.
Do you go on?
Shopify.
Shopify.
Spotify.
Anyway, all these companies suddenly have left massive dents in the pavement because they've suddenly grown a pair of balls.
Oh, there's an image.
And bravely and valiantly in the last few days of Trump's last days in office,
they have started to ban Donald Trump.
They've muted him on social media.
They've stopped doing business with him.
They've done all this and all that kind of good stuff. And many people have been applauding this.
This is fantastic. Great. Good job. But Hosts Unknown remembers, where were these companies
four years ago? They just had their heads up their asses
making excuse after excuse and and what have you and what they're really seeing is like their
lawyers have come to them and said you know what it's safe to do it now by the time by the time
trump's legal team mounts anything resembling like a a complaint or or an offense he'll be out of
office and then impeached or what have you.
And that assumes he has a legal team, right?
Because he's not paying them.
Oh, yeah, he's not paying them.
And so this is the equivalent of all these tech companies
kissing the ring of the new administration and saying,
hey, look, we always liked you.
We always wanted Biden in power.
We never liked that Trump guy, even though we were amplifying him
and talking about him for the last four years.
So it's kind of like a hollow gesture.
I think if they had real integrity and values,
they would have banned him four years ago or two years ago.
Or any of the other times he sort of incited
violence at uh rallies and yeah exactly and and reading this it reminded me of um of india and
you you you remember like bombay now we get to the real rant yeah okay
no you remember bombay yeah mumbai exactly they changed it from bombay to mumbai in nine So the real ranch. Yeah. Okay. Mumbai. You remember Mumbai? Yeah, Mumbai, exactly.
They changed it from Bombay to Mumbai in the mid-'90s at some point,
95, 96, something like that.
Yeah.
And their reason was that, oh, Bombay has connotations linked
to the British Raj and we are free of them now.
Dudes, it took you like nearly 50 years
to realize that were you just like sitting there on on the beaches like as the as the british
empire left wait a minute wait a minute we have to be sure they are out of here you know
two years five years ten years wait they could come back let's be very very careful here boys okay 50 years 50 years
later okay i think now's the time we rename them from mumbai to from bombay to mumbai
uh you know it just like so glad you got this story in it
it's like why do you wait so long it becomes a mute point at that point it just you know it
doesn't make any sense um you know it just confuses everyone um bangalore changed its
name to bengaluru in 2008 something like that yeah yeah and was it chennai yeah they were was it
was that calcutta became Chennai? Is that right?
Yeah, they they they changed a whole bunch of names and what have you, which is like, well, OK, change names if you want.
But don't just say, oh, it's because we're not under the British rule, because that ended like, you know, decades ago.
And this is the thing. I don't know. It's not really even links into this, but, you know.
You just wanted to do an Indian accent on the podcast for the hell of it.
Yeah, that's right.
Just showcasing my voice acting talent.
Available for hire.
Yeah.
You might as well.
I mean, you know, he does Pakistani as well, apparently.
Yeah, yeah.
No, Pakistanis don't have accents.
They speak perfect English.
But, yeah, I mean, Twitter and Facebook,
they might as well have waited for Trump to die and then say,
hey, you know what, we're banning his account,
because that's effectively what they're doing.
I mean, he's not in power.
He's got no whatever.
So I say instead of applauding these companies,
I say shame on you companies.
I think you've contributed towards the problems.
You should hang yourself in shame, hang your head in shame.
While it was bringing traffic to their platforms,
they had no issue with it.
Yeah, exactly.
They've also lost billions in market value, haven't they?
Or market cap.
I heard Twitter dropped. I didn't actually see the? Or market cap. I heard Twitter dropped.
I didn't actually see the numbers, but yeah, I heard Twitter dropped.
Yeah, Twitter and Facebook apparently.
Although my daughter reliably informed me last night
that Donald Trump is still allowed on Tumblr.
Interesting, because Tumblr are one of those platforms
that tanked after they banned all erotic content.
And they then discovered that like 90% of their user base
was there for the erotic stories or, you know, the content.
Was their platform that bad that they couldn't have muddled that?
