The Host Unknown Podcast - Episode 39 - A New Hope
Episode Date: January 22, 2021This week in InfosecLiberated from the “today in infosec” twitter account:19th January 1986: The first PC virus appeared. It was a boot sector virus called Brain, which spread via infected floppy ...disks to computers running MS-DOS. It was written by 2 brothers in Pakistan to protect their medical software from piracy. They later even licensed Brain.https://www.theregister.com/2006/01/19/pc_virus_at_20/https://twitter.com/todayininfosec/status/1351695480791715840Worth mentioning Mikko Hyponnen ‘s TED talk on when he went to Pakistan to meet the brothers https://www.ted.com/talks/mikko_hypponen_fighting_viruses_defending_the_net18th January 2011: Andrew Auernheimer and Daniel Spitler were arrested by FBI agents for hacking into AT&T's servers and downloading customer info in 2010. There's a lot more to the story - either you know it or you should research it.https://www.darkreading.com/risk-management/two-arrested-for-atandt-ipad-network-breach/d/d-id/1095520https://twitter.com/todayininfosec/status/1351277900834742274 Rant of the WeekGoogle threatens to pull out of Australiahttps://www.bbc.co.uk/news/world-australia-55760673 Tweet of the Weekhttps://twitter.com/DanRaywood/status/1351555439612354562Defining what disinformation is, the role it played in the attack on the Capitol, social media as a vessel to deliver messages, etc.https://www.washingtonpost.com/lifestyle/magazine/disinformation-can-be-a-very-lucrative-business-especially-if-youre-good-at-it-media-scholar-says/2021/01/19/4c842f06-4a04-11eb-a9d9-1e3ec4a928b9_story.html https://twitter.com/washingtonpost/status/1351985551419863040 Industry NewsNSA: DNS over HTTPS Provides “False Sense of Security”Leaked #COVID19 Vaccine Data “Manipulated” to Mislead PublicEnvironmental Regulator Suffers Ransomware BlowGDPR Fines Surge 39% Over Past Year Despite #COVID19Cloud Config Error Exposes X-Rated College PicsCoin-Mining Malware Volumes Soar 53% in Q4 2020Malwarebytes: SolarWinds Hackers Read Our EmailsInterpol: Dating App Victims Lured into Investment ScamsThreat Actor Dumps 1.9 Million Pixlr Records Online Javvad’s Weekly StoriesNada. Nothing. Niet. Non. Billy Big Balls of the WeekAditya Singh: Man found 'living in airport for three months' over Covid fearsA man too afraid to fly due to the pandemic lived undetected in a secure area of Chicago's international airport for three months, US prosecutors say.Aditya Singh, 36, was arrested on Saturday after airline staff asked him to produce his identification.He pointed to a badge, but it allegedly belonged to an operations manager who reported it missing in October.Police say Mr Singh arrived on a flight from Los Angeles to O'Hare International Airport on 19 October.https://www.bbc.co.uk/news/world-us-canada-55702003 Thom's Podcasting Desk Other StoriesGo read this report about the US military endangering passenger jets by blocking GPSGPS jamming can shut off a pilot’s access to navigation — or worsehttps://www.theverge.com/2021/1/21/22242761/us-military-gps-jamming-tests-airplane-danger Ubiquiti, maker of prosumer routers and access points, has had a data breachThe email encourages users to change their passwordshttps://www.theverge.com/2021/1/11/22226061/ubiquiti-data-breach-email-third-party-unathorized-access In hidden message on White House website, Biden calls for codershttps://www.reuters.com/article/usa-biden-digital-service/in-hidden-message-on-white-house-website-biden-calls-for-coders-idINKBN29Q08Q Bugs in Signal, other video chat apps allowed attackers to listen in on usershttps://www.helpnetsecurity.com/2021/01/21/bugs-video-chat-apps/ Come on! Like and bloody well subscribe!
Transcript
Discussion (0)
as it is playing this is good enough it's good enough i think um i don't think the audience is
really going to care how how you've sounded or how you sound now based upon how you've sounded
in the past few weeks so now i've got all the equipment i just need to set it up properly
and produce some decent content yeah well that's not going to happen, is it? One out of two.
Exactly.
Set my goals.
You're listening to the Host Unknown Podcast.
Hello, hello, hello, and welcome to the Host Unknown podcast, episode 39, I think.
41, whatever. I say 39. Andy says 41, but we can't hear him properly anyway.
So, yes, who knows? It's a new hope. This week brings us a new hope globally.
Thankfully, the US has rejoined the population of Paris in the Paris accords.
Um, and, uh, uh, things seem to be going back to normal. It seems very odd to not have any
1am tweets and news stories to follow because weird stuff has been happening all the time.
So yeah, very odd. Anyway, Andy, how are you, sir?
Uh, besides the, uh, ongoing audio issues that I tweak occasionally every week,
usually 30 minutes before we start recording, I'm ongoing.
So obviously this week was Blue Monday, if you recall.
Oh, that's right. The toughest Monday of the year.
Yeah, it's where we all take a know, take a look back at our lives
and see how close we were to working with IBM throughout our lives,
as I understand that's what Blue Monday is about.
Sorry, hang on.
There you go.
That's a technical joke.
Mum, I can explain that one later.
Very good.
Thank you, Andy.
And, Geoff, how are you?
Yeah, good. Thanks. Good. I was on Twitter last night and Christian Toon educated me about
something, a term he heard. AWS has a service called Quorum. And he was like, first time I've
heard that. And I was like, what is that all about? And it's basically segregation of duties. It's where you need more than one person to approve something for the thing to happen.