You know, let's ban erotic content.
What would that do to our, you know,
what is the type of content that 90 of our user base
looks at you know it was a really bad yeah it's a really bad decision you know what it you say it's
a bad decision but maybe it's a good decision because maybe if they made it based on their
values and they said hey we don't want to be a company associated with erotic content for whatever
reason yeah whether you agree or not maybe that's yeah 10 years 10 years in yeah suddenly we don't want to do this anymore
well you you know whenever someone wakes up you know it's whenever you know because these things
evolve evolve over time and you you know something you create somehow becomes something that it's not
and maybe they said hey we're going to lose 90 of our traffic but we'll stick to our
what we believe in or there's some principle i'm just assuming yeah yeah um that they had that
knowledge and they still made the decision and and i think if it if that was the case which i
think if you make a movie about it that would be the case it's a very romantic and very good
principle-based decision which we are saying that these other tech companies should have made
when it came to Trump.
Yeah.
Yeah, very true.
And that's my rant of the week.
Rant of the week.
That was quite uncanny, actually.
It was. So did you actually damage anything there when you threw whatever you threw, Jeff? that was quite uncanny actually it was
so did you actually damage anything there
when you threw whatever you threw Jeff?
just my knuckles when I banged on the table
oh dear
you keep talking
do you want to go get some ice?
so it says in the notes now pick a sweeper now yeah i had no idea what i was well i did thought thought i knew what a sweeper was well where i come from a sweeper is the player that
stands in front of the defenders and um you know right yeah right i I was just the person who keeps the streets clean.
No, in cricket, it's the deep cover sort of fielder, isn't it?
Okay.
Well, apparently, it's this.
Go!
Recalling from the UK.
You're listening to the Host Unknown podcast.
That was very patriotic, that one, I have to say.
That was.
But I'm trying to appeal to the Brexit supporters.
What, so we can get them to listen to the podcast
and in a few weeks' time just tell them
that they're fucking idiots and they should...
Well, you know, they've got time on their hands.
Did you see, like, about the fishermen
who now have no fish?
It's all rotting in the bays because they can't export it to Europe.
And in Parliament, Jacob Rees-Moog, whatever his name is, that monopoly man,
he goes, oh, they might be rotting, but at least they're happy fish.
They're British fish now.
Did he honestly say that he did there's honestly there's some utter shite coming out the mouths of politicians at the moment i i i weep for the british future i really do i'm oh my god i'm
gonna move to another country if there's anybody out there that's got a spare flat they don't mind renting
and sponsoring me for citizenship, please do let me know.
So you've got two issues.
One, the British citizen passport is tainted.
And two, we have the best variant of COVID out there,
so no other country is going to let us in.
I'm patient at the moment,
but it does make me proud to be British that we've got the,
you know,
the best strain of COVID.
Exactly.
And what else was a fallout from Brexit?
The truck drivers in Amsterdam having their ham sandwiches.
Yeah.
You're not allowed to export meat products of questionable origin. Fruit, vegetables, nothing. Yeah. You're not allowed to export meat products of questionable origin.
Meat, fruit, vegetables, nothing.
Yeah.
So you can't basically take a packed lunch to Europe.
Harsh.
Well, you get what you pay for, you know?
I mean.
This is what you ask for, people.
Yeah, I know.
I know.
God damn idiot.
Oh, I weep.
Oh, can you cheer us up, Andy?
I'll try it.
Let's do this one.
Tweet of the week.
So this is the...
I like that.
It's got the sound effect for a tweet.
Do that one again.
Tweet of the week.
I love that.
So this is the story, or a story story that we actually covered ourselves just last week.
Mr. Graham Cluley of the Smashing Security podcast.
Gramps Cluley.
Gramps Cluley talked to us about the changes in WhatsApp.
And there's a very good tweet from a guy called Nick Stat,
at Nick Stat, S-t-a-t-t
and he says this whatsapp privacy controversy that is again based on incorrect information
is really getting away from facebook at which which at this point is more a sign of the
company's reputation than anything else.
And this is a story that, you know, people have been up in arms about Facebook changing its privacy policy.