Yeah, that's right. So meetings have a quorum. So when someone says, well, I think we've got a quorum, we can start. That means there's enough people.
but they've got the i think they've done it with a hsm so everyone has a private key and like until everyone comes together and approves the change you can't get access to it or something and i was
like why don't you just call it segregation of duties like how we've always called it but
because it's not about segregation of duties it's about maintaining a minimum level of
commitment amongst a group of people or a group of activities so you mean like three out of five
key holders must turn up and then yes that's right that's right that's exactly so in deck vax terms quorum was when was
because deck vax had the original um cluster so deck vaxes had um some of the some of the
earliest clusters and the way that it would decide which computer was effectively in charge
out of the cluster was it would decide which one had quorum, basically.
So if computer A had quorum, that was the one whose changes
would be implemented across the systems.
And this was determined between two machines, was it?
I think DECVAX could do more than two, and this was determined between two machines was it uh i think that i think i think deck
vax could do more than two but you know the obviously the minimum cluster size is two
yeah so yeah well i was just thinking in the old sequel world they had the witness server as well
remember you had two machines that would decide which was um i think that's the same principle
yeah yeah but uh you always had the witness that you had to manipulate
to trigger the other server
online and if the witness basically
decided that something had to
be done and the other computer didn't like it
then there was the witness protection service
that would then
protect the
server from being
taken out
I can only hear like
hang on
hang on
thank you
this turned to something
that I was genuinely
finding really educational
and you just
completely ruined
the moment Tom
it was like
come on
come on
in fact
I'll tell you
let's run this
right now
sketchy presenters weak analysis
of content and consistently average delivery like and subscribe now see there you go that sums us up
right well um i suppose two out of three i suppose it's a quorum yeah which one did we not meet no i'm talking about two out of three presenters meet that definition
oh that's true that's true dodgy delivery um yeah yeah there's there's uh andy with his head
in a bucket at the moment you love me really right what have we got for you this week uh
well we have the this week in
infosec tweet of the week billy big balls rant of the week industry news obviously uh we've even
got some javs industry news we may may even have uh a little people or even a sticky pickle it
depends on if we have time or even if we have the content because we were still arguing about who
might do a sticky pickle and what it might be at the end um just before we started anyway so why don't we kick straight off into
this week in infosec
so this is a part of the show where we take a stroll down memory lane.
We've got two absolute crackers today that I'm going to talk about.
The first is from the 19th of January, 1986, which is a whole 35 years ago.
Can you believe that?
1986? I was in my first year of O-Levels.
In your 40s at that time?
I was doing my O-Levels.
See, it's so
old they don't even call them O-Levels anymore.
I know.
They didn't even call them O-Levels when I reached
GCSEs.
Anyway, so this is one how old it was,
and I'm sure that had we had a different guest on the show this week,
he would have been able to talk through this in much greater detail than I would.
But I shall verbatim lift the content as it was delivered
by the Today in InfoSec Twitter account.
And it says 19th of January 1986, the first PC virus appeared.
It was a boot sector virus called Brain,
which spread via infected floppy disks to computers running MS-DOS.
It was written by two brothers in Pakistan
to protect their medical software from piracy.
So it was actually originally written for legitimate reasons.
They even licensed this software.
So hang on, in order to protect their software,
they would cripple your computer?
Pretty much, yeah.
So the virus actually included their address and phone numbers as well.
And it basically said to call them for inoculation,
you know, if you been uh infected by it but it's a great story we've uh included details in the show notes
um or i've added a link to um one of john lyden uh friend of the show one of his articles from
l reg um from 15 years ago when the uh virus hit 20 years old.
That was when John was approaching retirement age. Retirement age, yeah.
So this was...
Love you, John.
Yeah, this is something that has been around for a while.
It's just a fantastic piece of history, well worth looking into it.
And there's also a TED talk you can see from
a friend of the show Miko Hipponen
or Miko
from when he went to Pakistan to meet
those brothers
I think that's definitely one upping on what
Mr Graham Cleary
has ever done for this virus
so details
in the show notes
Miko do you want to be a guest i know i know
you're an avid listener so do do do join us please yeah you know what what's uh another interesting
bit of trivia is um in the late 80s early 90s for a few years i lived in pakistan and um i lived
actually like um only a couple of miles away from where these two brothers were
and where the Brain Telecommunications Limited headquarters still is.
Excellent.
So I used to go past it on the way to this.
There was a massive park in the middle and like they were on the way.
That's pretty legit.
Yeah.
And when we say brothers, we actually mean they're sort of...
They're biological brothers. They're biological brothers, yeah. Not, you know, mean their sort of... Their biological brothers.
Their biological brothers, yeah.
Not, you know, like, you know, fist pump brothers.
Not the brothers I went for training with.
No, exactly.
I'm glad you said that.
Moving swiftly on to the second story we have this week
is from 10 years ago.
Can you believe it? A decade ago. What were you doing a decade ago?
To think most of us were actually already active on Twitter at that point.
You know, the good old days. Even I was. Yeah. Yeah, exactly.
So it sounds like a long time. But then, you know, when you think what's happened in the last 10 years, it doesn't really feel that long.
So 18th of January 2011, Andrew, we'll call him Double A much like myself, although he's better known as Weave.
And Daniel Spittler, who is better known for Goatsec or Goatsysec.
They were arrested.
Don't look up Goatsy goatsy folks whatever you do they were arrested by the fbi
agents for hacking into at&t servers and downloading customer information um and with this one
obviously today in infosec go on to allude that there is a lot more to the story.
And I wonder if either of you know more about this story.
Yeah.
Yeah.
So Weave was going to go down for quite a few years for this.
And I think, well, there's two things I remember from it.
So one is we were at 44Con, I think, was a talk done about some uh a friend of his or by a
friend of his who was working out how to convert his voice calls into tweets and the system that
she implemented for it and all that sort of thing and it was a terrible talk but a brilliant story
interestingly um and i think it were it must have been about 2012 or something like that
because I think he was still imprisoned as a result of this
or it was still being under trial or something.