And they put this big splash screen saying that you either accept them or don't stop using the product. You know, you've got until the beginning of February to accept the new rules or go.
And this has seen droves of people moving to other
platforms, like the amount of notifications you get. And if you've got Signal or Telegram
installed, you've probably seen people that you wouldn't even think, you know, family members that
you wouldn't even think were, you know, privacy aware, switching to these platforms. Telegram
surpassed 500 million active users in the last week.
They had 25 million new users join in three days.
38% came from Asia, 27% from Europe, 21% from Latin America.
All of this is being driven by quite – I don't have the stats you know based on my opinion a lot of
this is based on whatsapp's change uh you know there's been a lot of noise about this um but
the funny thing is that uh you know whatsapp have published this blog and they said look we want to
be clear that the policy update does not affect the privacy of your messages with friends or family in any way
and so this is uh you know the change they're doing they're saying it's purely if you message
a business on whatsapp uh you know which is an optional thing to do you don't have to interact
with businesses and they're just trying to provide transparency about how um you know they then
collect and use the data but i think you know biggest problem is Facebook doesn't have the best track record
on privacy and its reputation for hiding embedded terms and conditions
in various service agreements.
People have just automatically made the assumption that a change
to WhatsApp is a bad thing.
Ultimately, I agree with you.
I take a slightly different route to that in the sense that Facebook is wildly popular.
So despite its reputation for really screwing you over with your private information and all that sort of thing, Facebook is still wildly popular so i don't think that it's it's facebook's
reputation per se that has driven people away zuckerberg's reputation i think it's incredibly
poor communications so that banner message that came up you know last week when you it's not even a banner is it's a full screen full screen exactly that came up was very much um did not make clear any of the things that they are now subsequently
making clear and so what it what that message in it in of itself i think was one of the prime
reasons people have moved across and then saw that you you know, people like Elon Musk said, use Signal. You know, other people said, use Telegram.
They're thinking this is obviously a bad thing. Let's move. So I'm not convinced it's on Facebook's
reputation. I think they just completely screwed up this transition to this new set of privacy terms.
I don't know.
Jeff, where do you lean on this one, Jeff?
Is that the protocol or just poor stuff?
I think it's definitely a Facebook reputation thing because as soon as it came out, what
you saw is these ill-informed articles coming out where people are saying, oh, they're now
sharing all of your message history with Facebook and, you know, Zuckerberg and see everything and what have you. And so even I've
had family members who aren't technical at all, just saying, oh, I've seen on the news or I've
read in the paper, like, you know, there's this, that, the other, and Facebook now can see all my
data. And I said, do you use Facebook? Yes. Do you use Instagram? Yes. Well, you've got nothing
to worry about. They already have your data anyway. But I heard Facebook is bad. And actually, if you look through,
so I took some time to go through some of the earnings calls that the recent one Facebook did in
Q3 of 2020. And it's actually been transparent on the roadmap for a long time. You know, they say that Interop is their project where they're trying to get messengers from Instagram, Facebook Messenger, and WhatsApp all integrated.
But also they're pushing their stores a lot more through the Facebook purchasing thing.
So that's why they're trying to make it easy, a seamless process where you can make a purchase on facebook straight through whatsapp
and this is really what those terms and conditions are just supporting so some shocking communication
if it's been on the roadmap for a while that's precisely what i'm saying it's the communication
yeah yeah but you know how many how many people actually listen to these share these calls or
what have you what they listen to is the media and the media has picked up on it based upon this shocking
level of communication that was done in the app
that's made people go, and
journalists around the world go, what the hell
is going on here?
Let me read the headlines.
Let me not even read the headlines and give you my opinion.
I think they took a page out of Andy's
book there.
As you say, it was
completely misinformed.
I think even Gramps last week said that...
When we set him up with the stories, right?