And the other part of it was that actually he argued in court
and I think quite rightly as well that if he's being had up in court for this,
then AT&T should be as well because of the completely negligent way in which they were
securing their customer data. Because what their attack, it wasn't even an attack, what their What their software did was emulate an iPad with a 3G chip in it,
3G GSM chip in it.
And it would basically brute force by randomly guessing the IDs of the,
I think it was effectively the IMEI of the SIM card
and presenting that to AT&T,
and then it would provide all of the customer data based on that,
even though it was like effectively random guesses
as to what the IMEIs were,
which is a terrible form of security, et cetera.
And they got all sorts of data, all sorts of personal data.
And it was really, really poor security on behalf of AT&T.
And actually the third part of it, of course, was that Apple,
was that the media immediately said this was,
or the headlines talked about an Apple failure in security or something
when actually, you know, because frankly,
that's what drives clicks to the story, when actually you know because frankly that's what
drives clicks to the to the to the story when actually it's purely at&t so this is a story
that's working on so many different levels do you know what's uh what's great about this jeff
you probably picked up is that any story that involves apple tom could go down to the absolute minute detail of what occurred.
And comes out of it making you believe that Apple was the only good part of the story
and you should all buy Apple products.
Absolutely.
I don't even have shares in Apple, you know.
So it's, you know, Tim, I know you're an avid listener.
So Tim, that's's tim apple by the way
you may have given um you know billy trump is the very first mac pro off the production line
i don't know if you read about that this year he had number one off it uh he didn't get a monitor
or all the wheels or the stand for the monitor apparently but you've got the number one unit off there come and you know donate one of those to uh host unknown or actually no three
everything's got to be in threes isn't it you know donate that to us and we can carry on talking
about the wonders that is you know apple product yeah it's got to be threes like the modern day Noah's Ark that's right three of everything yeah one for each
it's the brown M&M's of our rider
oh fantastic oh nice one yeah good stories I like. Nice little trip down memory lane. Thank you, Andy. This week in InfoSec.
Okay.
Nice one.
So I hope we got some more Apple stories because, you know,
I actually sent a picture of my desk out to the guys just before we went live.
And basically my desk is covered in Apple products.
So as you can tell, I do like a good Apple product.
Right, Jav, I think we should move straight on, don't you?
Yes, why not?
Absolutely.
We are going to go on to this week's...
Listen up!
Rant of the week.
It's time for Mother F***ing Rage. weeks listen up rent of the week it sounds a mother rage
okay i've got a good a crank it's better than the content yeah let me stand up and try and deliver
listen up yeah uh so google threatens to withdraw search engine from Australia.
Australia?
Is this a news story?
I've already got a solution for it.
Oh, I've not heard the story yet.
Is this a new thing?
This is a new thing, yeah.
It literally broke like two hours ago on the BBC.
Right, okay.
By the time this podcast goes out, that was last week. Yeah, and Gav would have already syndicated it
to 15 different news outlets as well.
So Google has threatened to remove its search engine from Australia
over the nation's attempt to make the tech giant
share royalties with news publishers.
So what the Australian or is trying to say is that
um a lot of well a google dominates the search engine uh market and the ad market uh and it's
i don't know if you heard that but but because I said Google so many times, my phone started to answer me.
Oh, dear.
Let me try and put that on mute.
Fortunately, yeah, Apple use Siri instead of Apple.
Otherwise, Tom's house would be.
Yeah.
My house lights up.
Whereas Jav's phone now knows he's bad's bad mouthing google and he's gonna yeah
that's exactly it reach off all of his services um so so what australia wants to do is to make
google facebook and you know probably like you know the big companies to pay media outlets for
their news content so because they so they say that people join Facebook and Google
and they're directed to all these news articles
and the people that publish these articles don't get any money,
so therefore Google should be paying them some royalties.
And Google's like, screw you, no.
This is not how we do business we we and we will um you know pull out our google
search from australia which has worried a lot of citizens because they're like what does that
actually mean are we not going to have only google search or will that also mean we will lose google
maps or gmail or anything else that's related to Google. It means you have to memorize URLs now.
Yeah, yeah.
And the Australian government is like, your threats don't scare us.
We do not negotiate with terrorists.
Not quite in those words, but that's how it's been.
And the rant is really that, hey, what a stupid story this is
and why these governments and companies are acting in this way.
Secondly, it shows just how much power a few tech companies have
over the whole world.
And thirdly, governments or policymakers or whatever,
do they not have a clue as to how the internet actually works?
This is basically the model we've built up off the internet. This is how it works. This is how
we've allowed it to work. Simply now trying to take away things from, say, Google or Facebook
or any of these big companies and saying, now you just need to give money here or there or whatever,
companies and saying, now you just need to give money here or there or whatever. It's not a fair or it's not the right way to approach it. You need to approach it from the basics of like,
how does the economics of the internet work and try to find a fairer system. But simply,
I think penalizing companies that have taken advantage of the rules and working within it
to build themselves a business, I think is absolutely ridiculous. And I, for one,
would pay money and grab popcorn to see Google pull out of Australia, and then see Australian
government or the policymakers groveling and going back to them and begging them to give them more.
Or maybe they'll go to China and say, hey, you give Google a knockoff and see how well that works.
But yeah, I think it's just ridiculous all around
i don't know i think um i think one um don't use google to search anyway use duck duck go
for a start uh and two the simple solution is australia just needs to put a massive vpn around
their country so it looks like they're coming from a small town
in Santa Monica or something.
You mean like China does.
Yeah, so, you know, problem fixed.
Joe, I've got a different view on this.
So if you think, remember, wasn't there a time
when I'm pretty sure it was Google threatened
to pull out of China if they had to implement the restrictions the government was imposing on them.
And they sort of really stood their ground.
And then at the last minute, they backed down
because they didn't want to lose all that revenue.
Access to a huge market, yeah.
Yeah.
And I mean, Australia is not a small market, you know.
And we've got...
It's also not a huge market either, in fairness.
It's only got a population of something like, isn't it, 15, 20 million, something like that?
Yeah, I mean, I guess if Google want to pull out, you know, that's more room for everyone else.
But I mean, Google's one of the best search engines around.
Like in terms of delivering content, you know, it's very good.
You can manipulate those searches.
You can do all kinds of qualifiers to get you know very specific content um and you notice that when you search
for news articles or like if you think of it you hear a headline you search for it on google
and it will pretty much bring back the most recent news um but it does it in the uh the
amp format you know the accelerated mobile pages and the problem you got with that is that it's quick to
load right because they strip out all the crap um but with that they also strip out all the sort of
ad advertisement the ad revenue that the news sites would otherwise get so you get in the article
without the news site benefiting from that and if you think of every news site you go to i mean i
know you're actually a subscriber to uh News. Surprise, surprise, Tom.
If you think of all the other news sites, you look at an article on Guardian or Independent, anything like that, they will say, hey, look, it only costs this much to subscribe.
Or would you consider subscribing or disable your ad block in order to get the revenue?
So essentially, Google is delivering these people's content and not paying for it.
Yes.
And also Google's not paying taxes in all these countries either.
Yes.
So someone, yeah, they need to give up something.
Like, you know, they are getting far too big, you know, on this stage.
And I admire Australia for standing up to them now i don't disagree that
google and facebook and apple and microsoft are way too big and amazon um they're just way too
big and and um and you're right that but i don't think it's google's fault that this is how um the uh the network works or
you know how the transactions work i think what what it is is that the internet has just all clung
onto this one model of making money which is through advertising and that's the only model that
is dominant at the moment and that's what needs to changed. That's the root cause of all the issues
is that it's actually, you know,
it's not just advertising,
but it's targeted advertising.
That's where all the money comes from.
You know, I'd argue that if you provide something
that's of really good value,
then people would subscribe and see it.
Of course, that's not the answer for everything
because like we're seeing on streaming services on TV,
now you just end up paying just as much
as you would pay to cable or Sky,
but now it just spread out
over like four or five different streaming services separately.
So maybe it's not,
and with that you get a lot of churn
and it's a lot of things.
But I think fundamentally,
we need to look at how the revenue system
is built into the internet and change that a bit as opposed to…
I bet that if Google paid taxes in Australia,
this wouldn't be a problem.
I think that's exactly it.
Yeah.
If Google actually stood up and started to pay the money
that was owed by them.
And the same for all of these organisations.
A lot of this would go away.
Because, you know, these are sort of fairly large sums,
and if those large sums that are deemed outstanding go away,
then the governments go looking for the next target, right?
They only go after people when it's in their interest to do so.
So I think you're absolutely right.
It always amazes me that when Google set up,
and certainly for the first few years,
I don't even know if this is still true now,
but their underlying ethos was basically do no evil
and yet now look at them.
Well, that's actually not part of their manifesto anymore yeah exactly exactly it's funny that because they found it wasn't it didn't quite
get them much money um you know as oh you mean we have to pay taxes and do no evil uh we can't do
that you know it's so i i just find that's very very odd an interesting um use of the word manifesto there
well you know i couldn't think of what the right word was
but it does something else over that exactly exactly no this is a good one i like i must
admit i do like i like this story because I think it really does hint
at other underlying issues that most of these tech giants are causing,
and it's primarily taxation.
You know, they're making vast amounts of money at other people's expense.
You're right.
But as long as we have conservative governments in power around the world,
that's not going to change, is it?
Oh, God. Don't get me
started on...
Yeah, let's move swiftly on.
Yeah, exactly. Before I let down my Tory
brothers and sisters.
Right, yes, thank you very much.
Rant of the Week.
Oh, dear.
That was getting a bit political, wasn't it?
It always does.
Let's just try and avoid that stuff.
Let's try and avoid that.
I don't know, man.
I'm telling the company to pay taxes.
How controversial.
I'd pay my taxes.
Yeah.
Unless Google want to sponsor us, of course.
Yeah, well, that's true.
We'll take their money, obviously.
And we'll pay taxes.
Tax write-off, I'm sure.
Yeah, exactly.
And tell us how to do our accounts as well.
What was it?
You know, a few years back, there was the big, in the UK,
there was the big...
Panama Papers.
No, no, no.
The thing, I don't know, maybe it was part of,
I think it was before that, though,
when a whole bunch of celebs were outed for using, you know... the jimmy car avoidance schemes yeah jimmy car was absolutely slammed for it and i
think you know what what i like about jimmy car is he totally puts his hands up to it anyway but
his his you know and he loves he loves a good heckle any as well because he always has a good
comeback which i'm not going to repeat any of them here, because my mother's listening.
But his comeback to that was, you know, about taxation was,
he just stopped and he'd say,
I paid exactly what I was legally obliged to pay.
Yeah.
And then he said, is anyone here a good accountant?
Because I need a new accountant.
And that's so true. You know,
you do, you pay what you're legally obliged to pay. And in the case of, you know, Google and the tech giants, it's exactly what they do. They take advantage of all the schemes and it's legal,
it's not necessarily ethical. And that's the difference.
The problem is that they have the options for for the majority of the population under paye they just do not have any options
so so the law does vary depending on like how much money you have and what what structure you have
and and that's what aggravates people if everyone if there was a level playing field and your average worker you know no i had access to this
yeah yeah exactly then then i think it would be a well then no one would be paying any taxes
basically well exactly exactly but you know the you know we we would all like to pay less tax but
conversely we all would like to have our bins emptied every week and or every two weeks now you know and uh be able
to get a a free ride in the in the ambulance taxi well bins are bins are like from council taxes so
that's not actually taken out from your normal tax i just said tax yeah but but the loopholes
aren't to do with council taxes tax is tax you, all I said was we all want to pay less tax.
Absolutely.
That's why I'm down on the council register as a...