Yeah, when we set him up with the stories,
said that, you know, because he is in our WhatsApp chat contacts,
therefore Facebook have his contact details details and that's apparently not true
you know it's it just you know we we live in this economy or we've allowed this internet
economy to exist where um you know we we we expect free services and we but we don't want
to pay them with our information either and yeah
that's just not how it works you know you have to give something and you know if a company's
asking for a bit more data or a couple of more data points to integrate or whatever or do evil
stuff with i think that's the equivalent of netflix saying instead of paying 5.99 a month
next month you're paying 7.99 a month it's just the cost of doing business. And if you don't like it, you can move elsewhere. You can move to Disney Plus or
what have you. And this is what I think companies do. They don't actually realize. If you look at
Facebook's revenue, so from Q3 2020, basically they break out their revenue in two streams one's called advertising and the other section is called
other now in q3 2020 the other uh revenue that they uh generated was 249 million dollars
so that's just their other revenue yeah 249 million in one quarter. Is that just bribery stuff where they've got photos of politicians
and famous people with pictures of them posting their pictures?
I think some of that's developer staff licensing, skimming, whatever.
But the advertising revenue they generated was 21,221 million.
was 21,221 million. So it's literally 99% of their revenue is advertising. And so if you can't understand or can't make the link between the business model, advertising, personal data, then
I think also as a journalist, you have a responsibility to
have some basic understanding before you spout headlines. So yes, I agree with Tom that there's
bad communication on behalf of WhatsApp or Facebook, but there's terrible journalism,
irresponsible journalism, should I say, in the middle as well.
So should they have prefaced all their articles with, if this is true?
Allegedly.
Copyright, Malik.
Motherfucker.
So, Jav, all your advice to your friends and family has been,
if you're already on Facebook, it doesn't matter, right?
So you're on Facebook, yeah?
I'm not, no.
Oh, yes yes you are
oh you
you are on Facebook
no no
well unless Andy knows something I don't
but I'm pretty sure that you're on Facebook aren't you
no I haven't been on Facebook
for years
do you have an open Facebook account
no I don't not that I'm aware of you
actively close it down yes I did why are you smiling quite so broad
I hate you guys no no I've not created any but the thing is though it begs the question
why did you subsequently create a host unknown signal group
why oh because so i was getting like in the moment in the uh
it's like everyone just filming the capital building
no you know what i forgot i actually had signal i haven't used it actually had Signal. I haven't used it. It's on my phone. I haven't used it for over a year.
You have to put on a bear skin cap with the horns and decided to pay space and set up a Signal account.
No, like Andy said, I started getting these dozens of notifications that so-and-so has joined Signal.
So I logged on to Signal and I thought, oh, let's create a host-unknown backup group.
And it's renamed the host unknown backup group just on it. And it's renamed
the host unknown backup server.
So that's the only
reason. And you know what? I've had several
friends join it. And one of my friends, he joined it.
He goes, and he messaged
me on there. He goes, oh, is this
how it works? I said, yeah, send me memes.
And like 10
minutes later, he messages me on WhatsApp again and goes,
signal is shit.
Well,
Andy,
Andy did send us a test image.
Didn't work.
Which didn't work.
No,
you could see the whole image all in one go.
So yeah,
didn't work at all,
unfortunately.
Oh,
well,
anyway,
folks,
Jeff,
thank you for that. That was, no, not Jeff, unfortunately. Oh, well, anyway, folks. Jav, thank you for that.
That was... No, not Jav, Andy.
I tell you, this story is going to keep on giving
for the next few weeks, I think.
It will.
No doubt about it.
Tweet of the Week.
Those are cute.
Yeah, it's got the little bit of sound effects added in.
But I think it's this time of the week where we go to our,
I want to say new source, but I'm going to say temporary source.
Temporary source.
We get a better one.
We're still on probation.
We'll see.
So this is temporary.
Temporary.
We're going to our temporary stick over at the InfoSec PA Newswire,
who's been very busy bringing us the latest and greatest security news from around the globe.
Industry News.
CEO refutes reports of involvement in SolarWinds campaign.
Industry News.
Pro-Ice ransomware attackers have made $150 million.
Industry news.
Imhotep tops malware charts in December after reboot.
Industry news.
High court rules against government bulk hacking.
Industry news.
Over 100,000 UN employee records accessed by researchers.
Industry news.