Troublemaker.
...as a disabled...
As a disabled, retired, invalid...
...vets.
Yeah, vet.
Military vet, yeah.
Yeah, exactly.
Exactly.
Refugee.
In fact, they pay me every month now
all right enough enough uh incriminating words from me why don't we talk about
sweet of the week that is so cute i love it sweet of Sweet as a week. I shall take this one.
This is, well, in fact, the first one I wanted to put in was a tweet from a friend of the show
and possible InfoSec Stig, former InfoSec Stig, where he actually posted a tweet which says,
This reminds me of that Host Unknown podcast episode where Tom Langford tried to understand the politics of early 1990s WWF.
And for those not familiar with what, you know, not the World Wildlife Fund.
Yes, exactly.
This is the World Wrestling Federation, the original WWF.
And this was a quote tweeting something from Paddy Power who was saying that,
you know,
during President Trump's or former President Trump's last day,
outgoing US President Donald Trump has issued a pardon to Shawn Michaels for
kicking Marty Jannetty in the face and throwing him through the window of their
1992 appearance on the barbershop.
There's so much to unpack in that, and I'm not entirely sure.
You know, it's one of those things that unless you really followed
the rockers and, you know, WWF stories back then,
I mean, it hits good, but it's unfortunately just too much
to try and explain.
Definitely one to Google if you want to.
I recognise all of those words.
I have no idea what most of it means i mean the sad thing is we're going back 30 years on that one and that is
uh you know that is crazy um however fantastic tweet but i thought i would add a another one
anyway and this is from the washington post uh and it's probably not very uh simple to describe
on the show so this is a bit of a quick one.
And this is a story about how disinformation
can be a very lucrative business,
especially if you're good at it.
And this is a lady called Joan Donovan
who studies media manipulation and extremism.
And she's sort of taken a-
I don't give a degree in anything these days.
Well, yeah, yeah anyway you got a
platform right anyone can uh can give their opinion um but she the post is actually really
good so i've included the link in the show notes uh it's a washington post article um and she so
you know explained what disin how she defines disinformation because i think that's always
really important when you start um taking an angle something is, you know, where do you actually stand on it? What's your
interpretation of it? And she shows in her interpretation, the role that disinformation
played in the attack on the Capitol, you know, at the start of the year. And then they go on to
discuss whether or not, you know, removing Trump from Twitter, you know, and all other platforms
was the right thing, you know, is the other social media giants having too much uh influence on if they can just pull
people at any time uh and then you know she takes a look to the forward you know what sort of
information should we be worried about going forward um and it's just a really interesting
article to um to go through but obviously very American focused as they do. You know, what should we be doing as a
country? But definitely a good article. And I do encourage you to click on it in the show notes and
take a read. So is she saying that disinformation is very lucrative for the people spreading the
disinformation, the people hosting the disinformation for any well anyone that's
controlling that disinformation um obviously the the media giants benefit from it so facebook for
instance yeah and uh also you know the likes of twitter as well they um yeah but you know i think
there's a big drop off after you know they kick trump off the platform um but uh yeah so i mean
one of the things she actually says, you know,
you don't get 100,000 domains related to COVID-19 without, you know,
a big chunk of people thinking they can monetize it.
And so, you know, it's a really interesting take on,
and unfortunately, you know, people are so easy to influence.
Yeah.
And that's it.
And, you know, ultimately the message is uh trust
but verify and verify and verify um but uh so the main question that i'm i'm not hearing the
answer from maybe you want to discuss this offline is how can we use this to make some money because
the sponsors are not rolling in despite us doing custom jingles every single week for them
check the uh the other document i set up jav i've got some ideas about uh
information we can sell is that on signal hopefully as if this podcast in itself doesn't
count as disinformation no Disinformation is intentional.
That's how she's described it.
I think what we can describe this as is misinformation.
Or incompetence.
Yeah.
But tune in next week where our special guest, Steve Bannon,
will be able to work up news.
Fresh from his jail cell.
So you said, you know, trust but verify verify verify was the quote she used so i was chatting to this about this to somebody last night and i and i was saying
the thing is disinformation is often so convoluted and complex that you tie yourself into knots trying to understand it
and explain it and justify it, et cetera, when, you know,
Occam's razor just says the simplest answer is probably most likely
to be the actual answer.
You know, so all this disinformation about, you know,
lizard people in the government and, you know,
milking hormones out of terrorized children under a pizza
parlor in a in dc and all that sort of thing it's like epstein that's why they yeah yeah well exactly
the simplest with epstein for it brilliant you know oh he he died of a undiagnosed heart attack
no he was killed you know because of it you know, all the very simplest thing is,
oh, the videotape stops the, you know, the timing was such that it was just about to blow the whistle.
That's the simplest one. That's the simplest solution, if we sort of mean the simplest answer.
And I think that's the thing that most people forget is, is frankly, the more you have to justify and tie yourself in knots to
understand something, the less likely it is to be true, surely.
Well, I think what happens is that people don't arrive at that conclusion in one day.
And this is like an ongoing process. So it starts off with disinformation being something that is
So it starts off with disinformation being something that is largely true, but a little bit of falsehood mixed in.
So it's just enough to sow the seeds of doubt.
And then what we have is, and this is a criticism against a lot of the tech giants and their algorithms,
is that because that kind of thing then shows up time and time again in your feed. And, you know, you and as personal biases,
you look for that kind of information to help sort of like justify or reinforce it. And that's the thing that over a long period of time, takes you to those more extreme views. And I think that's
that's where, where the danger is, is that, you know, it starts off with, hey, this isn't true.
And like, okay, maybe that's not true. And then starts off with, hey, this isn't true. And like, hmm,
okay, maybe that's not true. And then this isn't true. And this isn't true. And then you find
yourself over a period of weeks and months that you get to a point where like, hey, I don't trust
anything these media giants say, because clearly it is fake news. You know, clearly all of these
big, big media, they're in it to serve some other interest so so that's stage one you you
completely ignore all the evidence that's there because you're saying that these are all puppets
or you know dr fauci or whoever yeah wake up sheeple exactly exactly educate yourself
a friend of mine he he sent me a a good post It was by Arnold Schwarzenegger the other day.
And the summary was like, he goes like, if you want to build muscles, he goes, I'll tell you how to build muscles because I was like seven times Mr. Universe or what have you.
And like, you know, I know how to build muscles.
He goes, but if you want to know how to protect yourself against illness, he goes, don't come to me.
Go to a doctor that spent like, you know, 10 years of their life studying this thing and and and what have you and what the
problem we live in these days that people watch a you know 10 minute or one hour of youtube video
and think they're an expert in something and then they go out preaching that uh so i think there's
this uh and i think that's a very valid point that you know we we live in this society now where
you know it's so easy
to spread little bits of information over a long period of time. And people have this full sense of
confidence in their own ability to understand very, very complex issues sometimes. And so that's what
leads them down this this path. And, you know, you saw that guy who they arrested outside the
pizza parlor who wanted to, to go in and free the kids in the basement, allegedly.
And he genuinely believed it.
It's not like he, you know, but it's something that happens over a long period of time.
And I think it's easy for us to scoff and say, oh, those are Americans.
But, you know, this happens all the time in all sorts of issues.
We only need to look at the 5g conspiracy theory earlier in the
year more more of america's access to mental health care facilities than anything else but
we had a fair few in the uk as well i mean even over here you've got anti-vaxxers on the rise and
even like so many people who's saying we're not taking the the coronavirus vaccine because that's like you know gonna microchip the one that really got me
was the people who said we're we're not gonna take that vaccine we're gonna wait for the english one
yeah yes what oh my god
anyway i went on.
That's my second rant of the week.
So
that was a tweet of the week.
Oh,
I'm glad you said that.
Cause I was about to press the wrong one.
Thanks jab for this week's
tweet of the week.
Actually,
Andy.
Yeah. The brother's Andy. That's okay,
you keep going.
Yeah,
the brother's not
unfamiliar with
hijacking, right?
Anyway,
I think
our source
on probation
over at the
InfoSec PA Newswire
has been busy
this week
bringing us the latest and greatest security news from around the globe.
Industry News
NSA, DNS over HTTPS provides false sense of security.
Industry News
Leaked hashtag COVID-19 vaccine data manipulated to mislead public
industry news environmental regulator suffers ransomware blow industry news gdpr fines surge 39% over past year despite hashtag COVID-19.
Industry news.
Cloud config error exposes X-rated college picks.
Industry news.
Coin mining malware volume soar 53% in Q4 2020.
Industry news.
Malwarebytes. SolarWinds hackers read our emails. Industry News. Interpol.
Dating app victims lured into investment scams. Industry News. Three actor dumps 1.9 million
pixel records online. Industry News. And that was this week's... Industry News.
Do you know that story you said, Andy, cloud config error?
Yes.
I thought that said exposes X-rated collage pics.
I thought, oh, that's nice.
Lockdown activity, making X-rated collages.
Yeah, that was the out app fleek that that's been
shut down since 2019 but they haven't deleted their data so sorry this hang on so this this
app closed down or the service closed down but the servers were still running with the data yeah so the whole service uh shut down uh a while ago and
um it was like a sort of snapchat style thing where you could delete stuff and um you know
it was allegedly gone so people were sending risque photos to their um uh you know sort of
college age friends i think yeah but it would then be deleted. Yeah, and then obviously, you know, the whole thing, that's it,
you know, another flash-in-the-pan application that's gone,
didn't quite make it.
And, yeah, a year later, all of a sudden,
someone's just playing about on the web,
and they discover that the old servers where this stuff was stored,
it was like an S3 bucket, I think, on Amazon, wasn't locked down.
So they could just get all these images
that people had thought had been deleted.
How are they still running those servers?
That takes money.
But you know what?
Yeah, I know.
Well, it does take money.
And this is one of those funny things
where people don't necessarily understand
what they've got
running you know someone's paying for stuff but there is often a disconnect between you know the
accounts department um you know the it team uh you know i've worked with people in the i mean i've
seen it myself in the past at a previous company had gone down to a data center you know stripped
out some shelves and found some servers that were on and plugged in had absolutely no idea what they
were doing you know what they were doing knocked down like a false wall and there was a bunch of
but uh they just literally you know we'd installed them just completely forgot about them they'd
fallen off the asset inventory somehow and uh you know never gone around to and you know i know
i interviewed someone uh from a competitor uh one of the things that he said that he did and you know i know i interviewed someone uh from a competitor uh one of the
things that he said that he did uh you know efficiencies that he'd done in his place he'd
actually switched off 900 servers at the time it was to um just as a money-saving exercise uh you
know these servers were installed never used but obviously they're sitting in uh taking up spaces
in data centers and uh electricity and all that kind of stuff.
I can imagine.
With stuff in cloud, it doesn't surprise me, if I'm honest.
Yeah, yeah.
But that fellow who switched off 900, I can imagine for the first few hundred, he'd send out emails and wait a couple of weeks and send out another email and all that sort of thing and wouldn't get any response.
And probably by the last few hundred, he's like, oh, fuck it, switch him off and we'll see what happens.
See you, screams.
Yeah, exactly.
That's cool.
This is also what happened with the Parler app, isn't it?
That people that deleted messages,
it didn't actually delete it from the database.
It just flagged it as deleted so it didn't show up in the app.
Yeah.
On the servers, all the information was still there available for the fbi exactly and the other thing is you know i'm not gonna accuse the
founders of fleek of anything in particular but you know maybe the guy just wanted to keep him
for his personal collection and you know he stored them online told everyone it was gone, and got found out.
He's had to buy the biggest memory upgrade on his iPhone every year just to make sure he's gone with him.