US announces controversial State Department cyber bureau.
Industry news.
Chinese startup leaks social profiles of 214 million users.
Industry news.
New malware implant discovered as part of SolarWinds attack. Industry news. New malware implant discovered as part of SolarWinds attack.
Industry news.
New Zealand central bank breach hits other companies.
Industry news.
Healthcare hit by 187 million monthly web app attacks in 2020.
Industry news.
Microsoft fixes Windows Defender zero day bug.
Industry news. Microsoft fixes Windows Defender zero-day bug.
World Health Service abused to target inboxes in sophisticated attack.
European regulator.
Hashtag COVID-19 vaccine. Two hours later.
COVID-19 vaccine data leaked online.
CESA warns of cloud attacks exploiting poor cyber hygiene
Industry News
Ring rolls out
end-to-end encryption to bolster
Industry News
And that was this week's
Industry News
Huge if true
That's far too much stuff there
That's probably the dullest section of the
of today's show yeah we're gonna need to cut down a lot of these stories what did you replace that
with is just my weekly stories oh is this are you going to talk about mimecast a bit more who
i just you know you just seem to stumble over that over that
word a little bit I'm not sure why I don't don't don't know what you're talking about
so vulnerable database exposed exposed UN employees data industry news will the Employees data. Industry news. Will the national cyber force make the UK safer?
Industry response. Industry news. United Nations suffer potential data breach. Industry news.
Best practices for building a security culture program. Industry news.
Five key cybersecurity themes from 2020. And that was this week's Javads Weirdly Stories.
So what
were the five key
cybersecurity themes?
Well, you know,
I've just
seen you click on the link, Jav,
onto an article that you
wrote to tell us about
five key cybersecurity. Surely you just
know them.
Well, you know what?
Now that you've framed it like that, I'm not going to tell you.
I'm not going to ruin it for you because it's such a well-written article.
I'd be doing it injustice by just reading out the five bullet points.
So do yourself a favour, click through the show notes find it
read it uh send me praise do you know what i'm actually looking at it now right i can tell you
what they are social engineering and fake news remote working and tech debt orgs going under
because of cyber attacks cyber war and dependency on the big five.
So I think out of this list,
I would probably come up with remote working myself as a key theme for 2020.
But I am surprised to not see any supply chain
or third party.
What kind of amateur wrote this?
Yeah.
And cyber war?
Well, that's a bit of a catch-all phrase,
that one, isn't it?
Well, you know, cyber war is actually like,
a lot of it encompasses the third-party stuff in cyber war.
And remote working was right there in the title that you read out.
Yeah, second point now.
Yeah.
Yeah.
Yeah, so the show don't say anything of interest in any of the above no that's a lot of stories it's a bit too much to start drinking from a fire hose trying to uh
analyze yeah i don't think anyone's got any value out of this section well
the main new section not my story, that's proper value.
people discovered
that one of the five
key cyber security themes
for 2020
was cyber war.
Yeah.
I think you've got,
there's a lot of filler
in your stuff,
Jeff,
I'll be honest.
There's more filler
than a bloody dentist's office.
Anyway.
You're listening to the Host Unknown Podcast.
Bubblegum for the brain.
Bubblegum for the brain.
What does that even mean?
It's just two random words put together.
Hey, it's like a Jav Weekly story.
Yeah, two random words put together.
Cyber security theme.
Cyber war.
Right, let's go on to this week's.
What the hell?
I think you played that one a bit too slowly.
Okay, so here's my story that I very carefully researched
and I'm definitely not just reading for the first time right now.
So Billy Big Balls for me this week was Dark Market has been taken offline.
So if you don't know, Dark Market is the world's largest illegal marketplace
on the dark web.
It's been taken offline in an operation involving multiple countries,
Germany, Australia, Denmark, Moldova, Ukraine, and the United Kingdom,
the National Crime Agency, of course, and the United Kingdom, the National Crime Agency, of course,
and the USA and all of their three-letter acronym organizations.
So with the USA, I'll just say those three-letter acronyms,
you've got the DEA, the FBI, and, of course, the IRS,
because if there's one person that's going to get paid at the end of everything,
it's going to be the at the end of everything,
it's going to be the tax man, right?
Absolutely, absolutely.
Europol supported the takedown with specialist operational analysts and analysis and coordinated the cross-border collaborative efforts,
not cross-gender jab, cross-border collaborative efforts
of the
host countries involved.
The best thing about reading this off the show notes
is Jav, as he's updating it and adding
different words in as we go
along.
You can hear his mechanical keyboard
typing in the background. It's a bit of a
giveaway, I have to say.
You know, when all I can hear is
clacky, clacky clacky clack and i'm
thinking i think jav might be typing something and then suddenly words are changing
you need to use your stealth keyboard for this sort of stuff yeah um so if you let's look at the
dark market as such in in figures you know what does it actually mean? So it had almost half a million users with 2,500 sellers on it
and had over 320,000 transactions, I'm assuming, since it had started up.
But perhaps more importantly, more than 4,650 Bitcoin had been transferred.
I'd say trying to read a document that is being updated in real time is really difficult.
And 12,800 Monero was transferred.
Monero sounds like some sort of 80s guy talking about US dollars.
You know, hey, I got some Monero.
Monero, yeah.
You got the Monero?
Yeah.
Exactly.
Exactly.
But 4,650 Bitcoin, that's a huge amount of money,
even without the recent, you the recent rise in Bitcoin.
So that's about, if I just do the sums in my head, about 140 million euros.
So the vendors on this marketplace mainly traded in lots of obviously illegal stuff, drugs, counterfeit money, stolen and counterfeit credit card details, SIM cards, malware, etc.
So this is a big deal.
Now, the thing that really strikes me here is I did an interview with one of the media folks yesterday.
It was about Brexit.
And the key thing here is that United Kingdom was involved in this
with Europol and Germany, Austria, Denmark, Moldova, Ukraine, et cetera,
not all of whom are members of the EU.
But we're not going to be having permanent people within Europol.
No, or access to the intelligence either, isn't it?
Access to intelligence.
So this kind of sort of takedown is going to become not impossible
by any stretch, but certainly far more difficult in the future
until things are sorted out.
You know, there's going to be plenty of informal, you know,
routes and channels between Europol and the NCA and all that,
you know, for the time being.
But nonetheless, this makes it so much more difficult.
So without wishing for this to be the anti-Brexit episode,
which I think it is, you know, it's just going to be that much harder
to do this sort of thing in the future.
And especially when you're taking out, you know,
140 million euros minimum out of the, you know, the,
the dark economy, which ultimately can get channeled into things like,
you know, forced prostitution and, you know, people,
what's the people smuggling,'ve got trafficking thank you people trafficking
you know all that sort of stuff um you know additional sort of you know drug trafficking
and all that sort of thing it's it's um you know to make this more difficult for the uk
just seems utterly asinine to me um But nonetheless, good job, everybody. Well done. And hopefully the IRS
can spread some of this 140 million euros or something and give the poor people of that
third world country, the USA, an extra $1,400 in COVID relief checks as a result.
Absolutely.
There could be a positive at the end of this.
There could be a positive.
Absolutely.
There probably won't be.
But, yeah, fascinating.
Fascinating stuff.
I've not seen – I think Dark Market really is the largest one
since Silk Road got taken offline, wasn't it?
I think Silk Road was
the mother load
yeah the original
but
what else is there to go onto the
dark web for now?
I don't know. Well I'm guessing these days
it'll be Percy Pigs
as we're talking about
Brexit, the casualty of Brexit.
So for those that don't know, Percy Pigs are some –
Marks & Spencer's own brand, Haribo.
And they're excellent.
They are of excellent taste.
Even the big ones.
Yeah, so the problem with them is that they are made in the EU.
They're made in Germany, and then they're shipped to the UK.
And that's fine.
So that's allowed under the current rules.
But then the problem is that they are then repackaged in the UK
and sent out to places like Ireland and other countries.
But that's not allowed under Brexit.