You know you can save stuff on things other than Apple devices, Tom.
Really?
Just putting it out there.
Is it?
But why would you do that?
I don't understand.
Sorry.
Anyway, it's time for you now, Jav.
No, it's not.
Weekly stories.
Have you had a week off, Jav?
You know what?
I didn't get a chance to research this before the podcast.
I completely forgot.
Okay, so let's run the jingle we'll do a bit of silence and i'll run the jingle again how's that
so and uh now it's time for javad's weekly stories javad's weekly stories
weekly stories that was javadads weekly stories and that was javads weekly stories
oh dear so the show notes so anything of interest in any of the above um well given that there was
nothing in the above i think uh uh no not really well i'm actually uh interested that dating apps, victims who are lured into investment scams.
This is normally,
you know,
when you target,
when these victims are targeted during these dating scams,
it's very much get what you can,
you know,
string them on for as long as possible and then move on.
Investment scams sounds like that,
you know,
guys are now thinking long-term,
you know,
on this stuff.
They don't just want the money quick wins. They're thinking long-term strategy here. You know, what's now thinking long-term, you know, on this stuff. They don't just want the money, quick wins.
They're thinking long-term strategy here.
You know, what's their retirement fund look like?
I mean, settle down, you know, get married, have a few kids,
and their retirement plan is at least they've got some kids
to put them into an old folks' home.
Yeah, exactly.
Well, I mean, that's what the scam's all about.
Is that right?
I'll tell you what, I'm so glad I managed to break out of that scam
I've been in for the last 30 years.
Yeah, code name marriage.
I just figured out my dad's a con artist.
I've got to kick him out the house now.
You've been exposed.
It's when he goes, OK, it's a fair cop yeah but yeah but it's it's like
it's not that different from uh the offline kind of scam you know how you have all these stories
and not not stereotype actually one person did a dm me last week about the stereotypical indian
accent that i did um Oh really did they?
One person yeah he goes like
he said that was funny but
why did you do it and I
replied to something to the effect of
you know
if you had to do a podcast with
Indian banjo
then you
would say this
so that's what I told him and he was like that
but um okay so it wasn't christian tune then who asked you this no
but what was it so if you had to do a podcast with two white guys or something like that
no no no it's all right it'll get lost in translation but with these two
gentlemen then you you'd also like you know pick up some bad habits along the way anyway the uh
the the old gentleman you said it wasn't too gentleman i like i said lost in translation
yeah it's all about context and um you know how you you've had these, and it's always in the sun or the mail. You see
they're, they're running a headline. We're like an eight, a 70 year old lady's gone to Turkey for a
holiday and she's found a toy boy and he, they genuinely in love. And then, you know, she's
fighting to, for him to get a visa. And, you know, they find, you know, that I love you and they're
trying to prove it. Then he comes over and this is exactly what this is but just it's online it's like that's like the the oldest scam in you know one of the
oldest scams known it's uh you know just find an old person that's about to get you into the
country and then you can like take the inheritance and what have you i can say ladies i wonder if
we're going to see with the brexit if we're going to see with Brexit if we're going to see the revival
of the old Turkish waiters
Greek waiters
looking to get
visas to live in the UK
I was going to say looking to get people who want to leave
Britain
It's going to be the other way around
Yeah exactly, that's what I'm thinking
I think I might go to
Greece and try and fall in love with
a Greek waitress.
She can get me nationality.
All right.
Well, that was this week's...
All right.
Okay, so shall we move on?
Blimey, we are way behind.
Shall we move on? Blimey, we are way behind.
I think
it's time
for me to do...
I played it at the wrong speed again.
This one is
about someone I think we all know
and love. A man was found
living in an airport for three months over COVID fears.
So this is, you know, life imitating art.
Tom Hanks was found to be living in Chicago's international airport
for three months apparently.
Oh, no, hang on.
I read that wrong.
Oh, no.
It's a guy called Aditya Singh. So a man
too afraid to fly due to the pandemic lived undetected in a secure area of Chicago's
international airport for three months, US prosecutors say. Aditya, 36, was arrested on
Saturday after airline staff asked him to produce his identification.
He pointed to a badge, but it allegedly belonged to an operations manager who reported it missing in October.
Mr. Singh arrived on a flight from Los Angeles to O'Hare International Airport on the 19th of October.
For those not recognising the Tom Hanks reference there uh what was the name of that
film yeah the terminal terminal which was based on a true story of a guy who lost his nationality
uh mid-flight effectively and therefore was not able to he flew into a u.s airport and was not
able to to fly back home and was not able to leave because his passport was invalidated and all
that sort of thing um and so this person didn't he live there for something like two years or
something like that yeah that's a much longer uh yeah absolutely but it's you know this it's been
um it's been reproduced so this this poor guy um flying in i mean you gotta wonder why he got on a
plane if he was that concerned anyway.
But nonetheless, and I think it also says something about access to America's mental health facilities as well.
But, you know, living in an airport, but not only that.
Three months is a long time.
Three months.
The thing that gets me, this isn't just, you know,
sleeping in the terminal and claiming, you know,
sleeping in different places every night and you know using the uh the bathrooms to to get washed and all
that sort of stuff uh and in claiming he was going to get on a flight at some point he was in the
secure areas this is what i find more concerning than anything than anything else and that's why
i think it's obviously the security stories How can somebody spend three months in the secure area of an airport
and not be found?
Well, it just goes to show that no one's actually really reading ID badges.
You know, he claimed that he found the badge,
but it wouldn't surprise me if it was lifted off, you know,
someone's jacket or something like that.
But, yeah, people are just seeing he's got a badge
and just acknowledging that, oh, yeah, he belongs here.
But presumably you use that badge to access areas, right?
So you tap the badge to get in.
I can only imagine.
Yeah, yeah, that's what I was thinking when I read the story.