So that is then exporting something which doesn't originate
from from the uh from within the eu although it is you know manufactured in germany because it's
stored in the uk and then repackaged that is not covered under the current agreements
does that mean that it's available in the uk then does it mean what four packets of them available in the oh there is yeah there's absolutely loads you know stored here in the UK then? Does it mean what? Or packets of them available in the UK?
Oh, there is, yeah.
There's absolutely loads stored here in the UK
because they're not being exported because of the red tape.
So I certainly see a dark market future for the export
and delivery of Percy Pigs for anyone that's prepared to pay
or prepared to drive cross-border with some Percy pigs in the wheel arch.
Along with some fish, yeah?
Yeah, but just don't let these, though, you know,
if people are having their ham sandwiches taken away from them,
they're certainly going to have pigs, you know, Percy pigs taken away from them.
I will strip a car down with so many hidden panels you'll never find.
Well, you might find some, you won't find them all.
with so many hidden panels you'll never find.
Well, you might find some, you won't find them all.
All that means is your car will be in a compound while you're in prison.
Felt with mercy pig.
Well, they're waiting for you to defecate
in the clear toilet so they can see.
Russ speaks the voice of experience. I just say you just need to tie packets of drones and fly them
over it's uh
billy big balls of the week Fantastic.
That jingle has got a long tail.
It's still playing.
A long tail.
That's a...
Oh, dear.
Wow, blimey.
We are pushing up against the hour again.
I think we've got far too much talk about WhatsApp
and Brexit and things like that.
So shall we move on to...
The Little People.
What was that?
Okay.
The Little People.
Do we have a Little People, Jav?
You know what?
We don't have enough time to do the little people person.
Oh, it's great.
Sticky Pickle of the Week.
Sticky Pickle of the Week.
Sticky Pickle of the Week.
You can do that instead.
Yes, yes.
So here, gentlemen, is your sticky pickle of the week,
and feel free to play along at home.
Well, it's three.
You need to do three sticky pickles of the week.
The clue is in the jingle.
Okay.
So imagine the year is 2009, and you're sitting at home eating your lunch
over your laptop, as you always do, and you spill your drink.
Laptop stops working due to the spillage.
I have a question.
Is there sugar in the drink?
Is the drink sugary?
In your case, Andy, yes.
Well, that was the first thing we'd always ask in tech support
because the sugar crystallizes and it screws up
the uh keyboard whereas if it's water it's fine let's assume it is yes okay oh big that stops
working due to the spillage you salvage you can and over time you forget about them uh they sit
in a drawer and then one day they accidentally get thrown out with the household rubbish
thinking nothing of it you hear that this particular thing you threw out is now worth money.
Over time, you watch its value increase phenomenally.
You attempt to follow the trail and realize that what you threw out is sitting in the council landfill site.
There are no guarantees that you'll find it it but you know in your heart it's there
and if you can rummage through the landfill you are sure you can find it what would you do in
this situation so is it me or is the price of 10 gig laptop hard disks gone up at uh cex.co.uk or something?
Possibly, yeah.
So this is an easy one.
This is a story of the guy from Newport who surfaces every year or so,
and I think this has resurfaced due to the other guy.
It resurfaces every year, unlike the hard disk.
Yes, this is because that other guy has
got two more attempts left on his iron key to uh get access to his bitcoin wallet uh that he
encrypted um very securely so this guy yeah i remember this one so he's sort of going to the
council every year saying look you know let me come and dig uh in your going to the council every year saying, look, you know, let me come and dig,
uh,
in your landfill.
Uh, and the council is saying,
look,
you can't do that because it's going to release gases.
It's going to cost far too much money to do this.
Um,
I think the guy's lucky that he disposed of,
uh,
his hard drive before the Wii regulations came into effect in the UK.
Um,
because everyone knows you don't
chuck electrical waste in landfill. So I think because this guy got these Bitcoins for nothing,
and it's now worth a lot of money, he should just let it go. Because a hard drive that's
been sitting in landfill for seven years
is not going to be in a good working state.
He didn't get them for nothing.
He put valuable compute power into that.
Yeah, to be fair.
But, I mean, at the time, you know, they were worth nothing.
Well, that's a bit dull.
It is.
Yeah, move on.
You know what?
The guy at the landfill, the manager there,
has got a team of people that he trusts.
Every night they are out there.
I think that's more likely.
Mind you, they probably spent a fortune on disc recovery services, right?
Well, yeah.
I mean, the council are estimating it's going to cost a couple of million
just to excavate certain areas. Yeah, it's not to cost a couple of million just to um you know excavate um certain areas yeah it's not
not in their interests even if this guy decides to give him some kind of reward or something like
that because i'm assuming it's worth a lot of money but even so it's yeah if you think seven
years yeah hard drives sitting in moisture and god knows what else. Well, they're sealed units, aren't they?
Hard drives.
They're hermetically sealed.
Yeah, but you're going to have all kinds of moisture, not just water and rain.
You're going to have acids and tannins and God knows what else.
Yeah, that's true.
Yeah.
Yeah.
I think you should move on.
Before you know it, you're going to take that disk out, and instead of Windows on it, it's
going to be Linux.
What would you do, Tom? Oh, sorry hang on do you do you agree tom would you leave the disc would move on with your life uh no because i would get utterly utterly convinced that i could
turn my life around um and live my life on hookers and blow for the rest of it.
And so I would be completely – I'd be breaking in most nights, I think,
and coming home smelling of tip.
So nothing new there then.
I know it's a tip with a P, not a –
Pit.
Pit.
No, not a pit.
Pip. pit no pip uh but yeah i i must i i do empathize with the guy because that sense of opportunity loss must be really really harsh i mean talking about millions it's a it's not just a life-changing
amount of money for him it's a life-changing amount of money for
probably a lot of other people as well um so yeah i totally feel for the guy and i uh i think he
should keep going because we probably need more stories like this this time next year
next year we'll have the story like newport uh tip manned council manager retires.
Yeah, exactly.
Suddenly won the lottery.
National Lottery says there was no prize this week.
He's claiming it's Euro millions or something.
Yeah, yeah.
I'm anonymous.
Anonymous, I tell you. Yeah, that's gonna uh that's gonna destroy your
life if you get hung up on that but you know yeah exactly yeah you think i mean he's been there i
mean imagine like for the last seven years you've been driving to your local tip site every day or
whatever like please let me please let me dig and you see it's getting lower and it's getting filled in more
and more and it's just precisely i mean each each every day that he delays on this not delays but
doesn't get to it it is getting deeper and deeper and deeper and will cost more and more money to do
it so unless he can get someone to you know to to front him two to three million to get it done.
Well, in fact, two to three million
just for the excavation
and the health and safety stuff
and all that sort of thing.
And then probably a similar amount
in labour, et cetera,
to go through it.
And think how many hard drives
they'd find as well.
Yeah.
Do you remember what it was?
You know what? He might even, if he was allowed to go through it he might even find the hmrc drive that they lost like all
those years ago they had a team of people there they were there within days and they couldn't
find the hard drives that they'd lost all the cds right yeah um So what chance does he have?
Yeah, yeah, exactly.
Move on.
Yeah.
Move on.
Exactly.
Okay, very good.
Thank you, Jeff.
Sticky Pickle of the Week.
Sticky Pickle of the Week.
Sticky Pickle of the Week.
And that brings us very neatly to the end, I think.
That flew by, didn't it, for the first host unknown show of the year?
First full host unknown show.
Yeah.
We had the old guy last week.
But, yes, excellent.
Jav, thank you so much for joining us this week.
You're welcome.
And early, in fact.
You were online bright and early, unlike the other chap.
I know, yeah.
I'm scared too.
Scared not to be.
Yeah, we were this close to kicking off without Andy, I have to say.
And Andy, thank you very much for this week stay secure my friend
stay secure
you've been listening to
the host unknown podcast
if you enjoyed
what you heard
comment and subscribe
if you hated it
please leave your best insults
on our reddit channel
worst episode ever
r slash
smashing security
nice I like that yeah although i think that was best episode ever
for this this year so far yeah except last week
last week's was terrible i heard it i just it was really bad