I thought if it was like he's in secure areas,
so he needs the badge to come in and out.
Yeah, they wouldn't be very secure otherwise.
If it was reported missing in October,
surely they should have just shut down the access.
Precisely, precisely.
And there's only so many times.
I mean, you might get away with saying or tailgating somebody
or saying, oh, my badge isn't working or whatever.
But I can't imagine you getting away with that for three months.
The only way I can imagine you getting away with it for three months is if the
badge still worked and you got in when nobody was looking.
Do you know what I mean?
So, yeah, I find this shocking, to say the least.
Yeah.
And the thing is, he lived on handouts from other passengers,
as I understand is what they say.
But I reckon, you know, he got into the lounges
living a good life i i think there's more to it that they did the airport was probably suppressed
yes to prevent them looking so bad because yeah think about it as well in america and this is a
brown person with a beard you know this is post 9 yeah this is post
9 11 isn't it you know a frame of reference we used to where you know to justify um you know
sort of heavy-handed behavior and uh you know the suspicion of people you know basically being
strip searched uh you know walking through metal detectors or whatever so let's not be clear you
know airports say oh this is what we have to do now this is how it
is um yeah this is incredulous this man has uh got some some proper billy big balls it is it is
but but the weird thing is like you know i can't even go through with like you know a little bit
of water in a bottle without getting like runny tackled and uh this guy just like walks in and
like chills that actually Actually, someone was
telling me the other day that he lives in Texas. And whenever he books a flight to go internally,
whatever, he says the best flight to get for him is about the three o'clock in the afternoon one,
because he goes about three o'clock or the one. Yeah, he goes about three o'clock or around that
time. He goes, there's a shift change in a lot of the security that work in the gates.
So he goes, if you go about 2, 2.30, he goes, people are really tired by then.
And he goes, they're not in the mood to do extended searches.
So he goes through a lot quicker at that point.
Oh, that's brilliant.
So this is like back in the old days of credit reference agencies where if you applied for credit and you know you had to
go through on the phone uh speak to someone at the advisor it's always like statistically you're
more likely to be accepted for credit after three o'clock on a friday uh with people looking for the
weekend so if it's a touch and go case i'd be like yeah go and then whatever um you know before
they switch to automated means and just sort of remove that human element yeah i just want to pick up on something you said earlier you know uh andy about
you know you probably got access to the lounges yeah probably you know living the life
just saying somebody who's lived in an airport for three months because he's scared of covid
he's hardly living the life.
No, you know what?
I think what there's been, again, there's something lost in translation.
They said, why are you here?
He goes, I am terrified of the Kavid.
And Kavid is actually his wife's name.
So, you know.
You're going to get another email.
Maybe a couple of emails this time.
I think Mo will be reaching out to you. No, no, no.
I'd say, Mr. Singh, how are you?
I'm doing really well.
I'm not a man.
I have a lot of pain.
I'm at the airport.
Go to jail.
You'll be happier.
And this week's episode of Host Unknown is,
learn Urdu in 24 days.
Well, actually, that was Punjabi right there.
Oh, come on.
Where's Mr Singh? He's Punjabi.
I've got to speak in Punjabi to him.
He won't understand Urdu.
Urdu, Hindu, Punjabi. Come on.
It's like a difference
between English and...
No, Newcastle.
It's the same word,
just very different pronunciation.
Anyway, I thought that was a brilliant story.
And I hope Mr Singh really does, well, one, get the help he needs
and gets to wherever he wants to go, be that back home or, well,
I'm assuming back home is somewhere else,
but maybe his home is in LA or wherever.
But wherever he wants to be, I hope he gets there.
Away from Kavid.
Yeah, Kavid, absolutely.
So, yes, that was this week's...
Billy Big Balls of the Week.
Billy Big Balls of the Week.
Oh, this is the one that keeps... It's still playing.
It's got another five seconds for...
It's still playing.
God, I hope you didn't pay by the second, Andy.
I think I did, you know.
That's the problem.
This is how they get you, Tom.
Five per second.
Apparently so.
But, yeah, let's just play something else now before you're listening to the host unknown podcast bubble gum for the brain whatever that means uh we've come
up on the hour actually and we didn't get through half the stories here. I think it's been ambitious this week.
So much.
The Little People? No.
Sticky Pickle of the Week? No.
We might want to do that
next time. That's quite a good
one. Some other stories we had
were about the US military
endangering passenger jets by blocking
GPS.
I know!
The makers of the prosumer routers
and access points had a date to reach this stuff you never hear about norwegian military
in dangers passing no because they just don't do this shit
uh the hidden message on the white house website uh where biden calls for coders
to join the district it was a great and um obviously
the one that jav was going to go to town on was the bugs in signal uh you know and other video
chat apps which allow attackers to listen in on users but everyone's scared about whatsapp and
it's actually it's it's all of them you need to be worried about but uh unfortunately you'll never
know what we were going to talk about.
Most unknown is considering moving to Post-it notes.
Taking a photo and sending them via WhatsApp.
And then once you've sent it, we then shred the Post-it notes so it's secure.
Yes.
That's right.
We've written the policy and everything.
We got this. We got this we got this yeah
the the anyway marketech from fleek has designed it for us
yeah and andy's going to be keeping the pictures
folks thank you so much uh jeff thank you for uh this hour it's flown past. Thank you very much. I know. These two hours, actually, if you
discount the one hour.
I've been listening to that
and you're trying to fix it.
Okay.
Anyway, yeah, so
thank you, Jav. Appreciate it.
Okay, you're welcome.
Andy, thank you very much,
sir. Stay secure, my
friends. Stay secure. Smashing security. We should check that out and see if anybody is actually complaining about us on there.
I mean, other than Graham and Carole.
Yeah.
You know, when people DM you, Jav, and complain about the show,
just direct them to the Reddit channel.
Yeah.
That would be a very, very busy Reddit channel.